Privacy Policy

Effective Date: October 28, 2025

This Privacy Policy (“Policy”) describes how PHOCA, LLC (“PHOCA,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information in connection with our website and any related online pages that link to this Policy (collectively, the “Site”). By accessing or using the Site, you acknowledge that you have read, understood, and agree to the terms of this Policy.

1. Scope and Applicability

This Policy applies to information we collect:

Directly from you when you submit our contact form or survey on the Site; and

Automatically when you access or use the Site.

This Policy does not apply to information collected offline, information collected by third-party websites or services that are not operated by PHOCA, or information collected in the employment context (if applicable, those notices would be provided separately).

2. Definitions

“Personal Information” (PI) means information that identifies, relates to, or could reasonably be linked with a particular individual or household, such as name, email address, and the content of your messages.

“Sensitive Personal Information” (SPI) means PI that is more sensitive by nature (e.g., government identifiers, financial account numbers, precise geolocation, health/biometric data, or the contents of certain communications).

“Sell” and “Share” have the meanings assigned under California law; “share” refers to disclosure for cross-context behavioral advertising.

3. What We Collect
3.1 Information You Provide Voluntarily

Contact and Feedback Data. When you submit the contact form or survey, we collect the information you choose to provide, which may include your name, email address, and the content of your message or survey responses.

Our contact form does not request a telephone number.

Please do not submit SPI (e.g., government IDs, financial account details, medical information, or precise location) in free-text fields.

3.2 Information Collected Automatically

Technical/Usage Data. When you visit the Site, we may automatically collect technical information such as your IP address, device and browser type/version, operating system, referring/exit pages, pages or content viewed, and timestamps.

Cookies and Similar Technologies. We use essential cookies necessary to operate and secure the Site. We may use privacy-respecting non-profiling analytics to understand aggregate Site usage; we do not use cookies or trackers for cross-site targeted advertising.

4. Sources of Information

We collect information (i) directly from you when you submit forms on the Site and (ii) automatically from your device/browser when you access the Site. We may also receive limited technical support or diagnostics information from our service providers (e.g., hosting or security vendors) in order to maintain Site functionality.

5. How We Use Information

We use information for the following purposes:

Responding to Inquiries (Email Only). To review and respond to your inquiries or feedback via email.

Operating and Securing the Site. To provide, maintain, troubleshoot, and protect the Site; to detect and prevent spam, fraud, or abuse; and to enforce our terms and policies.

Improving Products and User Experience. To analyze aggregate usage, improve Site content and performance, and inform product development.

Compliance. To comply with applicable laws, regulations, legal processes, and enforceable governmental requests; to protect the rights, property, or safety of PHOCA, our users, or the public; and to establish, exercise, or defend legal claims.

No Marketing: We do not send marketing, promotional, or newsletter communications. We contact you only to follow up on your inquiry or feedback.

6. Disclosures of Information

We do not sell or rent your PI. We disclose information only as described below:

Service Providers / Contractors. We disclose information to third parties that perform services on our behalf (e.g., hosting, email delivery, security/anti-abuse, optional analytics). These third parties are contractually restricted to using PI solely to provide services to us and must apply appropriate security.

Legal, Compliance, and Safety. We may disclose information as required by law or legal process; in response to valid requests by public authorities; to protect the rights, property, or safety of PHOCA, our users, or the public; or to detect/prevent security, fraud, or technical issues.

Business Transactions. We may disclose information in connection with, or during negotiations of, a merger, acquisition, asset sale, financing, reorganization, or similar transaction, subject to appropriate confidentiality protections.

With Your Direction. We may disclose information with third parties at your direction (for example, if you ask us to forward your feedback to a partner).

We do not disclose the contents of private communications except as described above or as permitted/required by law.

7. Cookies, Analytics, and Your Choices

Essential Cookies. Required to run and secure the Site; you may block them in your browser, but parts of the Site may not function correctly.

Analytics (Optional). If enabled, analytics are used for aggregate measurement and product improvement—not for advertising or cross-site profiling.

Do Not Track (DNT). At this time, the Site does not respond to DNT signals. If our practices change, we will update this Policy.

Global Privacy Control (GPC). Because we do not sell or “share” PI, GPC-based sale/sharing opt-outs are not required. If our practices change, we will honor applicable opt-out signals consistent with law.

8. Data Minimization; Unsolicited Sensitive Data

We limit collection to what is reasonably necessary for the purposes described in this Policy. If you submit SPI or other extraneous data we did not request, we may delete, redact, or minimize it where reasonably practicable and retain only what is necessary for security, compliance, or operational purposes.

9. Data Retention

We retain PI only for as long as reasonably necessary to achieve the purposes described in this Policy, to maintain routine business records, and to comply with legal, tax, accounting, or audit obligations. As general guidelines (subject to legal holds or longer periods if required by law):

Routine inquiries/feedback: up to 24 months;

Business records needed for tax, accounting, or legal compliance: up to 7 years.

When PI is no longer needed, we will delete or de-identify it using commercially reasonable measures.

10. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect information under our control against accidental, unlawful, or unauthorized access, destruction, loss, alteration, disclosure, or use. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for choosing what information you include in free-text fields.

11. Vulnerability Disclosure (Security Research)

If you believe you have found a security vulnerability affecting the Site, please contact us privately at info@phocaenergy.com
with sufficient detail to reproduce the issue. Do not publicly disclose the issue until we confirm remediation or otherwise agree. We do not authorize testing that violates law, disrupts the Site, or risks harm to users or systems, and we do not make any offer of reward or bounty.

12. Breach Notification Principle

If we determine that certain information was accessed or disclosed in a manner that poses a significant risk of harm, we will provide notices as required by applicable law and may provide additional notices in our discretion.

13. Children’s Privacy

The Site is not directed to children under 13 years of age, and we do not knowingly collect Personal Information from children under 13. Do not use the contact or survey forms if you are under 13.

If we learn that a child under 13 has provided Personal Information through the Site, we will delete or de-identify that information and, where applicable, disable related submissions. If you are a parent or legal guardian and believe your child has provided information to us, please contact us (see Section 18 — Contact Us) and we will take appropriate steps, which may include requesting information sufficient to verify your relationship before honoring the request.

For California residents: we do not sell or “share” (for cross-context behavioral advertising) Personal Information of consumers we know are under 16 years of age.

14. California-Specific Notes

CCPA/CPRA Applicability. PHOCA, LLC revenue is not meeting gross annual revenue thresholds in CCPA. Based on our current operations, we do not meet the applicability thresholds under California’s consumer privacy law.

No Sale/Sharing. We do not “sell” or “share” PI as those terms are defined in California law, and we do not use SPI to infer characteristics.

Transparency and Voluntary Requests. Even though the law’s broader obligations do not apply to us at this time, California residents may contact us to ask questions or request access/deletion of information that they directly provided to us. We will consider such requests in good faith, consistent with verification, security, and retention obligations described in this Policy.

15. Other U.S. State Laws

We monitor developments in other U.S. state privacy laws. If our operations expand such that a particular state law (e.g., Virginia, Colorado, Connecticut, Utah, Texas, etc.) becomes applicable, we will update this Policy and provide any required notices, rights, or opt-out mechanisms.

16. International Users; Transfers

The Site is operated in the United States. If you access the Site from outside the U.S., you understand that your information may be transferred to, stored in, and processed in the U.S. and other jurisdictions that may have data-protection laws different from those in your country. We will handle your information as described in this Policy.

17. Your Choices and Rights

Limit What You Submit. Do not include sensitive information in free-text fields.

Cookies. You may block or delete cookies through your browser settings.

Contact Us for Requests. You may email us (see Section 18) to request access to or deletion of information that you directly provided to us. We may take reasonable steps to verify your identity and we may deny or limit requests as permitted by law (e.g., to protect security or comply with record-keeping obligations).

18. Contact Us

If you have questions about this Policy or our data practices—or to submit a request—please contact us by email only at: info@phocaenergy.com
. We do not provide phone support.

19. Changes to This Policy

We may update this Policy from time to time in our discretion. The Effective Date above reflects the date of the most recent version. Changes are effective when posted unless otherwise stated. If a change materially affects your rights, we will provide additional notice as required by law.

20. Additional Protective Terms

The following provisions are included to help prevent misunderstandings and to align expectations:

No Contractual Warranties. This Policy describes our current practices and is not a contract, nor does it create legal rights or obligations beyond those required by applicable law.

Conflicts with Terms of Use. If there is a conflict between this Policy and our Terms of Use, the Terms of Use control to the extent permitted by law with respect to liability, disclaimers, and dispute resolution.

Record-Keeping. We may maintain logs evidencing consent, requests, and our responses where appropriate for compliance and defense of legal claims.

Restriction on Sensitive Data. We do not solicit SPI and may delete or minimize SPI that is inadvertently submitted if not necessary for Site operation or compliance.

Law Enforcement Requests. We evaluate governmental or law-enforcement requests case-by-case, honoring valid legal process and applicable legal standards.