PRIVACY POLICY

Effective Date: February 7, 2026 Last Updated: February 7, 2026

The Bacchus Co. ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website thebacchusco.com (the "Site") or engage with our manufacturing and supply chain management services.

By accessing or using our Site or services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Site or use our services.

2.1 Personal Information You Provide (Forms, Quotes, NDAs, and Communications)

We collect personal information that you voluntarily provide to us when you:

Request a quote for manufacturing, tooling, product development, or supply chain services (including RFQs/RFPs)
Submit product concepts, ideas, prototypes, or designs for evaluation, manufacturability review, or sourcing
Execute non-disclosure agreements (NDAs) or other agreements (including via electronic signature platforms)
Complete website forms (e.g., contact forms, quote forms, “schedule a call,” newsletters, event registration)
Communicate with us by email, phone, video call, chat, or through customer portals
Place orders or otherwise enter into a business relationship with us
Apply for employment or submit information for potential partnerships/vendor onboarding

This information may include (depending on your interactions with us):

Identifiers & Contact Information: Name, business email address, phone number, mailing address, company name, job title, department
Commercial & Transaction Information: Quote and order details, purchase order information, billing/shipping details, records of products or services considered or purchased
Business & Professional Information: Company details, role-related information, supplier/vendor details, certifications, and related due diligence information
Technical / Confidential Project Information: Product designs, CAD files, drawings, specifications, prototypes, testing requirements, packaging/branding assets, and other IP-related concepts submitted for review or production (including information exchanged under an NDA)
Communications: Content of your messages and our responses, meeting notes, call recordings where permitted by law and with appropriate notice/consent
Employment-Related Information (if applicable): Resume/CV, work history, references, and recruiting communications
Legal/Contract Information: Signed NDAs, contractual documents, compliance documentation, and related correspondence

We do not intentionally request or require sensitive personal information for typical customer interactions. If you choose to provide sensitive personal information, you consent to our processing of it as described in this Privacy Policy and as permitted by applicable law.

2.2 Information Automatically Collected

When you visit our Site, we may automatically collect certain information about your device and browsing activity, including:

Device Information: IP address, browser type and version, operating system, device identifiers
Usage Data: Pages viewed, time spent on pages, links clicked, referring/exit pages, date and time stamps
Location Data: General geographic location based on IP address
Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see Section 8)

2.3 Information from Third Parties

We may receive information about you from third parties, including:

Business partners and referral sources
Marketing and analytics providers
Public databases and data aggregators
Social media platforms (if you interact with our social media accounts)

We use the information we collect for the following purposes:

3.1 Service Delivery and Business Operations

To provide quotes, RFQs/RFP responses, feasibility feedback, and cost estimates
To evaluate manufacturability and coordinate engineering, tooling, and production planning
To develop, manufacture, assemble, finish, package, and deliver custom parts and products
To execute and administer NDAs, statements of work, purchase orders, and other contracts
To communicate with you regarding projects, orders, timelines, specifications, and service updates
To manage supply chain logistics, sourcing, storage, fulfillment, shipping, and returns
To provide product development, patent assistance support (as applicable), branding, and marketing services you request
To maintain quality control, perform inspections/testing, and support continuous improvement
To provide customer support and respond to inquiries

3.2 Legal Bases / Purposes (Where Applicable)

Where required by law (including in certain international jurisdictions), we process personal information based on one or more of the following: fulfilling a contract, our legitimate interests (e.g., operating our business, securing systems, preventing fraud), compliance with legal obligations, and/or your consent (e.g., certain marketing communications and non-essential cookies).

3.2 Legal and Compliance

To execute and enforce NDAs and other legal agreements
To protect intellectual property rights (yours and ours)
To comply with legal obligations, regulations, and industry standards
To respond to legal requests, court orders, or government inquiries
To establish, exercise, or defend legal claims

3.3 Communication and Marketing

To respond to inquiries, requests, and customer service needs
To send administrative information, updates, and notices
To provide newsletters, marketing materials, and promotional offers (with your consent)
To conduct surveys and gather feedback

3.4 Analytics and Improvement

To analyze website usage and improve user experience
To conduct data-driven market research and product analysis
To monitor and improve our services, processes, and quality control
To detect, prevent, and address technical issues and security threats

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers and Business Partners

We may share information with third-party vendors, contractors, and service providers who perform services on our behalf, including:

Manufacturing facilities and subcontractors in Asia, the USA, and South America
Logistics, shipping, warehousing, and fulfillment providers
Payment processors and financial institutions
Cloud storage and IT infrastructure providers
Marketing, analytics, and customer relationship management platforms
Legal, accounting, and professional advisors

These parties are contractually obligated to maintain confidentiality and use your information only for the purposes we specify.

4.2 Business Transfers

If we are involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change and how it affects your personal information.

4.3 Legal Requirements and Protection

We may disclose your information when required by law or when we believe disclosure is necessary to:

Comply with legal obligations, court orders, or government requests
Enforce our Terms and Conditions, NDAs, or other agreements
Protect the rights, property, or safety of The Bacchus Co., our employees, customers, or the public
Detect, prevent, or investigate fraud, security breaches, or illegal activities

4.4 With Your Consent

We may share your information with third parties when you have provided explicit consent for us to do so.

4.5 Confidential Information Under NDA

When you execute an NDA with us, any confidential information shared is protected according to the terms of that agreement. We implement strict internal controls to ensure that confidential project information is accessible only to employees and contractors who require it for project execution.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods vary based on the type of information:

Active Customer Data: Retained for the duration of the business relationship plus seven (7) years
Quote Requests: Retained for three (3) years from the date of inquiry
NDA Documentation: Retained according to the terms specified in each NDA, typically for the duration of the agreement plus seven (7) years
Project Files and Designs: Retained for ten (10) years or as contractually specified
Marketing Communications: Retained until you unsubscribe or request deletion
Website Analytics: Aggregated data retained indefinitely; individual user data retained for twenty-six (26) months

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention policies and applicable law.

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Portability

You have the right to request access to the personal information we hold about you and to receive a copy in a structured, commonly used, machine-readable format.

6.2 Correction and Update

You have the right to request correction of inaccurate or incomplete personal information.

6.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, contract performance, legitimate business needs).

6.4 Restriction and Objection

You have the right to request restriction of processing or to object to processing of your personal information in certain circumstances.

6.5 Opt-Out of Marketing

You may opt out of receiving marketing communications at any time by:

Clicking the "unsubscribe" link in our emails
Contacting us using the information in Section 13
Updating your communication preferences in your account (if applicable)

6.6 Do Not Sell/Share My Personal Information

Under certain state laws (including the California Consumer Privacy Act), you have the right to opt out of the "sale" or "sharing" of your personal information. We do not sell personal information as defined by these laws.

6.7 Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights.

6.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected] Subject Line: Privacy Rights Request

We will respond to your request within the timeframe required by applicable law (typically 30-45 days). We may need to verify your identity before processing your request.

We implement reasonable administrative, technical, and physical security measures designed to protect your personal information and confidential project information from unauthorized access, disclosure, alteration, and destruction. These measures include (as appropriate):

Encryption of data in transit and at rest
Secure Socket Layer (SSL)/TLS technology for data transmission
Access controls, role-based permissions, and authentication procedures
Vendor due diligence and contractual confidentiality/data protection obligations for service providers
Network monitoring, logging, and threat detection measures
Regular security assessments, patching, and updates
Employee training on data protection, confidentiality, and secure handling of customer IP
Physical security measures at our facilities and data centers
Secure backup and recovery procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Special Protection for Confidential Project Information: All information covered by executed NDAs is subject to additional security protocols, which may include restricted access on a need-to-know basis, encryption, secure file transfer systems, confidentiality markings/handling procedures, and periodic access reviews.

Our Site uses cookies and similar tracking technologies (such as pixels, tags, and local storage) to enhance user experience, analyze website traffic, measure marketing effectiveness, and support Site functionality.

8.1 Types of Cookies We Use

Essential Cookies: Required for website functionality and navigation (e.g., security, load balancing, basic preferences)
Performance Cookies: Collect information about how visitors use our Site to help us improve performance
Functionality Cookies: Remember your preferences and settings
Analytics Cookies: Help us understand user behavior and improve our Site
Advertising/Targeting Cookies (if enabled): Used to deliver and measure ads and campaigns, and to help limit repetitive ads

8.2 Third-Party Cookies / Tracking

We may use third-party analytics and marketing tools (such as Google Analytics or similar providers) that use cookies or comparable technologies to collect and analyze usage data and measure campaign performance. These third parties process information under their own privacy policies and may provide opt-out mechanisms.

8.3 Cookie Choices and Controls

You can control and manage cookies through your browser settings. You may also be able to use device-level controls to limit ad tracking. If we deploy a cookie preference banner/consent tool, you can use it to manage non-essential cookies where required by applicable law. Please note that disabling cookies may affect the functionality of our Site.

8.4 Do Not Track / Global Privacy Control

Some browsers or extensions support “Do Not Track” (DNT) signals, and some support the Global Privacy Control (GPC) signal. Because there is no universally accepted standard for DNT, we do not respond to all DNT signals. Where required by applicable law (including certain U.S. state privacy laws), we will treat applicable opt-out preference signals such as GPC as a request to opt out of certain data uses considered “sale” or “sharing” (as those terms are defined by law), to the extent we engage in such activities.

Our Site may contain links to third-party websites, services, or resources. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

The Bacchus Co. operates globally with manufacturing facilities and partners in Asia, the USA, and South America. Your information may be transferred to, stored, and processed in countries other than your country of residence, which may have different data protection laws.

When we transfer personal information internationally, we implement appropriate safeguards, including:

Standard contractual clauses approved by regulatory authorities
Data processing agreements with international partners
Compliance with cross-border data transfer regulations
Ensuring adequate levels of data protection

Our Site and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:

Right to Know/Access: The categories and specific pieces of personal information we have collected about you, including categories of sources, purposes of use, and categories of third parties with whom we disclose information
Right to Delete: Request deletion of personal information, subject to exceptions
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing: Opt out of the “sale” or “sharing” of personal information (as those terms are defined by the CCPA/CPRA). We do not sell personal information for money. We may disclose information to service providers/contractors for business purposes, and certain online analytics/advertising activities may be considered “sharing” under CPRA depending on configuration. Where applicable, you may opt out using available controls (including recognized preference signals such as GPC, as described in Section 8.4).
Right to Limit Use/Disclosure of Sensitive Personal Information: Where we collect sensitive personal information as defined by CPRA, you may have the right to limit its use/disclosure, subject to permitted business purposes
Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Authorized Agents: You may use an authorized agent to submit certain requests. We may require proof of the agent’s authority and may also require you to verify your identity directly with us.

Verification: We will verify your identity before fulfilling certain requests, which may require matching information you provide with information we maintain.

California Shine the Light Law: California residents may request information about certain disclosures of personal information to third parties for direct marketing purposes, if applicable.

Other U.S. State Privacy Laws: Depending on your state of residence, you may have similar rights (e.g., access, deletion, correction, opt-out of certain processing such as targeted advertising). You may contact us using the method below to submit requests.

To exercise these rights, contact us at [email protected] with "Privacy Rights Request" (or "California Privacy Rights") in the subject line.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this Privacy Policy
Notify you by email or through a prominent notice on our Site
Obtain your consent if required by law

We encourage you to review this Privacy Policy periodically. Your continued use of our Site or services after changes are posted constitutes your acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

The Bacchus Co. Phoenix, Arizona, USA Email: [email protected] Website: thebacchusco.com

For privacy-specific inquiries, please include "Privacy Policy Inquiry" in the subject line.

Any disputes arising from this Privacy Policy or our data practices shall be resolved in accordance with the dispute resolution provisions set forth in our Terms and Conditions.