Privacy Policy

Who we are

The data controller for personal information described in this policy is Lazuli Club, LLC, located at 99 Wall Street, #2712, New York, NY 10005.

Scope

This policy applies to personal information we process when you interact with the Services, including when you browse our website, submit a membership application or inquiry, communicate with us by email or phone, or receive concierge or member-related services. If you are asked to accept a separate agreement (for example, a membership agreement), that agreement may contain additional or different terms regarding privacy and data use.

Our Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. See "Children's privacy" below.

Information we collect

Depending on how you use the Services, we may collect the following categories of information (examples are illustrative, not exhaustive):

• Identifiers and contact data: name, email address, phone number, mailing address, date of birth or age range (if collected), and similar contact details you provide.
• Application and membership information: details you submit in connection with membership interest, eligibility, preferences, dining or event plans, household or guest information you choose to share, and other information relevant to evaluating or fulfilling membership requests.
• Commercial information: records of services requested, transactions, deposits or payments (processed by our payment partners where applicable), and related correspondence.
• Communications content: messages you send to us, including email threads, voicemails, and notes you provide through forms or concierge channels.
• Internet or other electronic network activity: IP address, device identifiers, browser type and language, operating system, referring and exit URLs, clickstream data, pages viewed, and similar usage data collected via cookies and similar technologies.
• Geolocation data: general location inferred from IP address or, if you share it, more precise location you provide for service delivery (for example, pickup or venue preferences).
• Professional or employment-related information: if you choose to provide it in an application or profile (for example, employer or role).
• Inferences: preferences or characteristics inferred from the information above to tailor communications or service recommendations.
• Sensitive personal information (where applicable): we only collect sensitive categories if you voluntarily provide them and where permitted by law, such as certain account or payment identifiers processed by payment processors, or dietary or accessibility information you choose to share for hospitality planning.

Sources: we collect the categories above directly from you, automatically when you use our website, from our service providers (for example, analytics or hosting vendors), from partners involved in delivering hospitality or logistics where you have directed us to coordinate with them, and from publicly available sources where permitted by law and relevant to membership evaluation or service delivery.

How we use information

We use personal information for purposes including:

• Operating, maintaining, and improving the Services;
• Reviewing and responding to membership applications and inquiries;
• Communicating with you about membership, events, service updates, and administrative notices;
• Planning and coordinating concierge, dining access, transportation, or other hospitality services you request;
• Processing payments and managing billing (through payment partners);
• Detecting, preventing, and investigating fraud, abuse, or security incidents;
• Complying with law, responding to lawful requests, and enforcing our agreements, including our Terms of Service;
• Creating de-identified or aggregated information that cannot reasonably be used to identify you; and
• Other purposes disclosed at collection or for which we obtain your consent where required.

Legal bases (EEA, UK, and Switzerland)

Where the EU or UK General Data Protection Regulation or similar laws apply, we rely on one or more of the following legal bases:

• Contract: processing necessary to perform our agreement with you or to take steps before entering an agreement (for example, reviewing an application).
• Legitimate interests: processing necessary for our legitimate interests (such as securing our Services, improving our offering, and communicating with prospective members), where not overridden by your rights.
• Consent: where we rely on consent (for example, certain cookies or marketing communications), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Legal obligation: processing necessary to comply with applicable law.

How we disclose information

We may disclose personal information to the categories of recipients below for the purposes described in this policy:

• Service providers and processors who assist with hosting, analytics, communications, customer relationship management, payment processing, fraud prevention, IT security, and similar functions, subject to contractual confidentiality and processing obligations where required by law;
• Hospitality, dining, logistics, and transportation partners when necessary to fulfill a request you have made or a service you have authorized;
• Professional advisors (lawyers, accountants, insurers) where necessary;
• Authorities and others when we believe disclosure is required by law, legal process, or governmental request, or to protect the rights, property, or safety of Lazuli Club, our members, or others; and
• Business transactions: in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction, subject to applicable law.

We do not sell your personal information for money. We may use analytics or advertising technologies that could constitute "sharing" or "targeted advertising" under certain U.S. state laws; see "Your U.S. state privacy rights" below for choices that may be available to you.

Cookies and similar technologies

We and our partners may use cookies, pixels, local storage, SDKs, and similar technologies to remember preferences, authenticate sessions, measure site performance, and understand how visitors use the Services. You can control cookies through your browser settings; disabling cookies may affect functionality.

When you use our cookie banner, we record your choices in this browser's local storage (not on our servers) so we do not re-prompt on every visit. Non-essential analytics and marketing technologies are only enabled if you opt in; you can update your choices anytime via Cookie settings in the site footer.

Analytics

We may use third-party analytics tools to collect usage information and generate aggregated statistics. Those providers may process data according to their own privacy policies. Where required, we will obtain consent before using non-essential analytics cookies or similar technologies.

Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes described in this policy, including to satisfy legal, accounting, or reporting requirements, resolve disputes, and enforce agreements. Retention periods vary depending on the nature of the information and our relationship with you. When retention is no longer necessary, we will delete or de-identify information in accordance with our internal policies and applicable law.

Security

We implement technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, or alteration. No method of transmission over the Internet or electronic storage is completely secure; we cannot guarantee absolute security.

International transfers

Lazuli Club is based in the United States. If you access the Services from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where we or our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. Where required, we implement appropriate safeguards (such as standard contractual clauses approved by relevant regulators) for cross-border transfers.

Your privacy rights (EEA, UK, and Switzerland)

Depending on applicable law, you may have the right to: access your personal information; rectify inaccurate data; erase data; restrict processing; object to processing based on legitimate interests; receive a portable copy of certain information you provided; and lodge a complaint with a supervisory authority. To exercise these rights, contact us using the information below. We may need to verify your identity before responding.

If processing is based on consent, you may withdraw consent at any time. If you are in the EEA, you may contact your local data protection authority with questions or complaints.

Your U.S. state privacy rights

Several U.S. states provide residents with privacy rights regarding personal information. Depending on where you live and subject to exceptions under applicable law, you may have the right to:

• Access the categories and specific pieces of personal information we hold;
• Request correction of inaccurate personal information;
• Request deletion of personal information;
• Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising, or processing for targeted advertising, where those terms apply;
• Limit use or disclosure of sensitive personal information in certain circumstances; and
• Appeal a decision we make regarding a rights request, where applicable.

California (CCPA/CPRA):California residents can request the categories of personal information we collected, the categories of sources, the business or commercial purposes for collection, the categories of third parties to whom we disclose information, and the specific pieces of personal information we hold about you. We do not knowingly sell personal information of minors under 16 without affirmative authorization where required. We do not use or disclose sensitive personal information for purposes that would require a "Limit the Use of My Sensitive Personal Information" link under the CPRA, beyond what is permitted without such a link. Under California Civil Code section 1798.83, certain California residents may also request, once per calendar year, information about personal information disclosed to third parties for direct marketing purposes; submit requests using the contact information below.

Nevada: Nevada residents may submit a verified request directing us not to sell certain personal information we have collected or will collect, as defined by Nevada law, even though we do not currently sell covered information as defined by that statute.

Exercising rights: submit a request using the contact details below. We will not discriminate against you for exercising applicable privacy rights. We may need to verify your identity before processing your request and may decline requests that are fraudulent, excessive, or manifestly unfounded.

Authorized agents: where permitted by law, you may designate an authorized agent to submit a request on your behalf. We may require proof of authorization and identity verification.

Automated decision-making

We do not use solely automated decision-making that produces legal or similarly significant effects concerning you without human review, except where permitted by law and with appropriate safeguards.

Children's privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us and we will take appropriate steps to investigate and delete such information where required.

Third-party links and services

The Services may contain links to third-party websites, applications, or services. This policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to read their privacy policies before providing information.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the effective date shown with the policy. Where required by law, we will provide additional notice (such as a prominent website notice or email). Your continued use of the Services after the effective date of changes constitutes your acknowledgment of the updated policy, except where your consent is required.

Contact us

For privacy-related questions, requests, or complaints, contact Lazuli Club, LLC at:

99 Wall Street, #2712, New York, NY 10005
Email: apply@lazuliclub.com

Nothing in this policy is intended to override any rights you may have under applicable law. If you are located in the EEA or UK and have an unresolved concern, you have the right to lodge a complaint with your local supervisory authority.