EVEREDEN CHILDREN’S PRIVACY POLICY

Effective Date: January 1, 2020
Last Updated: July 23, 2025

This Children’s Privacy Policy explains how Evereden (“we,” “our,” or “us”) collects, uses, and protects personal information from children under the age of 13 (“child” or “children”) in accordance with the Children’s Online Privacy Protection Act of 1998 (COPPA). This policy applies specifically to our practices for children and supplements our general [Privacy Policy].

1. What This Policy Covers

This policy is designed to notify parents and legal guardians (“you”) about:

• What types of personal information we may collect from children;
• How we use and safeguard that information;
• When and how we share it;
• Our approach to obtaining verifiable parental consent; and
• Your rights to access, review, or delete your child’s data.

2. Who This Applies To

This policy applies specifically to children under the age of 13 who use our Website. Portions of our Website may be designed for a mixed audience of children and adults. Where applicable, we limit data collection until age verification confirms that a user is 13 or older, and apply child-specific protections accordingly in compliance with the amended COPPA Rule.

3. Information We Collect from Children

Children can browse most of our Website without sharing personal information. However, some features may require limited data to function properly.

We only collect the minimum information necessary for a child to participate in age-appropriate features, and we never condition participation in an activity on disclosing more personal information than is required.

A. Direct Information

If a feature requires registration, we may request:

• First name (or nickname);
• Month and year of birth (to confirm age);
• A username and password; and
• Parent or guardian email address (to obtain consent).

In some cases, children may engage in age-appropriate activities such as uploading drawings, choosing preferences, or responding to surveys with optional fields clearly marked. We do not collect biometric data (such as fingerprints, voiceprints, or facial templates) or government-issued identifiers (such as passport or birth certificate numbers). If such data is ever required, we would obtain verifiable parental consent prior to collection and apply rigorous safeguards as required by law.

B. Automatically Collected Information

We use standard technologies to collect:

• Device identifiers (such as cookies, IP address, device type);
• Usage data (pages viewed, clicks, and time spent); and
• Geolocation data (limited to city-level, if enabled).

This data helps us improve our content and ensure safety and functionality. We may link this data to a child's profile only when necessary and permitted by law.

4. How We Use Your Child’s Information

We use collected information to:

• Register and manage the child’s experience on our site;
• Personalize on-site content and navigation;
• Notify parents about child activity, if required;
• Support internal safety, performance, and analytics; and
• Improve usability and content relevance.

We do not use children’s personal information for marketing or behavioral targeting.

5. When We Share Children’s Information

We do not sell or rent children’s personal information under any circumstances. We may share such information only in the following limited cases:

• With service providers who support internal operations and are contractually bound to maintain confidentiality and data use limits;
• If required by law, such as in response to a subpoena or legal process;
• To protect safety, including:
• Preventing fraud or unauthorized access;
• Responding to suspected abuse or harm;
• In a business transfer, such as a merger or acquisition, where data may be passed to the successor entity.

Parents may choose to consent to internal data collection while declining to permit third-party data sharing. Our communications will clearly identify data recipients and outline how personal information is used and disclosed, in accordance with FTC requirements.  We will never share a child’s data with third-party advertisers or social media platforms.

6. Parental Consent and Controls

We obtain verifiable parental consent before collecting personal information from a child. This may include:

• An email to the parent or guardian outlining our request and providing opt-in instructions;
• A confirmation step before activating account features for children; and
• FTC-approved mechanisms such as Text Plus (text message-based verification), Knowledge-Based Authentication (dynamic challenge questions), or government ID verification paired with facial recognition.

All identification data used solely for verification is promptly deleted once the process is complete.

7. Your Parental Rights

As a parent or guardian, you have the right to:

• Review the personal information we hold about your child;
• Request changes or deletion; and
• Withdraw consent at any time and prohibit further data collection.

To exercise these rights, contact us at:

📧 privacy@ever-eden.com
📬 Evereden Privacy Team
401 Broadway, Suite 2001, New York, NY 10013

We may request identity verification before processing your request.

8. Operators Who May Collect Information from Children

We currently partner with the following service providers who may process limited data from children solely for internal operations and in compliance with COPPA:

Shopify Inc.
www.shopify.com/legal/privacy
Used for secure hosting, checkout, and order processing.

No other third-party operators are authorized to collect or maintain personal information from children via our Website.  Should Evereden participate in an FTC-approved Safe Harbor program, we will publicly disclose the program’s membership status, complaint records, disciplinary actions, and capability updates as part of our commitment to transparency.

9. Security Measures

We maintain a written data retention policy that limits the storage of children’s information to the duration necessary for the specified activity. In addition, we perform annual risk assessments, system testing, and privacy training for staff under the supervision of a designated Privacy and Security Officer.  Our technical and organizational safeguards to protect children’s data, including:

• Encryption of transmissions;
• Limited employee access; and
• Internal control measures.

No system is impervious to risk, and we encourage parents to supervise their children’s online use and educate them about safe internet practices.

10. Contact Us

For questions or concerns about our children’s privacy practices, or to exercise your parental rights, contact:

📧 hello@ever-eden.com
📬 Eden Brands, Inc., 401 Broadway, Suite 2001, New York, NY 10013