PRIVACY POLICY
 Last updated: March 5, 2025

NOUR SOLAR, LLC (“we,” “us,” or “our”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy. This Privacy Policy describes how we collect, use, disclose, and protect your personal information, particularly in compliance with California law, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and other applicable privacy regulations.

TABLE OF CONTENTS

  1. INFORMATION WE COLLECT 3

(A) Personal Information You Provide to Us 3

(B) Sensitive Personal Information 3

(C) Information Automatically Collected 3

(D) Information from Third Parties 3

  1. HOW WE USE YOUR INFORMATION 4
  2. DISCLOSURE OF PERSONAL INFORMATION 5

(A) Vendors, Consultants, and Other Third-Party Service Providers 5

(B) Business Transfers 6

(C) Compliance with Legal Obligations 6

(D) Protecting Our Business Interests 7

(E) Aggregated or De-Identified Information 7

  1. YOUR PRIVACY RIGHTS UNDER CALIFORNIA LAW 7

(A) Right to Know and Access 7

(B) Right to Delete 8

(C) Right to Correct Inaccurate Information 8

(D) Right to Opt-Out of the Sale or Sharing of Personal Information 8

(E) Right to Limit the Use and Disclosure of Sensitive Personal Information 9

(F) Right to Non-Discrimination 9

(G) How to Exercise Your Rights 9

(H) Verification Process 10

(I) Response Time and Process 10

  1. COOKIES AND TRACKING TECHNOLOGIES 10
  2. DATA RETENTION 10

(A) General Retention Principles 11

(B) Specific Retention Periods 11

(C) Consumer Rights Regarding Retention 12

(D) Secure Deletion Practices 12

  1. SECURITY MEASURES 13

(A) Organizational Security Measures 13

(B) Technical Security Measures 13

(C) Consumer Rights Regarding Data Security 14

(D) Security Incident Response and Data Breaches 14

(E) Secure Data Disposal 14

  1. CHILDREN’S PRIVACY 14

(A) No Intentional Collection of Children’s Data 15

(B) Parental Consent for Users Under 13 (COPPA Compliance) 15

(C) No Sale or Sharing of Data for Users Under 16 (CCPA/CPRA Compliance) 15

(D) Minor’s Right to Delete Content (California “Eraser” Law) 15

  1. CALIFORNIA “SHINE THE LIGHT” DISCLOSURE 16

(A) Your Right to Request Information 16

(B) How to Submit a Request 16

(C) Exceptions to the “Shine The Light” Law 17

  1. STATE-SPECIFIC PRIVACY POLICY 17

(A) Virginia Consumer Data Protection Act (CDPA) 17

(B) Colorado Privacy Act (CPA) 17

(C) Connecticut Data Privacy Act (CTDPA) 18

(D) Utah Consumer Privacy Act (UCPA) 18

(E) Nevada Privacy Law 18

(F) Illinois, Texas, and Washington – Biometric Data Laws 18

(G) Data Breach Notification Laws (All 50 States) 19

(H) How to Exercise Your State-Specific Rights 19

  1. UPDATES TO THIS PRIVACY POLICY 19
  2. CONTACT INFORMATION 19

 

  • INFORMATION WE COLLECT

We collect personal information in the following ways:

(A) Personal Information You Provide to Us

We collect personal information that you voluntarily provide when using our services. This may include:

  • Full name
  • Email address
  • Phone number
  • Mailing address
  • Job title
  • Homeownership status
  • Contact preferences

(B) Sensitive Personal Information

When necessary, with your consent or as permitted by law, we may process the following sensitive personal information:

  • Financial data (e.g., creditworthiness, payment details)
  • Precise geolocation data

(C) Information Automatically Collected

We automatically collect certain data when you interact with our website or services, such as:

  • Device and usage data (IP address, browser type, device type, operating system, referring URLs, etc.)
  • Location data (based on your IP address or GPS, if enabled)
  • Log data (timestamps, pages viewed, interactions, system errors, etc.)

(D) Information from Third Parties

We may collect data from third-party sources such as:

  • Public databases
  • Marketing partners
  • Social media platforms
  • Data brokers (if applicable, subject to your rights under California law)

  • HOW WE USE YOUR INFORMATION

We process your personal information for legally permissible business purposes including but not limited to:

  • Providing and Improving Services – To provide, support, personalize, and improve our website, services, and customer interactions.
  • Processing Transactions – To process payments, manage billing, and facilitate orders and service fulfillment.
  • Marketing and Advertising – To send promotional materials, targeted advertisements, special offers, and newsletters (subject to your preferences).
  • Fraud Prevention and Security – To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities.
  • Legal Compliance – To comply with legal, regulatory, and contractual obligations, including responding to subpoenas, law enforcement requests, and audits.
  • Customer Service and Support – To respond to inquiries, troubleshoot issues, and provide technical or operational support.
  • Internal Research and Development – To analyze usage trends, improve service functionality, and develop new features and offerings.
  • User Experience Personalization – To tailor content, recommendations, and user interactions based on preferences and past interactions.
  • Employment and Recruiting – If you apply for a job with us, to evaluate applications, conduct background checks (if applicable), and manage hiring processes.
  • Data Analytics and Performance Monitoring – To track engagement, measure website traffic, and enhance operational efficiency.
  • Business Transfers – In the event of a merger, acquisition, bankruptcy, or sale of assets, personal information may be transferred as part of the business transaction.
  • Enforcing Our Policies and Agreements – To protect our rights, enforce contractual obligations, and resolve disputes.
  • Geolocation-Based Services – If enabled, to provide location-based services, such as service availability, pricing adjustments, or security monitoring.
  • Compliance with Consumer Rights Requests – To process requests under CCPA/CPRA, such as data access, deletion, and opt-out requests.
  • Network and IT Security – To maintain and secure our systems, prevent cyber threats, and ensure the integrity of our technological infrastructure.
  • Short-Term, Transient Use – If applicable, to process transactions in a manner that does not involve creating a user profile or persistent tracking.
  • Contractual Performance – To fulfill obligations arising from contracts between you and us, including service agreements and warranties.

We may also use your personal information for purposes that are reasonably compatible with those outlined in this Privacy Policy, including but not limited to improving our services, enhancing user experience, conducting internal research, ensuring security, and complying with legal obligations. If we intend to use your information for a materially different, unrelated, or incompatible purpose, we will provide prior notice and obtain your consent where required by law.

  • DISCLOSURE OF PERSONAL INFORMATION

We may disclose your personal information to third parties as permitted under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), for business purposes or as required by law. We do not sell personal information, but we may share it as outlined below.

(A) Vendors, Consultants, and Other Third-Party Service Providers

We may share your data with third-party vendors, service providers, contractors, or agents (“third parties”) who perform services for us or on our behalf and require access to personal information to carry out their work. These third parties are contractually obligated to protect your personal data and are prohibited from using it for any purpose other than those specified by us.

The categories of third parties we may share personal information with include:

  • Ad Networks (for targeted advertising, marketing campaigns, and promotional content)
  • Communication & Collaboration Tools (for customer support, chat services, and internal communication)
  • Data Analytics Services (to analyze service performance and improve our offerings)
  • Order Fulfillment Service Providers (for processing and delivering customer purchases)
  • Payment Processors (to handle transactions securely)
  • Performance Monitoring Tools (to track and optimize system reliability and efficiency)
  • Retargeting Platforms (for remarketing and interest-based advertising)
  • Sales & Marketing Tools (to enhance lead generation, outreach, and sales performance)
  • Social Networks (for social media integration, engagement tracking, and advertising)
  • Testing Tools (to improve the functionality and usability of our services)
  • Website Hosting Service Providers (to ensure secure access to our website and services)
  • Data Storage Service Providers (to securely store customer data and business information)
  • Government Entities (as required to comply with applicable laws, investigations, or legal processes)
  • Finance & Accounting Tools (for bookkeeping, financial recordkeeping, and invoicing)

(B) Business Transfers

If we engage in a merger, acquisition, restructuring, or sale of assets, personal information may be transferred as part of that transaction. In such cases, we will ensure that the recipient of your data continues to honor the commitments made in this Privacy Policy.

(C) Compliance with Legal Obligations

We may disclose personal information if required by law or in response to valid legal requests, such as:\n

  • Court orders, subpoenas, or legal processes
  • Regulatory or government agency requests (including law enforcement)
  • Investigations into fraud, cyber threats, or illegal activities
  • To protect our rights, property, or the safety of our customers, employees, and the public

(D) Protecting Our Business Interests

We may disclose information when necessary to:\n

  • Enforce our terms of service, contracts, and policies
  • Prevent fraud, security breaches, and other unlawful activities
  • Ensure the security and functionality of our website and services

(E) Aggregated or De-Identified Information

We may share aggregated, anonymized, or de-identified information with third parties for analytical, research, or business development purposes. This data cannot be linked back to individual users.

We do not share personal information for materially different, unrelated, or incompatible purposes without providing prior notice and obtaining consent where required by law.

 

  • YOUR PRIVACY RIGHTS UNDER CALIFORNIA LAW

As a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These rights provide greater transparency, control, and protections over how your data is collected, used, and shared.

(A) Right to Know and Access

You have the right to request:

  • The categories of personal information we have collected about you.
  • The specific pieces of personal information we have collected.
  • The sources from which we collect personal information.
  • The business or commercial purposes for which we collect, use, and share your information.
  • The categories of third parties with whom we share your data.
  • The categories of personal information disclosed for a business purpose and the categories of recipients.

You may submit a request for this information twice within a 12-month period free of charge.

(B) Right to Delete

You may request that we delete your personal information, subject to certain exceptions. We may deny deletion requests if retaining the data is necessary to:

  • Complete a transaction or provide services you requested.
  • Detect security incidents, fraud, or illegal activity.
  • Comply with legal obligations (such as tax or regulatory requirements).
  • Exercise, establish, or defend legal claims.
  • Conduct internal research to improve our services.
  • Enable solely internal uses aligned with consumer expectations.

If we deny your deletion request, we will provide the specific reason in our response.

(C) Right to Correct Inaccurate Information

If you believe that any personal information we maintain about you is inaccurate, you have the right to request that we correct it. We will take reasonable steps to verify the accuracy of the updated information and correct any errors.

(D) Right to Opt-Out of the Sale or Sharing of Personal Information

We do not sell personal information. However, we may share data for purposes such as targeted advertising. Under CPRA, you have the right to opt out of such sharing.

To opt out, you may:

  • Use the “Do Not Sell or Share My Personal Information” link on our website.
  • Submit a request via email at [email protected].
  • Enable Global Privacy Control (GPC) signals in your browser settings, which we honor.

If you opt out, we will not share your personal information for targeted advertising purposes.

(E) Right to Limit the Use and Disclosure of Sensitive Personal Information

If we collect sensitive personal information (e.g., financial data, precise geolocation, racial or ethnic origin), you have the right to limit its use to what is strictly necessary for providing our services.

To exercise this right, you may:

(F) Right to Non-Discrimination

You have the right to equal service and pricing when exercising your privacy rights. We will not:

  • Deny you goods or services.
  • Charge different prices or impose penalties.
  • Provide a different level of service.

However, if you participate in a financial incentive program (such as discounts in exchange for personal data), we will provide clear terms and ensure compliance with CPRA’s fair value assessment.

(G) How to Exercise Your Rights

To submit a request to access, correct, delete, or opt out of the sale/sharing of your personal information, you may:

(H) Verification Process

To protect your privacy, we will verify your identity before processing your request. You may need to provide:

  • A valid email address or phone number.
  • Additional identifying details that match our records.
  • A signed declaration under penalty of perjury (if required for high-risk requests).

If an authorized agent submits a request on your behalf, we may require:

  • Written authorization from you confirming the agent’s authority.
  • Direct verification from you before proceeding.

(I) Response Time and Process

We will confirm receipt of your request within 10 business days and respond within 45 calendar days. If an extension is needed, we will notify you within the initial timeframe and provide an explanation.

 

  • COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to enhance your experience, analyze trends, and track website activity. You can manage your cookie preferences via your browser settings or through our Cookie Policy.

We honor Global Privacy Control (GPC) signals as a mechanism to exercise opt-out rights under California law.

  • DATA RETENTION

We retain personal information for no longer than is reasonably necessary to fulfill the purposes for which it was collected. The retention period depends on the type of data, legal requirements, and business needs.

(A) General Retention Principles

We determine how long to retain personal information based on the following factors:

  • The purpose for which the information was collected.
  • The necessity of retaining data to provide services.
  • Whether there are legal, contractual, tax, or compliance obligations that require retention.
  • Security considerations, including fraud detection and prevention.
  • Whether the data is subject to a consumer’s request for deletion.

(B) Specific Retention Periods

Unless otherwise required by law, we retain personal information according to the following guidelines:

Category of Personal Information

Retention Period

Identifiers (e.g., name, email, phone)

As long as necessary for service delivery or until an account is deleted.

Financial Information (e.g., payment details)

Retained for the duration of the transaction, plus any legally required retention period (e.g., tax or audit purposes, typically 7 years).

Commercial Information (e.g., purchase history)

Retained for 5 years after the last transaction or interaction with our services.

Internet/Network Activity (e.g., browsing history)

Retained for 1 year for analytics and security purposes.

Geolocation Data

Retained for 90 days unless required for fraud prevention or legal compliance.

Employment-Related Information

Retained for 7 years post-employment or application per labor law requirements.

Sensitive Personal Information

Retained only as long as necessary to provide requested services and fulfill compliance obligations.

Inferences (e.g., profiles and preferences)

Retained for 1 year, unless actively used for personalization, in which case retention is extended.

(C) Consumer Rights Regarding Retention

California residents may request:

  • Deletion of personal information that is no longer necessary for business or legal purposes.
  • A list of retention periods for specific data categories, upon request.

(D) Secure Deletion Practices

When personal information is no longer needed, we:

  • Permanently delete or anonymize the data to prevent re-identification.
  • Securely archive records that must be retained for legal purposes.
  • Ensure third-party service providers follow similar retention and deletion policies.

We review our retention policies at least annually to ensure compliance with CCPA/CPRA and industry best practices.

  • SECURITY MEASURES

We implement reasonable and appropriate security measures to protect personal information from unauthorized access, disclosure, alteration, and destruction. However, no security system is completely infallible, and we cannot guarantee absolute protection.

(A) Organizational Security Measures

We maintain policies and procedures to ensure that personal information is handled securely and access is restricted to authorized personnel only. These measures include:

  • Access controls – Only employees with a legitimate business need can access sensitive data.
  • Confidentiality agreements – Staff and contractors handling personal data are required to sign confidentiality agreements.
  • Regular security training – Employees receive ongoing training on data protection best practices and threat mitigation.
  • Incident response procedures – We have an established protocol for identifying, responding to, and mitigating data breaches.

(B) Technical Security Measures

We employ industry-standard technical safeguards, including:

  • Encryption – Personal information is encrypted in transit and at rest where required.
  • Secure data storage – We store personal information in protected databases with strict access controls.
  • Firewall and intrusion detection systems – We monitor our network for unauthorized access attempts and suspicious activity.
  • Multi-factor authentication (MFA) – MFA is used to enhance security for access to sensitive data.
  • Data minimization – We limit the collection and retention of personal information to what is necessary for business and legal purposes.

(C) Consumer Rights Regarding Data Security

Under CCPA/CPRA, consumers have the right to:

  • Request details about our security practices related to personal data protection.
  • Report concerns about data security breaches or unauthorized access.

(D) Security Incident Response and Data Breaches

In the event of a data breach affecting personal information, we will:

  • Investigate the breach and take necessary corrective actions.
  • Notify affected consumers as required by law, including providing details about the nature of the breach and steps to mitigate harm.
  • Report the incident to relevant regulatory authorities when legally required.

(E) Secure Data Disposal

When personal information is no longer needed, we:

  • Permanently delete or anonymize data to prevent re-identification.
  • Ensure secure disposal of physical and electronic records through shredding or wiping.
  • Require third-party service providers to follow similar data disposal standards.

We regularly review and update our security policies to comply with evolving legal requirements and industry standards, ensuring full compliance with CCPA/CPRA and best practices for data protection.

  • CHILDREN’S PRIVACY

We do not knowingly collect, use, or disclose personal information from children under the age of 13, in compliance with the Children’s Online Privacy Protection Act (COPPA), and do not knowingly sell or share personal information of consumers under the age of 16, in accordance with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

(A) No Intentional Collection of Children’s Data

Our services are not directed to children under 13, and we do not knowingly collect personal information from them. If we become aware that we have inadvertently collected data from a child under 13, we will take immediate steps to delete it.

(B) Parental Consent for Users Under 13 (COPPA Compliance)

If a situation arises where we must collect personal information from a child under 13, we will:

  • Obtain verifiable parental consent before collecting, using, or disclosing their information.
  • Provide parents with the right to review, delete, or refuse further collection of their child’s information.
  • Limit the use of such information strictly to necessary and authorized purposes.

Parents or guardians who believe their child has provided personal information without consent should contact us immediately at [email protected], and we will promptly investigate and delete any such data.

(C) No Sale or Sharing of Data for Users Under 16 (CCPA/CPRA Compliance)

We do not sell or share personal information of users under 16 years of age for targeted advertising or other commercial purposes. If we become aware that a user under 16 has opted into data sharing without proper consent, we will immediately revoke such sharing and delete the data upon request.

(D) Minor’s Right to Delete Content (California “Eraser” Law)

If a California resident under the age of 18 has publicly posted content on our platform, they may request deletion by contacting [email protected]. While we will make reasonable efforts to remove such content, this does not ensure complete removal, particularly if:\n

  • The content has been reposted or shared by others.
  • The removal is not required by law.
  • The data is stored for legal compliance or security purposes.

  • CALIFORNIA “SHINE THE LIGHT” DISCLOSURE

Under California Civil Code Section 1798.83, also known as the “Shine The Light” Law, California residents have the right to request information about how their personal information is shared with third parties for direct marketing purposes.

(A) Your Right to Request Information

If you are a California resident, you may request:

  • A list of categories of personal information we disclosed to third parties for their direct marketing purposes in the preceding calendar year.
  • The names and addresses of all third parties with whom we shared personal information for direct marketing purposes.
  • Confirmation of whether we shared your personal information for direct marketing purposes.

We do not share personal information with third parties for their direct marketing purposes unless you have provided explicit consent.

(B) How to Submit a Request

To request this information, you may contact us once per calendar year by:
 📧 Email: [email protected]
 📍 Mail: NOUR SOLAR, LLC, 2108 N St, Ste N, Sacramento, CA 95816, United States

In your request, please include:

  • Your full name
  • Your California residence address
  • A statement confirming that you are a California resident
  • Whether you prefer to receive the response via email or mail

We will respond within 30 days of receiving a verified request.

(C) Exceptions to the “Shine The Light” Law

This law does not apply if a business:

  • Provides consumers a choice to opt-in or opt-out of direct marketing-related data sharing, and
  • Maintains a policy where it does not disclose personal information for direct marketing purposes unless the consumer explicitly agrees to such sharing.

  • STATE-SPECIFIC PRIVACY POLICY

In addition to our compliance with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), we recognize and adhere to other state privacy laws applicable to residents of various U.S. states. If you are a resident of one of the states listed below, you may have additional rights regarding your personal information.

(A) Virginia Consumer Data Protection Act (CDPA)

Under the Virginia CDPA, residents have the right to:

  • Access personal information we have collected about them.
  • Correct inaccuracies in their personal information.
  • Delete personal data provided by or obtained about them.
  • Opt out of data processing for targeted advertising, sale of personal data, or profiling that produces legal or similarly significant effects.
  • Request information about data categories, processing purposes, and third-party disclosures.

(B) Colorado Privacy Act (CPA)

If you are a Colorado resident, you have the following rights under the Colorado CPA:

  • Right to Access – You may request to access your personal data.
  • Right to Correct – You can request corrections to inaccurate information.
  • Right to Delete – You can request deletion of your personal data.
  • Right to Data Portability – You may obtain a copy of your personal data in a portable format.
  • Right to Opt-Out – You may opt out of targeted advertising, data sales, and profiling used for decisions that may affect you legally or financially.

(C) Connecticut Data Privacy Act (CTDPA)

Under the Connecticut Data Privacy Act (CTDPA), Connecticut residents have rights similar to those under the Colorado and Virginia privacy laws, including the right to:

  • Confirm, correct, or delete personal data.
  • Opt out of targeted advertising, data sales, and automated profiling.
  • Request access to personal data and receive a copy in a portable format.

(D) Utah Consumer Privacy Act (UCPA)

The Utah Consumer Privacy Act (UCPA) provides Utah residents with the right to:

  • Access personal data collected about them.
  • Delete personal information they provided to us.
  • Obtain a portable copy of their personal data.
  • Opt out of the sale of personal data and targeted advertising.

(E) Nevada Privacy Law

Under Nevada’s privacy law, residents have the right to opt out of the sale of their personal information. However, we do not sell personal information.

(F) Illinois, Texas, and Washington – Biometric Data Laws

If you are a resident of Illinois, Texas, or Washington, you are protected under biometric privacy laws. These laws require that businesses:

  • Obtain explicit consent before collecting biometric data (e.g., fingerprints, facial recognition data).
  • Clearly disclose how biometric data is used, stored, and retained.
  • Provide individuals with the right to request deletion of biometric data.

(G) Data Breach Notification Laws (All 50 States)

We comply with state-specific data breach notification laws across all U.S. states, including California, New York, Texas, and Florida. If your personal information is involved in a data breach, we will notify you as required by law.

(H) How to Exercise Your State-Specific Rights

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Nevada, Illinois, Texas, Washington, or any other state with applicable privacy laws, you can submit a request to:

📧 Email: [email protected]
 📍 Mail: NOUR SOLAR, LLC, 2108 N St, Ste N, Sacramento, CA 95816, United States

We will process verified requests within 45 days (with a possible 45-day extension where necessary).

  • UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. Any changes will be posted with an updated “Last Updated” date. If material changes are made, we will notify you via email or website notice.

  • CONTACT INFORMATION

For any privacy-related inquiries, you may contact us at:

NOUR SOLAR, LLC
 2108 N St, Ste N
 Sacramento, CA 95816
 United States
 Email: [email protected]