Legal & Privacy

Last Updated: January 24, 2026

This Privacy Policy (“Privacy Policy”) describes how Generational Gifting Inc., a New York corporation (“GGI,” “we,” “us,” or “our”), collects, uses, discloses, and protects information when you access or use our websites, pages, forms, scheduling features, and related online services and systems that we own or control, including:

• generationalgifting.com and any domains that automatically forward to it;
• practitioner profile pages hosted on generationalgifting.com/practitioner-name; and
• one-page practitioner landing pages hosted on go.generationalgifting.com;
  as well as any other GGI-controlled pages, subdomains, or online services that link to or reference this Privacy Policy
  (collectively, the “Platform”).

This Privacy Policy applies only to information collected through the Platform or in connection with your use of the Platform, including communications and administrative processing related to your requests submitted through Platform forms.

This Privacy Policy does not apply to information collected by third parties, including independent insurance producers (“Practitioners”), insurance carriers, or any third-party websites, apps, services, or tools you may access through links on the Platform.

1. Roles : GGI vs. Generational Gifting Concept Practitioners

GGI operates and administers the Platform, including educational content, website functionality, and intake forms used to request contact with a Generational Gifting Concept Practitioner. GGI’s role is limited to Platform operations and administrative intake and routing.

Independent Practitioners are separate, independent, licensed insurance professionals who may receive intake information submitted through the Platform for purposes of scheduling and follow-up. GGI does not provide insurance advice, does not sell or solicit insurance, and does not recommend any specific insurance product, carrier, or Practitioner.

A Practitioner is not an employee, agent, broker, representative, managing general agent (“MGA”), or fiduciary of GGI, and is not authorized to bind or obligate GGI.

When a Practitioner contacts you, provides educational conversations, or collects additional information (including information needed for any insurance application or implementation), the Practitioner does so in their own licensed capacity and under their own professional obligations, policies, and insurance coverage (including professional liability insurance such as Errors & Omissions (“E&O”) coverage), and not on behalf of GGI.

What is a Generational Gifting Concept Practitioner? For purposes of this Privacy Policy, a “Practitioner” is an independent, properly licensed insurance professional who may be enrolled in Generational Gifting Inc.’s internal educational practitioner program and granted limited access to certain Platform tools and educational resources. Practitioners are not employees of GGI and do not provide insurance services on behalf of GGI. Practitioners may receive lead information submitted through the Platform in order to follow up with individuals who request contact and, where appropriate, discuss insurance implementation separately in their own licensed capacity.

Practitioners are not authorized to bind, represent, or obligate GGI, and GGI does not supervise or control a Practitioner’s licensed insurance activities.

2. Information We Collect

2.1 Information you submit through Platform forms

We collect information that adult users choose to submit when requesting an educational conversation or scheduling contact. This may include:

• Goals for exploring a generational gifting strategy (e.g., legacy building, family security, financial head start, future opportunities, college funding, other)
• First and last name
• Email address
• Phone number
• State of residence
• Number of children being gifted for (non-identifying)
• Annual gifting budget per child (self-reported estimate for educational intake purposes only; not used for routing decisions or underwriting)
• Optional free-text information you choose to provide

Free Text Submissions. Please do not submit sensitive personal information through any optional free-text field, including Social Security numbers, financial account numbers, health or medical information, or information that identifies a child. If such information is submitted, we may remove or delete it.

We do not request or require: date of birth, age, home address, Social Security number, driver’s license number, medical/health information, or precise geolocation. We do not knowingly collect sensitive personal information through the Platform, including government identifiers, financial account numbers, biometric information, or health information.

If you submit information about another adult (such as a spouse), you represent you have authority to provide it.

3. Cookies, Tracking Technologies, and Targeted Advertising

3.1 We use: cookies, pixels, tags, scripts, and similar technologies (“Cookies”) on the Platform for purposes including: (i) site functionality and security, (ii) analytics and performance measurement, (iii) marketing attribution, and (iv) advertising measurement and retargeting, where permitted by law.

These technologies may be placed by us and by authorized third parties (such as analytics providers, marketing automation vendors, advertising networks, and conversion measurement providers). Depending on your browser settings and preferences, Cookies may collect or receive information about your device and activity on the Platform, including:

• IP address and non-precise location derived from IP
• Browser type, device type, operating system
• Cookie identifiers or similar online identifiers
• Pages visited, links clicked, and engagement activity
• Referring/exit pages and approximate time spent on pages
• Advertising measurement events (such as conversion tracking)

We do not knowingly use Cookies to collect sensitive personal information such as Social Security numbers, driver’s license numbers, medical/health information, or financial account information.

Some third-party Cookies may support interest-based advertising and retargeting. While we do not sell personal information for money, disclosures of information to certain advertising and analytics partners may be considered a “sale” or “sharing” under certain privacy laws (including the California Consumer Privacy Act), particularly when used for cross-context behavioral advertising.

Your choices regarding Cookies may vary by browser/device. You can manage Cookies using your browser settings, and where required by law we process opt-out preference signals such as the Global Privacy Control (GPC).

3.2 California “Do Not Sell or Share” Disclosure + Targeted Advertising

We may allow certain third-party analytics and advertising technologies to collect information about your activity on the Platform over time and across different websites or online services in order to measure advertising performance, deliver retargeted advertising, and improve marketing relevance.

Although we do not sell personal information for money, some privacy laws (including the California Consumer Privacy Act, as amended by the CPRA) define “selling” or “sharing” broadly to include certain disclosures of personal information to third parties for purposes of cross-context behavioral advertising (also sometimes referred to as “targeted advertising”).

Accordingly, these disclosures may be considered a “sale” or “sharing” under applicable law even where no money is exchanged.

3.3 How to Opt Out of Sale/Sharing (California)

If you are a California resident, you may have the right to opt out of the “sale” or “sharing” of your personal information for cross-context behavioral advertising.

You may submit a request to opt out by emailing us at info@generationalgifting.com with the subject line:
“Do Not Sell or Share My Personal Information”

We will process opt-out requests in accordance with applicable law. We may take reasonable steps to verify your request and may request additional information to process it

3.4 Global Privacy Control (GPC)

Where required by law, we honor browser-based opt-out preference signals, such as the Global Privacy Control (GPC), as a valid request to opt out of the sale or sharing of personal information for cross-context behavioral advertising, for the browser or device that sends the signal.

Because opt-out preference signals are browser/device-specific, you may need to enable GPC separately on each browser or device you use to access the Platform.

4. How We Use Information

We use information collected through the Platform for legitimate business purposes, including operating an educational intake and routing system and supporting Platform administration. These purposes include, without limitation, the following:

• Responding to requests submitted through the Platform and communicating with you regarding your inquiry
• Routing and assigning submissions (“Leads”) to an appropriate independent Practitioner based on operational criteria (such as state of residence, licensing availability, scheduling availability, and workflow needs)
• Facilitating scheduling and communications related to educational conversations, including appointment confirmations, reminders, and follow-up messages
• Providing customer support and responding to questions, feedback, or service-related inquiries
• Operating, maintaining, debugging, and improving the Platform, including internal tools, workflows, routing logic, and user experience
• Conducting internal analytics, reporting, and quality assurance, including assessing Platform performance and improving educational resources
• Marketing and outreach, including sending educational content, updates, event invitations, and prompts to schedule an educational conversation (subject to applicable law and opt-out rights)
• Security and risk management, including protecting the Platform, preventing fraud, detecting abuse or suspicious activity, enforcing access controls, and maintaining system integrity
• Compliance and recordkeeping, including maintaining records necessary for business operations, complaint handling, regulatory examinations, responding to lawful requests, and demonstrating adherence to internal policies and procedures
• Enforcing our Terms and policies, including investigating suspected misuse, unauthorized access attempts, violations of Platform rules, or activities that may threaten the Platform, users, or brand integrity
• Legal protection, including establishing, exercising, or defending legal claims, responding to subpoenas, court orders, regulatory inquiries, carrier inquiries, or dispute resolution matters
• Corporate administration, including internal business operations, audits, governance, financing diligence, restructuring, or potential business transfers (subject to applicable legal obligations)

De-Identified / Aggregated Data

We may create and use de-identified, anonymized, and/or aggregated data derived from information collected through the Platform for lawful business purposes, including analytics, quality improvement, and Platform optimization. Where data is de-identified, we will maintain it in de-identified form and will not attempt to re-identify it except as permitted by law.

No Consumer Financial Advice

For clarity, information collected through the Platform is used to support Platform operations and educational intake routing. The Platform does not use submitted information to provide individualized financial, legal, tax, investment, or insurance advice.

We use information collected through the Platform for business purposes and commercial purposes as permitted by applicable law, including to respond to requests and route leads to the appropriate Practitioner, facilitate scheduling and educational conversations, provide customer support and administrative communications, operate, maintain, test, improve, and enhance the Platform and its educational resources, conduct internal analytics, reporting, and quality control, deliver marketing and educational communications in accordance with applicable communication laws, detect, investigate, and prevent fraud, misuse, misrepresentation, abuse, or violations of our Terms, ensure Platform availability and reliability, protect the Platform and users through security and abuse-prevention measures, support compliance with applicable legal obligations and relevant carrier requirements, and maintain records necessary for operational oversight, complaint handling, and regulatory defensibility of Platform-related activity.

4A. Lead Routing to Practitioners; Independent Handling

When you submit information through the Platform, your information may be routed to an authorized Generational Gifting Concept® Practitioner for follow-up regarding your request. Practitioners are independent licensed insurance professionals and are not employees, agents, or representatives of GGI for purposes of insurance sales, advice, or implementation. Practitioners who receive lead information are contractually required to follow GGI’s Practitioner Agreement and applicable laws governing privacy, confidentiality, and consumer communications. However, once a Practitioner receives your information, their follow-up communications and any storage, processing, transfer, or use of your information within the Practitioner’s own systems (including any customer relationship management tools, email platforms, phone systems, or marketing platforms they independently use) may be governed by the Practitioner’s own policies, procedures, and regulatory obligations. GGI does not control and cannot guarantee how a Practitioner uses or safeguards information after it has been transferred to the Practitioner’s independent systems, and GGI is not responsible for any unauthorized use, disclosure, security failure, or misuse of information by a Practitioner that occurs outside of GGI-controlled Platform systems.

Any misuse of your information by a Practitioner outside of GGI-controlled systems constitutes an unauthorized independent action by the Practitioner and is not attributable to GGI

4B. Practitioner Misuse Reports; Questions or Concerns

If you believe that a Practitioner has misused your information, contacted you inappropriately, or used your information in a way that violates applicable law or your expectations, you may notify Generational Gifting Inc. by emailing info@generationalgifting.com with the subject line “Privacy Concern – Practitioner”.

Upon receipt of a report, GGI may review the matter, request additional information, and, where appropriate, take action within its Platform authority (including restricting or revoking a Practitioner’s access to the Platform) in accordance with GGI’s internal policies and the Practitioner Agreement.

However, GGI does not control a Practitioner’s independent business operations or systems and cannot guarantee any particular outcome or resolution. Any insurance-related communications or activities conducted by a Practitioner remain the responsibility of the Practitioner in their independent licensed capacity.

Submitting a report to GGI does not create a professional relationship, duty, or liability on the part of GGI for the Practitioner’s independent conduct.

5. How We Disclose Information

We disclose personal information only to the extent reasonably necessary to operate the Platform and fulfill the purposes described in this Privacy Policy. Requests submitted through the Platform are initially received and processed within GGI-controlled systems before routing to a Practitioner. Lead routing is an administrative Platform function and is not a sale of personal information, and Practitioners do not pay to purchase consumer lead data.

However, certain disclosures of online identifiers to advertising and analytics partners may be considered ‘sharing’ for cross-context behavioral advertising under some state privacy laws, and you may have opt-out rights as described in this Privacy Policy.

We may disclose information collected through the Platform in the following ways:

5.1 Disclosures to Practitioners (Lead Routing and Follow-Up)

If you submit information through the Platform to request an educational conversation, scheduling assistance, or follow-up (a “Request”), your submitted information may be routed to an independent Generational Gifting Concept Practitioner (“Practitioner”) for purposes of responding to your Request.

Lead data is routed in one of two ways:

1. Practitioner Landing Page Submissions. If your Request is submitted through a Practitioner-specific landing page, it is generally routed to that Practitioner.
2. Main Platform Submissions. If your Request is submitted through the main Platform, it may be assigned from a central administrative pool using internal routing criteria such as state(s) of licensing, availability, and language alignment, or other operational considerations.

Practitioners access lead information through GGI-controlled Platform systems (including LeadsApple). Practitioners are independent professionals and are not employees, agents, or representatives of GGI for purposes of insurance sales, advice, or implementation. GGI may limit the information provided to Practitioners to what is reasonably necessary to respond to your Request.

Important: Once lead data is delivered to a Practitioner, the Practitioner’s handling, storage, and use of that data may occur outside of GGI’s direct control, including if the Practitioner copies information into their own systems (such as a CRM or carrier-approved tools). GGI does not control and is not responsible for how a Practitioner stores, secures, or uses information within the Practitioner’s independent systems, and any such activity is performed in the Practitioner’s independent licensed capacity and subject to the Practitioner’s own legal, professional, and insurance obligations.

Practitioners are authorized to use lead information only for purposes reasonably related to responding to your Request and supporting educational follow-up and scheduling, and not for unrelated marketing, resale, unauthorized disclosure, or other misuse.

If you believe your information has been misused by a Practitioner, you should notify us promptly at info@generationalgifting.com so that we may review the matter.

Practitioners are not authorized to sell, license, disclose, distribute, or otherwise misuse Platform-originated lead information for unrelated purposes. If a Practitioner copies lead information into their own systems, they do so in their own licensed capacity and are responsible for safeguarding that information and complying with applicable laws, carrier requirements, and their professional obligations. If GGI receives a report or reasonably suspects misuse, GGI may investigate and may restrict, suspend, or revoke a Practitioner’s access to the Platform and related systems.

5.2 Disclosures to Service Providers (Platform Operations)

We may disclose information to third-party vendors, contractors, and service providers that support the operation, maintenance, administration, and security of the Platform. This may include service providers supporting functions such as:

• Website hosting and infrastructure
• Lead intake and routing
• Scheduling and communications tools
• Marketing automation and administrative messaging
• Analytics and performance measurement
• Data storage and security services

These service providers are authorized to process information only on our behalf, for business purposes consistent with this Privacy Policy, and subject to confidentiality and operational controls as applicable. We may also disclose aggregated or de-identified information that cannot reasonably be used to identify you, including for analytics, reporting, and Platform improvement purposes.

Service providers are not permitted to use personal information for their own independent purposes except as permitted by law and contract.

We may disclose online identifiers and activity information (such as cookies or similar technologies) to analytics and advertising partners for measurement and targeted advertising, subject to applicable law and available opt-out rights.

5.3 Disclosures for Legal, Compliance, Security, and Safety Purposes

• We may disclose information if we believe in good faith that such disclosure is reasonably necessary to:
• Comply with applicable law, regulation, legal process, or lawful governmental requests
• Respond to subpoenas, court orders, regulator inquiries, or law enforcement requests
• Protect the rights, property, safety, and security of GGI, the Platform, users, Practitioners, or the public
• Investigate, detect, prevent, or respond to fraud, cybersecurity incidents, misuse, or unauthorized activity
• Enforce our Terms and Conditions, policies, and operational requirements
• Maintain records and documentation reasonably necessary to support compliance, audit response, or incident response
• This may include sharing information with our professional advisors, auditors, insurers, or security providers where reasonably necessary to protect the Platform or respond to disputes, claims, or security incidents.

5.4 Business Transfers

If GGI is involved in a merger, acquisition, restructuring, financing, bankruptcy, dissolution, or sale of assets (in whole or in part), information collected through the Platform may be transferred as part of that transaction, subject to applicable law and any legally required notices. Any acquiring entity will be permitted to use your information consistent with this Privacy Policy, unless and until you are notified of a material change.

6. Communications (Email, Phone, and Text)

If you submit your contact information through the Platform, you authorize GGI and/or an independent Generational Gifting Concept Practitioner (“Practitioner”) to contact you in connection with your Request, including for scheduling, educational follow-up, and administrative support.

6.1 Email Communications

We may send you emails relating to:

• your Request and scheduling,
• educational resources and informational materials, and
• administrative notices or Platform updates.

We may also send educational marketing emails. These emails may include invitations to schedule an educational conversation through the Platform, but do not constitute an offer to sell insurance.

You may opt out of marketing emails at any time by using the unsubscribe mechanism included in the email or by contacting us at info@generationalgifting.com.

Even if you opt out of marketing emails, we may still send non-marketing administrative or transactional communications (such as confirmations or service-related notices).

6.2 Phone and SMS/Text Communications

If you provide a telephone number through the Platform, you authorize GGI and/or a Practitioner to contact you by phone call and/or text message for purposes reasonably related to your Request. Platform text messages are primarily informational and scheduling-related in nature. Communications will be limited to purposes reasonably related to your Request, scheduling coordination, and educational follow-up.

Platform-generated text messages may be sent by GGI using automated systems for limited purposes such as:

• confirming receipt of your Request,
• scheduling coordination and reminders,
• educational follow-up related to the meeting you requested.

These communications may be delivered using automated technology where permitted by law. You will only receive Platform-generated text messages after you have submitted a Request to meet with a Practitioner through the Platform.

Consent to receive communications is not a condition of purchasing any insurance product or service. Message frequency may vary. Standard message and data rates may apply. You may opt out of text messages at any time by replying STOP, or by contacting us at info@generationalgifting.com. You may also request assistance by replying HELP (where applicable).

Your consent to receive calls or texts is voluntary and may be revoked at any time. Revoking consent may limit our ability to coordinate scheduling or follow up on your Request.

You represent that the phone number you provide is accurate and that you are authorized to receive communications at that number. If you change or deactivate your phone number, you agree to update us or submit a new Request with updated contact information.

Wireless carriers are not liable for delayed or undelivered messages. The Platform is not intended for emergency communications. If you have an emergency, contact emergency services immediately.

6.3 Consent Records and Administrative Controls

When you submit contact information through Platform forms, your submission may include express consent language and a checkbox acknowledgment. GGI may maintain records evidencing your submission and consent (such as timestamp, form source URL, and technical submission data) for compliance, auditing, and dispute-resolution purposes.

6.4 Practitioner Communications (Independent Capacity)

After your Request is routed to a Practitioner, the Practitioner may contact you directly to respond to your Request and provide educational scheduling follow-up.

Practitioners are independent licensed professionals and are not employees, agents, or representatives of GGI for purposes of insurance sales, advice, solicitation, or implementation.

Practitioner communications may occur through the Practitioner’s own systems, carrier-approved systems, devices, or tools, which may be outside of GGI’s control. GGI does not monitor or control communications sent by Practitioners through their independent systems.

6.5 Do-Not-Call / Opt-Out Handling

GGI maintains internal suppression controls intended to honor user opt-out requests submitted through the Platform (such as requests to stop communications from GGI-originated messaging). Opt-out requests submitted to GGI apply to communications sent by or on behalf of GGI through the Platform and do not automatically apply to communications sent directly by a Practitioner through the Practitioner’s independent systems.

However, Practitioners are independent professionals and are responsible for their own compliance with applicable communication rules and policies, including any Do-Not-Call requirements, opt-out handling, and applicable carrier or regulatory standards relating to their follow-up communications.

6.6 No Guarantee of Contact or Response Time

GGI does not guarantee that a Practitioner will contact you, that any particular response timeframe will be met, or that scheduling will be available in your state or region. Availability may depend on Practitioner licensing, capacity, and operational factors.

6.7 Reporting Concerns

If you believe you have received improper communications from a Practitioner, or believe your information has been used inconsistently with this Privacy Policy, you may notify us at info@generationalgifting.com so that we may review the matter.

7. Data Quality, Edits, Practitioner Notes, and Record Integrity

7.1 Intake Data Quality; Limited Administrative Edits

Information submitted through Platform forms is provided directly by users. GGI generally does not edit lead information except in limited circumstances to correct obvious formatting or grammar errors (for example, typos, spacing issues, or non-substantive text corrections). GGI is not responsible for the accuracy, completeness, or truthfulness of information submitted by users.

7.2 No Case Design, Underwriting, or Policy Processing Within Platform Systems

The Platform is an educational intake and administrative coordination resource only. GGI does not perform, control, supervise, or store insurance case design, underwriting documentation, carrier suitability determinations, premium quotations, policy issuance records, or policy servicing records within Platform systems.

Any insurance application activity, underwriting review, carrier-issued approvals or declines, policy issuance, policy values, and contractual policy terms are governed solely by the issuing insurance carrier and handled only by properly licensed insurance producers in their independent capacity.

7.3 Practitioner Notes and Internal Feedback Fields

Practitioners may add information into lead records using preset internal workflow fields for administrative tracking and operational coordination. Such information may include, without limitation:

• call notes and communication history
• suitability-related notes entered by a Practitioner
• general product interest categories (if applicable)
• estimated compensation (internal-only)
• reasons a lead proceeded or did not proceed
• internal workflow disposition updates

These Practitioner-entered entries are created in the Practitioner’s independent capacity and are not created by GGI.

7.4 No Duty to Monitor Practitioner-Entered Notes

GGI does not undertake any obligation to monitor, validate, supervise, approve, or verify Practitioner-entered notes, comments, or record updates. Practitioner entries may reflect the Practitioner’s own interpretations, observations, or administrative recordkeeping and may not reflect complete or final outcomes.

7.5 Prohibited Sensitive Information; Redaction and Removal Rights

The Platform is not intended to collect sensitive personal information. Users and Practitioners must not submit sensitive information through free-text fields or internal notes, including Social Security numbers, driver’s license numbers, dates of birth, medical or health information, financial account numbers, or other sensitive identifiers.

If sensitive information is submitted, GGI may remove, redact, delete, or restrict access to such information in its discretion for compliance, security, or risk-management purposes.

7.6 System Limitations; User Input and Administrative Accuracy

While GGI takes reasonable steps to maintain reliable Platform operations, information within Platform systems may become incomplete, inaccurate, or outdated due to user input, Practitioner input, technical limitations, operational workflow changes, system syncing processes, or human error. GGI makes no guarantee that Platform records will reflect a complete record of any educational discussion, follow-up activity, or insurance implementation outcome.

7.7 Practitioner Visibility Controls vs. Platform Retention

Practitioners may have tools within Platform systems to update lead statuses or remove lead visibility within certain user-level interfaces. However, such actions may not delete records from GGI-controlled databases or retention logs, including records maintained related administrative systems.

GGI may retain Platform data and associated metadata in accordance with legal obligations, compliance requirements, operational needs, and applicable retention periods, even if lead visibility is reduced or removed in Practitioner-facing tools.

7.8 Record Integrity, Access Controls, and Audit Trails

GGI maintains Platform systems designed to support administrative workflow integrity, information security, and compliance recordkeeping. Platform activity may generate internal system logs and metadata such as:

• timestamps of lead submissions and updates
• assignment routing history (including assignment source and routing rules applied)
• system access activity (logins, record access, and workflow activity where supported)
• administrative status changes and internal workflow tracking
• technical submission details (such as source URL, form origin, and system identifiers)

These records may be maintained for operational continuity, compliance support, security monitoring, dispute resolution, and audit response purposes.

7.9 Platform Records Are Not the Official Record of Insurance Implementation

The Platform is not intended to serve as the official or complete record of any insurance application, carrier underwriting file, issued policy, replacement analysis, suitability documentation, or policy servicing history.

Any legally operative insurance records are maintained by the issuing insurance carrier and/or the licensed insurance producer(s) of record in their independent capacity, and all insurance transactions remain subject to carrier rules and applicable law.

8. Data Retention

We retain information collected through the Platform for as long as reasonably necessary to operate the Platform and fulfill the purposes described in this Privacy Policy, including to:

• operate, maintain, and improve the Platform;
• route Requests and support scheduling and follow-up;
• maintain business records and Platform activity logs;
• support compliance, auditing, and dispute resolution;
• investigate or respond to complaints, security incidents, or misuse;
• enforce our agreements, policies, and Platform rules; and
• comply with applicable legal obligations and documentation requirements.

8.1 Baseline Retention Period

Unless a longer retention period is required or permitted under applicable law, we generally retain Platform-related records for a minimum of six (6) years, including information associated with Requests submitted through the Platform and administrative records related to Platform intake, routing, and operational activity.

8.2 System Logging and Administrative Recordkeeping

Certain Platform systems may maintain operational records, logs, or audit trails for administrative, compliance, quality-control, and security purposes. These records may include timestamps, routing history, Platform activity status, and workflow entries and may be retained for longer periods where reasonably necessary for legitimate business purposes, auditing, or compliance support.

8.3 Practitioner Access and Deletion Actions

Practitioners may have the ability to update or remove lead access or records within certain Practitioner-facing systems. However, deletion or removal within Practitioner-facing systems does not necessarily delete the underlying Platform intake record or administrative history retained within GGI-controlled systems (including intake and assignment systems), which may be preserved for compliance, audit response, dispute resolution, and operational integrity purposes.

8.4 Legal Hold / Preservation

We may retain information longer than the periods described above if we reasonably determine such information is needed for a legal hold, regulatory inquiry, consumer complaint investigation, audit response, dispute, litigation, or enforcement purpose.

8.5 De-Identified / Aggregated Data

We may delete or de-identify information when it is no longer needed for the purposes described in this Privacy Policy. We may also retain aggregated or de-identified information (that cannot reasonably be used to identify an individual) for analytics, reporting, Platform improvement, and operational performance purposes.

8.6 Deletion Requests and System Limitations

Even where information is deleted from active systems, certain records may remain in backups, security logs, audit logs, fraud-prevention systems, or compliance archives for legitimate business, operational, and legal purposes. We are not responsible for deletion limitations caused by technical constraints, lawful recordkeeping requirements, or system architecture designed to preserve integrity, security, and compliance documentation.

9. Data Security

9.1 Reasonable Safeguards; No Guarantee of Absolute Security

GGI uses reasonable administrative, technical, and organizational safeguards designed to protect information collected through the Platform against unauthorized access, disclosure, alteration, misuse, loss, or destruction.

However, no website, database, software system, electronic transmission, or storage method can be guaranteed to be 100% secure. Accordingly, we cannot and do not guarantee absolute security of any information you submit through the Platform, and you acknowledge that you provide information at your own risk.

9.2 Security Risks; External Threats

The Internet and modern technology systems involve inherent risks. Unauthorized access or security incidents may occur due to factors beyond GGI’s reasonable control, including but not limited to:

• cyberattacks, hacking, phishing, credential theft, or social engineering;
• malware, ransomware, denial-of-service attacks, or intrusion attempts;
• vulnerabilities in third-party software, hosting environments, or service providers;
• user error, device compromise, insecure networks, or unauthorized account access;
• acts or omissions of third parties, including parties outside GGI’s control.

GGI is not responsible for circumvention of any security measures or safeguards by unauthorized third parties.

9.3 User Responsibility

You are responsible for protecting your own devices, networks, and access credentials. You agree not to send sensitive personal information through unsecured channels (including standard email), and you agree to use reasonable precautions to protect your own information, including by maintaining updated software, antivirus tools, and secure internet connections.

9.4 Practitioner Systems and Independent Security Obligations

After your Request is routed to a Practitioner, the Practitioner may communicate with you and may store or process your information using the Practitioner’s own systems or carrier-approved systems.

Because Practitioners act in their independent licensed capacity and may use systems outside of GGI’s direct control, GGI does not control and is not responsible for the security practices, storage methods, or internal safeguards used within a Practitioner’s independent tools, devices, platforms, or systems.

9.5 Limited Collection; No Child Identifiers

GGI’s Platform is designed to avoid collecting highly sensitive consumer identifiers and is not intended to collect personal information directly from children.

Users must not submit identifying child information (such as a child’s full name, date of birth, Social Security number, address, school information, or medical details) through the Platform.

If such information is submitted, GGI may delete or redact it as described in this Privacy Policy.

9.6 Incident Response and Notifications

If GGI becomes aware of a confirmed security incident involving Platform information, GGI may take reasonable steps to investigate and respond, and may provide any legally required notices to affected individuals or regulators, consistent with applicable law.

GGI reserves the right to determine the scope of any investigation, remediation steps, and communications related to a suspected or confirmed security incident.

9.7 No Liability for Unavoidable Security Events

To the maximum extent permitted by law, GGI disclaims liability for damages resulting from unauthorized access, hacking, system compromise, transmission errors, service interruptions, or data breaches that occur despite reasonable safeguards, including those arising from third-party systems or events beyond GGI’s reasonable control.

10. State Privacy Rights + Opt-Out Mechanics (CCPA/CPRA + Other State Privacy Laws)

GGI complies with applicable U.S. state privacy laws, which may provide residents of certain states (including California) with specific rights regarding the collection, use, disclosure, and protection of personal information.

This Section describes those rights and how to submit a request. If you reside in a state that provides privacy rights, you may be entitled to one or more of the rights described below, subject to legal limitations and exceptions.

10.1 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have certain rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), including:

• Right to Know / Access: You may request information about the personal information we have collected about you, including categories and specific pieces of information, subject to verification requirements and legal exceptions.
• Right to Delete: You may request that we delete certain personal information we have collected from you, subject to legal exceptions (including recordkeeping, compliance, security, dispute resolution, and fraud prevention requirements).
• Right to Correct: You may request that we correct inaccurate personal information we maintain about you, subject to verification requirements and legal exceptions.
• Right to Opt Out of Sale/Sharing: You may have the right to opt out of the “sale” or “sharing” of your personal information as defined under California law.
• Right to Limit Use/Disclosure of Sensitive Personal Information (if applicable): In limited cases, you may have the right to limit the use of Sensitive Personal Information as defined under California law.

GGI does not knowingly sell personal information for money. However, certain disclosures of online identifiers and activity information to analytics and advertising partners may be considered “sharing” for cross-context behavioral advertising under some state privacy laws.

10.2 Other State Privacy Rights

Depending on your state of residence, you may have similar rights under applicable privacy laws, including rights to access, delete, correct, and opt out of certain processing (such as targeted advertising), subject to verification and legal exceptions.

10.3 “Do Not Sell or Share My Personal Information” (Opt-Out Rights)

Some state privacy laws (including California) provide residents with the right to opt out of certain disclosures of personal information to third parties for:

• targeted advertising, or
• cross-context behavioral advertising (“sharing”),
  and/or “sale” as defined by applicable law.

GGI does not sell personal information for money. However, certain disclosures of online identifiers and activity information (such as cookie identifiers) to advertising and analytics partners may be considered “sharing” under some state laws.

You may submit a request to opt out by:

• emailing us at info@generationalgifting.com with the subject line: “Do Not Sell/Share Request”, and/or
• using Global Privacy Control (“GPC”) signals where supported (as described below).

We will process verified opt-out requests in accordance with applicable law.

10.4 Global Privacy Control (GPC) Signals

Where required by law, we will process opt-out preference signals (such as the Global Privacy Control (GPC)) as a request to opt out of certain disclosures for targeted advertising or cross-context behavioral advertising.

Because opt-out signals and browser-based settings may apply only to the device/browser you are using, you may need to repeat opt-out actions across different browsers or devices.

10.5 Categories of Personal Information We Collect (By Category)

Depending on how you interact with the Platform, we may collect the following categories of personal information:

• Identifiers (such as name, email address, telephone number, and state of residence);
• Commercial/Intake-related information you choose to provide (such as your goals for exploring a generational gifting strategy, number of children being gifted for (non-identifying), and annual gifting budget per child);
• Internet or other electronic network activity information (such as pages viewed, links clicked, device identifiers, cookie identifiers, and similar online identifiers);
• Geolocation data (non-precise only) (such as approximate location derived from your IP address);
• Inferences drawn from the information above for internal analytics and operational purposes (such as interest categories based on the options you select).

We do not intentionally request or require sensitive identifiers such as Social Security number, driver’s license number, home address, date of birth, precise geolocation, or medical information through Platform forms.

10.6 Sensitive Personal Information (Not Requested)

The Platform is designed to avoid collecting Sensitive Personal Information (as defined under certain state privacy laws), such as government identification numbers, precise geolocation, financial account credentials, health information, or information about children.

Users should not submit Sensitive Personal Information through Platform forms or free-text fields. If such information is submitted, GGI may delete, redact, or de-identify it where reasonably feasible, consistent with Platform operations and applicable legal obligations.

10.7 How to Submit a Privacy Rights Request

To submit a privacy rights request, email us at:

info@generationalgifting.com
Subject Line: “Privacy Rights Request”

In your request, please describe the privacy right you wish to exercise (Access/Know, Delete, Correct, or Opt Out) and provide sufficient information for us to locate the relevant record(s) (such as your name, email address, and phone number used in the Platform form submission).

10.8 Verification; Limits on Rights Requests

To protect your information and prevent fraud, GGI may require that requests to access, delete, or correct personal information be verified before processing.

We may deny a request (in whole or in part) if we cannot verify your identity, if applicable law permits denial, or if an exception applies (including where retention is required for legal, compliance, security, fraud prevention, or dispute-resolution purposes).

We will not request additional information for verification beyond what is reasonably necessary to process your request.

10.9 Authorized Agents

Where permitted by law, you may submit certain privacy requests through an authorized agent. We may require the authorized agent to provide proof of authorization and may require you to independently verify your identity and confirm that you provided the agent permission to act on your behalf.

10.10 Non-Discrimination

GGI will not discriminate against you in a manner prohibited by applicable law for exercising your privacy rights. However, certain Platform features (such as scheduling, communications, and routing to a Practitioner) may require certain information to be provided in order to function.

10.11 Children’s Data

The Platform is not directed to children and does not knowingly collect personal information directly from children under 13. GGI does not knowingly sell or share personal information of minors under 16.

Any references to “number of children being gifted for” are collected only as non-identifying intake information provided by an adult user for educational planning purposes.

11. Your Privacy Rights

Depending on your state of residence, you may have rights regarding your personal information such as the right to request access, deletion, correction, portability, and to opt out of certain processing (including targeted advertising). Many states have enacted comprehensive privacy laws that provide these rights (with variations by state and effective date). For additional state-specific disclosures, opt-out mechanisms, and California rights, see Section 10 above

11.1 Submitting a request

To submit a privacy request, email info@generationalgifting.com with subject line: “Privacy Rights Request” and include:

• your name,
• your email and phone number used on the Platform,
• your state of residence, and
• the request you are making (access, deletion, correction, opt out).

We may take reasonable steps to verify your identity before processing certain requests.

11.2 Opt out of targeted advertising / sale or sharing (where applicable)

Where required, you may opt out of certain disclosures used for targeted advertising. We also support opt-out preference signals (such as GPC) where legally required. California regulations describe specific requirements for processing opt-out preference signals and methods of opting out.

11. Your Privacy Rights (U.S. State Disclosures)

Depending on your state of residence, you may have rights regarding your personal information such as the right to request access, deletion, correction, portability, and to opt out of certain processing (including targeted advertising). Many states have enacted comprehensive privacy laws that provide these rights (with variations by state and effective date).

11.1 Submitting a request

To submit a privacy request, email info@generationalgifting.com with subject line: “Privacy Rights Request” and include:
• your name,
• your email and phone number used on the Platform,
• your state of residence, and
• the request you are making (access, deletion, correction, opt out).

We may take reasonable steps to verify your identity before processing certain requests.

11.2 Opt out of targeted advertising / sale or sharing (where applicable)

Where required, you may opt out of certain disclosures used for targeted advertising. We also support opt-out preference signals (such as GPC) where legally required. California regulations describe specific requirements for processing opt-out preference signals and methods of opting out.

11.3 Verification; limits; and legal exceptions

We may request additional information to verify your identity and protect against fraud, unauthorized access, or improper requests. In certain circumstances, we may deny or limit a request if permitted by law (for example, where the request cannot be verified, is excessive, is fraudulent, or where we are legally required to retain information for compliance, recordkeeping, security, dispute resolution, or enforcement purposes).

11.4 Authorized agents (where applicable)

If you use an authorized agent to submit a request on your behalf, we may require proof that the agent is authorized to act for you, and we may also require you to verify your identity directly with us.

11.5 Appeals (where applicable)

Depending on your state of residence, you may have the right to appeal a decision we make regarding your privacy request. To submit an appeal, email info@generationalgifting.com with subject line: “Privacy Rights Appeal” and include your name, your state of residence, the nature of your original request, and the reason for your appeal.

11.6 Recordkeeping and suppression lists

Even if you submit a request to delete information, we may retain certain information as reasonably necessary to comply with applicable laws, maintain business records, enforce agreements, prevent fraud or misuse, and maintain suppression lists to ensure we honor opt-out and communication preferences.

11.7 Non-discrimination (where applicable)

We will not unlawfully discriminate against you for exercising your privacy rights. However, certain Platform features or functionality may not be available if information necessary to provide the requested services is deleted or restricted.

11.8 De-identified and aggregated information

This Section 11 does not apply to information that has been de-identified, anonymized, or aggregated such that it cannot reasonably be used to identify you. We may use such information for lawful business purposes including analytics, reporting, and Platform improvement.

11.9 Practitioner communications and independent systems

Requests submitted to GGI apply to data processing and communications conducted by or on behalf of GGI through the Platform. Such requests do not automatically apply to communications or processing conducted directly by independent Practitioners through their own systems, which may be governed by the Practitioner’s own obligations, policies, and applicable law.

12. Third-Party Links

The Platform may include links to third-party websites, services, tools, or resources that are not owned or controlled by GGI (“Third-Party Sites”). These links are provided for convenience or informational purposes only.

GGI does not control, operate, maintain, endorse, or assume responsibility for any Third-Party Sites, including their content, availability, security practices, products, services, accuracy, or privacy practices. If you access a Third-Party Site, you do so at your own risk and subject to that third party’s terms, policies, and practices.

Without limiting the foregoing, Practitioners and insurance carriers may use separate systems, portals, or tools (including carrier-approved communication or CRM systems) outside of the Platform to communicate with you or administer any insurance-related process. GGI is not responsible for the data handling practices, security controls, or compliance obligations of any third-party systems used by Practitioners or carriers outside the Platform.

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, business operations, legal requirements, or Platform features. The “Last Updated” date indicates when changes were posted.

Unless otherwise stated, updates are effective immediately upon posting. Your continued use of the Platform after an update means you accept the updated Privacy Policy.

We may make changes without providing individual notice to you, except where notice is required by applicable law. We encourage you to review this Privacy Policy periodically for updates.

If we make material changes that are required by law to be communicated in a specific manner, we will provide notice using a method we determine appropriate under the circumstances (including by posting a notice on the Platform or by other communication methods where required).

We may maintain archived versions of this Privacy Policy for recordkeeping, compliance, and dispute-resolution purposes.

14. Contact Us

If you have questions about this Privacy Policy or would like to submit a privacy request, you may contact:

Generational Gifting Inc.
Email: info@generationalgifting.com
Subject Line: Privacy Policy

For privacy rights requests, please use the subject line: “Privacy Rights Request.”

We may require additional information to verify your identity before responding to certain requests or disclosures. If you submit a request on behalf of another person (including as an authorized agent), we may require proof of authorization and/or direct verification from the individual whose information is involved.

GGI will respond to requests in accordance with applicable law and reserves the right to deny requests where permitted by law (including where we cannot verify identity, where an exception applies, or where fulfilling the request would be unlawful or require disproportionate effort).

This Privacy Policy is effective as of the “Last Updated” date listed above. By using the Platform or submitting information through Platform forms, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy supplements and does not replace our Terms and Conditions of Use.

GGI’s failure to enforce any provision of this Privacy Policy shall not constitute a waiver of that provision.