Last Updated: 6/4/2026
This Privacy Policy for California Residents (“Policy”) supplements the information contained in TreVita, LLC’s (“TreVita” or “company” or “we” or “us” or “our”) Privacy Policy and applies solely to all visitors, users, and others who reside in the state of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act (CCPA), as amended, and any terms defined in the CCPA shall have the same meaning when used in this Policy.
Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
- Publicly available information from government records, through widely distributed media, or that the consumer made publicly available without restricting it to a specific audience.
- Lawfully obtained, truthful information that is a matter of public concern.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, such as:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA); or
- Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or the California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
| Category |
Examples |
Collected |
| A. Identifiers. |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. |
YES |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories. |
YES |
| C. Protected classification characteristics under California or federal law. |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
YES |
| D. Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
YES |
| E. Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
YES |
| F. Internet or other similar network activity. |
Browsing history, search history, information on a consumer’s interaction with a webiste, application, or advertisement. |
YES |
| G. Geolocation data. |
Physical location or movements. |
YES |
| H. Sensory data. |
Audio, electronic, visual, thermal, olfactory, or similar information. |
YES |
| I. Professional or employment-related information. |
Current or past job history or performance evaluations. |
YES |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). |
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. |
NO |
| K. Inferences drawn from other personal information. |
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
YES |
Sensitive Personal Information Categories Chart
Sensitive personal information is a subtype of personal information consisting of the specific information categories listed in the chart below. Importantly, the CCPA only treats this information as sensitive personal information when we collect or use it to infer characteristics about a consumer.
The chart below identifies which sensitive personal information categories, if any, we have collected from consumers to infer characteristics about them in the last 12 months.
| Sensitive Personal Information Category |
Collected to Infer Characteristics? |
| L.1. Government identifiers, such as your Social Security number (SSN), driver’s license, state identification card, or passport number. |
YES |
| L.2. Complete account access credentials, such as usernames, account logins, account numbers, or card numbers combined with required access/security code or password. |
YES |
| L.3. Precise geolocation, such as GPS data from a consumer’s mobile device that can provide its location in a geographic area, with an approximate radius of 1,850 feet. |
NO |
| L.4. Racial or ethnic origin. |
NO |
| L.5. Citizenship or immigration status. |
YES |
| L.6. Religious or philosophical beliefs. |
YES |
| L.7. Union membership. |
NO |
| L.8. Mail, email, or text messages not directed to the Company. |
YES |
| L.9. Genetic data. |
NO |
| L.10. Neural Data, such as information generated by measuring a consumer’s central or peripheral nervous system’s activity that is not inferred from nonneural information. |
NO |
| L.11. Unique identifying biometric information. |
NO |
| L.12. Health information. |
YES |
| L.13. Sex life or sexual orientation information. |
YES |
| L.14. Children’s personal information (under age 16). |
NO |
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms or applications you complete, or from services that you use or purchase from us.
- Indirectly from you. For example, from observing your actions on our Website, social media platforms, and mobile interactions.
- From third parties that interact with us in connection with the products and services we provide, such as credit bureaus and financial institutions, including Plaid, Inc. (“Plaid”), as well as advertising networks and data analytics providers.
- From our affiliates.
- From other customers such as referral programs.
Use of Personal Information
We may use, sell, or disclose the personal information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information. If you provide your personal information to purchase a product or service from us, we will use that information to process your request.
- To meet our obligations and enforce our rights arising from any agreements with you, including for billing or collections, or to comply with legal requirements.
- To provide, support, personalize, and develop our Website, products, and services.
- To create, maintain, customize and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate an address your concerns and monitor and improve our responses.
- To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Website, products and services, databases, and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulation.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Website users and consumers is among the assets transferred.
Use of Sensitive Personal Information
We may use or disclose sensitive personal information for the following statutorily approved reasons
(Permitted SPI Purposes):
- Performing actions that are necessary for our consumer relationship and that an average consumer in a relationship with us would reasonably expect.
- Preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information.
- Defending against and prosecuting those responsible for malicious, deceptive, fraudulent, or illegal actions directed at the Company.
- Ensuring physical safety.
- Short-term, transient use, such as non-personalized advertising shown as part of your current interactions with us, where we do not:
- disclose the sensitive personal information to another third party; or
- use it to build a profile about you or otherwise alter your experience outside your current interaction with the Company.
- Services performed for the Company, including maintaining or servicing accounts, processing or fulfilling transactions, verifying consumer information, processing payments, or providing financing, analytic services, storage, or similar services for the Company.
- Activities required to:
- verify or maintain the quality or safety of a product, service, or device that we own, manufacture, had manufactured, or control; or
- improve, upgrade, or enhance the service or device that we own, manufacture, had manufactured, or controlled.
- Collecting or processing sensitive personal information that we do not use for the purpose of inferring characteristics about a consumer.
We do not use or disclose sensitive personal information for purposes other than the Permitted SPI Purposes. Subject to your limitation rights, the additional sensitive personal information use purposes include all of the purposes described in the Personal Information Collection, Use, and Disclosure Purposes section. For more on your right to limit these additional sensitive personal information use purposes, see the Your Rights and Choices section below.
Additional Categories or Other Purposes
We will not collect additional categories of personal information or use the personal information we have collected for materially different, unrelated, or incompatible purposes without providing you notice. If required by law, we will also seek your consent before using your personal information for a new or unrelated purpose.
We may collect, process, and disclose aggregated or de-identified consumer information for any purpose, without restriction. When we collect, process, or disclose aggregated or deidentified consumer information, we will maintain and use it in deidentified form and will not to attempt to reidentify the information, except to determine whether our deidentification processes satisfies any applicable legal requirements.
Disclosing, Selling, or Sharing of Personal Information
Business Purpose Disclosures
We disclose the above categories of personal information, including sensitive personal information, to service providers and contractors and third parties as set forth above in the Use of Personal Information Section to support our business functions, or as required or permitted by law, including with:
- Our affiliates and subsidiaries;
- Service providers, including financial institutions such as Plaid;
- Third parties to whom you authorize us, directly or indirectly, to disclosing your personal information in connection with the products or services we provide to you; and
- Governmental or regulatory authorities, as required by law.
These disclosures are made to deliver products and services purchased from us, to support customers with using our products and services, including online account management and troubleshooting, and/or to deliver location-based advertising. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract.
Selling or Sharing Personal Information
We may sell your personal information, including sensitive personal information, to third parties, subject to your rights to op-out of those sales, but have not sold it in the preceding 12 months. We may share your personal information with third parties for cross-context behavioral advertising purposes, and have shared your personal information in the preceding 12 months. Our personal information sales do not include information about individuals who we know are under age 16. While we have not sold any personal information in the preceding 12 months, we may do so in the future, which may include all categories of personal information and Sensitive personal information which we collect as identified above, and which may be sold to the following categories of third parties.
- Advertising networks
- Internet service providers
- Data analytics providers
- Government entities
- Operating systems and platforms
- Social networks
- Data brokers or aggregators
- Banks, credit unions, or other institutions offering financing
- Payment processors and collection agencies
These sales are made to learn more about our customers and increase company revenue. In order to exercise your rights to opt out of the sale of your personal information, click here.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”), including the specific pieces of personal information we have collected about you (a “data portability request”). Once receive your request and confirm your identity (See Exercising Your Rights to Know or Delete), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting that personal information.
- If applicable, If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- Sales, identifying the personal information categories that each category of recipient purchased; and
- Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
Right to Delete and Right to Correct
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We will delete or deidentify personal information not subject to one of the following exceptions from our records and will direct our service providers to take similar action.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
You also have the right to request correction of personal information we maintain about you that you believe is inaccurate (the “right to correct”). We may require you to provide documentation, if needed, to confirm your identity and support your claim that the information is inaccurate. Unless an exception applies, we will correct personal information that our review determines is inaccurate and notify our services providers to take appropriate action.
Right to Limit Sensitive Personal Information Use
You have a right to ask businesses that use or disclose your sensitive personal information to limit those actions to just the CCPA’s Permitted SPI purposes (the “right to limit”).
Personal Information Sales or Sharing Opt-Out
You have the right to request that businesses stop selling or sharing your personal information at any time (the “right to opt-out”). Similarly, the CCPA prohibits businesses from selling or sharing the personal information of consumers it actually knows are under 16 years old without first obtaining consent from consumers who are between 13 and 15 years old or the consumer’s parent or guardian for consumers under age 13 (the “right to opt-in”). For more information on exercising your opt-out rights, see Exercising Your Rights.
Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you with a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level of quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
How to Exercise Your Rights
Exercising Your Rights to Know or Delete or Correct
To exercise your rights to know, delete, or correct as described above, please submit a request by either:
Exercising Your Right to Limit or Opt-Out
In order to exercise your rights to opt out of the sale of your personal information, click here. You may also email
[email protected]. You can also submit your request to opt-out of personal information sales and sharing through an opt-out preference signal.
Responding to Your Requests to Know, Delete, or Correct
We will confirm receipt of your request within ten business days. We endeavor to substantively respond to a verifiable request within 45 days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. We will deliver our written response to your verified email address. Our substantive response will tell you whether or not we have complied with your request. If we cannot comply with your request in whole or in part, we will explain the reason, subject to any legal or regulatory restrictions. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, deleted, or made your personal information anonymous in compliance with our record retention policies and obligations.
Any disclosures we provide will cover information for the 12-month period preceding the request’s receipt date. We will consider requests to provide longer disclosure periods that do not extend past January 1, 2022, unless providing the longer timeframe would be impossible or involves disproportionate effort.
For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Verification Process and Authorized Agents
Only you, or someone legally authorized to act on your behalf, may make a request to know or correct or delete related to your personal information. You may also make a request to know or delete on behalf of your child by contacting us via telephone or email at the contact information identified above.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You do not need to create an account with us to submit a request to know or delete. We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.
Response Timing and Format
In response to your request to limit or opt-out, we will process your request, as soon as feasibly possible, but no later than 15 business days from the date we receive the request. Once you make a request to limit or opt-out, we will wait at least 12 months before asking you to reauthorize the use or disclosure of your sensitive personal information for purposes other than the Permitted SPI Purposes or personal information sales or sharing.
Changes to our Privacy Policy
We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated noticed on the Website and update the notice’s effective date.
Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
Contact Information
If you have any questions or comments about this notice, the ways in which Sundance collects and uses your information described here and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Phone: 866-858-5593
Website: trevita.com
Email: [email protected]
Postal Address:
TreVita, LLC 1065 Fifth Ave
STE 200
San Diego, CA, 92101
If you need to access this Policy in an alternative format due to having a disability, please contact us at
[email protected] or
866-858-5593.