We create digital brush products for artists and designers. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website (https://ks-tumanova.com) or use our services.

We believe in clear communication. This policy outlines what information we collect, why we collect it, how we use it, and what choices you have.

Company: Sammitcrest Trading LLC

Business Name: KsTumanova

Address: 30 N Gould St Ste R, Sheridan, Wyoming 82801, USA

Contact: support@ks-tumanova.com

Privacy Contact: privacy@ks-tumanova.com

Under applicable privacy laws—including GDPR (EU/UK), CCPA (California), and PIPEDA (Canada)—we act as the data controller or business responsible for how your personal information is handled. We take this responsibility seriously.

This Privacy Policy applies to personal information we collect when you use our Website, create or manage your account, purchase our digital products, subscribe to our newsletter, contact us for support, or otherwise interact with us. It also applies to optional features such as uploading a profile picture from your device’s photo gallery.

It does not apply to third-party websites or services you may access through external links, such as payment providers or social media pages. Those services have their own privacy policies, which we encourage you to review before sharing information with them.

By using our Website, creating an account, or completing a purchase, you confirm that you have read and agree to this Privacy Policy. If you do not agree, please discontinue use of our services.

If you disagree with anything in this Privacy Policy, please don't use our services or provide us with your information. You're always free to contact us at privacy@ks-tumanova.com with questions before deciding.

You retain meaningful control over your personal information: you can access, update, or delete your data; manage your email preferences; and adjust cookie settings at any time. Your rights are explained in Section 9 (Your Rights and Choices).

This Privacy Policy forms part of our overall legal framework and should be read together with our Terms and Conditions, End-User License Agreement (EULA), and Cookie Policy.

In some situations—such as during checkout or when subscribing to our newsletter—we may present additional notices that clarify how your information is used in that specific context.

All current policies are available in the footer of our Website.

Our Website is hosted in Canada, and we serve users primarily in the United States, the European Union, the United Kingdom, and Canada. This means your personal information may be processed under multiple privacy laws. Section 12 explains your region-specific rights under GDPR, CCPA/CPRA, and Canadian privacy laws.

We may update this Privacy Policy occasionally to reflect changes in our services, legal requirements, or data practices. When we make updates, we will revise the “Last Updated” date. For significant changes, we will notify you by email or through a notice on our Website.

Your continued use of our services after the updated policy takes effect means you accept the revised terms.

To keep this Privacy Policy clear and consistent, the following terms have specific meanings:

• "Company" means Sammitcrest Trading LLC (“KsTumanova”), which determines how and why your personal information is processed.
• "Website" means https://ks-tumanova.com and all pages, features, and services operated under the KsTumanova brand.
• "You" means any person who visits the Website, creates an account, makes a purchase, subscribes to our communications, or otherwise uses our Services.
• "Personal Data" means any information that identifies you or can reasonably be linked to you, either on its own or together with other data.
• "Processing" means any action performed on Personal Data, including collecting, storing, using, sharing, or deleting it.
• "Device" means any internet-connected device you use to access the Website, such as a computer, phone, or tablet.
• "IP address" means the numerical label assigned to your Device when it connects to the Internet, which may indicate general geographic location.
• "Cookie" means a small text file stored by your browser to remember your preferences, keep you logged in, enhance security, or provide analytics.
• "Service" means all digital products, tools, and features we provide through the Website, including account management, purchases, downloads, and customer support.
• "Third-party service" means external providers we rely on to operate our business, such as payment processors, email delivery platforms, hosting providers, and analytics tools.

When you create an account, we collect the basic details needed to identify you, manage your purchases, and provide access to your digital products. This includes your name, email address (used for login and communication), an encrypted password, your date of birth, and your country and ZIP code for tax calculation. If you order physical merchandise, we may also request your mailing address.

You can optionally add a username, phone number, or upload a profile picture. If you choose to upload an image, your device may ask for permission to access your photo gallery—but only when you initiate the upload. We do not use your camera, contacts, or geolocation.

Your profile is private by default. While other users cannot see it, we may access your account information—such as your registration details, purchase history, available downloads, and wishlist items—for account management, customer support, fraud prevention, and legal compliance.

You can purchase digital products either by logging into your account or as a guest.

• If you have an account, your purchases automatically appear in your order history, and download files are stored in your account.
• If you checkout as a guest, download links are sent to the email address you provide during checkout.

To process your order, we collect your billing name, billing address (city, state/province, ZIP code, country), and basic transaction details such as the products purchased, the amount paid, and whether the payment was successful.

We do not handle or store complete payment card details. Sensitive payment information is processed only by our payment partners. We receive only limited non-sensitive information—such as the last four digits of your card and billing ZIP code—so we can verify payments, keep accurate records, and assist you if needed.

When you contact us—whether through our Website, by email, or via messaging platforms such as WhatsApp, Instagram, or Messenger—we collect the information you choose to share. This typically includes your name, email address, and the content of your message. You may also send screenshots or attachments to help us resolve an issue.

This information is used to respond to your request, provide customer support, and improve our services. Support communications form part of your customer record even if you do not have an account.

If you subscribe to our newsletter or marketing updates, we collect your email address and, if provided, your name. We verify your email before adding you to our mailing list. Our newsletters are sent no more than once per week and only to users who have opted in.

You can unsubscribe at any time using the link in any email or through your account settings.

If you choose to post a review on our Website or on a public platform (such as social media), we may receive the information you submit—including your username, text, images, or other content.

We may feature publicly posted reviews on our Website or social media—for example, by quoting or screenshotting them. We do not publish private messages without your consent.

You may choose to provide additional information—for example, by completing surveys, sending us feedback, submitting artwork created with our products, or participating in optional activities. These contributions are entirely voluntary, and we handle them according to this Privacy Policy.

If we introduce referral programs, contests, or similar features in the future, we will collect only the information necessary for participation. Details for each activity will be provided at the time.

We may occasionally release updated versions of products you previously purchased. When this happens, we may use your account information or email address to notify you about available improvements.

When you visit our Website or interact with our Services, we automatically collect certain types of information from your browser or device. This helps us operate the Website securely, improve performance, understand how visitors use our products, and provide a smooth user experience. Automatic collection happens through cookies, pixels, analytics tools, security scripts, and standard server technologies.

Your device automatically shares basic technical data when you load a webpage. We collect your IP address (which gives only an approximate location, such as country or region), device type, operating system, browser type and version, screen settings, and language preferences. We use this information to ensure that the Website displays correctly on different devices, maintain security, troubleshoot technical issues, and optimize loading speed and performance.

We collect information about how you interact with our Website, such as the pages you view, how long you stay on them, the products you browse, searches you make, items added to your wishlist, and which links or buttons you click. We also note how you arrived at our Website (for example, through a search engine or social media) and which files you download after completing a purchase. This helps us understand which products are popular, which parts of the Website may need improvement, and how to organize content so it’s easier to navigate.

We use cookies and similar technologies to keep our Website running smoothly—such as remembering your login session, storing items in your cart, and helping us understand how visitors use the site. Essential cookies are required for core functionality (like logging in and checkout). Non-essential cookies—such as analytics or preference cookies—are used only with your consent. You can manage these choices through our cookie banner and your browser settings. For full details, please see our Cookie Policy at https://ks-tumanova.com/cookie-policy and Section 6 of this Privacy Policy.

We use analytics tools (such as Google Analytics) to understand trends, measure performance, and improve user experience. These tools collect information about how visitors use the Website, including general location, device type, and browsing patterns. We also use the Meta Pixel (Facebook Pixel) to understand how users discover our Website and measure the performance of our content. We do not use it to show targeted third-party ads on our Website. Analytics data is aggregated and does not identify you personally.

To protect our forms and prevent automated abuse, we use security tools such as Google reCAPTCHA, which analyzes interactions (such as mouse movements or page behavior) to determine whether the visitor is human. By using forms protected by reCAPTCHA, you agree to Google’s processing of this information under their Privacy Policy.

Like most websites, our servers automatically record basic information about each visit, including IP address, browser type, pages viewed, timestamps, and referring URLs. We use these logs for security monitoring, detecting suspicious activity, troubleshooting, and analyzing traffic patterns. Server logs are retained for a limited period (typically around 90 days) and then deleted or anonymized.

We receive certain information about you from trusted third-party services we rely on to run our business. These partners help us process payments, deliver emails, analyze website performance, and keep the Website secure. We only receive what is necessary for each purpose, and we do not buy customer data or share information with data brokers.

When you make a purchase, our payment partners (such as Stripe, PayPal, and Payoneer) send us only the information required to confirm and record your payment. This includes the transaction amount and status, the date of payment, and limited non-sensitive details such as the last four digits of your card and billing ZIP code.

We never receive or store full card numbers, CVV codes, bank account numbers, or other sensitive financial information. Your payment details are handled directly by the payment processor according to their own privacy policies.

We use analytics tools—such as Google Analytics—to understand how visitors use our Website and to improve performance. These services provide aggregated, non-identifying insights like total visitor counts, popular pages, and general device or location information (city-level, not precise GPS).

Analytics data helps us improve navigation, fix performance issues, and understand where our traffic comes from. For information about Google Analytics and how to opt out, see their privacy policy and opt-out tools.

We use the Meta Pixel (formerly Facebook Pixel) only to measure performance and understand how users discover our Website—for example, whether a user visited after clicking a link on Instagram or Facebook. These tools may record what pages you view and whether you completed a purchase, but we do not use them to serve third-party ads on our Website or to track you across unrelated sites.

If we use encrypted customer lists (hashed emails) to create custom audiences for our own advertising, these lists cannot be read by the platforms and are used only to match existing users. You can opt out of platform-based advertising through your Meta or Google account settings.

If you contact us through social media (such as Instagram or WhatsApp), we receive the information you choose to send—typically your profile name and message content. We do not receive additional information from social networks unless you choose to share it.

We do not offer social login (e.g., "Sign in with Google/Facebook"), so social platforms do not automatically share your profile information with us.

If you publicly post a review, comment, or mention of our brand—for example, on Instagram, or other public platforms—we may view and reference that content. For example, we may quote or screenshot a publicly posted review on our Website or social channels. We never use private messages or non-public content without your explicit permission.

We send transactional and service-related emails (order confirmations, download links, account notifications) through secure third-party email delivery tools integrated with our Website platform. These services receive only your email address and the content of the email being sent. We do not use third-party marketing platforms unless you explicitly subscribe to our newsletter, in which case your email is stored only for that purpose and never sold or shared.

To avoid any confusion, we want to clearly state what we do not do:

• We do not buy email lists or customer data from data brokers.
• We do not collect precise GPS location.
• We do not access your camera, microphone, or photos unless you intentionally upload an image.
• We do not track your activity across unrelated websites.
• We do not collect sensitive personal information such as health data, government IDs, or full financial account details.
• We do not sell your personal data.

We use your information to create and manage your account, verify your login, process your purchases, give you access to your digital products, and maintain accurate records for your downloads and order history. If you check out as a guest, we use your email to send your receipt and download link.

We also use aggregated and anonymized analytics to understand how people navigate the Website — which pages are most visited, where users experience difficulties, and how our products perform. This helps us fix issues, improve loading speed, enhance search and navigation, and develop new features and product categories.

Where personalization is enabled (for example, showing you products similar to what you viewed), it is used solely to improve your experience. You can disable non-essential personalization through your cookie preferences.

Legal basis for EEA/UK users: contract performance (delivering services you requested), legitimate interest (service improvement).

We send essential service emails when necessary to operate your account or complete your purchases — order confirmations, download links, receipts and invoices, password resets, security alerts, and updates that affect your ability to use our Website. These messages are transactional and cannot be unsubscribed from.

If you contact us for support, we use the information you provide (including your past orders or account details, if applicable) to answer questions, resolve technical problems, help with downloads, and improve customer support based on recurring issues.

Legal basis for EEA/UK users: contract performance; legitimate interest (support and service functionality).

If you subscribe to our newsletter or opt in during checkout or within your account, we use your email to send marketing updates — new product releases, special offers, tutorials, and other content we believe may interest you. Emails are sent no more than once per week unless you choose otherwise.

We may tailor marketing content based on your past purchases or browsing behavior to make it more relevant. You can unsubscribe at any time by clicking the link in any marketing email or adjusting your settings.

Legal basis for EEA/UK users: consent; legitimate interest (marketing to existing customers where permitted).

To complete your purchase, we share necessary billing information with our payment processors and receive confirmation when your payment is successful. We keep transaction records to provide receipts, help you re-access products, manage refunds, and meet tax and accounting obligations.

We never store or receive full payment card numbers or CVV codes. All sensitive data is processed solely by Stripe, PayPal, or Payoneer under their own policies.

Legal basis for EEA/UK users: contract performance; legal obligation (tax and financial record-keeping).

We use analytics tools (such as Google Analytics) to understand general patterns of Website usage — how visitors find us, which pages they view, and how our content performs. These tools provide aggregated insights that help improve our Website and business operations. We do not see individual browsing histories.

For advertising, we use pixels and cookies from platforms like Meta (Facebook/Instagram) and Google Ads to measure how effective our marketing is and to show relevant ads to users who have visited our Website. This is limited to remarketing on external platforms; we do not display third-party ads on our own Website, and we do not track your activity across unrelated sites.

You can manage or disable advertising cookies through our cookie banner, your browser settings, and the advertising preferences offered by Meta and Google.

Legal basis for EEA/UK users: consent (for non-essential cookies); legitimate interest (audience measurement where permitted).

We use information about logins, device activity, and transactions to keep your account and our Website secure. This includes detecting unusual login attempts, preventing unauthorized access, blocking automated attacks using tools like Google reCAPTCHA, investigating errors or outages, and monitoring for fraud (such as stolen payment methods).

Server logs and security tools are used strictly for protection, diagnostics, and compliance with technical and legal requirements.

Legal basis for EEA/UK users: legitimate interest (security), legal obligation (data protection requirements).

We process and retain certain information to comply with laws that apply to us, including U.S. and Canadian tax regulations, accounting and financial reporting rules, and obligations under privacy legislation such as GDPR, CCPA, and PIPEDA. We may use data to respond to lawful requests (court orders, subpoenas), resolve disputes, or enforce our Terms of Service.

Legal basis for EEA/UK users: legal obligation; legitimate interest (protecting legal rights).

Sometimes we may request your explicit consent for uses not covered above — for example, featuring your review, testimonial, or artwork on our Website or social media, or inviting you to participate in user research. Participation is always optional, and you can withdraw consent at any time.

Legal basis for EEA/UK users: explicit consent.

If we run promotions, referral programs, giveaways, or similar activities, we use your information only to administer that program — for example, verifying eligibility, applying rewards, notifying winners, or delivering promotional benefits. When a promotion involves a partner company, we will clearly disclose this before you join and ask for your consent where required. Promotional participation is always voluntary.

Legal basis for EEA/UK users: consent; contract performance (fulfilling promotional terms).

For users located in the European Economic Area, United Kingdom, or Switzerland, we rely on the following lawful bases for processing your personal information:

• Contract performance — providing accounts, processing purchases, delivering digital products.
• Consent — marketing emails, non-essential cookies, optional features.
• Legitimate Interests — service improvement, security, fraud prevention, customer support, analytics (where permitted).
• Legal obligation — tax, accounting, and regulatory compliance; responding to legal requests.

You can learn more about these rights and how to exercise them in Section 9.2.

We work with trusted third-party companies that help us run our business — such as payment processors, hosting providers, analytics tools, and security services. These companies may access personal information only to perform the tasks we hire them for, and they must protect it under strict contractual obligations. This includes:

• Payment Processing: Stripe, PayPal, and Payoneer securely process your payments. We share only the information required to complete your transaction (billing details and purchase amount).
• Website Hosting: Our Website is hosted on secure servers operated by OVH. They store data on our behalf and may access it only to maintain the hosting infrastructure.
• Analytics: We use tools such as Google Analytics to understand how people use our Website. These services receive technical and usage information (like IP address, device type, pages viewed) and provide us only aggregated insights.
• Security Services: Google reCAPTCHA protects our forms from bots and automated abuse. When you use forms, Google may collect interaction data under its own privacy policy.

We do not allow our service providers to use your information for their own purposes.

If you consent to advertising cookies, we share limited information with platforms such as Meta (Facebook/Instagram) and Google Ads to deliver relevant ads and measure their performance. This may include information about pages you viewed, products you interacted with, and encrypted identifiers (like hashed email addresses) for creating custom or look-alike audiences. These platforms use the information only to show you our ads and measure effectiveness — not to advertise unrelated third-party products on our behalf.

You can opt out of advertising cookies through our cookie banner, your browser settings, or the ad preference tools offered by Meta and Google.

We may disclose information when required by law or when necessary to protect our rights or users' safety. This may include:

• responding to lawful requests from courts, law enforcement, or regulatory authorities;
• complying with tax, accounting, and record-keeping obligations;
• preventing fraud, security breaches, or other harmful activities;
• enforcing our Terms of Service or defending legal claims.

We review all legal requests carefully and disclose only what is necessary.

If our business is involved in a merger, acquisition, restructuring, or sale of assets, your information may be transferred to the new owner as part of the transaction. If this happens, we will notify you before the transfer takes effect, and the new owner will be required to handle your information in a way consistent with this Privacy Policy. You may delete your account before the transfer if you do not want your data included.

In some cases, you may choose to let us share your information in additional ways — for example, if you participate in a referral program, provide a testimonial for publication, or opt in to a joint promotion with a partner. We will ask for your clear permission beforehand, explain what information will be shared, and with whom. You can withdraw your consent at any time.

We may share information that has been aggregated or de-identified so that it cannot reasonably be used to identify you. This may include overall traffic statistics, general purchasing trends, or reports showing how many users downloaded a product. This type of information is not considered personal data under most privacy laws and may be shared publicly or with partners for research or business analysis.

To avoid any doubt, we want to be clear about what we never do:

• We do not sell your personal information.
• We do not rent or trade email lists.
• We do not share your information with third parties for their own independent advertising.
• We do not allow service providers to use your data for their purposes.
• We do not share sensitive information such as full payment card details, government IDs, or precise GPS location.

For users in the European Economic Area, United Kingdom, and Switzerland, sharing may occur under the following lawful bases:

• Contract performance — sharing with payment processors and hosting providers.
• Legitimate interests — operational analytics, fraud prevention, security.
• Consent — advertising cookies and optional programs.
• Legal obligation — disclosures required by tax, accounting, or regulatory authorities.

Cookies and tracking tools help us remember your preferences, keep you logged in, maintain items in your cart, measure Website performance, and improve your experience. Some of these technologies are essential for the Website to work, while others are optional and used only with your permission.

We use four categories of cookies and tracking technologies:

• Essential Cookies (Always Active): These cookies are necessary for the Website to function. They enable core features such as account login, checkout, security, form protection (including Google reCAPTCHA), and remembering cookie settings. You cannot disable these.
• Functional (Preference) Cookies: These remember your choices — such as language, region, or items saved in your cart — to improve your experience. These are optional.
• Analytics Cookies: We use tools like Google Analytics to understand how visitors use the Website. These help us see popular pages and find performance issues. These load only with your consent.
• Advertising Cookies: Tools like Meta Pixel and Google Ads tags help us measure marketing performance and show relevant ads on other platforms. These are optional.

We do not allow unrelated third parties to place their own advertising cookies on our Website.

When you first visit our Website, you can choose which types of cookies to allow through our cookie banner. You can update your preferences at any time through the "Cookie Settings" link in the Website footer.

You can also manage cookies directly through your browser settings. Most browsers let you block or delete cookies entirely, but doing so may prevent essential features — such as logging in — from working correctly.

Alongside cookies, we may use technologies such as pixels, web beacons, and local storage to support analytics, security, and advertising. These tools help us understand how people interact with the Website, detect unusual activity, and measure the success of our marketing.

These technologies do not give us direct access to your device or files; they simply help us recognize your browser and understand general behavior on the Website.

For a complete list of cookies and tracking technologies we use — including their purposes, providers, and duration — please see our full Cookie Policy at https://ks-tumanova.com/cookie-policy .

Different types of information have different retention periods depending on how and why they were collected. In general:

• Account information is kept while your account is active and for 30 days after deletion in case the deletion was accidental or to finalize any outstanding matters.
• Purchase and billing records (including the last four digits of your payment card) are kept for up to 7 years to comply with tax, financial, and audit requirements.
• Downloaded products and purchase history remain available in your account as long as your account is active, so you can re-access products you purchased.
• Customer support communications (emails, messages, attachments) are kept for up to 3 years after your last contact to help with follow-up inquiries, detect recurring issues, and improve our support.
• Marketing email subscriptions are active until you unsubscribe. After unsubscribing, your email may remain in our suppression lists for up to 10 days to ensure we do not contact you again by mistake.
• Newsletter analytics data (open rates, click rates) is kept for up to 30 days after you unsubscribe, after which it is deleted or anonymized.
• Website analytics data collected through tools like Google Analytics is stored according to the provider's default retention settings, typically 14–26 months.
• Server log files (IP address, timestamps, errors) are stored for up to 90 days for security, fraud detection, and troubleshooting.
• Security incident logs (records relating to fraud attempts or suspicious activity) may be stored for up to 7 years, depending on the severity and legal requirements.
• Cookies and similar technologies have different lifespans depending on their type:
  - Session cookies last only until you close your browser;
  - Persistent cookies typically last from 1 to 26 months, depending on their purpose and your cookie preferences.Full details are listed in our Cookie Policy.
• Aggregated or anonymized data may be kept indefinitely because it no longer identifies any individual and supports business insights and service improvements.

When the law does not set a specific requirement, we determine how long to keep data based on:

• Business needs (maintaining your account, product access, troubleshooting).
• Legal obligations (tax, accounting, or regulatory requirements).
• Contractual requirements (fulfilling purchases and providing access to digital goods).
• Reasonable expectations of users (such as keeping past purchases available for download).
• Security and fraud-prevention needs.
• Potential disputes or chargebacks.

We keep information only as long as it serves a valid purpose.

When retention periods expire or information is no longer needed:

• We securely delete personal information using industry-standard methods, or
• We anonymize it so it can no longer be linked to any individual.

Once anonymized, the data is no longer considered personal information and may be used for analytics or business insights.

We may retain certain information longer if:

• required by law (for example, financial records),
• necessary for ongoing disputes or investigations,
• needed to protect our rights or users' safety,
• you have given consent for extended storage.

Users may request deletion of their personal information at any time (see Section 9). Some information must still be retained to comply with legal obligations.

We use widely adopted security measures to protect personal information:

• All data transferred between your device and our Website uses SSL/TLS (HTTPS).
• Sensitive information stored on our servers is protected using industry-standard encryption and access controls.
• Passwords are hashed and salted; we never store or see them in plain text.
• Payment card details are processed only by certified payment processors.

These measures help ensure that information remains protected both in transit and at rest.

Access to personal information is limited:

• Only authorized individuals who need the information to perform their work (such as support requests or billing questions) can access it.
• Access is role-based and restricted to the minimum necessary.
• Permissions are reviewed regularly, and access is revoked when no longer needed.
• Staff and contractors are required to follow confidentiality and data-protection obligations.

Our Website is hosted by a reputable provider that implements physical and technical security protections. We also:

• apply security updates and patches,
• monitor for unusual activity,
• use tools such as Google reCAPTCHA to prevent automated abuse and spam,
• maintain server logs to detect and investigate security issues (logs are kept for approximately 90 days).

We use automated tools and manual checks to prevent fraud and keep accounts secure. This includes monitoring unusual purchase patterns or login attempts and verifying activity when needed.

You also play a vital role in protecting your information by:

• choosing a strong, unique password,
• keeping your login details private,
• logging out on shared devices,
• updating your browser and operating system,
• contacting us immediately at security@ks-tumanova.com if you notice suspicious activity.

We will never ask for your password or payment information by email or direct message.

We maintain procedures for detecting, responding to, and mitigating security incidents. If we discover a data breach that may affect your personal information, we will notify you and the appropriate authorities when required by law, including:

• GDPR (EU/EEA/UK): Notification to authorities within 72 hours when required, and to affected individuals without undue delay.
• US and Canadian laws: Notification in accordance with state and federal requirements.

Notifications will describe what happened, what information may have been affected, steps we've taken, and how you can protect yourself. We review all incidents and implement improvements to reduce the likelihood of recurrence.

Although we use reasonable measures to protect your information, no method of electronic storage or transmission is completely secure. You use our services at your own risk, but we are committed to maintaining and improving our security practices to protect your data.

Regardless of where you live, you may:

• Access your information. You can request a copy of the personal data we hold about you.
• Correct inaccuracies. You can update most information in your account or request a correction.
• Delete your account. You may request deletion of your account and certain personal data. Deleting an account permanently removes profile information and access to purchased products. Some records (e.g., purchase history, invoices) must be retained for legal and tax reasons.
• Manage marketing communications. You can unsubscribe from marketing emails at any time.
• Control cookies and tracking. You can adjust cookie settings through our cookie banner, browser settings, or the tools provided by Google and Meta.
• Object to certain processing. You may object if you believe our use of your data lacks a valid legal basis.

If you live in the EU, EEA, UK, or Switzerland, you also have:

• Right to erasure. Request deletion of data when legally permitted.
• Right to restrict processing. Ask us to limit how your data is used in specific situations.
• Right to data portability. Receive your data in a structured, machine-readable format.
• Right to withdraw consent. Withdraw your consent for optional processing at any time (e.g., marketing, cookies).
• Right to object. Object to processing based on legitimate interests or direct marketing.
• Right to lodge a complaint. You may contact your local Data Protection Authority.

California residents have additional rights, including:

• Right to know. Request the categories and specific pieces of personal information we collect.
• Right to delete. Request deletion of personal information, with legal exceptions.
• Right to correct. Request correction of inaccurate data.
• Right to opt out of "sale" or "sharing." You may opt out of cross-context behavioral advertising. We provide a "Do Not Sell or Share My Personal Information" link where required.
• Right to limit use of sensitive personal information. (Not applicable — we do not collect SPI as defined by CPRA).
• Right to non-discrimination. We will not reduce service quality or charge different prices because you exercised your rights.

Depending on your state's law, you may also:

• access, delete, or correct your personal data,
• opt out of targeted advertising, data sales, or certain types of profiling,
• request data portability,
• appeal our decision if your request is denied.

We provide an appeals process when required.

You may appoint an authorized agent to submit privacy requests on your behalf. We may require identity verification for both you and the agent.

You can exercise any rights by contacting privacy@ks-tumanova.com.

Where available, you may also use tools in your account settings.

To protect your data, we may ask for minimal verification information (such as your registered email, username, or recent transaction details).

Response times:

• General inquiries: 2–3 business days
• Access/correction/deletion requests: within 30 days
• Complex requests: may require up to 45 days, with notice

Requests are free.

We may decline a request if:

• we cannot verify your identity,
• fulfilling the request conflicts with legal obligations (e.g., tax retention),
• it would affect another person's rights,
• information must be retained for fraud prevention, security, or financial records,
• the request is excessive or unfounded.

If a request is denied, we will explain the reason and how to appeal (where applicable).

If you believe your privacy rights were not properly handled, contact us first at privacy@ks-tumanova.com.

If you're not satisfied:

• EU/EEA/UK residents may contact their national Data Protection Authority (https://edpb.europa.eu/about-edpb/board/members_en).
• California residents may contact the California Attorney General (https://oag.ca.gov/contact/consumer-complaint-against-business-or-company).
• Other U.S. state residents may contact their state Attorney General.

You may also have rights under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access and correct your personal information and to challenge our compliance with PIPEDA. Canadian residents may submit complaints to the Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca/).

When transferring personal data from the EU/EEA, UK, or Switzerland to countries that don't have equivalent privacy laws, we rely on internationally recognized transfer safeguards, such as Standard Contractual Clauses and other approved mechanisms used by our service providers (including Google, Meta, Stripe, and PayPal). These legal tools ensure your information remains protected to EU standards, regardless of where it is processed.

We require all service providers, regardless of location, to enter into contractual agreements that:

• restrict how they may use your information,
• require them to maintain strong technical and organizational security measures, and
• prohibit them from using your information for their own purposes.

Depending on how you use our Website (for example, making a purchase, accessing your account, receiving emails, or interacting with site features), your information may be processed in:

• Canada (primary hosting and data storage)
• United States (business operations, customer communication, payment processing)
• Other jurisdictions where our analytics, security, and infrastructure providers maintain technical operations

We only choose service providers that implement industry-standard safeguards and comply with applicable privacy laws (GDPR, UK GDPR, CCPA/CPRA, PIPEDA, and others where relevant).

If you are in the EU/EEA, UK, or Switzerland, you can request:

• information about the safeguards we use for transferring your personal data,
• a copy of the relevant Standard Contractual Clauses,
• clarification about where your information is stored or processed.

To make a request, contact us at privacy@ks-tumanova.com with the subject line "International Transfer Inquiry".

By creating an account, making a purchase, or using our Website, you understand that your information will be transferred to and processed in countries outside your home jurisdiction. If you do not want your personal data to be transferred internationally, you may choose not to use our Services.

If you live in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and similar laws give you additional privacy rights. These rights are described in Section 9, including the rights to access, correct, erase, restrict processing, object to processing, data portability, and withdraw consent.

Legal Bases: We process personal data under the lawful bases described in Section 4. These include contract performance (providing the Services you request), legitimate interests (improving services, preventing fraud, and running our business), consent (marketing and optional cookies), and legal obligations (tax and accounting requirements).

International Transfers: When personal data is transferred outside of Europe, we use legally recognized safeguards such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission,
• The UK Addendum and Swiss Addendum where applicable,
• Service providers certified under the EU–US Data Privacy Framework.

Right to Lodge a Complaint: You may file a complaint with your local Data Protection Authority. A list of authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en.

If you live in California, you have additional rights under the California Consumer Privacy Act (CCPA/CPRA). These rights are described in Section 9, including the rights to know, delete, correct, and opt out of certain types of data "sharing".

Categories of Personal Information We Collect (as defined by CCPA):

We may collect:

• Identifiers (name, email address, IP address),
• Commercial information (purchase history),
• Internet activity (browsing behaviour on our Website),
• Approximate geolocation (city/state inferred from IP address),
• User-generated content (optional reviews or feedback).

We do not collect sensitive personal information as defined by CPRA, except billing address when required for transactions.

No Sale of Personal Information:

• We do not sell personal information.
• We also do not "share" personal information for cross-context behavioural advertising in a way that requires a "Do Not Sell or Share My Personal Information" link.

Authorized Agents: California residents may designate an authorized agent to submit privacy requests on their behalf (see Section 9.5).

Right to Non-Discrimination: We will not deny services, charge different prices, or provide reduced quality because you exercised your privacy rights.

Complaints: You may contact the California Attorney General at: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company.

Residents of these U.S. states may have additional rights under their privacy laws, including the rights to:

• access their data,
• correct inaccuracies,
• delete personal information,
• opt out of targeted advertising,
• request data portability,
• appeal a denied privacy request.

These rights are already included in Section 9 and can be exercised in the same way.

To submit a request or file an appeal, contact: privacy@ks-tumanova.com.

If you live in Canada, you have rights under PIPEDA (the Personal Information Protection and Electronic Documents Act). These include the right to access and correct your personal information, withdraw consent (except where information must be retained for legal or operational reasons), and challenge our compliance with PIPEDA.

You may contact us using the details in Section 9.6.

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada: https://www.priv.gc.ca/en/report-a-concern/.

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or business practices. When we update the policy, we revise the "Last Updated" and "Effective Date".

Changes take effect:

• Immediately for new users, and
• 14 days after posting for existing users, unless a different timeframe is required by law.

If we make material changes that affect your rights or how we use your personal information, we will notify you by email or through a prominent notice on our Website.

However, we apply region-specific privacy rights and obligations where required, including GDPR for EU/EEA/UK users and CCPA/CPRA for California residents.

If you have any questions, concerns, or complaints about these Terms and Conditions or our Services, please contact us:

Sammitcrest Trading LLC (KsTumanova)

• Email: support@ks-tumanova.com
• Privacy Inquiries: privacy@ks-tumanova.com
• Mailing Address: 30 N Gould St Ste R, Sheridan, Wyoming 82801, United States
• Website: https://ks-tumanova.com

Document Version: 1.0

Last Updated: November 21, 2025

Effective Date: November 21, 2025