Policy Owner: General Counsel (Privacy Officer)
Effective Date: June 13, 2026
Reviewed: Annually and as new state laws take effect
Frameworks: CCPA/CPRA; VCDPA, CPA, CTDPA, TDPSA, OCPA, MCDPA, ICDPA, and analogous state laws

Purpose & scope

State Neuroscale’s commitments under US state privacy law and index the controls that implement them. Applies to personal information of residents of states with comprehensive privacy laws, currently including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Delaware, Indiana, New Jersey, New Hampshire, Kentucky, Maryland, Minnesota, and Rhode Island (the set grows as laws take effect — maintained in the Legal & Regulatory Register).

Commitments

  • Notice at collection & privacy policy — categories collected, purposes, per-category retention, and rights, in the Privacy Notice.
  • Consumer rights — access/know, delete, correct, portability, and (where applicable) opt-out of sale/share/targeted advertising and profiling/ADMT, and appeal, fulfilled through the Data Subject Rights Procedure on the per-state deadline/appeal matrix.
  • No sale/share without opt-out — Neuroscale does not sell or share personal information for cross-context behavioral advertising; opt-out mechanisms (Do-Not-Sell/Share link, GPC) are honored. See the Cookie Notice.
  • Sensitive personal information — limited use; the “Limit the Use of My Sensitive Personal Information” right is offered where applicable.
  • Non-discrimination for exercising rights.
  • Universal opt-out — Global Privacy Control honored.
  • Employment context — California applicant/employee disclosures in the California Applicant & Personnel Notice; ADMT opt-out (CPPA regs, effective Jan 1, 2027) per the DSR Procedure.

Control framework

RequirementImplemented by
Notice at collection / privacy policyPrivacy Notice
Rights intake, verification, fulfillment, appealData Subject Rights Procedure
Opt-out of sale/share/targeted ads + GPCCookie Notice; site opt-out controls
Profiling / ADMT opt-outDSR → Profiling/ADMT opt-out
Data inventory & retentionRoPA; Records Retention Schedule
Processor/contractor termsDPA Template
Security safeguardsInformation Security Policy

Governance

Obligations are tracked in the Legal & Regulatory Register and reviewed at the ISMS Management Review; new state laws are added on enactment. Nonconformities are handled via Corrective Action.

Version history

VersionDateDescriptionAuthorApproved by
1.0June 13, 2026Initial version.Cameron WolfeIshan Jadhwani