We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use, and share your personal information. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.

‍

We collect, use and are responsible for certain personal information about you. When we do so we are subject to various laws in the United States and we are responsible as “controller” of that personal information for the purposes of those laws if and when they apply.

‍

We have prepared this Privacy Policy to help you understand our practices with respect to the collection, use, and disclosure of information we collect from you through (i) www.amicuslux.com, its subdomains, joincru.app, and any other website where our Terms of Service are posted; (ii) our online hosted services; and (iii) our “Software”, meaning, collectively, our browser extensions, mobile applications, other downloadable apps, including the “Crü” app, application programming interfaces (“APIs”), and tools and documentation (collectively, the “Services”).

‍

1. Key Terms. It would be helpful to start by explaining some key terms used in this policy:

2. Personal Information We Collect About You. We may collect and use the following personal information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

This personal information is required to provide products to you. If you do not provide the personal information we ask for, it may delay or prevent us from providing products to you.

‍

3. Third-Party Integrations. Certain aspects of the Services allow you to link or integrate third-party products and services to enable certain features and functionalities with the Services. If you choose to use these features or functionalities, you may be asked to create an account with a third party that provides such features or functionalities or link your existing third-party service account with the Services (and, by doing so, agree to the privacy policy and/or terms and conditions of that third party). You may also be asked to authorize the Services to collect information from the third party on your behalf. We will then collect information (such as your username or user ID associated with that third-party service) from you and/or that third party as necessary to enable the Services to access your data and content stored with that third-party service. Once the authentication is complete, we have the ability to access information you provided to us or was otherwise collected by the third-party service in accordance with the privacy practices of that third party. We will store the information and data we collect and associate it with your Crü account, and we will use that information and data to enable the integration of the Services with the third-party service and to perform actions requested or initiated by you, or that are reasonably necessary to carry out instructions provided by you.

‍

4. Information Collection and Tracking Technologies. When you download, access, or use the Services, it may use technology to automatically collect or utilize:

• Cookies (or mobile cookies). A cookie is a small file placed on your computer or smartphone. Cookies are small text strings that the websites visited by a user install on the user’s terminal. These strings are then re-transmitted to the site that installed them upon further requests by the user. When the user also receives cookies sent by other sites or web servers during site navigation, those cookies are considered third-party cookies. It may be possible to refuse to accept mobile cookies by activating the appropriate setting on your computer or smartphone. However, if you select this setting, you may be unable to access certain parts of our Services.
• ‍Web Beacons. Pages of the Services and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related Services statistics (for example, recording the popularity of certain app content and verifying system and server integrity).

5. How Your Information is Collected. We collect most of this personal information directly from you – by phone, text, email, your orders, or via our website or application. However, we may also collect information:

• From publicly accessible sources (e.g., property records);
• Directly from you when you provide it to us, such as when you make a purchase, visit or use our website or use our application, place an order with us, contact us by email, by phone, or by online chat, register for an online account, participate in a contest or sweepstakes, respond to a survey, partake in our or personality assessments, comment on blog posts, engage in a promotional activity, or sign up for emails, newsletters, or marketing;
• Certain information from third parties, such as social media platforms and networks that you use in connection with our Services, or that share or allow you to share information with us; service providers that we use that provide us with information about you and the devices you use online; and other third parties that we choose to collaborate with in order to make the Services and its services available for your use;
  
• From a third party with your consent (e.g., your bank or credit card company);
• Automatically when you use the Services, including automatically collected information, but which generally does not include personal information unless you provide it through our website or application or you choose to share it with us;
• From cookies on our website; and
• Via our IT systems, including automated monitoring of our websites and other technical systems, such as our computer networks and connections, communications systems, email and instant messaging systems.

6. Third Party Information Collection. When you use the Services or its content, certain third parties may use automatic information collection technologies to collect information about you or your device. These third parties may include:

• Advertisers, ad networks, and ad servers;
• Analytics companies;
• Your mobile device manufacturer; and
• Your mobile or internet service provider.  

These third parties may use tracking technologies to collect information about you when you use the Services. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites, apps, and other online services websites. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

‍

Any data provided within the United States will not be transferred by us to third countries or international organizations outside the United States. The hosting of the site is also within the United States.  

Any data provided outside the United States will be transferred by us to the United States. Where personal data transfers occur internationally, they are governed by safeguards which include International Group Data Transfer Agreements which contain the appropriate Model Contract Clauses for data protection where required. We may transfer any information we collect mentioned above to the United States.

‍

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.  

‍

7. How and Why We Use Your Personal Information. Under data protection law, we can only use your personal information if we have a proper reason for doing so, e.g.:

• To comply with our legal and regulatory obligations;
• For the performance of our contract with you or to take steps at your request before entering into a contract;
• For our legitimate interests or those of a third party; or
• Where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

‍

The table below explains what we use (process) your personal information for and our reasons for doing so:

8. Use of Personal Data for Artificial Intelligence and Machine Learning (AI/ML). We may, at our discretion, collect, process, and utilize personal data for the purposes of training, developing, and improving AI/ML models. Our commitment to transparency, data protection, and compliance with the General Data Protection Regulation (GDPR) is the basis for this provision.  

• Scope of Data Collection and Processing:
  
  • ‍ We may collect and process various categories of personal data that could be utilized in AI/ML model training, including but not limited to:
    
    • Personal Identifiers
    • Demographic Information
    • Transactional data
    • Behavioral Data
    • User-generated content
    • Device and technical information
  • Personal data may be collected through various touchpoints, as described in this Privacy Policy. ‍
• Purposes and Legal Basis for Processing
  
  • ‍The personal data collected may, at our discretion, be used for AI/ML-related purposes, which could include:
    
    • Training and improving AI/ML models to enhance our products and services
    • Developing new technologies and capabilities
    • Optimizing user experience
    • Enhancing security measures
    • Improving personalization and targeted services
  • The processing of personal data for AI/ML purposes is based on:
    
    • Legitimate interests, pursuant to Article 6(1)(f) of GDPR, where we determine that processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by the interests of fundamental rights and freedoms of the data subject.
      
    • In specific cases where explicit consent is required and obtained pursuant to Article 6(1)(a) of GDPR.
• ‍Data Protection Safeguards. We implement appropriate technical and organizational measures to protect personal data used in AI/ML processes, in line with GDPR requirements and industry standards.‍
• Data Subject Rights
  
  • Data subjects retain their rights under GDPR, including the right to access, rectification, erasure, and objection to processing.
    
  • While we strive to accommodate data subject rights, the nature of AI/ML processing may impact our ability to fully execute certain requests, particularly where data has been aggregated or transformed for model training.
• ‍International Data Transfers. We may transfer personal data outside the European Economic Area (EEA) for AI/ML purposes, ensuring appropriate safeguards are in place as required by GDPR.
• ‍Transparency and Information. We will provide general information about our AI/ML data processing activities through this Privacy Policy and other appropriate channels, reserving the right to withhold specific details that may compromise our proprietary technologies or competitive position.
• ‍Data Retention and Deletion. Personal data used for AI/ML purposes will be retained as long as necessary for the purposes described herein, subject to our data retention policies and legal obligations.
• ‍Automated Decision-Making and Profiling. We may engage in automated decision-making and profiling as part of our AI/ML activities. Where such processing produces legal effects or similarly significantly affects data subjects, we will provide appropriate safeguards and information as required by GDPR.
• ‍Children’s Data. We do not knowingly use personal data of children under the age of 18 for AI/ML purposes without appropriate parental consent.
• ‍Updates and Revisions. We reserve the right to update this AI/ML provision at any time. Material changes will be communicated through appropriate channels.  

9. Promotional Communications. We may use your personal information to send you updates (by email, text message, telephone or mail) about our products, including exclusive offers, promotions or new products.

‍

We have a legitimate interest in processing your personal information for promotional purposes (see above “How and why we use your personal information”). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly. We will always treat your personal information with the utmost respect.

‍

You have the right to opt out of receiving promotional communications at any time by:

• Contacting us at team@amicuslux.com; or
• Using the “unsubscribe” link in emails or “STOP” number in texts.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further products in the future, or if there are changes in the law, regulation, or the structure of our business.

• To our affiliates, including companies within the Amicus Lux, Inc. group of brands and companies.

10. Who We Share Your Personal Information With. We may disclose aggregated information about our users, and information that does not identify any individual or device, without restriction. We do not sell, trade or otherwise transfer personal information to outside parties (except to the third parties with whom we have contracted to provide services to us, as detailed in the applicable section below). In addition, we may disclose personal information that we collect or you provide:

• To our affiliates, including companies within the Amicus Lux, Inc. group of brands and companies.
• To service providers we use to help deliver our products to you, such as payment service providers, warehouses, analytics providers, technology providers, and delivery companies.
• To other third parties we use to help us run our business, such as marketing agencies or website hosts, which utilize their own terms and conditions and privacy policies:
  
  • ‍Google
  • ‍Stripe
  • ‍HubSpot
  • ‍Amazon Web Services
  • ‍5x5 US‍
• To third parties approved by you, including social media sites you choose to link your account to or third-party payment providers.
• To our insurers and brokers.
• To our banks.
• To parties in business transactions, such as a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Services users is among the assets transferred. In these types of transactions, personal information may be shared, sold, or transferred, and it may be used subsequently by a third party.
• To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• To enforce our rights arising from any contracts entered into between you and us.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you. We may also share personal information with external auditors.

‍

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

‍

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. We will typically anonymize information, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

‍

We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

‍

11. Personal Information We Disclosed for a Business Purpose. In the preceding 12 months, we have disclosed for a business purpose to one or more third parties the following categories of personal information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

• Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers);
• Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information;
• Commercial information (e.g., records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies);
• Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement);
• Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

12. Where Your Personal Information is Held. Information may be held at our offices and those of our group companies, third party agencies, service providers, representatives and agents as described above (see above: “Who We Share Your Personal Information with”).

‍

13. How Long Your Personal Information Will Be Kept. We will keep your personal information while you have an account with us or while we are providing products to you. Thereafter, we will keep your personal information for as long as is necessary:

• To respond to any questions, complaints or claims made by you or on your behalf;
• To show that we treated you fairly; or
• To keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information.

‍

14. Accessing and Correcting Your Personal Information. You can review and change your personal information by logging into the Services and visiting your account profile page.

You may also contact customer support to request access to, correct, or delete any personal information that you have provided to us. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.‍

‍

15. Links to Other Sites. Please be aware that Crü’s website will typically contain links to other sites that are not governed by this Privacy Policy but other privacy policies that will often differ. We encourage users to review the privacy policy of each Website visited before disclosing any personal information.  

‍

16. Children. Our services are not intended for use by children under the age of 18 (or other age as required by local law) and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take reasonable steps to delete such information from our files as soon as it is practicable. If you have reason to believe that a child under the age of 18 in the US, or under 16 in the EU, has provided Personal Information to Crü, please contact us at team@amicuslux.com so we can endeavor to delete that information from our databases and other data infrastructure.  

‍

17. Keeping Your Personal Information Secure. We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

‍

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Services like message boards. The information you share in public areas may be viewed by any user of the Services.

‍

Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through our Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide.

‍

18. How to Exercise Your Rights. If you would like to exercise any of your rights as described in this Privacy Policy, please email us at team@amicuslux.com.

‍

Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period.

If you choose to contact directly by email, you will need to provide us with:

• Enough information to identify you (e.g., your full name, address, and customer or matter reference number);
• Proof of your identity and address (e.g., a copy of your driver’s license or passport and a recent utility or credit card bill); and
• A description of what right you want to exercise and the information to which your request relates.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person’s behalf.

‍

Any personal information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.

‍

19. Disclosures to Residents of Colorado, Connecticut, Montana, Oregon, Texas, Utah and Virginia. The disclosures in this section apply solely to individual residents of the States of Colorado, Connecticut, Montana, Oregon, Texas, Utah and Virginia. Privacy laws in Colorado, Connecticut, Utah and Virginia give residents certain rights with respect to their personal data, and privacy laws in Montana, Oregon, and Texas will give residents certain rights with respect to their personal data when they take effect. Those rights include:.

1. Right to Access Information: You have the right to access and obtain a copy of your personal data.
2. Right to Request Deletion: You have the right to request that we delete personal data provided by or obtained about you.
3. Right to Correct: You have the right to correct inaccuracies in your personal data.
4. Right to Opt-Out of Targeting Advertising. You may ask us not to use or disclose your information for the purposes of targeting advertising to you based on your personal data obtained from your activity across different businesses, services, websites, etc.
5. Right to Opt-Out of Personal Information Sales to third parties.

• To Submit a request to exercise your access, deletion, or correction privacy rights, please email us at team@amicuslux.com with the subject line “Privacy Rights Request” and let us know in which state you live.
• Residents of Colorado, Connecticut, Montana, Oregon, Texas, and Virginia may appeal a refusal to take action on a request by contacting us by email at team@amicuslux.com.
• Residents of Oregon may request that we provide a list of third parties to which we have disclosed personal data. To make such a request, please follow the instructions above for submitting an access, deletion, or correction request.  

20. Nevada-Specific Disclosures. For residents of the State of Nevada, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about a resident. Although we do not currently sell covered information, please contact us at team@amicuslux.com to submit such a request.  

‍

21. Changes to This Privacy Notice. This privacy notice was published on May 16, 2026 and last updated on the date set forth above. We may change this privacy notice from time to time. When we do, we will inform you via our website or other means of contact such as email. By accessing or using the Services after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please refer to this Privacy Policy on a regular basis.

‍

22. How to Contact Us. Please contact us by email if you have any questions about this privacy policy or the information we hold about you. Our contact details are shown below:

23. You Need Extra Help? If you would like this notice in another format (for example: audio, large print, braille) please contact us (see “How to contact us” above).