PRIVACY NOTICE FOR
CALIFORNIA RESIDENTS

Last Modified: June 10, 2026

APPLICABILITY

This CCPA Notice pertains to Endurance Capital Ltd. Privacy practices, collectively with its subsidiaries and affiliated companies (“Company”, “we”, “us” or “our”). This Notice supplements our Privacy Policy, and applies to California residents’ Personal Information, which we collect directly or indirectly while in our role as a Business. The California Consumer Privacy Act of 2018 together with any other applicable California privacy-related laws (“CCPA”), may apply to visitors of our website, users of our user portal, and others who are California residents (“consumers” or “you”) visiting and using our website (“website”) or using any of our services where and to the extent the CCPA applies. Any terms defined in the CCPA shall have the same meaning when used in this CCPA Privacy Notice, and any terms not defined herein shall have the meanings ascribed to them in the Privacy Policy.

This CCPA notice does not pertain to Personal Data relating to our employees, contractors and other staff as part of their employment or engagement with us.

PART I: A COMPREHENSIVE DESCRIPTION OF THE INFORMATION PRACTICES

Categories Of Personal Information

We collect Personal Information which is defined under the CCPA as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device, all as detailed below. Personal Information further includes Sensitive Personal Information (“SPI”).

The CCPA does not cover: publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; De-identified or aggregated consumer information; Information excluded from the CCPA’s or CPRA’s scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.

CATEGORIES OF PERSONAL INFORMATION COLLECTED

Category A: Identifiers

  • Collected: Yes. We may collect a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, or other similar identifiers. Additionally, we may collect Social Security numbers, Driver’s License number, or passport number, as part of our compliance process.
  • Usage: We may retain users’ identifiers for managing their user account within the platform, granting them with access to the platform, etc. We may use your contact info, subject to applicable law, to send you promotional emails and marketing content via email or SMS. You may withdraw consent at any time through the “unsubscribe” link.

Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

  • Collected: Yes. We may collect name, address, telephone number, and employment information (i.e. your company name, title, and contact information). Some details may overlap with Category A. Additionally, we may collect bank account number, credit card number, or any other financial information, your signature, state identification card number, as part of our compliance process.
  • Not Collected: Physical characteristics or description, insurance notice number, medical information, or health insurance information.

Category C: Protected classification characteristics under California or federal law

  • Collected: No. We do not collect information in this category, including age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, sexual orientation, veteran status, or genetic information.

Category D: Commercial information

  • Collected: Yes. We may collect records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, and related payment data which is processed through our third-party providers.

Category E: Biometric information

  • Collected: No. We do not collect any genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier.

Category F: Internet or other similar network activity

  • Collected: Yes. On our websites we may collect browsing history, search history, information on a consumer’s interaction with a website, or advertisement.

Category G: Geolocation data

  • Collected: Yes. We may collect approximate location derived from IP, if you have enabled and consented to location information collection. We do not collect precise geolocation information.

Category H: Sensory data

  • Collected: No. We do not collect any audio, electronic, visual, thermal, olfactory, or similar sensory information.

Category I: Professional or employment-related information

  • Collected: Yes. We may collect information regarding your current job, such as your company name, title, and contact information, if you provide us with such information. We do not collect other employment-related information like performance evaluations.

Category J: Non-public education information

  • Collected: No. We do not collect this information, such as grades, transcripts, or student financial information.

Category K: Inferences drawn from other personal information

  • Collected: No. We do not collect profiles reflecting preferences or characteristics. However, our website may be affiliated with third-parties that collect this information.

Category L: Sensitive personal information (SPI)

  • Collected: Yes. We may collect sensitive information like government-issued identifying numbers or financial account details.
  • Not Collected: Genetic data, precise geolocation, race or ethnicity, religious beliefs, union membership, communication content (mail/email/text), biometric data, or health data.

BUSINESS DISCLOSURES OF PERSONAL INFORMATION (LAST 12 MONTHS)

Recipient Category 1: Cloud computing and storage vendors

  • Information Disclosed: Categories A, B, D, F, G, I, L.
  • Business Purpose: Storage and hosting.

Recipient Category 2: Operating systems

  • Information Disclosed: Categories A, B, D, F, G, I, L.
  • Business Purpose: Operating the website.

Recipient Category 3: Government entities / Law enforcement

  • Information Disclosed: Categories A, B, D, I, L.
  • Business Purpose: Subject to a law requirement, such as tax authorities.

Recipient Category 4: AML and KYC advisors and agencies

  • Information Disclosed: Categories A, B, D, I, L.
  • Business Purpose: To meet our regulatory requirements.

Recipient Category 5: Banks and other related vendors

  • Information Disclosed: Categories A, B, D.
  • Business Purpose: To facilitate the lending transactions.

Recipient Category 6: Data analysis providers

  • Information Disclosed: Categories A, F, G.
  • Business Purpose: Providing analytic data on the use of our website.

Recipient Category 7: Marketing & promotions providers, CRM providers, social networks, advertising networks

  • Information Disclosed: Categories A, F, G.
  • Business Purpose: Marketing, ad delivery, etc.

Recipient Category 8: Security service providers

  • Information Disclosed: Categories A, B, D, F, G.
  • Business Purpose: Debugging, security, fraud prevention.

How We Collect Personal Information

  • Directly from you: For example, when you contact us through the submission form, etc.
  • Indirectly from activity on the website and services: For example, we collect your usage data automatically from measurement tools.
  • Indirectly from you: We track your activities across the internet related to engagement with our campaigns, for example, when you view or interact with certain content, web page or ad.
  • Provided from third parties: We may collect relevant verification information from third parties such as KYC/AML agencies as part of our evaluation process.

Use Of Personal Information

We may use, or disclose the Personal Information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason you provided Personal Information. For example, to respond to your submission form, as well as for support, etc.
  • For security and fraud detection purposes, monitoring and to maintain the safety, security, and integrity of our website.
  • To improve our services, which includes analyzing which types of ads should be provided and analyzing your use of the website.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your Personal Information or as otherwise set forth in the Privacy Policy.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you a notice.

Sale Of Personal Information

In the preceding twelve (12) months, we do not “sell” information as most people would commonly understand that term—we do not disclose your Personal Information in direct exchange for money. However, we may “share” Personal Information for “interest-based advertising” or “cross-context behavioral advertising” to serve personalized content or ads relevant to your interests.

Categories Sold or Shared for Cross-Context Behavioral Advertising: Categories A, F, and G shared with Ad-networks and advertising partners.

Data Retention

In general, we retain the Personal Information we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to opt out, where applicable. The retention periods are determined according to the following criteria:

  • For as long as it remains necessary in order to achieve the purpose for which the Personal Information was initially processed.
  • To comply with our regulatory obligations (e.g., transactional data is usually retained for seven years as of termination of engagement for bookkeeping obligations).
  • To resolve a claim or dispute, including any legal proceeding between us, until such dispute is resolved.

Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without prior notice.

Amendments

As required under the CCPA, we will update this Privacy Notice every 12 months. The last revision date will be reflected in the “Last Modified” heading located at the header of the Privacy Notice.

Children Under Age 16

We do not knowingly collect information from children under the age of 16.

PART II: EXPLANATION OF YOUR RIGHTS UNDER THE CCPA AND HOW TO EXERCISE THEM

Users’ Rights

If you are a California resident, you may exercise certain privacy rights related to your Personal Information free of charge, except as otherwise permitted under applicable law:

  • The right to know: Request access to the categories and specific pieces of Personal Information collected, categories of sources, business purpose, and categories of third parties with whom we disclose data.
  • Deletion rights: Request the deletion of Personal Information collected, subject to certain exceptions.
  • Correct inaccurate information: Request correction of inaccurate Personal Information maintained about you.
  • Opt-Out of sharing/selling: Opt-out of the “sharing” or “sale” of your Personal Information for cross-contextual behavioral advertising / interest-based advertising.
  • Limit the Use or Disclosure of SPI: Under certain circumstances, limit the use or disclosure of Sensitive Personal Information.
  • Opt-out of automated decision making: Under certain circumstances, opt-out of automated decision-making processes.
  • Non-discrimination: The right not to receive discriminatory treatment or retaliation for exercising your CCPA privacy rights.
  • Data portability: Request a copy of your Personal Information in a portable and easily usable format.

To learn more about your California privacy rights, please visit https://oag.ca.gov/privacy/privacy-laws.

How Can You Exercise the Rights?

You can use the following opt-out options:

  • Use the “Do Not Sell or Share My Information” or “Reject All” option through the cookie setting tool available on our Site.
  • To opt out from cross-contextual ads, use the Network Advertising Initiative’s (NAI) tools, Digital Advertising Alliance’s (DAA) tools, or the European Interactive Digital Advertising Alliance (EDAA) tools.
  • California and Colorado residents may exercise their interest-based advertising opt-out right here: https://optout.privacyrights.info/.
  • We honor the Global Privacy Control (GPC) preferences.
  • Other rights may be exercised by using the Data Subject Request Form and sending it to us by email at: Privacy@endurance.co.

Authorized Agents

Authorized Agents may submit opt-out requests on a consumer’s behalf. We will accept requests from qualified third parties provided that the consumer does the following: Provide the authorized agent signed permission or power of attorney, verify their own identity directly with us, and directly confirm with us that they provided permission. We may deny a request from an authorized agent that does not submit proof of authorization.

Notice Of Financial Incentive

We do not offer financial incentives to consumers for providing Personal Information.

PART III: OTHER CALIFORNIA OBLIGATIONS

Direct Marketing Requests & “Shine the Light” law (Civil Code Section § 1798.83)

California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please use the Data Subject Request Form.

Do Not Track Settings

Cal. Bus. And Prof. Code Section 22575 requires us to notify you how we deal with “Do Not Track” settings. As there is no commonly accepted response for Do Not Track signals initiated by browsers, we do not respond to Do Not Track settings. Please note that we do honor Global Privacy Control (GPC) signals as detailed above. For more details on DNT, visit www.donottrack.us.

CONTACT US

  • By email: Privacy@endurance.co
  • By Mail: 6 Hanechoshet, Tel Aviv, Israel.