Privacy Policy | COCOJOJO

How COCOJOJO collects, uses, protects, and shares personal information across its website, orders, customer accounts, communications, analytics, advertising, and related services.

COCO JOJO LLC ("COCO JOJO," "Company," "we," "our," or "us") is committed to protecting your privacy, maintaining transparency regarding our data practices, and implementing commercially reasonable safeguards designed to protect personal information, confidential information, business information, operational information, commercial information, technical information, and all related data in our possession or control.

This Privacy Policy explains how we collect, receive, process, analyze, infer, generate, use, disclose, share, transfer, retain, monitor, secure, store, record, combine, and otherwise handle information when you interact with our websites, ecommerce systems, wholesale systems, private label services, OEM/ODM services, contract manufacturing services, customer support systems, AI systems, communications, advertisements, social media accounts, trade shows, digital properties, operational systems, technologies, products, and related services - including all current and future technologies, applications, integrations, software, systems, platforms, tools, and operational activities.

BY ACCESSING OR USING OUR WEBSITES, PRODUCTS, SYSTEMS, OR SERVICES IN ANY WAY, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY AND OUR TERMS OF SERVICE.

If you do not agree to this Privacy Policy, you must immediately discontinue all use of our services, systems, and websites.

1. WHO WE ARE & HOW TO CONTACT US

COCO JOJO LLC is a skincare, haircare, cosmetic manufacturing, wholesale raw ingredient, private label, white label, OEM, ODM, and contract manufacturing company headquartered in California, United States, operating since 2008 with over 11,000 proprietary formulas and seven operational facilities across Orange County, California.

COCO JOJO LLC

General Inquiries: [email protected]

Privacy Officer / Privacy Requests: [email protected]

Website: www.COCOJOJO.com

This Privacy Policy applies to all websites, applications, customer portals, ecommerce systems, digital properties, operational systems, software, communications, and services owned, operated, managed, licensed, controlled, or provided by COCO JOJO LLC, including all brands, sub-brands, and affiliated operations.

2. INFORMATION WE COLLECT

Depending on your interactions with us, we may collect, receive, process, infer, generate, analyze, combine, store, monitor, record, or share information including but not limited to the following categories. This list is illustrative, not exhaustive, and includes all categories of information we may collect in connection with our business operations.

2.1 Identifiers & Personal Information

Full legal name, preferred name, and business name
Billing address, shipping address, and mailing address
Email address and secondary email addresses
Telephone number, mobile number, and fax number
Business information including EIN, business type, and industry
Tax identification numbers and resale certificate information
Government-issued identification where required for compliance
Customer account credentials, usernames, and passwords (encrypted)
Digital signatures and clickwrap acceptance records
IP addresses and device identifiers associated with account creation

2.2 Commercial & Transaction Information

Products viewed, considered, added to cart, wishlisted, and purchased
Complete purchase history, order history, and transaction records
Payment history, invoice records, and billing records
Refund requests, exchange requests, dispute records, and chargeback records
Quote activity, sample requests, and product inquiry records
Manufacturing requests, private label project information, and formulation requests
Wholesale account information, Net 30 credit account information, and bank information
Contract manufacturing information and OEM/ODM project records
Product customization requests, custom formulation specifications, and artwork
Customer interactions, support history, and complaint records
Commercial preferences, product interests, and purchasing patterns

2.3 Technical, Device & Usage Information

We automatically collect information including but not limited to:

IP addresses, geolocation data derived from IP, and approximate geographic region
Browser type, version, language settings, and browser configurations
Device type, device model, device identifiers, device characteristics, and operating system
Referral URLs, entry pages, exit pages, and navigation paths
Session identifiers, session duration, and session activity records
Cookie identifiers, pixel identifiers, SDK identifiers, and advertising identifiers
Website interactions, click activity, scroll behavior, and navigation activity
Mouse movements, hover activity, and form interaction data
Clickstream activity, page view history, and search activity on our websites
Website performance data, error reports, and technical diagnostics
Network information, internet service provider, and connection type
Communication metadata, device metadata, and behavioral information
Operational metrics, analytics information, and related technical data

2.4 Marketing, Advertising & Audience Information

Ad interactions, campaign engagement, and advertising response data
Email engagement including opens, clicks, and unsubscribe activity
SMS engagement and communication response data
Behavioral analytics, customer segmentation data, and audience information
Retargeting activity, attribution information, and conversion data
Marketing preferences, communication preferences, and opt-in/opt-out records
Audience matching information, lookalike audience data, and interest data
Advertising performance metrics, ROAS data, and campaign analytics
Influencer interaction data, affiliate activity, and referral source data

2.5 Sensitive Personal Information

In limited circumstances, users may voluntarily provide information that may constitute sensitive personal information including but not limited to:

Product sensitivities, known allergies, and skin sensitivity information
Cosmetic complaints, adverse product reactions, and product concern reports
Photos, videos, or before-and-after images related to product use or reactions
Health-related cosmetic information voluntarily submitted in support requests
Bank account and routing numbers provided for Net 30 credit accounts

We use sensitive personal information only for the specific purpose for which it was provided and for reasonably necessary operational, customer service, quality assurance, safety, legal, regulatory, fraud prevention, compliance, or security purposes. We do not use sensitive personal information to infer characteristics about individuals beyond what is reasonably necessary for these purposes.

2.6 User Generated Content

Product reviews, ratings, comments, and testimonials
Before and after images, product photos, and user-submitted photographs
Social media tags, mentions, and user-submitted videos
Feedback, surveys, and product experience reports

2.7 Professional & Employment Information (B2B)

Job title, professional role, and organizational position
Company size, industry, and business type
Professional background and business qualifications where voluntarily provided
Employment application information for job applicants and contractor candidates

2.8 Inferences & Derived Information

Customer profiles derived from purchase behavior, browsing history, and preferences
Predictive scores, risk scores, and fraud probability assessments
Product recommendation profiles and interest-based audience segments
Creditworthiness inferences derived for Net 30 account evaluation purposes

3. HOW WE COLLECT INFORMATION

We may collect information through methods including but not limited to:

Website forms, order and checkout systems, and account registration
Customer accounts, wholesale portals, and private label portals
Email, SMS, phone calls, video calls, and live chat communications
AI systems, chatbots, automated customer support systems, and virtual assistants
Social media platforms, advertising platforms, and influencer communications
Trade shows, industry events, in-person interactions, and physical forms
Sample requests, quotation requests, and product registration forms
Cookies, pixels, tracking technologies, session replay tools, and SDKs
Analytics systems, advertising systems, and fraud prevention systems
Third party service providers, data brokers, and business partners
Business credit reporting agencies for Net 30 credit evaluation
Publicly available commercial databases and professional networks
Affiliates, referral partners, and reseller networks

4. COOKIES, TRACKING TECHNOLOGIES & CONSENT

4.1 Types of Cookies and Tracking Technologies

We may use cookies, pixels, tags, APIs, SDKs, scripts, local storage technologies, advertising technologies, analytics technologies, attribution technologies, session replay technologies, heat mapping technologies, behavioral monitoring technologies, device fingerprinting, and other similar tools for analytics, personalization, security, fraud prevention, advertising, customer experience optimization, and business operations.

Cookie categories:

Strictly Necessary Cookies: Required for core website functionality, security, order processing, and account authentication. These cannot be disabled without breaking essential features.
Performance and Analytics Cookies: Help us understand website usage patterns to improve performance and user experience. Include analytics services, session analytics, and behavioral analytics.
Functional Cookies: Remember your preferences, language settings, login status, and user interface choices.
Advertising and Targeting Cookies: Used to deliver relevant advertising across platforms, measure ad campaign effectiveness, and build audience segments. Include third-party advertising providers Pixel, third-party technology providers Ads tags, social media platforms Pixel, marketplace service providers Pixel, email and SMS service providers, and related advertising technologies.

4.2 Cookie Consent

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept, decline, or manage non-essential cookies. Strictly necessary cookies operate without consent. Advertising and targeting cookies require your consent where required by applicable law.

You may update your cookie preferences at any time through our cookie preference center on our website, or by adjusting browser settings. Note that disabling certain cookies may affect website functionality, personalization, and the relevance of advertising you see.

4.3 Session Replay and Behavioral Monitoring

We may use session replay technologies, heat mapping, behavioral analytics, and diagnostic monitoring for operational analysis, fraud prevention, troubleshooting, website optimization, and customer experience improvement. These technologies may monitor, record, replay, analyze, and store mouse movements, scroll behavior, navigation activity, click interactions, session activity, and website functionality data. Sensitive information including payment details and passwords is masked where commercially reasonable.

4.4 Advertising Technologies

We may use analytics services, third-party technology providers Ads, tag management tools, third-party technology providers Signals, third-party advertising providers Pixel, social media platforms Ads, social media platforms Ads, social media platforms Ads, marketplace service providers Advertising, email and SMS service providers, and related advertising, analytics, optimization, and attribution technologies. These may collect IP addresses, device identifiers, session behavior, website interactions, advertising interactions, purchase behavior, audience segmentation data, and attribution data for analytics, advertising optimization, audience creation, retargeting, conversion tracking, and marketing performance analysis.

4.5 Do Not Track

Some browsers transmit Do Not Track signals. Our websites do not currently respond to Do Not Track browser signals. California residents may use the opt-out mechanism in Section 11 to opt out of the sharing of personal information for behavioral advertising purposes.

5. HOW WE USE YOUR INFORMATION

5.1 Transaction and Account Fulfillment

Processing, fulfilling, and managing orders, purchase requests, and quotations
Managing customer accounts, wholesale accounts, Net 30 credit accounts, and OEM/ODM projects
Processing payments, managing billing, evaluating credit applications, and conducting collections
Providing customer service, technical support, and order assistance
Communicating order status, shipping updates, account notifications, and product information

5.2 Manufacturing, Product Development & Quality Control

Manufacturing, formulating, and quality-controlling products to customer specifications
Developing custom formulations, private label products, and OEM/ODM products
Managing ingredient sourcing, supplier relationships, and supply chain operations
Conducting stability testing, quality assurance, and product compliance activities

5.3 Security, Fraud Prevention & Compliance

Preventing, detecting, investigating, and reporting fraud, abuse, and unauthorized access
Maintaining cybersecurity, system integrity, and physical security
Complying with all applicable laws, regulations, and legal obligations
Responding to legal requests, subpoenas, regulatory inquiries, and court orders
Enforcing our Terms of Service, Privacy Policy, and all other agreements
Protecting COCO JOJO LLC's rights, property, personnel, brands, and business operations

5.4 Marketing, Advertising & Communications

Sending marketing emails, SMS messages, and promotional communications with consent where required
Personalizing product recommendations, content, and advertising
Conducting surveys, feedback collection, and market research
Managing influencer partnerships, affiliate programs, and reseller communications
Running advertising campaigns on third-party technology providers, third-party advertising providers, social media platforms, marketplace service providers, and other platforms

5.5 AI Systems, Analytics & Business Intelligence

Training, improving, and operating AI-assisted customer service and operational systems
Generating business analytics, performance reports, and operational insights
Operating fraud detection, risk assessment, and creditworthiness evaluation systems
Improving product formulations and manufacturing processes based on aggregated data
Conducting market analysis, competitive intelligence, and strategic planning

5.6 Legal, Regulatory & Operational Purposes

Maintaining business records required by law, regulation, or contract
Supporting insurance claims, regulatory audits, and legal proceedings
Conducting due diligence for business transactions, partnerships, and investments
Any other purpose disclosed at the time of collection or with your consent

6. LEGAL BASIS FOR PROCESSING

COCO JOJO LLC processes personal information on the following legal bases, as applicable:

Contract performance: Processing necessary to fulfill orders, manage accounts, and deliver services
Legal obligation: Processing required to comply with applicable laws, regulations, and governmental requests
Legitimate interests: Processing for fraud prevention, security, business analytics, product improvement, and marketing where not overridden by your interests
Consent: Processing for advertising cookies, marketing communications, and sensitive information where required by law
Vital interests: Processing to protect the safety of individuals in emergency circumstances

For California residents, processing is conducted pursuant to the CCPA and CPRA for the business and commercial purposes disclosed in Section 5.

7. HOW WE SHARE INFORMATION

We do not sell personal information for monetary consideration. We may share, disclose, transfer, or make available personal information in the following circumstances:

7.1 Service Providers and Vendors

We share personal information with third party service providers who assist us in operating our business under appropriate data processing agreements, including but not limited to:

Payment processors: payment service providers, payment service providers, ACH processors, and banking institutions
Shipping and logistics: domestic and international shipping carriers, freight carriers, and logistics providers
Cloud infrastructure and hosting: marketplace service providers Web Services, third-party technology providers Cloud, and related providers
CRM and marketing automation: email and SMS service providers, HubSpot, and similar platforms
Analytics providers: analytics services, and similar analytics services
Advertising platforms: third-party technology providers Ads, third-party advertising providers Ads, social media platforms Ads, marketplace service providers Advertising, and related networks
Fraud prevention and identity verification providers
Session replay and behavioral analytics providers
Legal, accounting, insurance, and professional service providers
Business credit reporting agencies for commercial credit evaluation

7.2 Advertising and Cross-Context Behavioral Advertising

We may share certain identifiers - including hashed email addresses, cookie IDs, device identifiers, and browsing behavior data - with advertising platforms including third-party technology providers, third-party advertising providers, social media platforms, and marketplace service providers for targeted advertising and cross-context behavioral advertising. This sharing may constitute the 'sale' or 'sharing' of personal information under CPRA. California residents may opt out of this sharing using the mechanism described in Section 11.

7.3 Business Transfers

In the event of a merger, acquisition, sale of all or substantially all assets, reorganization, bankruptcy, or similar business transaction, personal information may be transferred to the acquiring or successor entity as a business asset, subject to applicable law. We will notify registered users of any such transfer via email or website notice.

7.4 Legal Obligations and Rights Protection

We may disclose personal information where we believe in good faith that disclosure is necessary to: comply with applicable law, regulation, or legal process; respond to subpoenas, court orders, or government requests; cooperate with law enforcement, regulatory authorities, or governmental agencies; investigate or prevent fraud or security threats; enforce our Terms of Service or other agreements; or protect the rights, safety, and property of COCO JOJO LLC, our employees, customers, or others.

7.5 Affiliates and Related Entities

We may share personal information with COCO JOJO LLC affiliated companies, related brands, and subsidiary operations for purposes consistent with this Privacy Policy.

7.6 Professional Advisors

We may share personal information with attorneys, accountants, auditors, insurers, and other professional advisors in connection with legal advice, compliance, and business operations, subject to applicable professional confidentiality obligations.

7.7 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you, for research, analytics, product development, industry reporting, or marketing purposes.

8. DATA RETENTION SCHEDULE

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. The following schedule represents our general retention guidelines. Actual retention may be longer where required by legal hold, ongoing litigation, regulatory investigation, or contractual obligation.

8.1 Retention Schedule by Category

Account and transaction records (orders, invoices, payments): 7 years following the last transaction - required for tax compliance, financial recordkeeping, and California commercial law obligations
Customer communications and support records: 3 years following last interaction - for dispute resolution, quality assurance, and legal defense
Net 30 credit account records and bank information: 7 years following account closure or last transaction - for financial compliance and collections purposes
Marketing consent, opt-in, and opt-out records: 5 years - to document compliance with marketing consent requirements
Cookie consent and preference records: 3 years - to document consent compliance
Fraud prevention and security logs: 3 years - for security monitoring and incident response
Website analytics and behavioral data: 26 months (analytics services default) to 3 years depending on tool
Session replay and heat mapping recordings: 12 months - for operational analysis and troubleshooting
AI system interaction logs: 3 years - for quality assurance, training improvement, and compliance
Legal hold data: Retained for the duration of any pending legal matter, regulatory investigation, or litigation plus a minimum of 3 years following resolution
Job applicant data (unsuccessful applicants): 2 years from application date
Employment and contractor records: Duration of engagement plus 7 years - for tax, labor law, and legal compliance
Regulatory compliance records (COAs, SDS, batch records): 7 years minimum - for FDA, FTC, and cosmetic industry compliance
User generated content, reviews, and testimonials: For the duration of our license and commercial use, unless deletion is requested

8.2 Deletion Procedures

When personal information is no longer necessary and no legal retention basis exists, we delete, anonymize, or securely destroy it in accordance with our data retention schedule. Where complete deletion is not technically feasible (such as in certain backup systems), we isolate data and protect it from further processing until deletion is possible.

9. INTERNATIONAL DATA TRANSFERS

COCO JOJO LLC is headquartered in the United States. If you access our services from outside the United States, your personal information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from - and in some cases may be less protective than - the laws of your country or region.

9.1 Transfers to the United States

For users located in the European Economic Area (EEA), United Kingdom (UK), Switzerland, or other jurisdictions with restrictions on cross-border data transfers, we rely on the following legal mechanisms to authorize transfers to the United States:

Standard Contractual Clauses (SCCs) adopted by the European Commission, incorporated into our agreements with service providers where applicable
UK International Data Transfer Agreements (IDTAs) for UK data transfers where applicable
Adequacy decisions where applicable (e.g., jurisdictions recognized as providing adequate protection)
Your explicit consent to the transfer where no other mechanism applies

9.2 Third Party Service Provider Transfers

When we transfer personal information to third party service providers located outside the United States - including cloud providers, analytics platforms, advertising networks, and operational partners - we take commercially reasonable steps to ensure such providers maintain appropriate data protection standards. A list of key international service providers and applicable transfer mechanisms is available upon written request to [email protected].

9.3 International Customer Data

For wholesale customers, distributors, and manufacturing clients located outside the United States, personal information is transferred to and processed in the United States as necessary to fulfill our contractual obligations. By entering into a commercial relationship with COCO JOJO LLC, international customers consent to such transfers.

9.4 Contact for International Transfer Questions

For questions about international data transfers, applicable safeguards, or to request information about specific transfer mechanisms, contact: [email protected]

10. AI SYSTEMS, AUTOMATED PROCESSING & COMMUNICATION MONITORING

10.1 AI and Automated Systems

We may use AI systems, machine learning technologies, automated technologies, recommendation systems, fraud detection systems, customer support systems, operational monitoring systems, and related technologies for customer support, inquiry handling, fraud prevention, website optimization, marketing analysis, product recommendations, quality assurance, analytics, and business intelligence.

Users acknowledge that AI systems may generate incomplete, inaccurate, simulated, misleading, outdated, biased, or hallucinated outputs. All AI-generated information must be independently verified prior to reliance, manufacturing, regulatory submission, commercialization, medical use, or redistribution.

10.2 Communication Monitoring and Recording

Telephone calls, video calls, emails, SMS communications, AI interactions, live chat sessions, customer support communications, and related communications may be monitored, reviewed, analyzed, transcribed, or recorded for purposes including quality assurance, fraud prevention, security, compliance, dispute resolution, training, analytics, operational improvements, and business intelligence.

By communicating with COCO JOJO LLC through any channel, you consent to such monitoring and recording where permitted by applicable law, including under California Penal Code Section 632 (two-party consent). Where legally required, we will provide notice of recording at the start of a call or communication.

10.3 Automated Decision-Making

We may use automated systems for fraud scoring, credit risk evaluation, order approval, and similar purposes. Where automated decisions produce legal or similarly significant effects, users may contact [email protected] to request human review of the decision, an explanation of the decision logic, and reconsideration.

11. CALIFORNIA PRIVACY RIGHTS - CCPA / CPRA

This section applies to California residents and is provided pursuant to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023.

11.1 Your California Privacy Rights

California residents have the following rights:

Right to Know (Access): You have the right to request that we disclose: (a) the categories of personal information we have collected about you; (b) the categories of sources from which personal information was collected; (c) the business or commercial purpose for collecting, selling, or sharing personal information; (d) the categories of third parties to whom we disclose personal information; and (e) the specific pieces of personal information we have collected about you.

Right to Delete: You have the right to request deletion of personal information we have collected about you, subject to applicable exceptions including: completing transactions; detecting security incidents; debugging errors; exercising free speech; complying with legal obligations; conducting research in the public interest; enabling internal uses consistent with your expectations; and other purposes permitted by CPRA.

Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you, taking into account the nature of the information and its purpose.

Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale of personal information and the sharing of personal information for cross-context behavioral advertising. To exercise this right, see Section 11.5 below.

Right to Limit Use of Sensitive Personal Information: You have the right to request that we limit our use and disclosure of sensitive personal information to purposes necessary to provide the services you request or as otherwise permitted by CPRA.

Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of the rights described in this section. We will not deny goods or services, charge different prices, provide different quality of service, or suggest you will receive a different level of service solely for exercising your privacy rights.

Right to Data Portability: You have the right to receive personal information you provided to us in a portable, usable format where technically feasible.

11.2 How to Submit a Consumer Rights Request

To submit a verifiable consumer request, you may contact us through any of the following methods:

Email: [email protected] (subject line: 'California Privacy Request - [Right You Are Exercising]')

Your request must include: your full name, email address or other contact information, the specific right you are exercising, and sufficient information to verify your identity. We will acknowledge receipt of your request within ten (10) business days and provide a substantive response within forty-five (45) calendar days of receipt. Where reasonably necessary, we may extend the response period by an additional forty-five (45) calendar days, and we will notify you of any such extension.

11.3 Verification Procedures

We will take reasonable steps to verify your identity before processing any consumer rights request. Verification may require you to provide: account login credentials, order confirmation numbers, the email address associated with your account, or other information that matches our records. For requests involving sensitive information or deletion, we may require stronger verification.

We cannot fulfill requests where we are unable to verify the requestor's identity. We will not fulfill requests submitted on behalf of another person unless the authorized agent procedures in Section 11.4 are followed.

11.4 Authorized Agent Procedures

You may designate an authorized agent to submit a consumer rights request on your behalf. To use an authorized agent, you must provide either: (a) written authorization signed by you designating the agent, or (b) a valid power of attorney executed pursuant to California Probate Code Sections 4000-4465. We may contact you directly to verify the request and confirm the agent's authorization. We may deny a request from an agent who cannot provide adequate proof of authorization.

11.5 Do Not Sell or Share My Personal Information

COCO JOJO LLC does not sell personal information for monetary consideration. To the extent we share personal information with third party advertising partners through pixels, tracking technologies, or audience matching tools (as described in Section 4.4 and 7.2), California residents may opt out of such sharing.

To opt out of sharing personal information for cross-context behavioral advertising:

Email: [email protected] with subject line 'Do Not Sell or Share My Personal Information'
Manage cookie preferences through our cookie preference center on www.COCOJOJO.com
Use the Global Privacy Control (GPC) signal in your browser where technically supported

Upon receiving a valid opt-out request, we will honor it within fifteen (15) business days and direct our service providers not to sell or share your personal information. Note that opting out of advertising data sharing may result in less relevant advertising but will not affect your ability to use our services.

11.6 CPRA 12-Month Personal Information Disclosure

During the preceding twelve (12) months, COCO JOJO LLC has collected, disclosed for business purposes, and/or shared the following categories of personal information:

Identifiers (names, email, phone, IP, account credentials) - Collected: Yes | Disclosed for business purposes: Yes (service providers) | Sold: No | Shared for advertising: Yes (hashed emails/identifiers with advertising platforms)
Commercial information (purchase history, transaction records, order data) - Collected: Yes | Disclosed for business purposes: Yes (payment processors, logistics) | Sold: No | Shared for advertising: Limited (purchase behavior with advertising platforms for attribution)
Internet or network activity (browsing, session data, clickstream) - Collected: Yes | Disclosed for business purposes: Yes (analytics, session replay providers) | Sold: No | Shared for advertising: Yes (with advertising platforms through pixels and tracking)
Geolocation data (approximate location from IP) - Collected: Yes | Disclosed for business purposes: Yes (analytics, fraud prevention) | Sold: No | Shared for advertising: Yes (region-based advertising targeting)
Professional or employment information (B2B customers: title, company) - Collected: Yes | Disclosed for business purposes: Yes (CRM, marketing automation) | Sold: No | Shared for advertising: Limited
Sensitive personal information (product sensitivities, health-related cosmetic information, bank account numbers for Net 30) - Collected: Limited | Disclosed for business purposes: Limited (customer service, credit evaluation) | Sold: No | Shared for advertising: No
Inferences (customer profiles, preference data) - Collected: Yes | Disclosed for business purposes: Yes (marketing automation, analytics) | Sold: No | Shared for advertising: Yes (audience segments with advertising platforms)

12. SHINE THE LIGHT (CALIFORNIA CIVIL CODE SECTION 1798.83)

California Civil Code Section 1798.83 permits California customers to request information about the personal information COCO JOJO LLC has shared with third parties for their own direct marketing purposes during the preceding calendar year, including the categories of personal information shared and the names and addresses of those third parties.

To submit a Shine the Light request, email [email protected] with 'Shine the Light Request' in the subject line. We will respond within thirty (30) days of receiving a verifiable request.

13. DATA SECURITY

COCO JOJO LLC implements commercially reasonable and appropriate technical and organizational security measures designed to protect personal information against unauthorized access, disclosure, alteration, loss, or destruction. Our security measures include but are not limited to:

Encryption of data in transit using TLS/SSL and at rest where appropriate
Access controls, role-based permissions, and authentication requirements
Multi-factor authentication for administrative system access
Fraud detection, anomaly monitoring, and security event logging
Regular security assessments, penetration testing, and vendor security reviews
Employee training on data privacy, security practices, and phishing awareness
Incident response procedures and data breach response protocols
Physical security controls at operational facilities

No method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of any system, network, or transmission. COCO JOJO LLC disclaims liability for unauthorized access, cyberattacks, malware, ransomware, data breaches, interception, phishing, third party failures, or events beyond our reasonable control - subject to applicable law.

14. DATA BREACH NOTIFICATION

In the event of a security incident or data breach involving personal information, COCO JOJO LLC will respond in accordance with applicable legal requirements:

California notification: We will notify affected California residents in the most expedient time possible and without unreasonable delay, and will notify the California Attorney General if the breach affects more than 500 California residents, consistent with California Civil Code Sections 1798.29 and 1798.82.
Regulatory notification: We will notify the California Privacy Protection Agency (CPPA) and other applicable regulators as required by the CPRA and related regulations.
Federal notification: We will comply with applicable federal notification requirements including those under the FTC Act, HIPAA (if applicable), and sector-specific laws.
International notification: For EU/UK data subjects, we will comply with GDPR and UK GDPR breach notification requirements including 72-hour notification to supervisory authorities where applicable.

Breach notifications will be provided via email to the address on file, notice on our website, or other appropriate methods. Notifications will include: the nature of the breach, the categories of information involved, steps taken to address the breach, and recommended steps for affected individuals.

15. EMAIL, SMS & MOBILE COMMUNICATIONS

Marketing emails: You may unsubscribe from marketing emails at any time by clicking the 'Unsubscribe' link in any marketing email or by emailing [email protected] with 'Email Unsubscribe' in the subject line. We will process unsubscribe requests within ten (10) business days. Transactional, account-related, and legally required communications may continue after unsubscribe.

SMS messages: By providing your mobile phone number, you consent to receive transactional, operational, customer support, and marketing communications via SMS and related messaging technologies where permitted by law. Consent to marketing SMS is not a condition of purchase. To opt out of marketing SMS messages, reply STOP to any marketing text message or contact [email protected]. Standard message and data rates may apply.

Do-Not-Call: We respect Do-Not-Call registry preferences for telemarketing calls. For questions about telephone communications, contact [email protected].

16. USER GENERATED CONTENT

If you submit reviews, testimonials, comments, photos, videos, before-and-after images, social media tags, product feedback, or other content to COCO JOJO LLC through any channel, you grant COCO JOJO LLC a non-exclusive, worldwide, perpetual, irrevocable, sublicensable, transferable, royalty-free license to use, reproduce, modify, adapt, distribute, display, publish, commercialize, advertise, market, create derivative works from, and otherwise utilize such content for all commercial, operational, analytical, training, marketing, advertising, and promotional purposes without further compensation to you.

You represent and warrant that: you own or have all necessary rights to submitted content; the content does not infringe any third party rights; the content is accurate, truthful, and non-misleading; and the content does not contain unlawful, defamatory, or harmful material. COCO JOJO LLC reserves the right to remove, restrict, or reject any user content at its sole discretion.

17. WHOLESALE, PRIVATE LABEL & CONTRACT MANUFACTURING DATA

Wholesale customers, distributors, resellers, private label clients, and contract manufacturing clients acknowledge that business contact information, project specifications, formulation requests, purchase history, and related commercial data is collected and processed for fulfillment, manufacturing, quality control, regulatory compliance, business operations, and relationship management purposes.

Commercial customers are solely responsible for their own data privacy compliance obligations, including compliance with CCPA/CPRA, GDPR, and applicable laws governing the personal information of their own customers, employees, and business contacts. COCO JOJO LLC does not assume responsibility for commercial customers' privacy compliance obligations.

18. INTERNATIONAL SALES, EXPORT & CUSTOMS DATA

Customers purchasing internationally acknowledge that personal information including names, addresses, tax identification numbers, and commercial information may be shared with customs authorities, freight carriers, freight forwarders, customs brokers, import/export compliance services, and governmental agencies as required by applicable import/export laws and customs regulations. Customers are solely responsible for their own compliance with applicable import laws, customs requirements, duties, taxes, and market-specific regulatory obligations.

19. FTC, FDA & REGULATORY CLAIMS DISCLAIMER

Statements made by COCO JOJO LLC have not necessarily been evaluated by the U.S. Food and Drug Administration. Products are intended for cosmetic purposes only unless explicitly stated otherwise in a signed written agreement. Information provided by COCO JOJO LLC is not intended to diagnose, treat, cure, or prevent any disease. Nothing provided by COCO JOJO LLC constitutes medical advice, pharmaceutical advice, regulatory advice, or professional certification.

20. WIRE FRAUD, PAYMENT SECURITY & IMPERSONATION DISCLAIMER

COCO JOJO LLC is not responsible for losses arising from intercepted communications, fraudulent wire instructions, phishing attacks, unauthorized email activity, cybercrime, payment fraud, deepfake impersonation, AI-generated impersonation, spoofed domains, fake social media accounts, or related third party conduct.

COCO JOJO LLC strongly recommends that all customers independently verify payment instructions, banking information, invoice changes, and wire instructions through a previously verified telephone number or secure communication method before transmitting any funds. COCO JOJO LLC's official communications originate exclusively from @COCOJOJO.com email addresses and verified official channels.

21. GOVERNMENT, REGULATORY & LAW ENFORCEMENT COOPERATION

COCO JOJO LLC may disclose, preserve, transfer, or produce any information, communications, records, account information, transaction records, technical logs, metadata, uploads, payment information, AI logs, session records, and analytics data to regulators, courts, law enforcement authorities, insurers, legal counsel, or governmental agencies where reasonably necessary to: comply with applicable laws or legal process; respond to subpoenas, regulatory inquiries, or governmental requests; cooperate with law enforcement or regulatory investigations; investigate misconduct, fraud, or security incidents; enforce agreements; or protect COCO JOJO LLC's rights, property, employees, customers, or operations.

Users acknowledge that COCO JOJO LLC may be legally required to disclose information without prior notice as permitted or required by law. Where permitted by law, we will make commercially reasonable efforts to notify you of such requests before disclosure unless prohibited by law or court order.

22. INTELLECTUAL PROPERTY & DMCA POLICY

COCO JOJO LLC respects intellectual property rights and expects users to do the same. If you believe content available through our services infringes your intellectual property rights, you may submit a notice to [email protected] containing: identification of the copyrighted work; identification of the allegedly infringing material with sufficient detail to locate it; your contact information; a good faith statement that the use is unauthorized; a statement under penalty of perjury that the information is accurate; and your physical or electronic signature as the rights holder or authorized representative.

COCO JOJO LLC will review DMCA notices and take appropriate action, which may include removing, restricting, or disabling access to allegedly infringing content. COCO JOJO LLC reserves the right to terminate accounts of repeat copyright infringers.

23. CHILDREN'S PRIVACY

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors under 18. If we discover we have inadvertently collected personal information from a minor, we will promptly delete such information. If you believe we have inadvertently collected information from a minor, contact us immediately at [email protected].

For users between the ages of 16 and 18, we do not sell or share personal information without affirmative authorization. We do not have actual knowledge that we sell or share personal information of minors under 16.

24. THIRD PARTY WEBSITES & SERVICES

Our website may contain links to third party websites, social media platforms, marketplace listings, payment portals, and external services. This Privacy Policy does not apply to third party websites or services. We encourage you to review the privacy policies of any third party services you access. COCO JOJO LLC is not responsible for the privacy practices, data handling, security, or content of third party websites or services.

Third party advertising partners, analytics providers, payment processors, and logistics providers operate under their own privacy policies. We select service providers with commercially reasonable privacy and security standards, but we cannot guarantee the practices of third party services.

25. FORCE MAJEURE & OPERATIONAL DISRUPTIONS

COCO JOJO LLC shall not be liable for interruptions, delays, data unavailability, failures, or losses arising from cyberattacks, internet outages, cloud infrastructure failures, AI system outages, third party failures, natural disasters, pandemics, labor shortages, government actions, acts of God, utility failures, supply chain disruptions, banking disruptions, or events beyond our reasonable control, including any impact on data processing, storage, or availability.

26. CHANGES TO THIS PRIVACY POLICY

COCO JOJO LLC reserves the right to update this Privacy Policy at any time. We will post the updated Policy on our website with a new effective date and version number. For material changes - including changes to how we collect, use, or share personal information, or changes to your rights - we will provide at least thirty (30) days advance notice to registered users via email before the changes take effect.

Non-material changes, clarifications, and updates that do not affect your rights or our data practices take effect upon posting. Continued use of our services after the effective date of any change constitutes acceptance of the updated Privacy Policy.

We maintain an archive of prior Privacy Policy versions. To request a prior version, email [email protected].

27. DISPUTE RESOLUTION & GOVERNING LAW

Any disputes relating to this Privacy Policy, our data practices, or your privacy rights are subject to the dispute resolution provisions, mandatory informal resolution requirement, arbitration clause, jury trial waiver, class action waiver, and governing law provisions contained in the COCO JOJO LLC Terms of Service Version 5.0, incorporated herein by reference.

California law governs this Privacy Policy without regard to conflicts of laws provisions. Nothing in this section limits your right to file a complaint with the California Privacy Protection Agency (CPPA), the California Attorney General, or any other applicable regulatory authority.

28. NO WARRANTY REGARDING WEBSITE & INFORMATION ACCURACY

COCO JOJO LLC does not warrant that website content, specifications, pricing, technical information, product descriptions, availability, materials, AI-generated content, or related information is accurate, complete, current, uninterrupted, secure, or error-free. All information is provided for informational purposes only and is subject to change without notice.

29. CALIFORNIA PRIVACY PROTECTION AGENCY & REGULATORY COMPLAINTS

California residents with unresolved privacy complaints, concerns about our data practices, or questions about their privacy rights may contact or file a complaint with:

California Privacy Protection Agency (CPPA)

Website: cppa.ca.gov

Email: [email protected]

California Attorney General - Privacy Enforcement

Website: oag.ca.gov/privacy

We encourage you to contact us first at [email protected] so we can address your concerns directly before involving a regulatory authority.

30. CONTACT INFORMATION & PRIVACY OFFICER

For all privacy-related inquiries, consumer rights requests, data breach notifications, opt-out requests, or questions about this Policy, contact:

Privacy Officer - COCO JOJO LLC

Privacy Requests: [email protected]

General: [email protected]

Website: www.COCOJOJO.com

We are committed to resolving privacy concerns promptly and in good faith. We will acknowledge all privacy inquiries within ten (10) business days.

www.COCOJOJO.com | [email protected]