Privacy policy

PRIVACY POLICY

Last Updated: 09.05.2025

This Privacy Policy (“Policy”) explains how Freshkeep, inc., operating as Silo ("Silo," "we," "us," or "our") collects, uses, discloses, and otherwise Processes information about you or associated with you (“Personal Data” or “personal information”) when you create a Silo account, access or use our websites (including www.heysilo.com - the "Website"), mobile applications ("Apps"), register and use our smart food storage system (the "Silo Device"), and utilize related products and services (collectively, the "Services"), or when you otherwise interact with us (e.g., through customer support, social media).

Silo is a cutting-edge food storage system that combines a sleek countertop device with high-quality containers, offering advanced vacuum technology and an integrated inventory management system designed to help you reduce food waste and manage your food supplies efficiently.

Our Pledge:

• We are committed to transparency regarding the types of Personal Data we collect and how we use them.

• We will seek your permission before sharing your Personal Data with third parties for purposes other than at your request, to provide Silo's Services, or as otherwise permitted by law. We aim to partner with third parties that we believe will offer you valuable additional services.

• We will employ robust data security measures to protect your Personal Data and safeguard Silo products from unauthorized access.

This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of your Personal Data or changes in applicable law. We encourage you to read this Policy carefully and to regularly check this page to review any changes we might make. You can review the most current Policy at any time at https://www.heysilo.com/privacy-policy.

Your continued use of our Services after the "Last Updated" date of this Policy signifies your acceptance of the updated Policy.

 

---

 

CONTENTS

1. Scope of This Policy

• Intended Audience & Children's Privacy

2. Information We Collect and Create

• Information You Provide to Us

• Information We Collect Automatically (including from the Silo Device)

• Information We Collect From Other Sources

• Information We Create or Derive

• Categories of Personal Data We Process

3. How We Use Your Information

• Purposes of Processing

• Legal Bases for Processing (for EEA/UK users)

4. How We Disclose Your Information

5. Cookies, Analytics, and Interest-Based Advertising

• Use of Cookies and Similar Technologies

• Analytics

• Interest-Based Advertising

• Your Choices Regarding Cookies and Advertising

• Do Not Track

6. International Data Transfers

7. Data Security

8. Data Accuracy, Minimization, and Retention

• Data Accuracy

• Data Minimization

• Data Retention

9. Your Rights and Choices

• Access, Correction, and Update

• Marketing Communications

• Device Data Collection

• Additional Rights for Users in Certain Jurisdictions

10. Third-Party Links and Services

11. Updates to This Policy

12. Contact Us

13. Controller Details and Representatives (for EEA/UK Users)

• Controller

• Representatives

14. Specific Disclosures for U.S. Residents

• California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)

• California’s “Shine the Light” Law

15. Definitions

1. Scope of This Policy

This Policy applies to Personal Data Processed by Silo in connection with our Services. It does not apply to information collected by:

• Third-party websites, services, or applications ("Linked Sites") that you may access through our Services. We have no control over, and no responsibility or liability for, any third-party collection, use, disclosure, or retention of your information. The privacy practices of Linked Sites are not subject to this Policy. Please review the privacy policies of any Linked Sites you access.

• Third parties who are not acting as our service providers (or "Processors").

1.1. Intended Audience & Children's Privacy
Our Services are primarily intended for and directed to adults. The Services are not directed to persons under the age of 13 (or a higher age threshold if stipulated by applicable local law, such as 16 in some EU jurisdictions). We do not intentionally or knowingly collect or maintain Personal Data from persons under this age. If we obtain actual knowledge that we have collected Personal Data from a child under the applicable age threshold without prior verifiable parental consent, we will take steps to delete such information promptly. If a child's Personal Data is collected with prior parental consent, we will only use or disclose the data as permitted by law, with the explicit consent of the child's parents or guardians, or when necessary for the protection of the child.
If you are a parent or guardian and believe that your child under the applicable age threshold has provided Personal Data to us without your consent, please contact us using the details provided in the "Contact Us" section below, and we will take steps to delete such Personal Data from our systems.

2. Information We Collect and Create

We collect and create Personal Data about you from various sources to provide and improve our Services, and to personalize your experience.

2.1. Information You Provide to Us
We collect Personal Data that you provide directly to us. This occurs when you:

• Create or modify your Silo account and profile: This includes your name, email address, phone number, password, and any other profile information you choose to add.

• Purchase or register a Silo Device or subscribe to our Services: This includes shipping and billing addresses, payment method information (which may be processed by our third-party payment processors), and details of your transaction.

• Interact with the Silo Device and Apps: For example, when you input names of food items, quantities, storage dates, expiration dates, or create custom food categories.

• Communicate with us: This includes when you contact customer support (via email, phone, or other channels), respond to surveys, participate in promotions or contests, or provide feedback. We will collect the content of your communications and any information you provide.

• Connect with social media: If you interact with our Services through various social media platforms (e.g., by Liking or Following us, or accessing our Services via a third-party connection or login), we may receive Personal Data from the social network, such as your profile information, profile picture, username, and friend list, depending on your privacy settings on that platform. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Services.

• Submit a job application: If you apply for employment with Silo, we will collect information related to your application, such as your resume, cover letter, employment history, and educational background.

2.2. Information We Collect Automatically (including from the Silo Device)
We automatically collect certain information about your interactions with us, our Services, and the Silo Device:

• Silo Device Information: When you register and use your Silo Device, we collect data related to its operation and your usage, including:

• Device Identifiers and Status: Device model, serial number, firmware version, network information (e.g., Wi-Fi network name, IP address from which data originates), connectivity status, and device operational state (e.g., online/offline, battery level, error codes).

• Usage Data: Frequency and duration of use, logs of when the Silo Device is opened or closed, vacuum sealing events (e.g., frequency, duration, success/failure), grinding cycles (if applicable to future devices), and interactions with the device's controls or interface.

• Sensor Data: Information from sensors within the Silo Device, such as internal temperature, humidity levels, weight of contents in containers (if equipped), and other environmental data relevant to food storage.

• Food Inventory and Storage Data: Information you input or that the device infers about food stored in Silo containers, such as item names, quantities, categories (e.g., fruits, vegetables, meats), date of storage, intended expiration dates, and consumption patterns (e.g., when items are removed).

• 
  

• Website and App Usage Information: When you use our Website or Apps, we automatically collect:

• Log Information: IP address, web browser type and version, operating system, access times, pages viewed, links clicked, the referring URL (the webpage you visited before navigating to our Website), and your language preferences.

• Device Information (for Apps): Mobile device identifiers (e.g., IDFA, Android Advertising ID), device model, operating system version, mobile network information, and app version.

• 
  

• Transactional Information: We collect details about the transactions you complete with us, such as purchase prices, subscription fees, deposits, returns, and the date and location of transactions.

• Information Collected by Cookies and Similar Tracking Technologies: We and our third-party partners use various tracking technologies, such as cookies, web beacons (also known as "pixel tags" or "clear GIFs"), embedded scripts, and other similar technologies to collect information about your interactions with our Services and emails.

• Cookies: Small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, count visits, and remember your preferences.

• Web Beacons: Electronic images that may be used on our Services or in our emails to help deliver cookies, count visits, and understand usage and campaign effectiveness (e.g., if an email has been opened and which links were clicked).
  For more information about cookies and how to manage them, please see Section 5 ("Cookies, Analytics, and Interest-Based Advertising") below.

2.3. Information We Collect From Other Sources
We may also obtain information about you from other sources, including:

• Third-Party Services: If you create or log into your Silo account through a third-party service (like Google or Apple), we will receive certain information from that service, such as your name and email address, as permitted by your privacy settings on that service.

• Business Partners: We may receive information from business partners with whom we offer co-branded services or engage in joint marketing activities.

• Publicly Available Sources: We may collect information from publicly available sources, such as public databases or social media platforms, if you make information public.

• Service Providers: Our vendors and service providers who perform services on our behalf may collect information and share it with us.

2.4. Information We Create or Derive
We may create Personal Data about you or derive inferences based on the information we collect. For example:

• We may infer your approximate location based on your IP address.

• We may derive insights about your food storage habits, preferences, or potential food waste reduction based on your use of the Silo Device and Services.

• We may create aggregated or de-identified data sets from Personal Data, which are not subject to this Policy as they do not identify you.

2.5. Categories of Personal Data We Process
The categories of Personal Data we may Process, subject to applicable law, include:

• Personal Details: Given name(s); preferred name; photograph (if you provide one for your profile).

• Demographic Information: Gender (if you provide it); date of birth/age; nationality/region; and language preferences.

• Contact Details: Postal address; shipping address; telephone number; email address; online messaging details (if you communicate with us this way); and social media profile details (if you interact with us via social media).

• Account and Registration Details: Username; password; account creation date; user preferences.

• Consent Records: Records of any consents you have given, together with the date and time, means of consent, and any related information (e.g., the subject matter of the consent).

• Purchase and Transactional Details: Records of purchases, subscriptions, and prices; consignee name, address, and contact telephone number for shipping; details of returns or warranty claims.

• Payment Details: Invoice records; payment records; billing address; payment method details (e.g., tokenized card information, last four digits of card number, card expiry date – full payment card information is typically processed by our third-party payment processors).

• Silo Device and Usage Data (as detailed in Section 2.2): Including device identifiers, operational status, usage logs, sensor data, and food inventory information.

• Data Relating to our Sites and Apps (as detailed in Section 2.2): IP address; browser type; operating system; access times; pages viewed; app usage patterns; device identifiers.

• Content and Advertising Data: Records of your interactions with our online advertising and content (on our Services or third-party sites), records of advertising and content displayed to you, and any interaction you may have had with such content or advertising (e.g., mouse hover, mouse clicks, forms you complete in whole or in part).

• Views and Opinions: Any comments, feedback, reviews, views, and opinions that you choose to send to us, or publicly post about us on social media platforms or other forums.

• Cookie Data: Personal Data collected via cookies and other similar tracking technologies, as detailed in Section 5.

• Employment Application Data: Information provided in connection with a job application, such as resume, employment history, education, and references.

3. How We Use Your Information

We use the Personal Data we collect for various purposes, as described below.

3.1. Purposes of Processing
We Process your Personal Data for the following purposes:

• Providing, Maintaining, and Improving our Services:

• To operate and maintain our Website, Apps, and the Silo Device.

• To create and manage your account and user profile.

• To process your orders, subscriptions, and payments.

• To deliver, activate, or verify products or Services, including shipping Silo Devices and fulfilling requests for changes or support.

• To provide technical support, customer service, and respond to your inquiries.

• To enable the features of the Silo Device, such as vacuum sealing, inventory tracking, and providing you with insights about your food storage.

• To develop new products, services, features, and functionalities.

• To debug, identify, and repair errors that impair existing or intended functionality of the Services.

• To perform internal operations, such as data analysis, research, audits, and troubleshooting.

• 
  

• Personalizing Your Experience:

• To provide you with a customized user experience and content (e.g., suggesting recipes based on your inventory, providing personalized tips for food storage).

• To remember your preferences and settings.

• To serve targeted advertisements or offers we believe may be relevant to your interests (see Section 5 for more details).

• 
  

• Communicating With You:

• To send you transactional or relationship messages, such as account verification, order confirmations, shipping notifications, important notices about the Services (e.g., updates to our terms or policies, critical software updates, security alerts, or product recall information).

• To send you information about products, services, promotions, and events offered by Silo and our partners that may interest you, with your consent where required by applicable law (see "Your Rights and Choices" for opt-out information).

• To invite you to participate in Silo promotional activities, market surveys, or beta testing programs.

• 
  

• Security and Fraud Prevention:

• To monitor for and prevent security incidents, and detect, investigate, and address malicious, deceptive, fraudulent, or illegal activity.

• To protect the rights, property, or safety of Silo, our users, or the public as required or permitted by law.

• To enforce our Terms of Service and other policies.

• 
  

• Legal and Regulatory Compliance:

• To comply with applicable legal requirements, such as tax laws, accounting obligations, or responding to lawful requests from government authorities, subpoenas, or court orders.

• To establish, exercise, or defend legal claims.

• 
  

• Aggregated or De-Identified Information:

• To create and use aggregated or de-identified information (which does not identify you personally) for research, analytics, service improvement, or any other business purpose. For example, to understand food storage trends or the environmental impact of reduced food waste.

• 
  

• Other Purposes:

• For any other purpose described to you at the time the information was collected, or with your consent.

• 
  

3.2. Legal Bases for Processing (for EEA/UK users)
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we Process your Personal Data based on the following legal grounds, as applicable under the General Data Protection Regulation (GDPR) or UK GDPR:

If we intend to Process your Personal Data for a purpose other than that for which the Personal Data were collected, we will provide you with information on that other purpose and any relevant further information before doing so.

4. How We Disclose Your Information

We may disclose your Personal Data in the instances described below. We do not "sell" your Personal Data in the traditional sense (i.e., for monetary payment) without your consent. For information on disclosures specific to California residents under the CCPA/CPRA, please see Section 14.

We may disclose your Personal Data with the following categories of third parties:

• Affiliates and Subsidiaries: We may disclose Personal Data with our affiliates, including our parent company (Freshkeep, inc.), our subsidiaries (such as Freshkeep ltd., our research and development subsidiary in Israel), and other companies under common control with Freshkeep, inc. These companies will use your Personal Data in the same way as we can under this Policy, for purposes such as providing shared services, internal reporting, or improving offerings.

• Service Providers and Vendors: We disclose Personal Data with third-party vendors, contractors, consultants, and other service providers that perform services on our behalf or help us operate our business. These may include:

• Payment processors and facilitators.

• Cloud hosting and storage providers.

• Shipping and logistics providers.

• Customer support service providers.

• Marketing and advertising partners (for activities like email campaigns, analytics, and ad serving, subject to your choices – see Section 5).

• Data analytics providers.

• IT support and security providers.
  These service providers are contractually obligated to use your Personal Data only to perform services on our behalf and in accordance with our instructions and applicable law, and to implement appropriate security measures to protect your Personal Data.

• 
  

• (This item was blank in the original list)

• With Your Consent or at Your Direction: We may disclose your Personal Data to third parties when we have your explicit consent to do so or at your direction. For example:

• If you choose to link your Silo account with a third-party service (e.g., a recipe app or a grocery delivery service), we may share information as authorized by you.

• If you choose to participate in a promotion or co-branded offering with a third party, we may share information with that third party as described at the time of collection or with your consent.

• If you post a product review or content publicly through our Services, that information may be visible to others.

• 
  

• (This item was blank in the original list)

• Business Transactions or Transfers: We may disclose or transfer your Personal Data in connection with, or during negotiations of, any merger, sale of all or a portion of company assets or shares, reorganization, financing, change of control, acquisition of all or a portion of our business by another company or third party, or in the event of bankruptcy or related or similar proceedings. In such cases, the acquiring entity will be subject to the same commitments made in this Policy with respect to previously collected Personal Data.

• Legal Obligations and Rights Protection: We may disclose Personal Data to third parties if we believe that disclosure is in accordance with, or required by, any applicable law, regulation, legal process, or governmental request. This includes:

• To comply with subpoenas, court orders, or other legal requirements.

• To enforce our Terms of Service or other policies, including the investigation of potential violations.

• To investigate and defend ourselves against any third-party claims or allegations.

• To protect against harm to the rights, property, or safety of Silo, our users, or the public, as required or permitted by law.

• To detect, prevent, or otherwise address criminal activity (including fraud or stalking), security, or technical issues.

• 
  

• (This item was blank in the original list)

• Aggregated or De-Identified Information: We may disclose aggregated or de-identified information that cannot reasonably be used to identify you. For example, we may share aggregated statistics about the usage of our Services with business partners or for public reporting (e.g., trends in food waste reduction).

If we engage a third-party Processor to Process your Personal Data, the Processor will be subject to binding contractual obligations to: (i) only Process the Personal Data in accordance with our prior written instructions; and (ii) use appropriate technical and organizational measures to protect the confidentiality and security of the Personal Data, along with any additional requirements under applicable law.

5. Cookies, Analytics, and Interest-Based Advertising

We and our third-party partners use cookies, web beacons, and other similar tracking technologies to collect information about your browsing activities over time and across different websites and online services, including our Website and Apps.

5.1. Use of Cookies and Similar Technologies
When you visit our Website or use our Services, we may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer or mobile device that uniquely identifies your browser and lets us help you log in faster and enhance your navigation through the site. A cookie may also convey information to us about how you use the Service (e.g., the pages you view, the links you click, how frequently you access the Service, and other actions you take on the Service), and allow us or our third-party partners to track your usage of the Service over time.

We use different types of cookies:

• Essential Cookies: These are necessary for the Services to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms.

• Performance and Analytics Cookies: These allow us to count visits and traffic sources so we can measure and improve the performance of our Services. They help us to know which pages are the most and least popular and see how visitors move around the site.

• Functionality Cookies: These enable the Services to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.

• Targeting or Advertising Cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites.

We may also use clear GIFs (also known as web beacons or pixel tags) which are used to anonymously track the online usage patterns of our users. In addition, we may also use clear GIFs in HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients. This information allows for more accurate reporting and improvement of the Service.

5.2. Analytics
We may use third-party analytics tools, such as Google Analytics, to help us measure traffic and usage trends for the Services and to understand more about the demographics and behaviors of our users. These tools collect information sent by your browser or mobile device, including the pages you visit, your use of third-party applications, and other information that assists us in analyzing and improving the Services. We typically use this information in an aggregated form that does not directly identify you.
You can learn more about Google’s practices by going to https://policies.google.com/technologies/partner-sites, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

5.3. Interest-Based Advertising
We may permit third-party online advertising networks, social media companies, and other third-party services to collect information about your use of our Website and Apps over time so that they may play or display ads that may be relevant to your interests on our Services as well as on other websites, apps, or services you may use, and on other devices you may use. Typically, though not always, the information used for interest-based advertising is collected through cookies or similar tracking technologies.
These third parties may use this information to build a profile of your interests and deliver relevant advertising on our Services and on other websites or applications. This process also helps us track the effectiveness of our marketing efforts.

5.4. Your Choices Regarding Cookies and Advertising
You have several choices regarding the use of cookies and interest-based advertising:

• Browser Settings: Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. To do so, please follow the instructions provided by your browser, which are usually located within the "help," "tools," or "edit" settings. Please note that removing or rejecting cookies could affect the availability and functionality of our Services. Deleting browser cookies may also remove your opt-out preferences for interest-based advertising.

• Cookie Consent Tools: Where available on our Website, you may be able to manage your cookie preferences through a cookie consent banner or settings tool.

• Mobile Device Settings: For mobile advertising, you may be able to limit ad tracking using settings provided by your mobile device operating system (e.g., by resetting your advertising identifier or opting out of ad personalization).

• Industry Opt-Out Programs:

• You may opt-out of receiving targeted advertising from participating ad networks, audience segment providers, ad serving vendors, and other service providers by visiting websites operated by the Digital Advertising Alliance (DAA) at www.aboutads.info/choices (for US users) or the European Interactive Digital Advertising Alliance (EDAA) at www.youronlinechoices.eu (for EU/UK users).

• The Network Advertising Initiative (NAI) also offers an opt-out tool for its members at optout.networkadvertising.org.
  Please note that opting out of interest-based advertising does not mean you will no longer see advertising online. It means that the companies from which you have opted out will no longer deliver ads tailored to your web preferences and usage patterns.

• 
  

5.5. Do Not Track
Some web browsers may transmit "Do Not Track" (DNT) signals to the websites and other online services with which a user communicates. There is no industry standard that governs what, if anything, websites should do when they receive these signals. Silo currently does not take action in response to DNT signals. If and when a standard for responding is established, we may revisit its policy on responding to these signals. Consequently, third parties may track and collect information about your online activities over time while navigating to, from, and on our Services, notwithstanding any DNT signals we may receive.

6. International Data Transfers

Silo, operated by Freshkeep, inc., is based in the United States. Your Personal Data may be Processed in, transferred to, and stored in, countries other than your country of residence, including the United States, Israel (where our R&D subsidiary, Freshkeep ltd., is located), and other locations where Freshkeep, inc. or its affiliates, subsidiaries, or third-party service providers maintain facilities. These countries may have data protection laws that are different from, and potentially less protective than, the laws of your country of residence.

When we transfer your Personal Data to a country outside of your own, particularly if you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, we will take steps to ensure that your Personal Data receives an adequate level of protection in the jurisdiction in which it is Processed. We do this by:

• Ensuring that the recipient country is deemed to provide an adequate level of protection for Personal Data by the European Commission (for EEA data), by the UK Government (for UK data), or by the Swiss Federal Data Protection and Information Commissioner (FDPIC) (for Swiss data) (collectively, "Adequacy Decisions").

• Implementing appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office (ICO), or other legally recognized transfer mechanisms, along with any supplementary measures necessary to ensure that your Personal Data is treated securely and in accordance with this Policy and applicable data protection laws.

• Relying on derogations for specific situations as permitted by applicable law (e.g., where a transfer is necessary for the performance of a contract with you, or for the establishment, exercise, or defense of legal claims).

By using our Services or providing us with your Personal Data, you acknowledge that your Personal Data may be transferred to, Processed in, and stored in countries outside of your country of residence, including the United States, where the privacy protections and legal requirements, including the rights of authorities to access your Personal Data, may not be equivalent to those in your country.

If you are located in the EEA, UK, or Switzerland and would like more information about the safeguards we have in place for international data transfers, please contact us using the details provided in the "Contact Us" section. You may be entitled to request a copy of the relevant Standard Contractual Clauses (where applicable).

Please note that when you transfer any Personal Data directly to any Silo entity established outside your jurisdiction (e.g., by directly interacting with a Silo website hosted in another country), we are not responsible for that initial transfer of your Personal Data. However, we will Process your Personal Data, from the point at which we receive those data, in accordance with the provisions of this Policy.

7. Data Security

Silo cares about the security of your information and has implemented and maintains appropriate technical and organizational security measures designed to protect your Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of Processing, in accordance with applicable law. These measures include, but are not limited to:

• Physical Security: Secure access controls to our premises and data centers.

• Technical Security: Use of encryption (e.g., for data in transit and at rest where appropriate), firewalls, intrusion detection and prevention systems, access controls, and secure software development practices.

• Administrative Security: Data protection policies and procedures, employee training on data privacy and security, limiting access to Personal Data to authorized personnel on a "need-to-know" basis, and conducting regular security assessments and audits.

• Incident Response: Procedures to respond to and manage security incidents, including notification to affected individuals and relevant authorities where required by law.

However, please note that the internet is an open system, and no security measure is perfect or impenetrable. While we strive to protect your Personal Data, we cannot guarantee the absolute security of your data transmitted to us or stored on our systems, especially during transmission via the internet. Any transmission of Personal Data is at your own risk. You are responsible for ensuring that any Personal Data you send to us is sent securely and for maintaining the confidentiality of your account credentials (e.g., password). If you wish to change your password, or if you become aware of any loss, theft, or unauthorized use of your password or account, please contact us immediately at the details provided in the "Contact Us" section.

In the event that any Personal Data under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps in accordance with any applicable laws and regulations.

8. Data Accuracy, Minimization, and Retention

8.1. Data Accuracy
We take every reasonable step to ensure that your Personal Data that we Process are accurate and, where necessary, kept up to date. If we become aware of any inaccuracies in the Personal Data we Process, we will endeavor to rectify them without undue delay. We may, from time to time, ask you to confirm the accuracy of your Personal Data (e.g., when you log into your account or update your profile). You can access, correct, and update certain Personal Data that you have provided to us by logging into your account settings on our Website or App, or by contacting us.

8.2. Data Minimization
We take every reasonable step to ensure that your Personal Data that we Process are limited to the Personal Data reasonably necessary in connection with the purposes set out in this Policy. We do not collect more Personal Data than we need to fulfill these purposes.

8.3. Data Retention
We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will retain your Personal Data are as follows:

We will retain Personal Data in a form that permits identification only for as long as:

• (a) We maintain an ongoing relationship with you (e.g., where you are an active user of our Services, have an active account, or are lawfully included in our mailing list and have not unsubscribed); OR

• (b) Your Personal Data are necessary in connection with the lawful purposes set out in this Policy, for which we have a valid legal basis (e.g., where your Personal Data are included in a contract between us, and we have a legitimate interest in Processing those data for operating our business and fulfilling our contractual obligations; or where we have a legal or regulatory obligation to retain your Personal Data).

PLUS:

• (c) The duration of:

• (i) Any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data are relevant); AND

• (ii) An additional period (typically two (2) months, but may vary based on jurisdiction and the specific claim) following the end of such applicable limitation period. This allows us, if a claim is brought at the end of the limitation period, a reasonable time to identify and access any Personal Data relevant to that claim.

• 
  

AND, IF APPLICABLE:

• (d) If any relevant legal claims are brought, we will continue to Process Personal Data for such additional periods as are necessary in connection with that claim.

During the periods noted in paragraphs (c)(i) and (c)(ii) above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim, or any obligation under applicable law.

Once the periods in paragraphs (a) through (d) above, each to the extent applicable, have concluded, we will either:

• Permanently delete or destroy the relevant Personal Data in accordance with applicable law and our data disposal procedures; OR

• Anonymize or de-identify the relevant Personal Data so that it can no longer be used to identify you, and use this anonymized/de-identified data for research, analytics, or other legitimate business purposes.

You may contact us at the details provided in the "Contact Us" section to request that your Personal Data be deleted from our systems. We reserve the right to de-identify your Personal Data, including information about Silo Device and Service usage, and to retain your anonymized information for our own records and analytical purposes.

9. Your Rights and Choices

You have certain rights and choices regarding the Personal Data we collect and Process about you. The specific rights available to you may vary depending on your jurisdiction.

9.1. Access, Correction, and Update
You can access, review, correct, and update certain Personal Data that you have provided to us by logging into your "My Account" section on our Website or within the App. You are responsible for keeping your Personal Data accurate and up-to-date.

9.2. Marketing Communications
You can control your preferences for receiving promotional marketing communications from us.

• Email: You can opt-out of receiving promotional emails by clicking the "unsubscribe" link provided in any such email communication we send you.

• Account Settings: You may be able to manage your communication preferences through your "My Account" page on our Website or App.
  Please note that even if you opt-out of receiving promotional communications, you may still receive non-promotional messages regarding your account, such as account verification, order confirmations, updates to features of the Service, important product information (like safety notices), or technical and security notices.

9.3. Device Data Collection
You can control or stop the collection of certain usage data from your registered Silo Device by disconnecting it from your Wi-Fi network or Bluetooth connection from within the App or your device settings. However, please be aware that disconnecting your Silo Device may limit or disable certain features and functionalities of the Services, including remote monitoring, inventory updates, and software updates. If you have questions about disconnecting your Silo Device or the implications thereof, please contact us at the details provided in the "Contact Us" section.

9.4. Additional Rights for Users in Certain Jurisdictions
Depending on your location and applicable law, you may have additional rights, including:

• Right to Request Deletion: The right to request the deletion of your Personal Data, subject to certain exceptions.

• Right to Restrict Processing: The right to request that we restrict the Processing of your Personal Data in certain circumstances.

• Right to Data Portability: The right to receive a copy of your Personal Data in a structured, commonly used, and machine-readable format, and to request that we transmit this data to another controller, where technically feasible.

• Right to Object: The right to object to our Processing of your Personal Data where we rely on legitimate interests as our legal basis, or for direct marketing purposes.

• Right to Withdraw Consent: Where we Process your Personal Data based on your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of Processing based on consent before its withdrawal.

• Right Not to Be Subject to Automated Decision-Making: The right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except under certain conditions.

• Right to Lodge a Complaint: The right to lodge a complaint with a supervisory authority or data protection authority in your jurisdiction if you believe our Processing of your Personal Data infringes applicable law.

For users in the EEA, UK, and California, specific details about your rights and how to exercise them are provided in Sections 13 (Controller Details and Representatives) and 14 (Specific Disclosures for U.S. Residents) of this Policy.

To exercise any of these rights, or to ask a question about these rights or any other provision of this Policy, please use the contact details provided in the "Contact Us" section (Section 12). We will respond to your request in accordance with applicable law. Please note that:

• In some cases, we may need to verify your identity before we can give effect to these rights (e.g., by asking for proof of identity or account ownership).

• Where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law), we will investigate your request reasonably promptly before deciding what action to take.

• There may be legal or other reasons why we cannot fulfill your request, or can only fulfill it in part. We will inform you if this is the case.

10. Third-Party Links and Services

Our Services may, from time to time, contain links to and from third-party websites, applications, and services of our partner networks, advertisers, partner merchants, retailers, and affiliates ("Linked Sites"). If you follow a link to any of these Linked Sites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies or practices. We do not control these third-party sites or services, and this Privacy Policy does not apply to them. Please check the individual policies of these Linked Sites before you submit any Personal Data to them.

Additionally, our Services may include social media features, such as Facebook, Twitter, Instagram, and Pinterest buttons (e.g., “Like,” “Tweet,” or “Pin”). These social media sites may automatically record information about your browsing behavior every time you visit a site that has a social media button, regardless of whether you click on the button. Your interactions with these features are governed by the privacy policy of the company providing the feature, not by our Privacy Policy. We encourage you to review your privacy settings on social media sites and the privacy policies of these third-party companies.

11. Updates to This Policy

We reserve the right to amend or update this Policy from time to time to reflect changes in our practices with respect to the Processing of Personal Data, changes in our Services, or changes in applicable law. We will notify you of any material changes by revising the "Last Updated" date at the top of this Policy. We may also provide you with additional notice (such as by adding a statement to our Website homepage, sending you an in-App notification, or an email notification) if we make material changes to this Policy.

We encourage you to review this Policy periodically to stay informed about our information practices and the choices available to you. Your continued use of our Services after any changes or revisions to this Policy shall indicate your agreement with the terms of such revised Policy. You can review the most current version of this Policy at any time at https://www.heysilo.com/privacy-policy.

12. Contact Us

If you have any questions, comments, or concerns about this Policy, our privacy practices, or if you wish to exercise any of your legal rights, please contact us at:

Email: Legal@heysilo.com or info@heysilo.com

Postal Address:
Freshkeep, inc.
3000 N Pontiac Trl
Commerce Township, MI 48390
United States

For specific inquiries related to data protection in the EEA/UK, please refer to Section 13.

13. Controller Details and Representatives (for EEA/UK Users)

13.1. Controller
For the purposes of the General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR), the data controller for Personal Data collected in connection with the Services is:

Freshkeep, inc. (operating as Silo)
3000 N Pontiac Trl
Commerce Township, MI 48390
United States

13.2. Representatives
As Freshkeep, inc. is established in the United States and does not currently have an establishment within the European Economic Area (EEA) or the United Kingdom (UK) that acts as controller for those regions, and given our current scope of operations primarily within the US:

• EEA Representative: We have not currently appointed a specific representative in the EEA. If our processing activities related to individuals in the EEA fall under the scope of Article 27 of the GDPR requiring such an appointment, we will update this Policy accordingly. In the interim, EEA individuals may contact us directly at Legal@heysilo.com.

• UK Representative: We have not currently appointed a specific representative in the UK. If our processing activities related to individuals in the UK fall under the scope of Article 27 of the UK GDPR requiring such an appointment, we will update this Policy accordingly. In the interim, UK individuals may contact us directly at Legal@heysilo.com.

Individuals in the EEA or UK with questions about this policy or wishing to exercise their rights under GDPR or UK GDPR can contact us using the details in Section 12 ("Contact Us").

14. Specific Disclosures for U.S. Residents

This section provides additional details about the Personal Data we collect about U.S. consumers, particularly California residents, and the rights afforded to them.

14.1. California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
If you are a California resident, you have certain rights regarding your Personal Data under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA). This section describes your CCPA/CPRA rights and explains how to exercise those rights.

• Categories of Personal Information Collected:
  In the preceding 12 months, we have collected, and may continue to collect, the following categories of Personal Information about California residents (as defined by the CCPA/CPRA and corresponding to the categories detailed in Section 2.5 "Categories of Personal Data We Process"):

• Identifiers: Such as real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers.

• Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): Such as name, address, telephone number, credit card number (last four digits), debit card number (last four digits), or any other financial information (though full payment information is typically processed by our payment processors).

• Characteristics of protected classifications under California or federal law: Such as age (if you provide date of birth) or gender (if you provide it).

• Commercial information: Such as records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

• Internet or other electronic network activity information: Such as browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

• Geolocation data: Such as approximate location derived from IP address or more precise location if you grant permission through our App or device settings.

• Audio, electronic, visual, thermal, olfactory, or similar information: For example, if you provide a profile photograph or if our customer support interactions are recorded (with notice and consent where required). Sensor data from the Silo Device (e.g., temperature) could fall here.

• Inferences drawn from other Personal Information: Such as a profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes (e.g., inferences about your food storage habits or preferences).

• Sensitive Personal Information (as defined by CPRA):

• Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account (we typically only process account log-in and password; full financial details are handled by payment processors).

• Precise geolocation (if you enable it).
  (Silo generally does not collect other types of sensitive personal information like social security number, driver’s license, racial or ethnic origin, religious beliefs, genetic data, biometric data for unique identification, or health information, unless in specific contexts like employment applications where further notice would be provided.)

• 
  

• 
  

• Business or Commercial Purposes for Collection, Use, and Disclosure:
  We collect, use, and disclose your Personal Information for the business and commercial purposes described in Section 3 ("How We Use Your Information") and Section 4 ("How We Disclose Your Information") of this Policy. This includes, but is not limited to:

• Providing, maintaining, and improving our Services.

• Personalizing your experience.

• Communicating with you.

• Security and fraud prevention.

• Legal and regulatory compliance.

• Performing services on behalf of the business, such as maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business.

• Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.

• Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.

• 
  

• Categories of Sources of Personal Information:
  We collect Personal Information from the categories of sources described in Section 2 ("Information We Collect and Create") of this Policy. This includes:

• Directly from you (e.g., when you create an account or use our Services).

• Automatically when you use our Services (e.g., from your device or our Silo Device).

• From third-party services (e.g., social media platforms if you connect your account).

• From our service providers and business partners.

• 
  

• Disclosure of Personal Information for a Business Purpose:
  In the preceding 12 months, we have disclosed the following categories of Personal Information for a business purpose to the following categories of third parties (as also generally described in Section 4):

• 
  

• Sale and Sharing of Personal Information (for Cross-Context Behavioral Advertising):
  Silo does not "sell" Personal Information in the traditional sense of exchanging it for monetary payment. However, under the CCPA/CPRA, "sale" can also include exchanging Personal Information for other valuable consideration, and "sharing" is defined broadly to include disclosures for cross-context behavioral advertising.
  We may "share" (as defined by CCPA/CPRA) certain categories of Personal Information, such as Identifiers and Internet or other electronic network activity information, with third-party advertising partners and analytics providers to enable interest-based advertising and to understand how you use our Services. You have the right to opt-out of this "sharing." Please see "Right to Opt-Out of Sale/Sharing" below.
  We do not knowingly sell or share the Personal Information of consumers under 16 years of age.

• Data Retention:
  We retain your Personal Information for as long as necessary to fulfill the purposes outlined in this Privacy Policy and Section 8.3 ("Data Retention"), unless a longer retention period is required or permitted by law.

• Your California Privacy Rights:
  As a California resident, you have the following rights regarding your Personal Information:

• Right to Know/Access: You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months (or longer, as permitted by law). This includes:

• The categories of Personal Information we collected about you.

• The categories of sources for the Personal Information we collected about you.

• Our business or commercial purpose for collecting, selling, or sharing that Personal Information.

• The categories of third parties to whom we disclose that Personal Information.

• The specific pieces of Personal Information we collected about you (also called a data portability request).

• 
  

• Right to Delete: You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions (e.g., if the information is necessary to complete a transaction, detect security incidents, comply with a legal obligation, etc.).

• Right to Correct Inaccurate Personal Information: You have the right to request that we correct any inaccurate Personal Information that we maintain about you.

• Right to Opt-Out of Sale/Sharing: You have the right to direct us not to "sell" or "share" your Personal Information for cross-context behavioral advertising. You can exercise this right by clicking the "Do Not Sell or Share My Personal Information" link available at https://www.heysilo.com/pages/data-sale-opt-out on our website footer, or by using a Global Privacy Control signal.

• Right to Limit Use and Disclosure of Sensitive Personal Information: You have the right to direct us to limit our use and disclosure of your Sensitive Personal Information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests such goods or services, or for other permitted purposes under the CCPA/CPRA. Silo generally only uses Sensitive Personal Information (such as account login credentials or precise geolocation if enabled by you) for these necessary or permitted purposes. If we were to use it for other purposes, we would provide a mechanism to limit such use.

• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. This means we will not:

• Deny you goods or services.

• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

• Provide you a different level or quality of goods or services.

• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

• Exercising Your Rights:
  To exercise your Right to Know/Access, Delete, or Correct, please submit a verifiable consumer request to us by:

• Emailing us at: Legal@heysilo.com

• Calling us at: 248-863-3150

• Contacting us through the postal address listed in Section 12.

• Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf ("Authorized Agent"), may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
  Your request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative. This may include verifying your identity through your account or by asking you to provide information matching what we have on file.

• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

• We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
  We will respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

• Authorized Agent:
  You may designate an Authorized Agent to make a request under the CCPA/CPRA on your behalf. To do so, you must provide the Authorized Agent with written permission to act on your behalf, and the Authorized Agent must provide us with a copy of this signed permission. We may also require you to verify your own identity directly with us. We may deny a request from an Authorized Agent that does not submit proof that they have been authorized by you to act on your behalf.

• Notice of Financial Incentive:
  We do not currently offer financial incentives or price or service differences to consumers in exchange for the retention or sale of their Personal Information. If we decide to offer such an incentive, we will provide you with a written notice that clearly describes the material terms of the financial incentive program and obtain your prior opt-in consent.

14.2. California’s “Shine the Light” Law
California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to Legal@heysilo.com or write to us at the address provided in Section 12 ("Contact Us") with the subject line "Shine the Light Request." Please note that we are only required to respond to one request per customer each year.

15. Definitions

Unless otherwise defined in this Policy, capitalized terms have the following meanings:

• "Adequate Jurisdiction" means a jurisdiction that has been formally designated by a relevant data protection authority (e.g., the European Commission or the UK Government) as providing an adequate level of protection for Personal Data.

• "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with Freshkeep, inc.

• "App(s)" means any mobile application operated or maintained by us or on our behalf.

• "CCPA/CPRA" means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020.

• "Controller" means the entity that determines the purposes and means of the Processing of Personal Data. For the purposes of this Policy, Freshkeep, inc. is the Controller.

• "Cookie" means a small file that is placed on your device when you visit a website (including our Sites). In this Policy, a reference to a "Cookie" includes analogous technologies such as web beacons, pixel tags, and clear GIFs.

• "Data Protection Authority" means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws (e.g., the UK Information Commissioner's Office (ICO) or an EU Member State supervisory authority).

• "EEA" means the European Economic Area.

• "GDPR" means the General Data Protection Regulation (EU) 2016/679.

• "Personal Data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. For California residents, this term is equivalent to "Personal Information" as defined by the CCPA/CPRA.

• "Process," "Processing," or "Processed" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

• "Processor" means a natural or legal person, public authority, agency, or other body which Processes Personal Data on behalf of the Controller.

• "Relevant Personal Data" means Personal Data in respect of which we are the Controller.

• "Sell" (as defined by CCPA/CPRA) means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information by the business to a third party for monetary or other valuable consideration.

• "Sensitive Personal Data" (or "Sensitive Personal Information" under CCPA/CPRA) means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. Under CCPA/CPRA, it also includes social security number, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of mail, email, and text messages unless Silo is the intended recipient; genetic data; and biometric information processed for the purpose of uniquely identifying a consumer.

• "Share" (as defined by CCPA/CPRA) means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged.

• "Silo Device" means the smart food storage system provided by Silo.

• "Site(s)" means any website operated or maintained by us or on our behalf, including www.heysilo.com.

• "Standard Contractual Clauses (SCCs)" means template data transfer clauses adopted by the European Commission or a Data Protection Authority and approved by the European Commission for the transfer of Personal Data to third countries.

• "UK GDPR" means the GDPR as it forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (as amended).