California Notice at Collection
California Consumer Privacy Act / CPRA-required Notice at Collection, with categories of personal information, sources, purposes, and recipients.
Effective Date: May 24, 2026
This Notice at Collection is provided by Bailar, Inc., a Delaware corporation (successor by statutory conversion effective May 4, 2026 to Bailar LLC, a Florida limited liability company) (“Bailar,” “we,” “us,” or “our”) to California residents in accordance with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (Cal. Civ. Code §§ 1798.100 et seq., the “CCPA”), at or before the point at which we collect personal information from you. This Notice complements, and should be read together with, our Privacy Policy and the Your Privacy Choices page.
1. CATEGORIES OF PERSONAL INFORMATION WE COLLECT, SOURCES, AND PURPOSES
The categories below mirror the CCPA category schema (Cal. Civ. Code § 1798.140(v)).
| CCPA category | Examples | Sources | Business purposes | Third parties we disclose to |
|---|---|---|---|---|
| A. Identifiers | Name, email address, phone number, account identifier, IP address, device identifiers, push-notification token, Stripe customer ID | You (sign-up, profile, payment); your device; OAuth providers (Apple, Google, Kakao) | Operate the Service; authenticate you; deliver push notifications; process payments; security; comply with law | Subprocessors listed at bailar.site/legal/subprocessors |
| B. Customer-records information (Cal. Civ. Code § 1798.80(e)) | Name, phone, billing address (held by Stripe), and limited transaction metadata | You; Stripe (read-back of transaction metadata) | Process payments; provide receipts; comply with tax and financial-record-keeping law | Stripe; tax authorities where required |
| C. Protected classifications (limited) | Age (collected for the 13+ age gate); birth month and year | You | Enforce the 13+ age gate and the 13–17 minor-protection defaults (Privacy Policy § 9) | None; data is used internally for the age gate only |
| D. Commercial information | RSVP history, bookings, tickets, subscription state, purchase history | You; Hosts via the marketplace | Provide the Service; personalize recommendations; security and fraud detection; comply with law | Subprocessors; the Host of an event you attend (limited to data necessary for the Host to deliver the event) |
| E. Biometric information | Not collected | — | — | — |
| F. Internet and other electronic-network activity | Pages viewed, app screens viewed, search queries, click and scroll data, time on screen, referring page; only after you accept analytics cookies on the web or the equivalent on mobile | You (your interaction with the Service) | Operate, debug, and improve the Service; measure feature adoption; security | Subprocessors (PostHog, Vercel Analytics, Google Analytics 4) per our consent-gated implementation |
| G. Geolocation data | Precise or approximate location when you grant the location permission; manually-entered city otherwise | Your device; you (manual entry) | Show nearby events and instructors; rank discovery results | Map and Places providers (Google, MapLibre tile sources) for the limited purpose of rendering maps |
| H. Audio, electronic, visual, thermal, olfactory, or similar information | Profile photos, event photos, story-ring videos, audio attachments in messages, uploaded media (only audio if you record it intentionally; we do not access your microphone in the background) | You | Display content within the Service; content moderation; safety enforcement | Subprocessors with operational use restrictions; recipients you choose when posting |
| I. Professional or employment-related information | For Studios and instructors only: business name, address, credentials you choose to display, Stripe Connect KYC information (collected directly by Stripe) | You (the Studio); Stripe | Operate the Studio Service; comply with KYC/AML / tax obligations | Stripe; tax authorities where required |
| J. Education information (FERPA-defined) | Not collected | — | — | — |
| K. Inferences (Derived Data) | Dance-style preferences, engagement-pattern signals, risk scores, recommendation ranks | Derived by our automated processing systems from categories A–I | Personalize the Service; operate ranking and recommendations; security and fraud detection | None for sale; used internally only |
| L. Sensitive personal information (Cal. Civ. Code § 1798.140(ae)) | Account credentials (only as needed to log you in); precise geolocation (when you grant the permission); content of your messages on Bailar | You | Used only for the purposes permitted under CCPA § 1798.121 (provide the Service and security); we do not infer sensitive characteristics from this data for any other use | None outside operational subprocessors |
2. SALE OR SHARING OF PERSONAL INFORMATION
Bailar does not sell your personal information for monetary or other valuable consideration, and Bailar does not share your personal information for cross-context behavioural advertising, within the meanings of the CCPA. We have not sold or shared the personal information of any California resident in the preceding twelve (12) months. If this ever changes, we will update this Notice and the Privacy Policy, and we will give California residents a clear, prominent way to opt out before any such sale or sharing begins.
3. RETENTION
Retention periods are described in Section 6 of the Privacy Policy and in the Data Deletion page. In summary: while your account is active, for as long as needed to provide the Service; after deletion, primary data is removed within thirty (30) days, encrypted disaster-recovery backups are rotated out within ninety (90) days, transaction and tax records are retained for the period required by law (typically up to seven (7) years), aggregated and de-identified data may be retained indefinitely in non-identifying form, and dispute and CSAM records are retained as required by law.
4. SENSITIVE-PERSONAL-INFORMATION LIMITATION
We use sensitive personal information only for the purposes permitted under CCPA § 1798.121(a) (providing the Service requested by the consumer; security and integrity; resisting fraud; ensuring the physical safety of a natural person; short-term, transient use; performing services on behalf of the consumer; and product quality assurance). We do not use sensitive personal information to infer characteristics about you.
5. YOUR CALIFORNIA RIGHTS AND HOW TO EXERCISE THEM
California residents have the rights to know, access, correct, delete, port, opt out of any sale or sharing, and limit the use of sensitive personal information. The full description and the exercise channels are in Section 8.5 of the Privacy Policy and on the Your Privacy Choices page. We honour Global Privacy Control (GPC) signals as an opt-out of any sale or sharing of personal information for cross-context behavioural advertising.
6. NON-DISCRIMINATION
We will not discriminate against you for exercising your CCPA rights. We do not offer financial incentives in exchange for the collection, sale, sharing, or retention of personal information.
7. CONTACT
To exercise any right under the CCPA or ask a question about this Notice, contact our Privacy Officer:
Paul Plawin, Privacy Officer
Bailar, Inc.
401 Ocean Dr, Suite 404
Miami Beach, FL 33139
United States
privacy@bailar.site