1. Introduction and Scope

Cobalt Payments Inc (“Company,” “Cobalt Payments,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy (“Policy”) describes how we collect, use, disclose, store, and protect personal information in connection with the Liquor Store Near Me mobile application (the “Application”) and related services (collectively, the “Services”). The Application is a technology platform that serves as a directory of licensed alcohol retailers and facilitates the placement of consumer orders for in-store pickup.

IMPORTANT: The Company is a technology platform provider. We do not sell, distribute, or deliver alcoholic beverages. All sales of alcoholic beverages are made exclusively by independently owned and operated, licensed retail partners (“Retail Partners”). This Policy governs information collected by the Company through the Application. Information collected by Retail Partners at the point of sale or pickup is governed by the Retail Partners’ own privacy policies.

This Policy applies to all individuals who download, install, access, or use the Application, including consumers, Retail Partner employees, and authorized agents. This Policy applies regardless of whether the Application is accessed through the Apple App Store or Google Play Store.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Full legal name, date of birth, email address, phone number, mailing address, username, and password;
• Age Verification Data: Date of birth provided during account registration for age gate verification confirming you are at least twenty-one (21) years of age;
• Order Information: Products selected, Retail Partner selected, order preferences, pickup instructions, and order history;
• Payment Information: For transactions processed through our Cxbolt Payment Gateway, see Section 2.3 for important disclosures about payment data handling;
• User-Generated Content: Store ratings, reviews, comments, and feedback;
• Communications: Content of emails, support tickets, in-app messages, and other communications with our support team;
• Retail Partner Information (for Retail Partners): Business name, legal entity type, EIN, business address, Liquor License numbers, bank account and routing numbers, and authorized contact information;

2.2 Information Collected Automatically

• Device Information: Device type, model, operating system and version, unique device identifiers (IDFA, GAID), screen resolution, and language settings;
• Location Data: With your consent, precise GPS location to identify nearby Retail Partners. If you decline location access, you may manually enter an address or ZIP code. Approximate location may be derived from IP address;
• Usage Data: Pages and screens viewed, searches performed, features accessed, buttons clicked, session duration and frequency, crash logs, and performance data;
• Network Information: IP address, mobile carrier, connection type, and signal strength;
• Log Data: Access timestamps, error logs, referring URLs, and API call records;

2.3 Payment Data — Critical Disclosure

The Company receives and processes only: non-reversible payment tokens; truncated card references (e.g., last four digits); card brand and type; transaction amounts, dates, and status; authorization and response codes; and settlement metadata. None of these elements constitute Sensitive Cardholder Data or can reconstruct full payment account information.

For transactions processed through a Retail Partner’s own payment systems at the point of pickup, the Company has no access to or involvement in the collection of payment data. Such data is governed by the Retail Partner’s privacy policy.

2.4 Information from Third Parties

We may receive information from: payment processors (transaction status, settlement data); Retail Partners (order fulfillment status, product availability); analytics providers (aggregated usage patterns); fraud prevention services (device reputation, risk scores); and App Stores (purchase and subscription data).

3. How We Use Your Information

We use collected information to:

• Operate and provide the Application, including directory search, order placement, and account management;
• Verify that you are at least twenty-one (21) years of age;
• Process and facilitate payment transactions through the Cxbolt Payment Gateway;
• Communicate with you regarding Orders, account activity, service updates, and support inquiries;
• Display nearby Retail Partners based on your location;
• Display, moderate, and manage User-Generated Content (reviews and ratings);
• Detect and prevent fraud, abuse, and unauthorized access;
• Improve the Application through analytics, research, and development;
• Deliver advertising, including promoted Retail Partner listings;
• Comply with legal obligations, including cooperation with law enforcement and regulatory authorities;
• Enforce our Terms of Use and Terms of Service;

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

4.1 Retail Partners

When you place an Order, we share your name, contact information, Order details, and pickup preferences with the applicable Retail Partner to facilitate Order fulfillment. Retail Partners are prohibited from using your information for any purpose other than fulfilling your Order and complying with applicable law.

4.2 Payment Processors

We share non-sensitive transaction data (tokens, amounts, metadata) with third-party payment processors to facilitate payment processing. Sensitive Cardholder Data is handled exclusively by the payment processor and never touches our systems.

4.3 Service Providers

We share information with contracted service providers who assist in operating the Application, including cloud hosting, analytics, customer support, email communications, and fraud prevention. All service providers are contractually bound to use data solely for their designated purpose and to maintain appropriate security.

4.4 Legal and Regulatory Disclosures

We may disclose information when required by law or when we believe disclosure is necessary to: comply with a subpoena, court order, or legal process; protect the rights, property, or safety of the Company, users, or the public; prevent fraud or illegal activity; cooperate with law enforcement or regulatory authorities, including state alcohol beverage control agencies; or enforce our Terms of Use and Terms of Service.

4.5 Alcohol Regulatory Disclosures

IMPORTANT: Data in connection with your purchase of alcoholic beverages through the Application, including your name, age verification status, order details, and Retail Partner information, may be shared with state alcohol beverage control agencies, law enforcement, and other governmental authorities to satisfy requirements under applicable alcohol laws, regulations, and operating licenses, or pursuant to legal process or governmental request.

4.6 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity with prior notice.

4.7 Aggregated and De-Identified Data

We may share aggregated, anonymized data that cannot identify you with third parties for research, analytics, and business purposes.

5. Data Retention

• Account and registration data: Duration of account plus five (5) years;
• Age verification records: Duration of account plus five (5) years (to demonstrate compliance with age verification laws);
• Order and transaction records: Seven (7) years from the transaction date, as required by the IRS and applicable state tax laws;
• User-Generated Content: Until removed by the User or the Company, or for three (3) years following account closure;
• Device and usage analytics: Twenty-four (24) months from collection;
• Location data: Not retained after the session in which it is collected, unless aggregated and de-identified;
• Communications and support records: Three (3) years from communication date;

When no longer required, information is securely deleted or anonymized.

6. Data Security

6.1 Sensitive Cardholder Data — Third-Party Security

As disclosed in Section 2.3, Sensitive Cardholder Data never enters the Company’s environment. Tokenization, encryption, and storage of Sensitive Cardholder Data is performed exclusively by PCI DSS-certified third-party payment processors. The security of such data is governed by those processors’ own security programs.

6.2 Company Security Measures

For data within our environment, we implement: TLS 1.2+ encryption for all data in transit; AES-256 encryption for data at rest; multi-factor authentication for account access; role-based access controls; regular penetration testing and vulnerability assessments; SOC 2 Type II compliance; continuous monitoring and intrusion detection; employee security training; and a documented incident response plan.

No system is completely secure. We cannot guarantee absolute security and are not responsible for breaches within third-party payment processors’ systems, Retail Partners’ systems, or your own devices.

7. Your Privacy Rights

7.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know: Request disclosure of the categories and specific pieces of personal information collected, the sources, the business purposes, and the categories of third parties with whom it was shared;
• Delete: Request deletion of personal information, subject to legal exceptions (such as retention for tax records or regulatory compliance);
• Correct: Request correction of inaccurate personal information;
• Opt Out of Sale/Sharing: We do not sell personal information. If this changes, we will provide a ‘Do Not Sell or Share My Personal Information’ link;
• Limit Use of Sensitive Information: Request that we limit use of sensitive personal information to purposes necessary for performing the Services;
• Non-Discrimination: We will not discriminate against you for exercising your rights;

7.2 Additional State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Tennessee (TIPA), Indiana (ICDPA), Iowa (ICDPA), Delaware (DPDPA), New Hampshire, New Jersey, Nebraska, Maryland, Minnesota, and other states with comprehensive privacy laws may have additional rights including the right to access, correct, delete, obtain a portable copy, and opt out of targeted advertising, profiling, and sale of personal data. We honor all applicable state privacy rights.

7.3 Exercising Your Rights

To exercise any rights: (a) use the privacy settings within the Application; (b) email support@liquor.wine; or (c) call our toll-free number on our website. We verify identity before processing requests and respond within thirty (30) to forty-five (45) days, with extensions as permitted by law.

7.4 Marketing Opt-Out

Opt out of marketing at any time via the unsubscribe link in emails, Application notification settings, or by contacting support@liquor.wine. Transactional and service communications are not affected.

8. Location Data

The Application’s core directory function relies on location data to display nearby Retail Partners. Precise GPS location is collected only with your affirmative consent through your device’s operating system permissions. You may disable location access at any time through your device settings; if disabled, you may still use the Application by manually entering an address or ZIP code. We do not retain precise location data beyond the session in which it is collected, except in aggregated and de-identified form for analytics. Approximate location derived from IP address may be used without separate consent.

9. Children’s and Minors’ Privacy

THE APPLICATION IS NOT DIRECTED TO AND IS NOT INTENDED FOR USE BY ANY PERSON UNDER TWENTY-ONE (21) YEARS OF AGE. We do not knowingly collect personal information from anyone under twenty-one (21). Given the nature of the Application (an alcohol retailer directory and ordering platform), we apply a higher age threshold than the thirteen (13) year minimum under COPPA. If we discover that we have collected information from a person under twenty-one (21), we will promptly delete it. If you believe we have inadvertently collected information from a person under twenty-one (21), contact us immediately at support@liquor.wine.

This Policy complies with the Children’s Online Privacy Protection Act (COPPA), the California Age-Appropriate Design Code Act (CAADCA) where applicable, and all state laws regarding the protection of minors’ personal information.

10. User-Generated Content Privacy

Ratings, reviews, and comments you submit through the Application may be publicly visible to other Users and Retail Partners. Your display name (which may be your first name and last initial, or a chosen username) will be associated with your User Content. Do not include personal information such as your full name, address, phone number, or financial information in reviews. The Company is not responsible for personal information you voluntarily disclose in User Content.

11. App Store Privacy Disclosures

11.1 Apple App Store Privacy Nutrition Labels

Data collected: contact information (name, email, phone); identifiers (user ID, device ID); location (precise location with consent, approximate from IP); usage data (product interaction); financial data (tokenized payment references, truncated card identifiers only — full credit card numbers never collected or stored by the Company); user content (reviews, ratings); and diagnostics (crash data, performance data). Data linked to your identity includes contact information, tokenized financial references, identifiers, and user content.

11.2 Google Play Data Safety

Data collected: name, email, phone, location, payment tokens and truncated references (full credit card data never collected), user content, device IDs, usage data, and diagnostics. Data encrypted in transit (TLS 1.2+) and at rest (AES-256). Data shared with Retail Partners for order fulfillment, payment processors, and service providers. Users can request deletion via support@liquor.wine or in-app settings. Sensitive Cardholder Data is never collected, processed, or stored by the Company.

12. Do Not Track and Global Privacy Control

The Application honors the Global Privacy Control (GPC) signal recognized under the CCPA/CPRA. We do not currently respond to browser-level Do Not Track (DNT) signals, as there is no industry-accepted standard for mobile applications. Privacy preferences can be managed through the Application’s settings.

13. Third-Party Links and Services

The Application may contain links to Retail Partner websites, third-party services, or external platforms. This Policy does not apply to third-party practices. We encourage you to review the privacy policies of any third-party services accessed through the Application. The Company is not responsible for the privacy practices of Retail Partners or other third parties.

14. Changes to This Policy

We may update this Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via: in-app notice, push notification, email, or a prominent notice upon login. Continued use after the effective date of changes constitutes acceptance. We encourage periodic review of this Policy.

15. Geographic Restriction

This Policy and the Application are intended exclusively for individuals located within the United States of America. All personal information is processed and stored within the United States. If you access the Application from outside the United States, you do so at your own risk and are solely responsible for compliance with local laws. The Company makes no representation that the Application or this Policy complies with the laws of any jurisdiction outside the United States.

16. Contact Information

For questions, requests, or complaints regarding this Privacy Policy:

Cobalt Payments Inc
Attn: Privacy Department
Email: support@liquor.wine
Support: support@liquor.wine
Website: liquor.wine

For California residents, you may also contact the California Attorney General at oag.ca.gov.

---

© 2026 Cobalt Payments Inc. All rights reserved.