PRIVACY POLICY

Vendux LLC dba Shiny

Effective: February 24, 2026

Vendux LLC dba Shiny (“Shiny,” “Company,” “we,” “us,” or “our”) provides an online marketplace that connects organizations with fractional executives and professional service providers. We are committed to protecting personal information in accordance with applicable privacy laws, including the EU General Data Protection Regulation (“GDPR”), UK GDPR, the California Consumer Privacy Act as amended by the CPRA (“CCPA”), and other global data protection laws.
This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you use:
• https://useshiny.com
• https://app.useshiny.com
• any related websites, services, applications, or communications (collectively, the “Services”).

1. DATA CONTROLLER
Vendux LLC dba Shiny is the data controller for personal information processed through the Services.
Contact:
privacy@useshiny.com
Vendux LLC dba Shiny
420 Nichols Rd., 2nd Floor
Kansas City, MO 64112 USA

2. SCOPE OF THIS POLICY
This Policy applies to:
• visitors to our website
• users who create accounts
• companies seeking fractional professionals
• candidates applying to or participating in our talent network
This Policy does not apply to third-party services integrated into our platform that operate under their own privacy policies.

3. CATEGORIES OF PERSONAL INFORMATION
3.1 Information You Provide
We may collect:
Account Information
• Name, title, company name
• Email address and phone number
• Login credentials
Professional Profile Information
• Resume or CV
• Employment history and industry experience
• Professional references and social links
Billing and Transaction Information
• Business billing details
• Payment information processed by third-party payment processors

3.2 Information from Third Parties
We may receive information from:
• referral partners
• background screening providers
• identity verification vendors
• analytics and marketing platforms

3.3 Background Screening
Where appropriate and permitted by law, we may conduct identity verification or background checks using authorized vendors.
We limit such processing to legitimate business needs such as platform safety, fraud prevention, or candidate vetting.

3.4 Automatically Collected Information
We may collect:
• IP address and general location
• device and browser characteristics
• interaction and usage data
• referral sources
Analytics information is used to improve the Services and is aggregated where possible.

3.5 Cookies and Tracking Technologies
We use cookies and similar technologies to operate and improve the Services.
Categories of cookies include:
• strictly necessary cookies
• analytics and performance cookies
• advertising or marketing cookies
Where required by law, non-essential cookies are activated only after you provide consent through our cookie management tool. You may change preferences at any time.

4. PURPOSES AND LEGAL BASES FOR PROCESSING
For users in the EEA, UK, or Switzerland, we rely on the following legal bases:
Purpose Legal Basis
Providing platform services Contract performance
Matching candidates and clients Legitimate interests / contract
Identity verification and security Legitimate interests
Background screening Consent or legal obligation
Analytics and advertising cookies Consent
Marketing communications Consent or legitimate interest (where permitted)
Compliance with legal obligations Legal obligation
We conduct balancing tests where processing relies on legitimate interests.

5. HOW WE USE PERSONAL INFORMATION
We use personal information to:
• operate and maintain the Services
• facilitate matches between candidates and clients
• enable invoicing and payments
• verify identity and prevent fraud
• improve platform performance and analytics
• send service-related notifications
• send marketing communications where allowed by law
• comply with regulatory and legal requirements

6. PROFILING AND MATCHING TECHNOLOGY
Shiny may use structured filters, scoring logic, or automated tools to assist in matching candidates and opportunities. These tools support human review and do not make fully automated decisions with legal or similarly significant effects.

7. DISCLOSURE OF PERSONAL INFORMATION
We may disclose personal information to:
• hosting providers and cloud infrastructure vendors
• payment processors
• analytics and advertising platforms
• background screening providers
• professional advisors
• regulators or law enforcement where required
We do not sell personal information as defined under the CCPA.

8. INTERNATIONAL DATA TRANSFERS
Shiny is based in the United States. Personal information may be transferred to and processed in the United States or other jurisdictions.
Where required by law, we implement safeguards such as:
• Standard Contractual Clauses
• contractual data protection obligations with vendors
• other approved transfer mechanisms

9. DATA RETENTION
We retain personal information only for as long as necessary to fulfill the purposes described in this Policy or comply with legal obligations.
Typical retention practices include:
• account information retained while accounts remain active
• candidate profiles retained for a defined period after last activity
• financial and transactional records retained in accordance with accounting and tax laws
Retention periods may vary depending on regulatory requirements.

10. YOUR PRIVACY RIGHTS
10.1 GDPR / UK GDPR Rights
Where applicable, you may:
• request access to your personal information
• request correction or deletion
• object to or restrict processing
• request data portability
• withdraw consent at any time
You may also lodge a complaint with a supervisory authority.

10.2 California Privacy Rights (CCPA/CPRA)
California residents may request:
• disclosure of categories of personal information collected
• deletion of personal information
• correction of inaccurate information
• information about data sharing practices
Shiny does not sell personal information or use it for cross-context behavioral advertising as defined by California law.

11. MARKETING COMMUNICATIONS
You may opt out of marketing emails at any time using the unsubscribe link or by contacting us. We may continue to send transactional or service-related communications.

12. SECURITY
We implement commercially reasonable technical and organizational measures designed to protect personal information. No method of transmission or storage is completely secure.

13. CHILDREN
The Services are intended for business users and adults over the age of 18. We do not knowingly collect information from children.

14. THIRD-PARTY SERVICES
Our Services integrate with third-party providers such as payment processors, analytics platforms, and advertising services. These providers operate under their own privacy policies.

15. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or by email where appropriate.

16. CONTACT
privacy@useshiny.com
Vendux LLC dba Shiny
420 Nichols Rd., 2nd Floor
Kansas City, MO 64112 USA