Effective date: 22nd day of August, 2025

This Privacy  Policy pertains to www.natalieselfshelfholidaystore.com, www.elfshelfregister.com, and www.elfshelfwallet.com (collectively, “the  “Sites””) all of which are owned and operated by  Natalie's Elf Shelf  Holiday Store, LLC. (“Elf Shelf”, “we”, “us”,  “our”)
 

This  Privacy Policy is to inform  you of our policies and procedures  regarding the collection, use, and  disclosure of Personally Identifiable  Information (as defined below) we  receive when you visit and use the  Services. As used in this Privacy  Policy, the “Services” means visiting  or using the Sites or the  associated web application accessible online. 
We take personal data protection and privacy seriously, and endeavor to protect your data to the greatest  extent feasible.
This  Privacy Policy applies to information that you provide to us  through  the Services, or authorize third parties to provide to us on  your  behalf, and when you access or use any information, services,  products  or content offered by Elf Shelf through the Services. 
By creating a  user account or using the Services, you consent to the  practices  described in this policy, including the processing of your  information  as set forth in this Privacy Policy now and as amended by  us. 
________________________________________
 

In  the course of using the  Services, we ask you to provide us with certain  information that could  reasonably be used to contact you or identify  you personally  (“Personally Identifiable Information”). Personally  Identifiable  Information may include, but is not limited to, your name  and email  address. Certain areas like the “Request more Information”  page include  forms where you actively enter your personal information.  We use this  personal information to provide you with the latest  information  pertaining to your initial request. Specifically:
● When  you submit a request for information, we need to know your name,  E-mail  address, and question or comment. This information allows us to  process  and fill your request and also to notify you of its status.
● We may  also use the information we collect to occasionally notify you  about  important changes to the Internet site, Natalie's Elf Shelf  services,  products, and special offers we think you may find valuable.
Some  features in the Services may ask users to provide certain  information  that is not personally identifiable, such as city or state  of residence.  Such demographic and other information is referred to  collectively,  along with Usage Information (defined below), as  “Non-Personally  Identifiable Information.” You are not required to  provide all requested  information, but some features may not function  without it. We may use  Non-Personally Identifiable Information for a  variety of purposes,  including enhancing or otherwise improving the  Services. Non-Personally  Identifiable Information is generally  non-identifying, but, if we  associate it with you as an identifiable  individual, we will treat it as  Personally Identifiable Information.
When visitors use our Services,  we and our third-party service  providers may automatically collect some  non-personally identifiable  information such as your IP address (which  may tell us your general  location) or other unique identifier that is  associated with your  computer, mobile phone, or other device (any, a  “Device”) you use to  access the Services, the type of computer operating  system you are  using (e.g., Microsoft Windows or Mac OS), the type of  browser you are  using (e.g., Internet Explorer, Firefox), or your  activity while using  our Services (e.g., which of our pages you have  viewed, the amount of  time spent on a given page) (“Usage Information”).
________________________________________
 

In   addition to the information that you may provide to us, our Services   may use software technology such as “cookies,” “pixel tags,” “web   beacons,” “embedded scripts,” or other similar technologies   (collectively referred to as “Tracking Technologies”). These Tracking   Technologies are used to help tailor our content, allow visitors to  move  between associated websites without logging into each site,  provide  content protection, and other purposes related to our  management of the  Services. 
Cookies are small text files stored locally on your Device  that help  store user preferences. Pixel tags, web beacons or “clear  gifs” are  small pieces of code placed on websites used to collect  advertising  metrics, such as counting page views, promotion views, or  advertising  responses. An embedded script is programming code that is  temporarily  downloaded onto your Device from our web server or a  third-party  service provider, that is designed to collect information  about your  interactions with the Services, such as the links you click  on. An  embedded script is active only while you are connected to the  Services,  and is deactivated or deleted thereafter. We may use Tracking   Technologies to determine how many visitors we have and how often they   visit various sections of our Services and to improve or customize the   content, offerings and advertisements on our Services. For example, we   may use cookies to personalize your experience through our Services,   such as to recognize you by your user name and when you return to our   Services.
We, our third-party service providers, and/or partners may  also use  Tracking Technologies, such as cookies, to manage and measure  the  performance of advertisements displayed on or delivered by or  through  the Services. Moreover, we, our third-party service providers,  and/or  our partners may use Tracking Technologies to monitor how  visitors use  the Services by collecting data about the visitors viewing a  web page  or using a certain feature.

In addition to the Tracking  Technologies, log data collected on our web  servers and application  databases supply us with aggregate Usage  Information about the number of  visits to our Services, goals set and  accomplished, and other  transactional interactions visitors make within  the Services. We use  such aggregate Usage Information to improve  access to content based on  our visitors’ browsers and operating system  types to make our content  available to as many users as possible and to  promote the effectiveness  and impact our Services are making.
By agreeing to this Privacy  Policy, you are consenting to the use of  Tracking Technologies as set  forth in this Privacy Policy. You can  change your privacy preferences  regarding the use of cookies and  similar technologies through your  browser.
Please be aware, however, that: 
● blocking cookies and  other Tracking Technologies will affect your  online experience and may  prevent you from enjoying the full features  offered through our  Services; 
● certain areas and features of our Services can only be accessed in conjunction with cookies or other similar devices; and 
● disabling Tracking Technologies, including cookies, may prevent you from accessing some of our content.
________________________________________
 

Personally   Identifiable Information and Non-Personally Identifiable Information   are used for the following purposes: (i) to provide, optimize, and   improve the Services, features, and content, which includes, among  other  things, determining your general geographic location, (ii) to  enable  users to enjoy the Services, (iii) to better understand your  needs and  interests, (iv) to fulfill requests you may make, (v) to  personalize  your experience, (vi) to provide service announcements, and  (vii) to  provide you with further information and offers from us or  third parties  that we believe you may find useful or interesting,  including  newsletters, marketing, or promotional materials and other  information  on Elf Shelf related services. If you decide at any time  that you no  longer wish to receive such communications, please opt out  by using the  unsubscribe links or instructions included at the bottom  of our emails,  replying “Stop” to a text message, or deleting an Elf  Wallet account.  Please note that we will continue to send you  service-related  communications regardless of any opt-out request for as  long as you have  an account with us.
We use information we obtain by technical means  (such as the automatic  recording performed by our servers or through the  use of cookies) for  the above purposes and:
● in order to monitor and analyze use of the Services, 
● for the technical administration of the Services, 
● to increase the functionality and user-friendliness of the Services, to better tailor both to your needs, 
● to generate and derive useful data and information concerning the   interests, characteristics, and website use behavior of our users,
● to comply with such statutory and regulatory requirements as apply to our provision of the Services and our operations, 
● and to verify that visitors and users to and of the Services meet the criteria required to process their requests.
By  registering with Elf Shelf, you consent to receiving periodic emails   including: Elf Shelf updates and newsletters. In addition to these you   may opt-in to notifications including: media subscriptions and group   updates. We will provide means to opt-out of any email notifications   from Elf Shelf and will include links to opt-out in every email.
________________________________________
 

Third   Parties. We will not share or sell Personally Identifiable Information   with other organizations for their marketing or promotional uses  without  your express consent.
Aggregate Information and Non-Personally  Identifiable Information. We  may share aggregated information that  includes Non-Personally  Identifiable Information and log data with third  parties for industry  analysis and demographic profiling, or to deliver  targeted advertising  about other products and services. Any aggregated  information shared in  these contexts will not contain your Personally  Identifiable  Information.
Service Providers. We may employ third  party companies and individuals  to facilitate the Services, to provide  the Services on our behalf, to  perform services related to  administration of the Services (including,  without limitation,  maintenance, hosting, and database management  services; web analytics;  and administration). These third parties have  access to your Personally  Identifiable Information only to perform  these tasks on our behalf and  are obligated not to disclose or use it  for any other purpose.
The  Services rely on the third party tool "Stripe" to process payments.  We  encourage you to read the privacy policy or statement on their  website.  We recommend users visit the Stripe Privacy Center and review  the  relevant materials prior to using these features.
Compliance with  Laws and Law Enforcement. Elf Shelf cooperates with  government and law  enforcement officials and private parties to enforce  and comply with the  law. We will disclose any information about you to  government or law  enforcement officials or private parties as we, in  our sole discretion,  believe necessary or appropriate to respond to  claims and legal process  (including but not limited to subpoenas), to  protect the property and  rights of Elf Shelf or a third party, to  protect the safety of the  public or any person, or to prevent or stop  any activity we may consider  to be, or to pose a risk of being,  illegal, unethical, inappropriate,  or legally actionable.
Business Transfers. Elf Shelf may sell,  transfer or otherwise share  some or all of its assets, including your  Personally Identifiable  Information, in connection with a merger,  acquisition, reorganization,  or sale of assets or in the event of  bankruptcy. You will be notified  via the Services and/or email of any  such change in ownership or  control of your Personally Identifiable  Information.
________________________________________
 

Certain portions of the Services may allow us to contact you via telephone text messages. 
You  agree that we may contact you via telephone or text messages  including  by an automatic telephone dialing system at any of the phone  numbers  provided by you or on your behalf in connection with your use  of the  Services, including for marketing purposes (including store  reminders  and promotional offers). 
You understand that you are not required to provide this consent as a condition of purchasing any products or working with us. 
You  also understand that you may opt out of receiving text messages from us  at any time, by contacting us at support@elfshelfholidaystore.com or  texting “STOP” to 580-228-8788. After you send the text message  "STOP"  to us, we will send you a text message to confirm that you have  been  unsubscribed. After this, you will no longer receive text messages  from  us. 
If you want to join again, just respond back to 580-228-8788  “start”.  If you are experiencing issues with the messaging program, you  can call  580-399-4177 for more assistance, or you can get help directly  at support@elfshelfholidaystore.com. 
Carriers are not liable for  delayed or undelivered messages.  As  always, message and data rates  may apply for any messages sent to you  from us and to us from you.  Messaging frequency may vary. If you have  any questions about your text  plan or data plan, it is best to contact  your wireless provider.  If you  do not choose to opt out, we may  contact you as outlined in our privacy  policy.
________________________________________
 

We   Process all data in the United States. “Process” means using or   touching information in any way, including, but not limited to,   collecting, storing, deleting, using, combining, and disclosing   information; or using Tracking Technologies on a Device, all of which   will take place in the United States.
If you reside outside the  United States, in order to use the Services,  you must opt in to allow  your  information to be transferred,  processed, and stored there under  United States privacy standards. You  may opt out of this transfer or  revoke your authorization at any time  by: (i) requesting deletion of  your account, or (ii) contacting us  through any of the methods listed in  Section 9 “Exercising Your  Rights.” Please understand that this will  terminate your ability to use  the Services. 
If you stop using the  Services without deleting your account or asking  us to, we  will not  delete your Personally Identifiable Information for  at least twelve  months, and we may retain deidentified, aggregated  Non-Personally  Identifiable Information for as long as that information  is useful to us  in our analysis of the Services’ usage and  performance. Deidentified  data means data that cannot reasonably be  used to identify you.
Personally  Identifiable Information and Non-Personally Identifiable  Information  will be stored until the purpose the data was collected for  has been  achieved. You will be notified if your Personally  Identifiable  Information is kept for longer than this period.
________________________________________
 

The   Services may contain links to other websites. If you click on a link  to  an external site, also called a third party link, you will be  directed  to that third party’s website. Clicking on links to third  party websites  may redirect away from the Sites, or open in new browser  windows or  tabs, depending on your device and browser settings. The  fact that we  link to a website is not an endorsement, authorization or  representation  that we are affiliated with that third party, nor is it  an endorsement  of their privacy or information security policies or  practices. We do  not exercise control over third party websites. These  other websites may  place their own cookies or other files on your  computer, collect data,  or solicit Personally Identifiable Information  from you. Other websites  and services follow different rules regarding  the use or disclosure of  the Personally Identifiable Information you  submit to them. We encourage  you to read the privacy policies or  statements of the other websites  you visit.
________________________________________

Elf   Shelf is committed to ensuring that you have meaningful control over   your Personally Identifiable Information. Regardless of your   jurisdiction, we provide the following core rights to all users:
● Access – You can request a copy of the Personally Identifiable Information we hold about you.
 

● Correction – You can ask us to correct inaccurate or incomplete Personally Identifiable Information.
 

● Deletion – You can request that  we delete your Personally Identifiable  Information, subject to certain  legal or operational exceptions.
 

● Objection or Restriction – You can object to or request that we restrict certain types of data processing.
 

● Portability – Where technically feasible, we can provide your data in a portable format.
 

● Withdraw Consent – Where we rely on your consent to process your data, you may withdraw that consent at any time.
 

To  exercise any of these rights,  please see Section 9.3, below. We will  respond to your request within a  reasonable timeframe and in accordance  with applicable laws.
________________________________________
 

Depending   on where you live, you may have certain legal rights regarding how  your  data is collected, used, and stored. These rights may include:
9.2.1. European Union and United Kingdom (GDPR)
If you are located in the EU or the UK, the General Data Protection Regulation (GDPR) provides additional rights:
● The right to lodge a complaint with your local Data Protection Authority (DPA).
 

● The right to data portability in a structured, commonly used, and machine-readable format.
 

● The right to erasure ("right to be forgotten") under certain conditions.
 

● Automated decision-making safeguards (though we do not use your data for fully-automated decision-making of any kind).
 

9.2.2. Canada (PIPEDA)
Canadian  users have rights under the Personally Identifiable  Information  Protection and Electronic Documents Act (PIPEDA),  including:
● The right to access and correct Personally Identifiable Information.
 

● The right to challenge the accuracy and completeness of your data.
 

● The right to file a complaint with the Office of the Privacy Commissioner of Canada.
 

9.2.3. Mexico (LFPDPPP)
If you are a resident of Mexico, you may exercise your ARCO rights:
● Access – Know what personal data we hold.
 

● Rectification – Request corrections to your data.
 

● Cancellation – Request that we delete your data.
 

● Opposition – Object to the processing of your data.
 

You  may exercise these rights by  submitting a request to us via the contact  methods in Section 13, in  accordance with the procedures set forth by  the Federal Law on  Protection of Personal Data Held by Private Parties.
 

California   law requires us to provide California residents with additional   information regarding how we collect, use, and share your “Personally   Identifiable Information” (as defined in the California Consumer  Privacy  Act (“CCPA”)).
Categories of Personally Identifiable Information we  collect. In  Section 1, above, and otherwise throughout this Policy, we  discuss in  detail the specific pieces of information we collect from and  about  users. Below are the categories of Personally Identifiable  Information  we collect:
■ Identifiers (such as name and title, contact details, and company name);
■ Internet or other network or device activity (such as browsing history or app usage);
■ Inference data about you; and
■ Other information that identifies or can be reasonably associated with you.
Use  of categories of Personally Identifiable Information. We may  disclose  the categories of Personally Identifiable Information  identified above  for our operational purposes where the use is  reasonably necessary and  proportionate to achieve the operational  purpose for which it was  collected or processed, or for another  compatible operational purpose.
Sale  of Personally Identifiable Information. The CCPA sets forth  certain  obligations for businesses that “sell” Personally Identifiable   Information. Based on the definition of “sell” under the CCPA and under   current regulatory guidance, we do not believe we engage in such   activity and have not engaged in such activity in the past twelve  months  (including that we do not “sell” the Personally Identifiable   Information of minors under 16 years of age). We do share certain   information as set forth in Sections 1 and 2 of this Policy, and allow   third parties to collect certain information about your activity, for   example through cookies, as explained in Section 8 of this Policy.
Individual Rights. California law may provide you with certain rights and permit you to request the following:
■ Provide you the categories of Personally Identifiable Information we   have collected or disclosed about you in the last twelve months; the   categories of sources of such information; the business or commercial   purpose for collecting or selling your Personally Identifiable   Information; and the categories of third parties with whom we shared   Personally Identifiable Information.
■ Provide access to and/or a copy of certain information we hold about you.
■ Delete certain information we have about you.
You  may have the right to receive information about the financial   incentives that we offer to you (if any). You also have the right to  not  be discriminated against (as provided for in applicable law) for   exercising certain of your rights. Certain information may be exempt   from such requests under applicable law. For example, we need certain   types of information so that we can provide the Services to you and for   compliance with applicable law. If you ask us to delete certain   information, you may no longer be able to access or use the Services.
9.2.4.2. California Civil Code Section 1798.83)
Under  California Civil Code Section 1798.83, California residents who  provide  us with Personally Identifiable Information in obtaining  products or  services for personal, family, or household use are  entitled to request  and obtain from us one time per calendar year  information about the  customer information we shared, if any, with  other businesses for their  own direct marketing uses. Alternatively,  the law provides that a  company may comply, as Elf Shelf does, by  disclosing in its privacy  policy that it provides consumers choice  (opt-out or opt-in) regarding  sharing Personally Identifiable  Information with third parties for those  third parties’ direct  marketing purposes, and information on how to  exercise that choice. As  stated above in this Privacy Policy, Elf Shelf  provides you choice  prior to sharing your Personally Identifiable  Information with third  parties for their direct marketing purposes. If  you do not opt-in or if  you choose to opt-out at the time Elf Shelf  offers that choice, Elf  Shelf does not share your information with that  identified third party  for its direct marketing purposes.
9.2.4.3. California Online Privacy Protection Act Notice Concerning Do Not Track Signals. 
This  notice is provided in response to AB370. Note that your browser   settings may allow you to automatically transmit a “Do Not Track”  signal  to websites and online services you visit. There is no consensus  among  industry participants as to what “Do Not Track” means in this  context.  If you enable “Do Not Track” functionality on your browser,  Google  Analytics will not track your usage of our website. To find out  more  about “Do Not Track,” please visit http://www.allaboutdnt.com.
________________________________________
 

If   you are a California resident and you have questions about our   practices with respect to sharing information with third parties for   their direct marketing purposes and your ability to exercise choice,   please email our Privacy Officer, Natalie Larman, at  natalie@elfshelfholidaystore.com   or send written correspondence to the  following mailing address: 18964  Northeast 23rd Street Suite 102/104  Suite 102/104 Harrah, OK 73045.  You must put the statement “Your  California Privacy Rights” in the  subject line of your message or  include it in your writing if you  choose to write to us at the  designated mailing address. You must  include your name, street address,  city, state, and zip code. We will  respond to you at your mailing  address, or at our option, your e-mail  address. We are not responsible  for notices that are not labeled or  sent properly, or do not have  complete information.
9.3.2. Residents of Other Jurisdictions.
If  you have questions about how we comply with privacy laws in your   jurisdiction, or wish to exercise any privacy rights afforded to you   under local regulations, please send a request via the form at  https://natalieselfshelfholidaystore.com/contact-us or to the following  mailing address: 18964 Northeast 23rd Street Suite  102/104 Suite 102/104  Harrah, OK 73045. Such requests should include  information to allow us  to verify your identity, such as  your name,  address, email address, or  other information we may  reasonably  require. You must put the statement  “Your [Jurisdiction] Privacy  Rights” in the subject field of your  e-mail or include it in your  writing if you choose to write to us at the  designated mailing address,  replacing the word [Jurisdiction] with your  state or country of  residence. You must include your name, street  address, city, state, and  zip code. We will respond to you at your  mailing address, or at our  option, your e-mail address. We are not  responsible for notices that  are not labeled or sent properly, or do not  have complete information.
9.3.3. Responses to Requests to Exercise Privacy Rights.
When  we receive your request to exercise one of these rights, we will   respond without undue delay and within the time required by applicable   law. This may be extended in certain circumstances, e.g., where  requests  are complex or numerous. We may ask for verification of your  identity  before processing your request. If we are unable to fulfill  your request  due to legal or operational limitations, we will let you  know why.
________________________________________
 

We   have put in place commercially reasonable physical, electronic, and   managerial procedures in an effort to safeguard and help prevent   unauthorized access, maintain data security, and correctly use the   information we collect online. All Personally Identifiable Information   is accessible only by our employees. Our employees are bound by strict   confidentiality agreements, and breach of an agreement would result in   the employee's termination. Our third-party service providers are   similarly contractually bound.
In order to protect your security, we  use the strongest available  browser  encryption and store all of our  data on servers in secure  facilities. When personal information (such as  a credit card number) is  transmitted to other Web sites, it is  protected through the use of  encryption, such as the Secure Socket Layer  (SSL) protocol. However, no  data transmission over the Internet,  wireless transmission, or  electronic storage of information can be  guaranteed to be 100% secure.  Please note that we cannot ensure or  warrant the security of any  information we collect. You use our Services  and provide us with your  information at your own risk.
________________________________________
 

Elf   Shelf’s Sites and Services are not intended for use by children. We do   not use any of our Services to knowingly solicit data from or market  to  children under the age of 16. We require that all individuals  provide a  valid credit card number before completing a purchase order  on the site.  If we learn that we have inadvertently collected personal  information  from a child under 16, we will attempt to notify such  child's parent or  guardian and erase such information from our records,  unless the child's  parent or guardian consents to our maintaining such  information. If a  parent or guardian becomes aware that their child  has provided Elf Shelf  with information without parental consent, that  parent should contact  us at  at https://natalieselfshelfholidaystore.com/contact-us.
________________________________________
 

This   Privacy Policy may be updated from time to time. We will notify you of   any material changes by posting the new Privacy Policy through the   Services. It is your responsibility to review this Privacy Policy from   time to time for any changes. 
 

________________________________________
 

To   contact us for any reason relating to your exercise of rights under  any  privacy law, please see section 9.3 “Exercising Your Rights.”
To  contact us for any other reason, please visit  https://natalieselfshelfholidaystore.com/contact-us and provide a brief  and clear message. We endeavor to respond to all  inquiries in a timely  manner, but we cannot promise a specific time  frame for general  inquiries.