Privacy Policy

General Privacy Policy

PRIVACY NOTICE

Effective Date: May 11, 2026

This Privacy Notice describes the information Mains’l Solutions and Mains’l Services, Inc. (“Mains’l”, “we”, “our”, or “us”) collects, how we use and retain this information, with whom we share it, and the choices you have in connection with these activities. This Privacy Notice applies to the websites owned and operated by us, https://www.mainslsolutions.com/ (“Website”), https://www.mainsl.com/ (“Website”), the services described as Supports for People and Supports for Agencies (as each is described on our Websites), and any other technologies, products, or services for which this Privacy Notice is linked or displayed, which incorporates by reference the following Privacy Policies (collectively, the “Services”).

For the Mains’l Financial Management Services Privacy Notice, please visit mainsl.com/fms-privacy

For the Mains’l Center on Me Services Privacy Notice, please visit mainsl.com/com-privacy

HIPAA

This Privacy Notice does not apply to our processing of your Protected Health Information. If you interact with the Services as a recipient of Mains’l supports and services, Mains’l may collect and store your Protected Health Information (“PHI”) (as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)) as a Covered Entity under HIPAA in our capacity as health care provider. For information on how we collect, use, and share your PHI, please refer to Mains’l’s Notice of Privacy Practices (available upon request by contacting us at privacy@mainsl.com). Alternatively, when we receive personal information about you from your health care provider (who is not an employee of Mains’l) or create, receive, maintain, or transmit PHI on behalf of your health care provider, we are acting as a Business Associate (as defined by HIPAA) to your health care provider. Therefore, we must comply with HIPAA and our agreement with your health care provider. For information on how we handle your PHI on behalf of your third-party health care provider, please refer to your health care provider’s Notice of Privacy Practices.

1. PERSONAL INFORMATION WE COLLECT, HOW WE USE IT, HOW LONG WE KEEP IT, AND HOW WE SHARE IT

When you interact with our Services, we collect your personal information. Personal information is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.

A. When you visit our Website

  • Apply for a position at Mains’l. When you apply for a position at Mains’l, we will collect through our third-party application tracking provider your personal identifiers (name, age, email address, mailing address, and telephone number) your professional or employment information (resume, employment history, and desired salary), criminal record information (if applicable), and protected classifications (gender, race, ethnicity, veteran status, and disability status (if provided)). We use this personal information to assess and manage your application with Mains’l and to comply with the law. We keep this information for as long as necessary to process your application, consider you for future employment, and if you become an employee, then for the duration of your employment at Mains’l and five (5) years after you are no longer employed with us. We share this information with our recruiting service provider, which helps us receive and review your application. For more information, please see our Applicant Privacy Notice which is available upon request by contacting us at privacy@mainsl.com. Mains’l uses a third-party application, JazzHR, to track applicants from the hiring stage, onboarding, and employment. For information about JazzHR’s privacy practices, please visit https://www.employinc.com/privacy/.
  • Contact Us. When you complete the “Contact Us” or “Contact a Navigator” form on our Website, we will collect your identifiers (name, telephone number, email address), the services you selected you are interested in, your relationship to the person or agency, the state in which you would like support, how you heard about us, and anything you include in the “Additional info” field. We will use this information to respond to your message. We will retain this information indefinitely unless we receive a request to delete this information and no exception to your right to deletion applies.
  • Register for training. When you register for a training, we will collect your name, e-mail address, and phone number to facilitate your registration for our training and communicate with you about the training. To pay the training fee, you will leave the Mains’l site to PayPal to make a payment. We do not store or collect your payment details. For the PayPal privacy notice visit https://www.paypal.com/us/legalhub/privacy-full. We use a digital service called Event Espresso to track our registration and hold the contact information of registered participants. We will retain your account information for seven (7) years unless we receive a request to delete this information and no exception to your right to deletion applies.
  • Mental health & behavioral health contact form. When you complete the “Let’s Get Started!” form, we will collect your identifiers (name, telephone number, city, state). We will use this information to contact you about our Services. We will retain your information for seven (7) years unless we receive a request to delete this information by emailing us at security@mainsl.com and no exception to your right to deletion applies.
  • Submit a Testimonial. When you submit a testimonial, we will collect your identifiers (name, e-mail, phone number, and the content of your testimonial. With your permission, we will use this information to publish your testimonial on our Website, and other marketing materials. We will retain your information for as long as we maintain your consent to use it unless we receive a request to revoke your consent by emailing us at security@mainsl.com or a request to delete this information and no exception to your right to deletion applies.
  • Interact with us on social media. When you interact with our social media pages on social networking websites, such as Facebook, X, LinkedIn, Instagram, and YouTube (each a “Social Media Page” and collectively, “Social Media Pages”), we collect basic engagement metrics and use it to tailor content and marketing and use it to improve user experience as set forth in this section. Please note that we do not control the use or storage of the information that you have posted to any social networking websites. This information is collected and processed by the social networking websites for their own purposes, including marketing. For more information on how Facebook, X, LinkedIn, Instagram, and YouTube use your personal information, please see Facebook’s Privacy Policy, X’s Privacy Policy, LinkedIn’s Privacy Policy, Instagram’s Privacy Policy, and YouTube’s Privacy Policy.
    • Social Media Pages. When interacting with our Social Media Pages, we collect, from you, your personal identifiers (first and last name) and visual information (photograph (i.e., profile picture)), as well as any information that you provide when interacting with our Social Media Pages (e.g., commenting, sharing, and rating). We use this information to advertise our products, for events and invitations, and to communicate with users via the contribution and comment function. Because our Social Media Pages are publicly accessible, when you use them to interact with other users, for example by posting, leaving comments or liking or sharing posts, any personal information that you post in them or provide when registering can be viewed by others or used by them as they see fit. The content posted on our Social Media Pages or other public areas of social networking websites can be deleted in the same way as other content that you have created. If at any time you want content posted to be deleted, please email your request to us at security@mainsl.com.
    • Community Management. We collect, from you, your contact, including “likes”, shares, messages and other interactions with the content, in order to analyze and evaluate how our content is perceived, to learn from it, and to improve our public relations efforts. If you object to this processing of your personal information and believe you have an overriding interest, you can submit your objection via email to security@mainsl.com.
    • Events and Photos. When you register for an event on our Social Media Pages, we collect, from you, your personal identifiers (first and last name, email address, telephone number, physical address, and any other information you provide). We use this information to create and manage the event (e.g., to create the guest list, accreditation and admission control, room and personnel planning, planning the catering) as well as to send you your invitation and notifications about the event. We also use this information for prevention of fraud and defense against legal claims. At events for which you have registered, photos and video recordings may be made (possibly by a photographer commissioned by us), in which you may also be shown. If you are the central subject of a recording, the photographer will ask you before the recording/taking the photo whether you agree and consent. We use the photos for our public relations and marketing on our various media/digital media outlets. If you object to this processing of your personal information and believe you have an overriding interest, you can submit your objection via email security@mainsl.com.
    • Page Insights. When you visit our Social Media Page, the applicable Social Network records your IP address and other information about your usage behavior on our Social Media Page. The Social Network collects this information through trackers in the browser of your device or via the advertising ID (IDFA from Apple or GAID from Google), when you open the Social Network app through your mobile device (e.g., smartphone or tablet). The Social Network uses this information to provide us with statistical evaluations of the use of our Social Media Page. We receive this information directly from Social Network, in the form of aggregated data and anonymous statistics regarding certain data points, such as: age; gender; city/country; device; inquiries from fans about other Social Media Pages; region and language settings of the users; proportion of men and women; the number of people reached; clicks on posts, “likes” and reactions; comments and shared content; and total video views. We use this information to analyze and improve the advertising campaigns we conduct through our Social Media Pages. We do not collect or process any other personal information in connection with Social Network “Page Insights” function. We do not retain this information independently. For information on data protection and the storage period on the Social Network in relation to its Insights function, see the Social Network privacy policy linked above. It has been contractually agreed with the Social Network that the Social Network is responsible for providing you with information about the processing for Page Insights.
    • Information Processed Solely by Social Networks. We do not know how the Social Networks use Personal Information for its own purposes, how long the Personal Information is stored on the Social Network or whether the Social Network data is passed on to third parties. If you are currently logged in to a Social Network as a user, the Social Network automatically collects, through trackers on your device, your Social Network ID or a link between the Social Network ID and the advertising ID (IDFA from Apple or GAID from Google) when you open the Social Network app through your mobile device (e.g., smartphone or tablet). This enables the Social Network to understand that you have visited our Social Network Fan Page along with other Social Network Pages that you have clicked on, whether you clicked on Social Network buttons integrated into websites that partner with the Social Network, and other online interactions that report user data to the Social Network. Based on this data, content or advertising tailored to you can be offered. You can find more information about the Personal Information collected by Social Networks, how it is used and how long it is stored by visiting the Social Network’s privacy policies, linked above.

Interact with the Services. In addition to the personal information you provide, we also collect internet and other network activity information automatically via pixels and cookies to: (i) provide the Services; (ii) track you within the Services; (iii) enhance user experience; (iv) conduct analytics to improve the Services; (v) prevent fraudulent use of the Services and detect unlawful activity; (vi) diagnose and repair Services errors, and, in cases of abuse, track and mitigate the abuse and (vii) provide targeted advertising. Third-party marketing and analytics cookies and the use of such data for cross-context behavioral advertising may be considered “sharing” under the California Privacy Rights Act (CPRA) or targeted advertising.

In particular, below are the third-party marketing and analytics cookies and tracking technologies on our Websites:

  • Google Analytics. We use Google Analytics to collect information on your use of the Services for its improvement. To collect this information, Google Analytics installs cookies on your browser or reads cookies that are already there. Google Analytics also receives information about you from applications you have downloaded that partner with Google. We do not combine the information collected through the use of Google Analytics with personal information. Google’s ability to use and share information collected by Google Analytics about your visits to our Websites or to another application which partners with Google is restricted by the Google Analytics Terms of Use and Privacy Policy. To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on, which can be accessed here. This may be deemed sharing under the CPRA.
  • Facebook Pixel. We use Facebook Pixel to customize our advertising and to serve you ads on your social media based on your browsing behavior. This allows your behavior to be tracked after you have been redirected to our Website by clicking on a Facebook ad. Facebook stores cookies on your device to enable us to measure the effectiveness of Facebook ads for statistical and market research purposes. We do not have access to the information collected through Facebook’s cookies. However, the information collected via Facebook, on the Website as well as other websites on which Facebook’s cookies are installed, is also stored and processed by Facebook. Facebook may link this information to your Facebook account and also use it for its own promotional purposes in accordance with Facebook’s Data Usage Policy. The Facebook cookies also allow Facebook and its partners to show you advertisements on and outside of Facebook. This may be deemed sharing under the CPRA.
  • We use Site Kit by Google to integrate Google services such as Google Analytics and Search Console into our website. These tools help us understand how users interact with our website, including pages visited, traffic sources, and user behavior patterns.
  • We use Jetpack by Automattic to provide website security, performance optimization, and analytics. Jetpack may collect information about website visitors, including IP address, device information, and browsing activity, to help us monitor site performance, detect security threats, and improve user experience.
  • We use Cookiebot to manage user consent for cookies and tracking technologies. Cookiebot allows users to accept, reject, or customize their cookie preferences and ensures that non-essential cookies are not set until consent is obtained, where required by law.
  • These technologies may collect your IP address, browser type, device identifiers, and browsing behavior.
  • In general, to disable cookies and limit the collection and use of information through them, you can set your browser to refuse cookies or indicate when a cookie is being sent. When you opt-out an opt-out cookie will be placed on your device. The opt-out cookie is browser and device specific and will only last until cookies are cleared from your browser or device. You can also manage your cookie preferences via our cookie management platform or your browser settings. You may also opt out of Google Analytics using the Google Analytics opt-out browser add-on.

B. Participate in a business-to-business relationship with Mains’l.

We will collect your identifiers (business representative name, business email address, business address, business telephone number), financial information (bank account number and routing number, or credit card number, expiration date, CVV, ZIP code), and internet and other electronic network activity (IP address and information regarding your interaction with the Website and Services). We will use this information to facilitate the business relationship, communicate with you regarding our business relationship, and process any payment you make to us. We will retain your account information indefinitely unless we receive a request to delete this information and no exception to your right to deletion applies.

C. Interact with us at in-person events.

When you interact with us at in-person events we collect, from you, your personal identifiers (name, email address, and telephone number). We will use this information to confirm your attendance at the event and communicate with you about this event and services that may be of interest to you in the future. At events for which you have registered, photos and video recordings may be made (possibly by a photographer commissioned by us), in which you may also be shown. If you are the central subject of a recording, the photographer will ask you before the recording/taking the photo whether you agree and consent. We will retain your information indefinitely unless we receive a request to delete this information and no exception to your right to deletion applies.

2. HOW WE SHARE AND DISCLOSE YOUR INFORMATION

We and our service providers will share the information we collect from and about you for the following business and operational purposes:

  • Service Providers: We may provide access to or share your information with select third parties who perform services on our behalf. These service providers are described more specifically in the PERSONAL INFORMATION WE COLLECT, HOW WE USE IT, HOW LONG WE KEEP IT, AND HOW WE SHARE IT section of this Notice. Generally, these service providers perform services on our behalf such as applicant tracking, data storage, security, fraud prevention, payment processing and order fulfillment, and legal services.
  • Affiliates and Subsidiaries: We share your personal information within Mains’l, including with our affiliated organizations for the legitimate business purposes of efficiently and effectively providing the Services, such as accounting and customer support. Access to your personal information is limited to those on a need-to-know basis. We also provide access to or share your information with current or future affiliates and subsidiaries for the purposes described in this Privacy Notice.
  • Protection of Mains’l and Others & Legal Compliance: We may access, retain and disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention, or disclosure is reasonably necessary to: (i) comply with law or legal process (e.g., a subpoena or court order); (ii) enforce our Terms of Service, this Privacy Notice, or other contracts with you, including investigation of potential violations thereof; (iii) respond to your requests for customer service; and/or (iv) protect the rights, property or personal safety of Mains’l, its agents and affiliates, its users, and/or the public. This includes exchanging information with other companies and organizations for fraud protection, spam/malware prevention, and similar purposes.
  • Business Transfers: We may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), user information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third party, customer information (including your email address) would likely be one of the transferred business assets.
  • Your Consent: If you have consented to our sharing of your information, we will also share your information consistent with your consent. You may withdraw your consent at any time.

Sharing in the Last Twelve (12) Months

For a Business Purpose. In the preceding twelve (12) months, Mains’l has disclosed the following categories of personal information for a business purpose to the following categories of third parties:

  • We have disclosed your personal identifiers, internet and other network activity information, payment card or financial account information, and commercial information to service providers that perform Services on our behalf. These service providers include, but are not limited to, Calendly, which we use for scheduling and form processing; Amazon Web Services (AWS), which we use for data hosting and infrastructure; PayPal, which we use for payment processing; Event Espresso, which we use for event registration and management; Userway, which we use to provide accessibility functionality; and Font Awesome, which we use for web font delivery.
  • We have disclosed your internet or other electronic network information to our IT support to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to identify and repair website errors that impair functionality.

For a Sale/Sharing.

  • Mains’l uses marketing and analytics cookies and similar tracking technology on its Services. These cookies and technologies collect your internet and other electronic network activity and share it with the cookie or tracking technology provider to provide analytics on our Services. This use of your personal information may be considered “sharing” (and in some cases a “sale”) under the California Privacy Rights Act (CPRA) or targeted advertising under other privacy laws. To opt out, please click Do Not Sell or Share My Personal Information.

3. THIRD-PARTY LINKS AND FEATURES

The Website may contain links to third-party websites, third-party plug-ins (e.g., Facebook, Instagram, and X/Twitter). If you choose to use these websites, plug-ins, or services, you may disclose your information not just to those third parties, but also to their users and the public more generally depending on how their services function. If you choose to use these services, we are not responsible for the content or practices of such third-party websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party websites or services, and not this Privacy Notice. We urge you to read the privacy and security policies of these third parties.

4. ADDITIONAL INFORMATION FOR RESIDENTS OF CERTAIN JURISDICTIONS

Your local laws may entitle you to additional information or permit you to exercise certain rights with respect to the information we collect from and about you. Please note that your rights vary depending upon your location, and that we may request you provide us with information necessary to confirm your identity before responding to your request as required or permitted by applicable law. Certain information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide the Services to you or to comply with a legal obligation. In some circumstances, if you still ask us to delete your information, you may no longer be able to access or use our Services.

Nevada Residents

If you are a consumer in the State of Nevada, you may request to opt-out of the current or future sale of your personal information. We do not currently sell any of your personal information under Nevada law, nor do we plan to do so in the future. However, you can submit a request to opt-out of future sales by contacting us at security@mainsl.com. Please include “Opt-Out Request Under Nevada Law” in the subject line of your message.

California Residents

The California Privacy Rights Act (CPRA) entitles California residents to certain rights. To the extent the CPRA applies to our processing of your personal information, subject to certain exceptions, you are entitled to the following rights:

  • Right to Access/Know. You have the right to request what personal information we have collected, used, disclosed, and sold about you, unless doing so proves impossible or would involve disproportionate effort. You may also have the right to know the list of all third parties to whom we have disclosed personal information, as defined under California Civil Code Section 1798.83(e) (a/k/a the “Shine the Light Law”), during the preceding year for third-party direct marketing purposes.
  • Right to Deletion. You have the right to request the deletion of your personal information that we collect or maintain, subject to certain exceptions. Once we receive your request to delete and confirm your identity, we will delete (and notify any service providers or third parties, who we have shared or sold your personal information to, to delete) your personal information, unless an exception applies under applicable law, including to comply with a legal obligation.
  • Right to Opt-Out of Sale/Sharing. You have the right to opt-out of the sale or sharing of your personal information to third parties. Mains’l does not have actual knowledge that it sells or shares personal information of minors under the age of sixteen (16) years. You may opt-out of the sale or sharing of your personal information, to the extent applicable, by selecting Do Not Sell or Share My Personal Information.
  • Right to Non-Discrimination. You have the right to not receive discriminatory treatment if and when you exercise your rights to access, delete, opt-out, correct, or limit use of sensitive personal information under the CPRA.
  • Right to correct: You have the right to correct inaccurate personal information that we collect or maintain.
  • Right to limit use of sensitive personal information: You have the right to limit the use of how we use your sensitive personal information. Sensitive information includes, for example, Social Security number, driver’s license number, biometric information, precise geolocation, and racial and ethnic origin. However, this right does not apply because we do not use your sensitive information other than (i) to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services; (ii) to prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information; or (iii) for short-term, transient use.

Minnesota Residents

The Minnesota Consumer Data Privacy Act (MCDPA) entitles Minnesota residents to certain rights. To the extent MCDPA applies to our processing of your personal information, subject to certain exceptions, you are entitled to the following rights:

  • Right to Access/Know. You have the right to confirm whether or not Mains’l is processing personal information about you and access the categories of personal information we are processing.
  • Right to correct. You have the right to correct inaccurate personal information about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.
  • Right to Delete. You have the right to delete personal information about you.
  • Right to Data Portability. You have the right to obtain personal information about yourself, which you previously provided to Mains’l, in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller without hindrance, where the processing is carried out by automated means.
  • Right to Opt-Out. You may elect to prevent your personal information, to the extent applicable, from being:
    • Used for Targeted Advertising;
    • Sold;
    • Used for profiling in furtherance of automated decisions that produce legal or similarly significant effects.
      • If your personal information is profiled in furtherance of decisions that produce legal or similarly significant effects for you, then you have the right to question the result of the profiling, to be informed of the reason that the profiling resulted in the decision, and, if feasible, to be informed of what actions you might have taken to secure a different decision and the actions that you might take to secure a different decision in the future. You have the right to review the personal information used in the profiling. If the decision is determined to have been based upon inaccurate personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information, you have the right to have the information corrected and the profiling decision reevaluated based upon the corrected information.
  • Right Regarding the Information We Share with Third Parties. You have the right to obtain a list of the specific third parties to which we have disclosed your personal information. If we do not maintain the information in a format specific to you, a list of specific third parties to whom we have disclosed any consumers’ personal information may be provided instead.

How To Exercise Your Rights

You can exercise your rights to opt-out of targeted advertising and the selling and/or sharing of your personal information or to limit the use of your Sensitive Personal Information (to the extent applicable to you) by sending a request to us at security@mainsl.com, or calling toll-free at 800-441-6595.

When you make certain requests (e.g., a request to know, delete and/or correct; or a request for access or data portability), to help protect your privacy and maintain security, we will take steps to verify your identity. Our verification procedure may differ depending on whether you have an account with us or not and the request you are making. The following generally describes the verification processes we use:

  • Password Protected Accounts. If you have a password-protected account with us, we may use existing authentication practices to verify your identity but will require re-authentication before disclosing, correcting or deleting data. If we suspect fraudulent or malicious activity relating to your account, we will require further verification (as described below) before complying with the request.
  • Verification for Non-Accountholders. For requests submitted via email, you must provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected the personal information and describe your request with sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information. If you do not have, or cannot access, a password-protected account with us, we will generally verify your identity as follows:
    • For valid requests to know categories of personal information, we will verify your identity to a reasonable degree of certainty by matching at least two data points provided by you with reliable data points maintained by us.
    • For valid requests to know specific pieces of personal information, right of access and right to data portability, we will verify your identity to a reasonably high degree of certainty by matching at least three data points provided by you with reliable data points maintained by us.
    • For valid requests to correct or delete personal information, we will verify your identity to a reasonable degree or a reasonably high degree of certainty depending on the sensitivity of the personal information and the risk of harm posed by unauthorized deletion. We will act in good faith when determining the appropriate standard to apply.

We may also require a declaration, signed under penalty of perjury, that the person requesting the information is the person whose information is the subject of the request or that person’s authorized representative.

If there is no reasonable method by which we can verify your identity, we will state so in response, including an explanation of why we have no reasonable method to verify your identity.

If you use an authorized agent to submit a request to know, delete or correct, we may require the authorized agent to provide proof that you gave the agent signed permission to submit the request. We may also require you to do either of the following: (a) verify your own identity directly with us; or (b) directly confirm with us that you provided the authorized agent permission to submit the request.

We will respond to valid requests to know, requests to delete and/or correct no later than 45 calendar days. If we cannot verify your request within 45 days, we may deny your request. If necessary, we may take up to an additional 45 days to respond to your request but in such an event will provide you a notice and an explanation of the reason that we will take more than 45 days to respond to your request.

Valid requests under “Right of Access” and “Right to Data Portability” will be transmitted securely. If we cannot fulfill your request, we will notify you of that decision and the reasons why within 45 days. At that point if you believe our decision was in error, you may have the right to submit an appeal using the contact method(s) above. If the result is the same, you can also seek assistance and/or redress from your state attorney general by following the instructions on the state attorney general website. Consumers may file a privacy-related complaint with the Office of the Minnesota Attorney General by phone at (651) 296-3353 or by completing a form on the Attorney General’s privacy website.

6. CHILDREN’S PRIVACY

The Services are intended for adults only. We do not knowingly solicit any information from individuals under the age of sixteen (16) years old, nor do we knowingly market or otherwise target our websites or its products or services to children.

If we become aware that a visitor to our websites is under the age of sixteen (16) years old, we will remove his or her personal data from our files. We also comply with other age restrictions and requirements in accordance with applicable local laws.

If you believe we might have information from or about a child under the age of sixteen (16), please contact security@mainsl.com.

7. DO NOT TRACK

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for third-party purposes, which is why we describe a variety of opt-out mechanisms above. However, we do not currently recognize or respond to browser-initiated DNT signals.

8. DATA SECURITY

We implement administrative, technical, and physical safeguards designed to protect personal information, consistent with industry standards and SOC 2 security principles. These safeguards include:

  • Role-based access controls and least-privilege access
  • Secure cloud infrastructure hosted on Amazon Web Services (AWS)
  • Encryption in transit using HTTPS
  • Monitoring, logging, and anomaly detection
  • Vendor risk management and contractual safeguards
  • Periodic review and testing of security controls

Despite these safeguards, no method of transmission over the Internet or method of storage is completely secure. Therefore, we cannot guarantee absolute security.

9. CHANGES TO OUR PRIVACY NOTICE

We reserve the right to amend this Privacy Notice at any time. We will make the revised Privacy Notice accessible through the Services, so you should review the Privacy Notice periodically. You can know if the Privacy Notice has changed since the last time you reviewed it by checking the “Effective Date” at the beginning of this Privacy Notice. If we make a material change to this Privacy Notice, we will provide you with notice in accordance with legal requirements, and obtain your consent, if required.

10. CONTACT INFORMATION

If you wish to contact us regarding our information practices or in relation to this Privacy Notice, please contact us:

By Mail:

Corporate Office:

7000 78Th Ave. N.

Brooklyn Park, MN 55445

California Office:

40 Landing Circle Suite 1

Chico, CA 95973

By E-mail: security@mainsl.com