CAMPBELL INFORMATION SERVICES, PLLC
ONLINE PRIVACY POLICY

Effective Date: March 17, 2026

1. Introduction; Scope.

(a) Who We Are. At Campbell Information Services, PLLC (“COMPANY,” “we,” “our,” or “us”), we respect your right to privacy and understand the importance of maintaining the security and confidentiality of your personal information.

(b) What This Policy Covers. This Privacy Policy (“Policy”) describes how and why we may collect, store, use, and/or share (“process”) your information when you use our services (the “Services”), including:

  • Your use of our website at www.ourprimal5.com and any other website we own and operate (collectively, the “Website”);
  • Your use of our mobile applications for Apple® and Android™ platforms (the “Mobile Apps”); and
  • Your direct communications with us (for example, by phone, email, or in-app messaging), and certain information provided to us about you by third parties in connection with the Services.

(c) Agreement to this Policy. By accessing or using the Website or Mobile Apps, you acknowledge that you have read and understand this Policy and agree to be bound by it. If you do not agree with this Policy, you should not use the Services.

2. Definitions.

(a) “Personal Information.” Throughout this Policy, we use the term “personal information” or “personally identifiable information” to describe information that can be associated with a specific person and can be used to identify that person.

(b) Aggregated or De-Identified Data. We do not consider personal information to include information that has been aggregated and/or anonymized so that it does not identify a specific person. We may use and share such aggregated or de-identified information for any lawful purpose.

3. Personal Information We Collect.

(a) Categories of Information Collected. We may collect personal information in three main ways:

  • Information you provide directly to us;
  • Information we collect automatically when you use the Services; and
  • Information we receive from other sources, including third parties.

(b) Information You Provide Directly. When you visit our Website or Mobile Apps, register or open an account, use our Services, or contact us directly, you may be asked to provide personal information about yourself. We may also gather information from third parties associated with you or who may provide verifying information about you, especially in connection with identity verification and the Services we provide to you. Examples of personal information we may collect include:

  • Your first and last name;
  • A home or physical address (including street name, city, state, and ZIP code);
  • Your email address;
  • Your telephone number, including mobile phone number;
  • Your date of birth and/or tax identification number (if applicable);
  • Banking information (if applicable);
  • Credit card or other payment information (if applicable);
  • Credit history and information from consumer reporting agencies (if applicable);
  • Information you provide in forms, applications, surveys, or other communications with us; (including for example, your health and wellness information that you voluntarily enter into the Website and/or Mobile Apps, such as information regarding your activities, habits, exercise, nutrition or other lifestyle information); and
  • Any other identifier that permits physical or online contact with you.

All personal information that you provide to us must be true, complete, and accurate, and you should notify us of any changes to such information.

(c) Information We Collect Automatically. When you use the Services, we may automatically collect certain technical and usage information. Although this information does not typically identify you by name, it may be associated with your account or device and, in some circumstances, may be treated as personal information. Examples include:

  • Log and usage data. Service-related, diagnostic, usage, and performance information, such as the date and time of your visit, the pages you view, links you click, search queries, and other actions you take within the Services.
  • Device and browser information. Your IP address; Media Access Control (MAC) address; computer type (Windows or Mac); screen resolution; operating system name and version; device manufacturer and model; language; Internet browser type and version; and similar technical information.
  • Location data. General location information derived from your IP address, and, if you enable location services on a mobile device, more precise location information to provide location-based features. You may disable location services via your device settings, although some features may not function properly without it.

(d) Health and Wellness Information. Our Services allow you to voluntarily enter information into our Website and Mobile Apps related to your health, wellness, activities, and lifestyle habits. This may include information such as exercise activity, habits, nutrition, or other wellness-related information that you choose to record with us.

This information is collected only to provide the Services’ core functionality, including enabling you to track, review, and manage your personal wellness and activity information.

We do not sell or rent health-related information. Health-related data may be stored or processed by service providers that support the operation of the Services (such as cloud hosting providers), but such providers may only use the information on our behalf to operate the Services and are required to maintain appropriate confidentiality and security protections.

The Services are intended for personal tracking and informational purposes only and are not intended to provide medical advice, diagnosis, or treatment. The Services are not a healthcare provider and the information collected through the Services is generally not treated as “protected health information” under the Health Insurance Portability and Accountability Act (HIPAA).

(e) Information We Receive from Other Sources. We may obtain information about you from other sources, such as:

  • Public databases;
  • Consumer reporting agencies, credit bureaus, and identity-verification providers;
  • Joint marketing partners and business partners; and
  • Other third-party service providers who help us verify your identity, prevent fraud, or process transactions.

This information helps us maintain accurate records, verify your identity, comply with legal and regulatory requirements, and provide the Services securely.

4. How We Use Your Information.

(a) Permissible Uses. We use your personal information, only as permissible by law, to:

  • Verify your identity and eligibility to use the Services;
  • Prevent, detect, and manage fraud, security incidents, and other illegal or prohibited activities;
  • Process transactions and provide our financial Services to you;
  • Create, maintain, and service your accounts and records;
  • Communicate with you about your account, the Services, updates, and administrative information;
  • Manage your preferences and personalize your experience with the Services;
  • Perform analytics concerning your use of the Services and improve the design, functionality, and performance of the Website and Mobile Apps;
  • Develop new products, services, and features;
  • Comply with applicable legal, regulatory, and contractual obligations and respond to lawful requests; and
  • Enforce our terms, protect our rights and property, and protect the rights, property, and safety of our users and others.

(b) No Unrelated Use Without Consent. We do not use or disclose personal information for purposes unrelated to the business needs described in this Policy without your consent or as otherwise permitted or required by law.

(c) Aggregated and De-Identified Information. We may collect, analyze, and process information regarding your use of the Services, including activity data, scoring information, engagement metrics, and usage patterns. We may combine this information with data from other users and de-identify or anonymize it so that it no longer identifies any individual (“Aggregated Data”). We use Aggregated Data for purposes such as (i) operating and improving the Services; (ii) developing features and scoring methodologies; (iii) understanding user trends and engagement; (iv) generating app-wide statistics and benchmarks; and (v) research, analytics, and product development.

5. Cookies and “Do Not Track” Mechanisms.

(a) Use of Cookies and Similar Technologies. We use browser cookies and similar tracking technologies to analyze usage patterns, enhance your security, and personalize your experience when you use the Services. Cookies may be used to:

  • Maintain session security and keep you logged in;
  • Remember your preferences and settings; and
  • Gather analytics about how the Website and Mobile Apps are used.

(b) Your Choices. You may elect to set your web browser to:

  • Inform you when cookies are set;
  • Block or delete cookies; or
  • Enable your browser’s “Do Not Track” (DNT) signal or similar mechanisms such as Global Privacy Control (GPC) https://globalprivacycontrol.org/.

However, if you elect to prevent certain cookies from being set, some Services and features on the Website or Mobile Apps may not work as intended.

(c) Do Not Track and Global Privacy Control. At this time, there is no universally accepted standard for how to respond to DNT signals, and we may not respond to all such signals. We will, however, honor any obligations we have under applicable law with respect to Global Privacy Control or similar mechanisms.

(d) Cookie Statement. More information on cookies, other tracking technologies, and your choices can be found in our Statement on Cookies and Other Tracking Technologies [insert link here]. By using the Website or Mobile Apps, you agree to our use of cookies and other tracking technologies as described in that Statement and in this Policy.

6. How and With Whom We Share Information.

(a) Service Providers and Vendors. We may share your personal information with third-party vendors, service providers, contractors, or agents (“third parties”) who perform services for us or on our behalf and require access to such information to do that work. Examples include:

  • Cloud hosting and data storage providers;
  • Payment processors and financial institutions;
  • Consumer reporting agencies and identity-verification providers;
  • Analytics and technology support providers; and
  • Customer support and communication platforms.

We have contracts in place with these third parties that are designed to help safeguard your personal information. They may not use your personal information for their own purposes and are obligated to protect it and process it only as instructed by us.

(b) Legal and Regulatory Requirements. We may share your personal information when we believe it is necessary to:

  • Comply with applicable legal and/or regulatory requirements;
  • Respond to audits, examinations, or investigations;
  • Protect against fraud, security incidents, and illegal activities; or
  • Establish, exercise, or defend legal claims.

(c) Business Transfers and Affiliates. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business. We may also share your information with our affiliates (entities under common control with COMPANY), who will be required to honor this Policy.

(d) No Sale of Personal Information. We do not sell your personal information or share it with third parties for their own independent marketing purposes.

(e) Use of Health and Wellness Information. We collect health-related information that you voluntarily provide through the Website and/or Mobile Apps in order to operate and provide the Services’ features and functionality, including enabling you to track, monitor, and review your health, wellness, or lifestyle activities.

We do not sell health-related information. We may process or store such information using trusted service providers that host or support the operation of the Services, but such providers may only use the information on our behalf and are contractually required to maintain appropriate confidentiality and security protections.

7. Protecting Your Information, Confidentiality, and Security.

(a) Security Measures. We are committed to protecting your personal information. We have implemented appropriate and reasonable technical, administrative, and physical security measures designed to protect the security and confidentiality of the personal information we process.

(b) No Absolute Security. Despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. We cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

(c) Your Responsibility. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment and are responsible for safeguarding any login credentials associated with your account.

8. Children’s Online Privacy and Minors.

(a) COPPA and Minors. The Children’s Online Privacy Protection Act of 1998 (“COPPA”) restricts the collection, use, or disclosure of personal information from and about children under the age of 13 on the Internet. Our Services are not intended for children under 18 years of age, and we do not knowingly solicit data from or market to children under 18.

(b) Age Representation. By using the Services, you represent that you are at least 18 years of age, or that you are the parent or legal guardian of a minor who is at least 13 and you consent to such minor dependent’s use of the Services.

(c) If We Learn of Minor Data. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records, except to the extent we are required to retain such information to comply with law. If you become aware of any data we may have collected from children under 18, please contact us at info@ourprimal5.com.

9. Your Privacy Rights.

(a) General Rights. Depending on where you reside, you may have certain rights under applicable privacy laws. These may include the right to:

  • Request access to the personal information we maintain about you;
  • Request correction or update of inaccurate or incomplete personal information;
  • Request deletion of certain personal information, subject to legal and contractual restrictions;
  • Opt-out of certain types of data sharing or marketing communications; and
  • Receive additional disclosures about how we collect, use, and share your information.

(b) California and Other State-Specific Rights. Residents of certain states (including California) may have additional privacy rights under state law. For more information about California-specific rights and how to exercise them, please refer to our California Consumer Privacy Policy.

(c) How to Exercise Your Rights. To exercise your rights, you may contact us using the information provided in Section 14 of this Policy. We may take reasonable steps to verify your identity before responding to certain requests.

10. Making Sure Your Information Is Accurate.

(a) Review and Maintenance. You may review and maintain your personal information by logging into the Website for the Services, sending an inquiry to info@ourprimal5.com, or calling us at 662-513-9936 (or another number we may provide for this purpose).

(b) Verification. We may take reasonable steps to verify your identity before granting access to or making corrections to your personal information.

11. Retention of Personal Information.

(a) Retention Period. We retain personal information for a period of time that is:

  • Required by law or regulation; and/or
  • Reasonably necessary for our business purposes, such as maintaining your account, fulfilling transactions, resolving disputes, responding to regulatory or audit requests, and enforcing our agreements.

(b) Deletion or Anonymization. When we no longer have a legitimate business need or legal obligation to retain your personal information, we will delete, anonymize, or otherwise appropriately dispose of it in accordance with our data retention and destruction policies.

12. Third-Party Website Links.

(a) Links to Third-Party Sites. Our Services may provide links to websites that are owned or operated by other companies. When you use these links on our Website or Mobile Apps to visit any third-party website, you will be subject to that website’s privacy and security policies, which may differ from ours.

(b) No Responsibility for Third-Party Practices. We are not responsible for the content, privacy practices, or security of any third-party websites. You should review their privacy and security policies carefully before providing any personal information on those websites.

13. Updates to This Policy.

(a) Right to Update. We may update this Policy from time to time. This Policy is therefore subject to change at any time.

(b) Notice of Changes. When we make material changes, we will:

  • Revise the Effective Date at the top of this Policy; and
  • Where appropriate, provide additional notice (such as by posting a prominent notice on the Website or Mobile Apps, or by sending you an email or in-app message).

(c) Continued Use. Your continued use of the Website, Mobile Apps, or Services following any changes to this Policy means that you accept and agree to the revised Policy.

14. How to Contact Us.

(a) Contact Information. If you have any questions, concerns, or requests regarding this Policy or our privacy practices, please email us at info@ourprimal5.com.

CALIFORNIA CONSUMER PRIVACY POLICY (CCPA/CPRA ADDENDUM)

Effective Date: March 17, 2026

1. Scope and Relationship to Main Privacy Policy.

(a) Who This Applies To. This California Consumer Privacy Policy (“California Policy”) applies solely to residents of the State of California (“California Consumers”) and supplements our main Privacy Policy.

(b) Financial Information and GLBA. Certain personal information we collect and process in connection with providing consumer financial services is subject to the federal Gramm-Leach-Bliley Act (“GLBA”) or other financial privacy laws and is exempt from some of the requirements of the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”). This California Policy applies to personal information to the extent it is covered by the CCPA and not otherwise exempt.

2. Categories of Personal Information We Collect.

(a) Categories Collected. In the past 12 months, we have collected the following categories of personal information about California Consumers, depending on your relationship with us and how you use the Services:

  • Identifiers (e.g., name, postal address, email address, telephone number, online identifier, Internet Protocol (IP) address, account name).
  • Customer Records Information (e.g., bank account number and other financial information you provide to us in connection with our Services).
  • Commercial Information (e.g., records of products or services purchased, obtained, or considered, or other purchasing or transaction histories).
  • Internet or Other Electronic Network Activity Information (e.g., browsing history, usage data, log data, interactions with our Website or Mobile Apps).
  • Geolocation Data (e.g., device location derived from IP address or, if enabled, from mobile device location services).
  • Audio and Electronic Information (e.g., call recordings, if we record customer service calls as disclosed at the time of the call).
  • Health and Wellness Information (e.g. health, wellness, lifestyle, or activity information that you enter into the Website and/or Mobile Apps such as activity, habits, nutrition information, or other wellness-related data used to enable the core functionality of the Services).
  • Inferences (e.g., inferences drawn from the above information to create a profile about your preferences or characteristics related to our Services).

(b) Sensitive Personal Information. To the extent we collect Sensitive Personal Information (for example, account login credentials, financial account information, or government identifiers), we use such information only as reasonably necessary to provide the Services, to ensure security and integrity, to comply with laws, or for other limited permissible purposes under the CCPA.

3. Sources of Personal Information.

(a) We collect the categories of personal information described above from:

  • You directly (for example, when you open an account, complete forms, or communicate with us);
  • Your use of the Services (including automatic collection as described in our main Privacy Policy); and
  • Third parties, such as consumer reporting agencies, identity-verification providers, payment processors, and other service providers.

4. Purposes for Collecting Personal Information.

(a) We collect and use personal information for the business purposes described in Section 4 of our main Privacy Policy, including, without limitation:

  • Providing and servicing accounts and transactions;
  • Detecting and preventing fraud and security incidents;
  • Performing analytics and improving our Services;
  • Complying with legal and regulatory obligations; and
  • Communicating with you about your account and the Services.

5. Disclosure of Personal Information to Third Parties.

(a) Disclosures for Business Purposes. We may disclose the categories of personal information listed in Section 2 of this California Policy to:

  • Service providers and contractors who perform services on our behalf;
  • Government and regulatory authorities, as required by law; and
  • Successors to our business in connection with a merger, acquisition, or similar transaction.

(b) No Sale or Sharing for Cross-Context Behavioral Advertising. We do not sell personal information and do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA. Accordingly, we do not offer an option to opt out of “sale” or “sharing” because we do not engage in these activities.

6. Your CCPA Privacy Rights.

Subject to certain limitations and exceptions, California Consumers have the following rights with respect to their personal information:

(a) Right to Know. You have the right to request that we disclose the following information for the 12-month period preceding your request:

  • The categories of personal information we collected about you;
  • The categories of sources from which the personal information was collected;
  • The business or commercial purposes for collecting such personal information;
  • The categories of third parties to whom we disclosed such personal information; and
  • The specific pieces of personal information we collected about you, subject to certain legal restrictions.

(b) Right to Delete. You have the right to request that we delete personal information we collected from you, subject to certain exceptions (for example, where we are required to retain information to comply with law, complete transactions, or detect security incidents or fraud).

(c) Right to Correct. You have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of the processing.

(d) Right to Limit Use of Sensitive Personal Information. To the extent we use or disclose Sensitive Personal Information beyond what is reasonably necessary to provide the Services or as otherwise permitted by the CCPA, you would have the right to limit such use or disclosure. At this time, we do not use or disclose Sensitive Personal Information in a way that triggers a right to limit under the CCPA.

(e) Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights. For example, we will not deny you Services, charge you different prices, or provide a different level or quality of Services solely because you exercised your rights under the CCPA.

7. How to Exercise Your CCPA Rights.

(a) Submitting a Request. You may exercise your CCPA rights by submitting a request using any of the following methods:

  • Email: info@ourprimal5.com
  • Phone: 662-513-9936
  • Mail: Campbell Information Services, PLLC, 2005 Harris Drive, Oxford, MS 38655

(b) Verification of Your Identity. We may need to verify your identity before processing your request. The verification steps may vary depending on the nature of your request and the sensitivity of the personal information involved. We will use any personal information collected in connection with the verification process only for that purpose.

(c) Authorized Agents. You may designate an authorized agent to submit CCPA requests on your behalf. We may require proof of the agent’s authorization and may also require you to verify your identity directly with us.

8. Contact Information for California Privacy Questions.

(a) If you have any questions or concerns regarding this California Policy or our privacy practices with respect to California Consumers, you may contact us at info@ourprimal5.com.