Legal

Privacy Policy

Updated Dec 30, 2025

We take your privacy seriously and this Privacy Policy explains how Nothing Technology Limited or its affiliated companies (collectively, "we", "us", or "our") collect, use, share and process your Personal Data when you are using our services, including our websites, products, apps and other Nothing services (collectively, “Nothing Services”). We are the “data controller” in respect of your Personal Data. For information that demands your particular notice and that may have a significant impact on your rights and interests, we have highlighted it in bold font to draw your attention.

If you have any questions about this Privacy Policy, please contact us using the contact details provided at the end of this Privacy Policy.

This Privacy Policy informs you of the following information:

What is Personal Data
How and when we collect Personal Data about you
What Personal Data we collect
How we use your Personal Data
How do we process minor’s Personal Data
Legal basis for processing your Personal Data
How do we disclose your Personal Data
How do we protect your Personal Data
Data storage and transfer
Your rights
Third-party websites and services
Changes to this Privacy Policy
Contact us

1. What is Personal Data?

Personal Data is information that can be used to directly or indirectly identify you. Personal Data does not include data that has been irreversibly anonymized or aggregated so that it can no longer enable us, whether in combination with other information or otherwise, to identify you.

2. How and when we collect Personal Data about you

We collect and process Personal Data when you:

visit our website and use our products, apps and other Nothing services (including when registering and logging into your Nothing account, backing up or restoring your account information, binding your third party account with your Nothing account, leaving any reviews or comments, filling in forms such as when you sign up for newsletters or enter a competition, locate a store, or otherwise interact with us);
purchase and/or activate any products or services from our website, device, and/or app (such as activate our software stability analyzing services, OTA services or participate in hearing test), download a software update, or subscribe to any of our services;
contact our customer service or aftersales/support center or request information from us in any other way;
participate in our customer satisfaction surveys, improvement program, or other market research, feedback and survey responses;
communicate with us via social networking websites, third party apps or similar technologies;
when you direct third parties to share data with us, for example, your mobile carrier.

3. What Personal Data we collect

Data you directly provide to us:

We and our third-party providers and business partners who enable us to operate our products, services and app, may collect and process the following Personal Data about you which you provide:

contact details (such as your name, address, email address, phone number);
device identifiers (such as IMEI and MAC address);
IP address;
basic information (such as your region, language and time zone)
demographic information (such as age and/or other information that may identify you as an individual);
account information (such as your nickname, avatar, password, account status, devices registered, and other authentication information);
interaction with or responses to any customer satisfaction surveys or market research (unless these are provided anonymously);
transactional information about purchases/redemption of products and services;
financial and credit card information;
your marketing preferences;
voice data;
system logs and usage-related technical information;
product reviews;
employment application information (such as contact information, CV, work permit status); and
current location information (when you choose to locate Nothing store manually).

Data generated during your use of Nothing Services

When you visit our website and app, purchase and/or activate a product or device, download a software update, or connect to our services, we may also collect information from you automatically, for example using cookies and other similar technologies. A cookie is a small file of letters and numbers that we may set on your device. Cookies generally only work with web browsers, but there are similar technologies that are used with apps.

This type of information may include the following:

type of device you use, your device's unique identifier (such as IMEI number), serial number or anonymized device ID;
the IP address of your device, your operating system;

usage information, product interaction, performance and diagnostic information, crash data and location information from the devices which you have purchased or on which you install or access our products or services;
information about your use of our offerings, for example to distinguish you from other users of our app, to remember your preferences to help us to provide you with a good experience when you use our offerings and also information that allows us to improve them; and
where available, our products and services may use GPS, your IP address, and other technologies to determine a device's approximate location to allow us to improve our products and services.

Use of Cookies

We use cookies to provide, protect, and improve our products and services, such as by personalizing content, offering and measuring advertisements, understanding user behaviour, and providing a safer experience. Please note that the specific cookies we may use vary depending on the specific websites and services you use.

The cookies we use fall into the following categories:

Session cookies: These allow our site to link your actions during a particular browser session. These expire each time you close your browser and do not remain on your device afterwards.
Persistent cookies: These are stored on your device in between browser sessions. They allow your preferences or actions across the site to be remembered. These will remain on your device until they expire, or you delete them from your cache.
Strictly necessary cookies: These cookies are essential for you to be able to navigate the site and use its features. Without these cookies, the services you have asked for could not be provided.
Performance cookies: These cookies collect information about how you use our site, e.g. which pages you go to most often.
Functionality cookies: These cookies allow the site to remember the choices you make (such as your user name, language, last action and search preferences) and provide enhanced, more personal features.
Advertising cookies: These cookies are used for advertising, including serving and rendering ads, personalising/targeting ads and measuring the effectiveness of ads.

If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. Please note that, if you do set your internet browser to reject cookies or otherwise withdraw your consent in relation to cookies, you may not be able to access all of the functions of the site.

Information we collect from third parties

We may obtain Personal Data about you from third parties. For example, if you log onto our app or website via your third party account (e.g. Apple, Google), we may receive information about you from these third-parties, such as your username, email address, and avatar. We are not responsible for the content or practices of third-parties. We urge you to read the privacy policies of any third-party websites, applications or social media platforms you choose to use.

4. How we use your Personal Data

We may process your Personal Data for the following purposes:

to provide you with the information, products and services you have requested and send you marketing and advertising materials;

to provide, improve, and develop our products and services;

to communicate with you including in relation to a purchase or to offer you targeted advertisements and services (including if you enter a contest, or other promotion, we may use the Personal Data you provide to administer those programs);

to process your transactions;

for system administration purposes and for internal operations, including troubleshooting, testing, statistical and survey purposes, data analysis, user behavior analysis, research, and audits;

to authenticate your access to our website, app, products and services and to distinguish you from other users (for example to remember your log-in details);

to monitor your use of our website, app, products and services to improve the user experience and to ensure that content is presented in the most effective manner for you and for your device;

to conduct marketing analysis to allow us to assess trends and the effectiveness of our advertising and marketing campaigns (including using your Personal Data to evaluate, analyse or predict certain personal aspects relating to you, such as your preferences, economic situation, interests, and/or location);

to provide customer support and ensure we provide a good level of customer service;

to personalize your services and communications where such options are available and you choose to use them;

to notify you of any changes to our services;

to provide voice-to-text functionality;

promote safety and security, such as by monitoring fraud and investigating suspicious or potentially illegal activity or violations of our terms or policies;

to ensure that our website, app, products and services are safe and secure; and

to comply with applicable laws and regulations.

If you no longer wish to receive email communications for marketing purposes, please contact us to opt-out or click the unsubscribe link within the email.

5. How do we process minor’s Personal Data

Our Nothing Services are mainly intended for adults. In order to protect the privacy and Personal Data of minors, we will obtain parental or legal guardian’s consent where the local laws in your country or region require before processing minors’ Personal Data. We will limit the types and scope of Personal Data collected from minors as much as possible and also limit the functions available to minors.

If you are a parent or legal guardian of a minor, please ensure that you have read this Privacy Policy and are responsible for your child's activities before allowing your child to create his or her own Nothing account, use our device or apps.

If you have questions on how we process minors’ Personal Data, please contact us using the contact details provided in “Contact Us”.

6. Legal basis for processing your Personal Data

We will only process your Personal Data where we have a legal basis to do so. The legal basis will depend on the purposes for which we have collected and use your Personal Data. In almost every case the legal basis will be one of the following:

Consent: For example, where you have provided your consent to receive certain marketing from us. You can withdraw your consent at any time, including by clicking on the “unsubscribe” link at the bottom of any marketing email we send you.

Our legitimate business interests: Where it is necessary for us to understand our customers, promote our services and operate effectively provided in each case that this is done in a legitimate way which does not unduly affect your privacy and other rights. For example, we will rely on this legal basis when we conduct certain market analysis to understand our customers in sufficient detail so we can create new services and improve the profile of our brand.

Performance of a contract with you (or in order to take steps prior to entering into a contract with you): For example, where you have purchased a product from us and we need to use your contact details and payment information in order to process your order and send the product to you.

Compliance with law: Where we are subject to a legal obligation and need to use your Personal Data in order to comply with that obligation.

7. How do we disclose your Personal Data

We make certain Personal Data available to strategic partners that work with us to provide our products and services or help us market to customers. Personal Data will only be shared by us with these companies in order to provide or improve our products, services, and advertising; it will not be shared with third parties for their own marketing purposes without your prior express consent.

We may disclose your Personal Data to other third parties in the following cases:

for the purposes of research, evaluation, and analysis;

if you choose to use the product or services provided a third party. For example, if you choose to participate in the hearing test within the Nothing X app, we make certain Personal Data available to our third-party partner Mimi Hearing Technologies GmbH to provide you with personalized sound function. If you choose to use Essential Voice, we make certain Personal Data available to our third-party partner Microsoft Azure to provide you with real-time speech-to-text processing.

in the event that we sell any business or assets, in which case we may disclose your Personal Data to the prospective buyer of such business or assets;

if we or substantially all of our assets are acquired by a third party, in which case Personal Data held by us about our customers and visitors to our websites will be one of the transferred assets;

if we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation or request; or

to protect the rights, property or safety of us or our users, or others, and in order to enforce or apply our terms and conditions (this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).

8. How do we protect your Personal Data

We use appropriate technical and organizational measures to protect your Personal Data that we collect and process. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data. Please be aware and understand that we cannot ensure an absolute secure network. If you find that your Personal Data are breached, please contact us immediately using the contact details provided in “Contact Us” of this Privacy Policy so that we can take the corresponding measures.

In the event of any accident, force majeure event or other circumstances leading to the breach of your Personal Data, we will make every effort to control the situation and promptly inform you of the cause, the security measures we have taken and you can take, and other relevant information when required by the applicable laws and regulations. In the event of a security incident related to Personal Data, we will report to the competent authorities in accordance with the requirements of the applicable laws and regulations, promptly investigate the problem, and take the corresponding remedial measures.

9. Data storage and transfer

Cross-border transfer

The Personal Data that we collect may be transferred to, and stored at, a destination outside the EEA or the UK, including countries, which have less strict, or no data protection laws, when compared to those in the EEA or the UK. Whenever we transfer your information in this way, we will take steps which are reasonably necessary to ensure that adequate safeguards are in place to protect your Personal Data and to make sure it is treated securely and in accordance with this Privacy Policy. In these cases, we rely on approved data transfer mechanisms (such as standard contractual clauses) to ensure your information is subject to adequate safeguards in the recipient country. If you are located in the UK or the EEA, you may contact us for a copy of the safeguards which we have put in place to protect your Personal Data and privacy rights in these circumstances.

Retention period

We will store your Personal Data to the extent as necessary for the proper business needs of our company (e.g., for the purposes of providing service to you and complying with the requirements of laws, tax and finance), except as provided otherwise by applicable laws or regulations. When there is no such need to use your Personal Data or the retention period expires according to applicable laws or regulations, we will delete or anonymize your Personal Data.

10. Your rights

You have certain rights in relation to your Personal Data. These include: the right to object to the processing of your information for certain purposes, the right to access your Personal Data, the right to correct your Personal Data, the right to delete your Personal Data, the right to file a complaint, the right to withdraw your consent, right related to automated decision making and the ability to erase, restrict or receive a machine-readable copy of your Personal Data.

We will handle any request to exercise your rights in accordance with applicable law and any relevant legal exemptions. If you wish to exercise any of these rights please contact us using the contact details below.

You may also lodge a complaint with the UK’s data protection authority (the ICO) regarding the processing of your Personal Data if you think we have processed your Personal Data in a manner which is unlawful or breaches your rights. If you have such concerns we request that you initially contact us (using the contact details below) so that we can investigate, and hopefully resolve, your concerns.

11. Third-party websites and services

When a customer operates a link to a third-party website that has a relationship with us, we do not assume any obligation or responsibility for such policy because of the third party's privacy policy. Our websites, products, and services may contain links to or the ability for you to access third-party websites, products, and services. We are not responsible for the privacy practices employed by those third parties, nor are we responsible for the information or content their products and services contain. This Privacy Policy applies solely to data collected by us through our products and services. We encourage you to read the privacy policies of any third party before proceeding to use their websites, products, or services. Certain services accessible through our platform are provided directly by third parties, who act as independent data controllers. In particular:

Lock Glimpse: Vilykke provides lock screen wallpaper services;

App recommendation: Unity Technologies SF. provides personalized app recommendation services.

Games: Google LLC provides game services.

When you choose to use these services, your personal data may be collected and processed directly by the relevant third-party provider. Such collection and processing are carried out under the sole responsibility of the respective third party, in accordance with its own privacy policy.For further details on how these third parties handle your personal data, please refer to their respective privacy policies:

Vilykke Privacy Policy available at: Vilykke Privacy Policy

Unity Privacy Policy available at: Unity Privacy Policy

Google Privacy Policy available at: Google Privacy Policy

Please note that these policies are provided and maintained solely by the relevant third-party service providers. We are not responsible for their content or practices.

12. Changes to this Privacy Policy

We may periodically change this Privacy Policy to keep pace with new technologies, industry practices, and regulatory requirements, among other reasons. The new privacy notice will be displayed on our website and app.

13. Contact us

If you have any questions regarding this Privacy Policy or its implementation, here is how you can reach us:

Email Address: privacy@nothing.tech

We will respond to your inquiry within 30 days.

U.S. MULTI-STATE PRIVACY POLICY

Updated January 1, 2026

1. SCOPE AND APPLICATION

This U.S. Multi-State Privacy Policy (“Addendum”) to the Nothing Technology Limited (also “Nothing,” “we,” “us,” “our”) Privacy Policy (https://us.nothing.tech/pages/privacy-policy) applies to all visitors, users, and others who access or use our website, https://us.nothing.tech/ (“Website”), products or apps, create a Nothing account, contact our customer service, request information from us, direct third parties to share data with us or communicate with us via social media or otherwise and reside in states with comprehensive consumer privacy laws.

The terms set out in this Addendum are in addition to the other terms set out in our Privacy Policy and form an integral part of the Privacy Policy. In the event of any conflict or inconsistency between the body of the Privacy Policy and the terms of this Addendum, the terms of this Addendum shall govern and prevail as to residents of applicable U.S. states.

This Addendum applies to residents of all U.S. states with current comprehensive consumer privacy laws (collectively, “Applicable State Privacy Laws”).

2. DEFINITIONS

“Personal Data” or “Personal Information” in this Addendum has the meaning given in the applicable state privacy law and generally refers to information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

“Sensitive Personal Information” or “Sensitive Data” includes categories of personal information that may reveal a consumer's social security number, driver's license, state identification card, passport number, precise geolocation, account login credentials, financial account numbers, biometric information, health information, information concerning a consumer's sex life or sexual orientation, citizenship or immigration status, racial or ethnic origin, religious beliefs, genetic data, neural data (Connecticut), personal information of known minors under 16 years of age (California), and other categories as defined by applicable state law.

3. COLLECTION AND USE OF PERSONAL INFORMATION

During the preceding 12 months, we have collected and used the Personal Information described in the “What Personal Data we collect” section of the Privacy Policy, in the categories set forth below, and for the purposes described in the section, “Disclosure or Sale of Personal Data,” of the Privacy Policy.

Categories of Personal Information We Collect

We have collected the following categories of Personal Information from consumers:

Category

Examples

Collected

Sources

A. Identifiers

Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

YES

Directly from you; Indirectly from you; Third parties

B. Personal Information Categories

Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

YES

Directly from you; Third parties

C. Protected Classification Characteristics

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

YES

Directly from you

D. Commercial Information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

Directly from you; Transaction records

E. Biometric Information

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

NO

N/A

F. Internet or Network Activity

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

YES

Automatically through website/app use

G. Geolocation Data

Physical location or movements.

YES

Automatically from device/IP address

H. Sensory Data

Audio, electronic, visual, thermal, olfactory, or similar information.

NO

N/A

I. Professional or Employment-Related Information

Current or past job history or performance evaluations.

YES

Directly from you

J. Non-Public Education Information

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

NO

N/A

K. Inferences

A profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

YES

Derived from other collected information

Sources of Collection

We obtain the categories of Personal Information listed above from the following sources:

Directly from you. For example, from forms you complete or purchases you make.

Indirectly from you. For example, from collecting data, such as device and browser information, and usage data, based on your actions on our Website.

From third party or public or commercially available sources or from companies that partner with us. This may include information we receive from our advertising and market research partners, who may provide us with information about your interest in and engagement with our online advertisements.

Business and Commercial Purposes for Collecting Personal Information

We collect and use Personal Information for the business and commercial purposes described in the “Disclosure or Sale of Personal Data” section of the Privacy Policy, including: providing our products and services; account creation and management; order fulfillment and customer service; marketing communications; fraud prevention and security; analytics and service improvement; and compliance with legal obligations.

4. YOUR PRIVACY RIGHTS

Under Applicable State Privacy Laws, you have the following rights regarding your Personal Information:

Right to Know / Access

You have the right to request that we disclose what Personal Information we have collected, used, disclosed, sold, or shared about you. For California residents, if we retain Personal Information for longer than 12 months, you may request access to Personal Information collected back to January 1, 2022, by specifying a date range. Once we receive your request and confirm your identity, we will disclose to you:

The categories of Personal Information we collected about you.

The categories of sources for the Personal Information we collected about you.

Our business or commercial purpose for collecting or selling that Personal Information.

The categories of third parties with whom we share that Personal Information.

If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing: (a) sales, identifying the Personal Information categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.

The specific pieces of Personal Information we collected about you (also called a data portability request).

Right to Delete

You have the right to request that we delete your Personal Information that we have collected from you, subject to certain exceptions. Once we receive and confirm your verifiable deletion request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you;

Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;

Debug products to identify and repair errors that impair existing intended functionality;

Exercise free speech rights, ensure the right of another to exercise their free speech rights, or exercise another right provided for by law;

Comply with the California Electronic Communications Privacy Act or similar state laws;

Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when deletion of the information may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;

Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;

Comply with a legal obligation; or

Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Correct

You have the right to request that we correct inaccuracies in your Personal Information. Once we receive and confirm your verifiable correction request, we will correct your Personal Information in our records (and direct our service providers to correct such information in their records), unless an exception applies. In determining the accuracy of the Personal Information that is the subject of a request to correct, we shall consider the totality of the circumstances relating to the contested Personal Information and may deny a request to correct if we determine that the contested Personal Information is more likely than not accurate, based on the totality of the circumstances.

Right to Opt-Out of Sale/Sharing

You have the right to opt out of the sale of your Personal Information or the sharing of your Personal Information for cross-context behavioral advertising (also called targeted advertising). We will honor opt-out preference signals, including Global Privacy Control (GPC), and will display confirmation when such requests have been processed.

Right to Limit Use of Sensitive Personal Information

California residents have the right to limit our use and disclosure of Sensitive Personal Information to purposes permitted under CCPA/CPRA.

Right to Data Portability

You have the right to obtain a copy of your Personal Information in a portable and, to the extent technically feasible, readily usable format.

Right to Opt Out of Automated Decision-Making / Profiling

Residents of certain states have the right to opt out of the processing of Personal Information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects. California residents have additional rights regarding Automated Decision-Making Technology (ADMT), which are described in Section 7 below.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights under Applicable State Privacy Laws. Unless permitted by law, we will not: deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide you a different level or quality of goods or services; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

5. HOW TO EXERCISE YOUR RIGHTS

To exercise any of the above rights, you or your authorized agent may contact us using the contact details provided in Section 11 below. We will only respond to verifiable requests related to your Personal Information coming from you, or someone legally authorized to act on your behalf. You may also make a verifiable request on behalf of your minor child.

Your request must: (1) provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative of that person; and (2) communicate your request with sufficient detail to allow us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm that the relevant Personal Information relates to you. Making such a verifiable request does not require you to create an account with us. However, we do consider requests made through your password-protected account sufficiently verified when the request relates to Personal Information associated with that specific account.

Response Timing and Formats

We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide may cover the period back to January 1, 2022 for California residents, or the preceding 12 months for residents of other states, depending on applicable law. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is commonly used and should allow you to transmit the information from one entity to another entity without undue hindrance.

Appeals Process

If we deny your request, you have the right to appeal that decision. We will respond to your appeal within 45-60 days (depending on applicable state law). If your appeal is denied, you may contact the attorney general in your state to submit a complaint.

6. DISCLOSURE OF PERSONAL INFORMATION

As described in the Privacy Policy, we may disclose your Personal Information to third parties for business purposes. We only make these disclosures for business purposes under written agreements with such third parties that require the recipient to (i) keep the Personal Information confidential, and (ii) not use it for any purposes other than those necessary for the performance of the agreement.

Categories of Third Parties

In the preceding twelve (12) months, we have disclosed Personal Information for business purposes to the following categories of third parties:

Processors or other service providers

Data aggregators

Affiliates

Partners

Cookie data recipients (See Cookie Policy)

In the preceding 12 months, we have disclosed the following categories of Personal Information to service providers and contractors: identifiers, personal information categories, protected classification characteristics, commercial information, internet or network activity information, geolocation data, professional or employment-related information, and inferences.

Specific Third-Party Partners

We may also disclose your Personal Information to third parties when you explicitly ask or authorize us to do so, in order to provide you with certain services. For example:

If you choose to participate in the hearing test within the Nothing X app, we make certain Personal Information available to our third-party partner, Mimi Hearing Technologies GmbH, to provide you with personalized sound function.

Xcotton, a third-party service provider, may collect and process your order and shipping information in accordance with its privacy policy.

Sale and Sharing of Personal Information

In the preceding 12 months, we have disclosed the following categories of Personal Information to third parties in ways that may be considered a “sale” or “sharing” under applicable state privacy laws: identifiers, commercial information, and internet or network activity information. You have the right to opt out of such sale or sharing at any time.

Third-Party Disclosure Lists (Oregon and Rhode Island)

Oregon and Rhode Island residents have the right to request a list of specific third parties to whom we have disclosed Personal Information. Upon request, we will provide either: (1) a list of specific third parties to whom your Personal Information was disclosed, or (2) a list of all third parties to whom we disclosed Personal Information of any consumer.

7. AUTOMATED DECISION-MAKING TECHNOLOGY (CALIFORNIA)

Effective January 1, 2027, California residents have specific rights regarding our use of Automated Decision-Making Technology (ADMT) to make significant decisions concerning consumers.

What is ADMT?

ADMT means any computational process, including machine learning or artificial intelligence, that processes Personal Information and makes a decision or facilitates human decision-making concerning consumers.

Your ADMT Rights

If we use ADMT to make significant decisions about you (such as decisions related to pricing, offers, access to services, or opportunities), you have the right to:

Receive a pre-use notice before we process your Personal Information with ADMT

Opt out of the use of ADMT for such decisions

Access information about the logic involved in the ADMT decision-making process

When ADMT is used, we will provide at least two methods for opting out, including an opt-out preference signal mechanism.

8. CHILDREN'S PRIVACY

Our services are not directed to children under 16 years of age. We do not knowingly sell or share the Personal Information of consumers under 16 years of age without affirmative authorization. California law treats Personal Information of known minors under 16 as Sensitive Personal Information subject to additional protections.

9. USE OF PERSONAL INFORMATION FOR AI AND LLM TRAINING

We do not collect, use, or sell Personal Information for the purpose of training large language models (LLMs) or other artificial intelligence systems, except where specifically disclosed and with appropriate consent where required by law.

10. CALIFORNIA-SPECIFIC NOTICES

Shine the Light Law

California Civil Code Section 1798.83 (“Shine the Light” law) permits users of our Website that are California residents to request a list of all third parties to which we have disclosed certain of their Personal Information for direct marketing purposes. You may make one request per calendar year. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. Please allow up to thirty (30) days for a response. To make such a request, please send an email to privacy@nothing.tech.

California Privacy Protection Agency

The California Privacy Protection Agency (CPPA) is the regulatory authority responsible for enforcing the CCPA/CPRA. You may contact the CPPA at:

California Privacy Protection Agency 2101 Arena Boulevard Sacramento, CA 95834 Email: regulations@cppa.ca.gov Website: https://cppa.ca.gov

Financial Incentive Programs

We may offer financial incentive programs, such as discounts, loyalty programs, or promotions, that involve the collection of Personal Information. We will provide specific terms for any such programs at the time of enrollment, including the material terms, how to opt-in, how to opt-out, and an explanation of why the program is reasonably related to the value of the Personal Information collected.

11. CONTACT INFORMATION

If you have any questions regarding this Privacy Policy, the US Multi-State Addendum or its implementation, or to exercise your privacy rights, here is how you can reach us:

Email Address: privacy@nothing.tech Website: https://us.nothing.tech/pages/privacy-policy Postal Address: Nothing Technology Limited, Bedford House, 21a John Street, London, WC1N 2BF

For California residents, you may also contact the California Privacy Protection Agency as indicated in Section 10 above.

12. CHANGES TO THIS ADDENDUM

We may update this Addendum from time to time to reflect changes in our privacy practices, applicable laws, or for other operational, legal, or regulatory reasons. We will notify you of material changes by posting the updated Addendum on our website with a revised “Updated” date. We encourage you to review this Addendum periodically.

13. EFFECTIVE DATE

This Addendum is effective as of January 1, 2026. Certain provisions, including those related to Automated Decision-Making Technology (ADMT) under California law, become effective January 1, 2027, as indicated in the relevant sections.