Regis Realm Privacy Policy

Effective Date: February 26, 2026

Last Updated: February 26, 2026

Regis Realm (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring you have a positive experience on our website and when interacting with our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://regisrealm.com/ (the “Site” ), use our services, and interact with us through other channels.

By accessing and using the Site, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Site or services.

1. Applicable Laws and Jurisdictions

This Privacy Policy is governed by the privacy laws of the jurisdictions in which we operate. Depending on your location, the following regulations may apply to your personal information:

•European Union (EU): General Data Protection Regulation (GDPR)

•California, United States: California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

•Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)

•United States (General): Federal Trade Commission Act (FTC Act), CAN-SPAM Act, and Telephone Consumer Protection Act (TCPA)

We comply with all applicable privacy laws in the jurisdictions where we operate. If you are located in the EU, GDPR provides you with specific rights regarding your personal data. If you are in California, CCPA/CPRA provides you with specific consumer rights. If you are in Canada, PIPEDA governs how we handle your information.

2. Information We Collect

We collect information that identifies, relates to, describes, or could reasonably be linked to you. The categories of personal information we may collect include:

2.1 Personal Identifiers

•Name

•Email address

•Mailing address

•Phone number

•Other contact information you provide

2.2 Payment Information

•Credit card details and billing information (collected through third-party payment processors only; we do not store full credit card numbers)

•Transaction history

•Billing address

Payment information is collected and processed through secure third-party payment processors including Stripe, PayPal, and Intuit. These processors maintain their own privacy policies and security standards.

2.3 Account Information

•Username and email address

•Password (encrypted and securely hashed)

•Account preferences and settings

•Profile information you choose to provide

2.4 Usage Information

•Browsing history and pages visited

•IP address and device identifiers

•Browser type and version

•Device type and operating system

•Time and date of visits

•Duration of visits

•Referring website

•Geographic location (approximate, based on IP address)

•Search queries and interaction data

2.5 Marketing Preferences

•Email opt-in/opt-out preferences

•SMS/text message opt-in/opt-out preferences

•Communication frequency preferences

•Content preferences and interests

2.6 Analytics and Tracking Data

•Cookies and similar tracking technologies

•Pixel tags and web beacons

•Session recordings (if enabled)

•Heatmap data (if enabled)

2.7 Communications Data

•Messages you send to us

•Support tickets and inquiries

•Feedback and survey responses

•Customer service interactions

3. How We Collect Your Information

We collect information in the following ways:

3.1 Information You Provide Directly

•When you create an account

•When you make a purchase or payment

•When you subscribe to our mailing list or SMS communications

•When you fill out forms on our Site

•When you contact us with inquiries or feedback

•When you participate in surveys or contests

3.2 Information Collected Automatically

•Through cookies and similar tracking technologies

•Through web server logs

•Through analytics tools

•Through pixel tags and web beacons

•Through your browser and device information

3.3 Information from Third Parties

•From payment processors (transaction information)

•From analytics providers (usage data)

•From marketing platforms (engagement metrics)

•From social media platforms (if you connect your social account)

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Delivery

•To provide, maintain, and improve our website and services

•To process and fulfill your orders and transactions

•To create and manage your account

•To deliver the services you have requested

•To personalize your experience on our Site

4.2 Communication

•To respond to your inquiries and customer service requests

•To send you transactional emails (order confirmations, account updates, etc.)

•To send you service announcements and updates

•To notify you of changes to our policies or services

•To provide technical support

4.3 Marketing and Promotional Activities

•To send marketing emails and promotional offers (only if you have opted in)

•To send SMS/text messages (only if you have opted in)

•To conduct marketing research and surveys

•To improve our marketing efforts

•To personalize marketing content based on your interests

4.4 Legal and Compliance

•To comply with applicable laws, regulations, and legal processes

•To enforce our Terms of Service and other agreements

•To protect our legal rights and the rights of our users

•To prevent fraud and abuse

•To investigate and resolve disputes

4.5 Analytics and Improvement

•To analyze website traffic and user behavior

•To understand how users interact with our Site

•To identify trends and patterns

•To improve our website design and functionality

•To optimize our services and user experience

4.6 Security and Safety

•To detect, prevent, and address fraud and security issues

•To protect against malicious, deceptive, or illegal activity

•To enforce our agreements and policies

•To protect the security and integrity of our systems

4.7 AI-Powered Features

•To provide AI-assisted customer support and recommendations

•To improve our services through machine learning

•To personalize your experience (as described in Section 5.2)

5. How We Share Your Information

We do not sell your personal information to third parties for monetary compensation. However, we may share your information with trusted service providers and partners who assist us in operating our website and providing our services. All third parties are bound by confidentiality agreements and are required to use your information only for the purposes specified.

5.1 Third-Party Service Providers

We may share your personal information with the following categories of service providers:

Payment Processors:

•Stripe, PayPal, and Intuit – for secure processing of payments and transactions

•These processors comply with PCI DSS standards and maintain their own privacy policies

Email and Communication Services:

•Email marketing platforms used to send communications you have opted into

•SMS/text message providers for delivering opted-in text messages

Hosting and Infrastructure Providers:

•Cloud hosting providers for maintaining our website and database infrastructure

•Content delivery networks (CDNs) for optimizing website performance

Customer Relationship Management (CRM) and Communication Tools:

•HighLevel CRM for client management, communication, and service delivery

•This platform helps us organize customer information and improve service delivery

Analytics and Tracking Providers:

•Google Analytics for website traffic analysis and user behavior insights

•Facebook Pixel for advertising analytics and campaign optimization

•These tools collect data about your interactions with our Site

AI Technology Vendors:

•OpenAI (ChatGPT API) for AI-powered customer support and content generation

•Your data is processed according to OpenAI’s privacy policy and data handling practices

•We do not permit OpenAI to use your personal data to train their models without your explicit consent

•For EU users: Data transfers to OpenAI are governed by Standard Contractual Clauses (SCCs)

Cloud Storage and Data Processing:

•Secure cloud storage providers for storing and backing up customer data

•These providers maintain industry-standard security measures

5.2 Data Sharing Limitations

All third-party service providers:

•Are contractually obligated to keep your data secure and confidential

•May only use your data for the specific purposes we have authorized

•Must comply with applicable privacy laws (GDPR, CCPA, PIPEDA, etc.)

•Have signed Data Processing Agreements (DPAs) confirming their compliance obligations

•Are prohibited from selling or sharing your data with other third parties without authorization

5.3 Legal Requirements and Disclosures

We may disclose your personal information when required by law or when we believe in good faith that such disclosure is necessary to:

•Comply with applicable laws, regulations, court orders, or governmental requests

•Enforce our Terms of Service and other agreements

•Protect the safety, rights, and property of Regis Realm, our users, or the public

•Detect, prevent, or address fraud, security, or technical issues

•Protect against legal liability

5.4 Business Transfers

If Regis Realm is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your personal information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

5.5 Aggregated and De-identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes without restriction.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website, analyze usage patterns, and deliver personalized content and advertising.

6.1 Types of Cookies We Use

Essential Cookies:

•Session cookies that enable you to navigate our Site and use its features

•Security cookies that protect against fraud and unauthorized access

•These cookies are necessary for the Site to function properly

Performance and Analytics Cookies:

•Google Analytics cookies to track website traffic and user behavior

•These cookies help us understand how visitors use our Site and identify areas for improvement

Marketing and Advertising Cookies:

•Facebook Pixel for tracking conversions and optimizing advertising campaigns

•Cookies that enable us to deliver targeted advertising based on your interests

•Third-party cookies from advertising partners

Preference Cookies:

•Cookies that remember your preferences and settings

•Cookies that store your login information (if you choose “Remember Me”)

6.2 Cookie Management

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, blocking or deleting cookies may affect the functionality of our Site and prevent you from accessing certain features.

To manage cookies:

•Chrome: Settings → Privacy and Security → Cookies and other site data

•Firefox: Preferences → Privacy & Security → Cookies and Site Data

•Safari: Preferences → Privacy → Manage Website Data

•Edge: Settings → Privacy, search, and services → Clear browsing data

6.3 Tracking Technologies

In addition to cookies, we use:

•Pixel Tags and Web Beacons: Small graphics that track page views and user interactions

•Local Storage: Browser storage that persists data across sessions

•Session Storage: Temporary storage for data during your visit

6.4 Third-Party Tracking

Third-party service providers (Google Analytics, Facebook Pixel, etc.) may place cookies on your device to track your behavior across websites. You can opt out of third-party tracking through:

•Google Analytics Opt-out Browser Add-on

•Facebook’s Ad Preferences

•Digital Advertising Alliance Opt-out

6.5 Do Not Track

Some browsers include a “Do Not Track” feature. Currently, there is no industry standard for recognizing Do Not Track signals, and we do not respond to Do Not Track browser signals. However, you can use other tools to control data collection and use as described above.

7. Data Security

We implement comprehensive technical and organizational security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

7.1 Security Measures

Technical Safeguards:

•SSL/TLS encryption for all data transmitted between your browser and our servers

•Secure password hashing using industry-standard algorithms (bcrypt or similar)

•Regular security audits and vulnerability assessments

•Intrusion detection and prevention systems

•Firewalls and network segmentation

•Secure data storage with access controls and encryption at rest

Organizational Safeguards:

•Limited employee access to personal data on a need-to-know basis

•Employee training on data privacy and security best practices

•Confidentiality agreements with all employees and contractors

•Regular review and updating of security policies and procedures

•Incident response procedures for potential data breaches

Administrative Safeguards:

•Access controls and authentication mechanisms

•Audit logs and monitoring of data access

•Regular backups and disaster recovery procedures

•Secure disposal of personal information when no longer needed

7.2 Limitations on Security

While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your personal information. You are responsible for maintaining the confidentiality of your account credentials and for notifying us immediately of any unauthorized access to your account.

7.3 Payment Security

Payment information is processed through secure third-party payment processors (Stripe, PayPal, Intuit) that comply with Payment Card Industry Data Security Standard (PCI DSS). We do not store complete credit card numbers on our servers.

8. Data Retention

We retain personal information only as long as necessary to provide our services, fulfill the purposes outlined in this Privacy Policy, and comply with applicable legal obligations.

8.1 Retention Periods by Data Category

Personal Identifiers and Account Information:

•Retained for the duration of your account plus 12 months after account closure or deletion

•Longer retention may be required if necessary to comply with legal obligations

Payment Information:

•Retained per payment processor requirements (typically 7 years for tax compliance and fraud prevention)

•Credit card information is not stored on our servers beyond the transaction processing period

Usage Information and Analytics Data:

•Retained for 12 months for analytics and performance optimization purposes

•Aggregated, de-identified data may be retained indefinitely

Marketing Preferences:

•Retained until you unsubscribe or request deletion

•Opt-out requests are retained to ensure compliance with your preferences

Communications Data:

•Customer service records retained for 2 years for dispute resolution and quality assurance

•Support tickets retained for 3 years for legal compliance

Cookies and Tracking Data:

•Session cookies deleted when you close your browser

•Persistent cookies retained for up to 2 years

•Analytics data retained for 12 months

8.2 Deletion Requests

You may request deletion of your personal data at any time, subject to legal retention requirements. We will delete your information within 30 days of your request, except where:

•Retention is required by law or regulation

•Information is necessary for legal claims or disputes

•Information is needed for fraud prevention or security purposes

•Deletion would impair our ability to provide services

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

9.1 Rights for All Users

Right to Access: You have the right to request and obtain a copy of the personal information we hold about you.

Right to Correction: You have the right to request correction of inaccurate or incomplete personal information.

Right to Deletion: You have the right to request deletion of your personal information, subject to legal retention requirements.

Right to Opt-Out of Marketing: You have the right to opt out of marketing communications at any time.

Right to Withdraw Consent: You have the right to withdraw your consent for data processing at any time.

9.2 EU-Specific Rights (GDPR)

If you are located in the European Union, you have the following additional rights:

Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances.

Right to Object: You have the right to object to processing of your personal information for direct marketing purposes and in certain other circumstances.

Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

Automated Decision-Making: We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you. If this changes, we will provide notice and obtain your consent.

9.3 California-Specific Rights (CCPA/CPRA)

If you are a California resident, you have the following rights:

Right to Know: You have the right to request what personal information we collect, use, and share.

Right to Delete: You have the right to request deletion of personal information we have collected from you.

Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information. We do not sell your personal information, but you may opt out of data sharing with third parties for targeted advertising.

Right to Correct: You have the right to request correction of inaccurate personal information.

Right to Limit Use: You have the right to limit our use of sensitive personal information.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

9.4 Canada-Specific Rights (PIPEDA)

If you are located in Canada, you have the following rights:

Right to Access: You have the right to access your personal information held by us.

Right to Correction: You have the right to request correction of inaccurate personal information.

Right to Withdraw Consent: You have the right to withdraw your consent for collection, use, or disclosure of your personal information.

Right to Complain: You have the right to lodge a complaint with the Privacy Commissioner of Canada.

9.5 How to Exercise Your Rights

To exercise any of these rights, please submit a written request to:

Email: eric@ericmortimer.com

Mailing Address: Regis Realm, [Your Physical Address]

Phone: +1 587-319-2529

Your request should include:

•Your full name and email address associated with your account

•A clear description of the right you are exercising

•Specific details about the information you are requesting

•Any supporting documentation

9.6 Verification and Response Timeline

Verification: We will verify your identity before processing your request. We may request additional information to confirm your identity and ensure we are disclosing information only to the authorized individual. Verification is provided at no cost to you.

Response Timeline:

•GDPR (EU): We will respond within 30 days of receiving your request. This period may be extended by two months for complex requests.

•CCPA/CPRA (California): We will respond within 45 days of receiving your request.

•PIPEDA (Canada): We will respond within 30 days of receiving your request.

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. The authorized agent must provide written authorization from you and proof of their authority.

Fees: We will not charge a fee for exercising your rights, except in cases where requests are excessive, repetitive, or manifestly unfounded, in which case we may charge a reasonable fee or decline to respond.

10. SMS/Text Message Privacy and Marketing

If you opt in to receive SMS/text messages from us, the following terms apply:

10.1 SMS Opt-In and Consent

•You must provide explicit opt-in consent to receive SMS messages

•Opt-in consent may be provided through our website, mobile app, or by texting a keyword to our short code

•You will receive a confirmation message upon opting in

10.2 SMS Data Protection

No Third-Party Sharing: Your SMS opt-in data and consent information will not be shared with third parties for marketing purposes, except for the SMS service providers necessary to deliver your messages.

Limited Purpose: Your mobile number and SMS preferences will only be used for purposes you have explicitly agreed to, including:

•Service reminders and notifications

•Account updates and alerts

•Promotional offers (if opted in)

•Customer support communications

No Marketing Sharing: We do not sell or share your mobile number with third parties or affiliates for promotional purposes.

10.3 SMS Opt-Out

You can opt out of SMS messages at any time by:

•Texting “STOP” to +1 587-319-2529

•Replying “STOP” to any SMS message we send

•Contacting us at eric@ericmortimer.com

Upon receiving your opt-out request, you will receive a confirmation message, and we will remove your number from our SMS list within 24 hours. You will not receive further SMS messages unless you re-subscribe.

10.4 SMS Frequency

Message frequency varies depending on the program you have opted into. Standard message and data rates may apply. Contact your mobile service provider for details about your plan.

10.5 SMS Support

For SMS-related questions or issues, contact us at:

•Email: eric@ericmortimer.com

•Phone: +1 587-319-2529

11. Email Marketing

We respect your email preferences and provide multiple ways to manage your email communications.

11.1 Email Opt-In

•You must provide explicit consent to receive marketing emails

•Consent is obtained through opt-in forms on our website or during account creation

•You will receive a confirmation email upon opting in

11.2 Email Opt-Out

You can opt out of marketing emails at any time by:

•Clicking the “Unsubscribe” link in any marketing email

•Updating your preferences in your account settings

•Contacting us at eric@ericmortimer.com

We will process opt-out requests within 10 business days.

11.3 Transactional Emails

Even if you opt out of marketing emails, we will continue to send you transactional emails (order confirmations, account updates, password resets, etc.) as these are necessary for account management and legal compliance.

12. Data Breach Notification

In the event of a data breach that compromises the security or privacy of your personal information, we will:

12.1 Notification Timeline

•Notify affected users within 45 days of discovering the breach

•Notify relevant regulatory authorities as required by applicable law

•Provide notice to credit reporting agencies if required

12.2 Notification Content

Our breach notification will include:

•Description of the breach and the types of information affected

•Steps we are taking to investigate and remediate the breach

•Measures you can take to protect yourself

•Contact information for questions or concerns

•Information about credit monitoring services (if applicable)

12.3 Incident Response

We maintain a comprehensive incident response plan that includes:

•Immediate containment of the breach

•Investigation and forensic analysis

•Notification to affected parties and authorities

•Remediation and prevention of future incidents

•Documentation and review of the incident

13. Children’s Privacy

We do not knowingly collect or solicit personal information from individuals under the age of 13. Our services are not directed to children under 13.

13.1 COPPA Compliance

If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information as quickly as possible.

13.2 Parental Rights

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at eric@ericmortimer.com. We will take steps to delete such information and terminate the child’s account if applicable.

13.3 Teens and Young Adults

For users aged 13-18, we provide additional privacy protections and limit the collection and use of personal information to what is necessary to provide our services.

14. Third-Party Links and Services

Our Site may contain links to third-party websites, applications, and services that are not operated by us. This Privacy Policy does not apply to third-party websites or services, and we are not responsible for their privacy practices or content.

14.1 Third-Party Privacy Policies

We encourage you to review the privacy policies of any third-party websites or services before providing your personal information. Third-party websites may have different privacy practices and data collection policies.

14.2 Affiliate Relationships

Some links on our Site may be affiliate links, meaning we may receive compensation if you make a purchase through these links. We disclose affiliate relationships where required by law and FTC guidelines.

14.3 Social Media Integration

If you connect your social media account to our Site, we may collect information from your social media profile in accordance with the permissions you grant. This information is subject to this Privacy Policy and the privacy policies of the respective social media platforms.

15. International Data Transfers

We operate globally and may transfer your personal information to countries other than where you reside, including countries that may not have the same data protection laws.

15.1 EU Data Transfers (GDPR)

For users in the European Union, we transfer personal data outside the EU only through legally recognized mechanisms, including:

•Standard Contractual Clauses (SCCs): We have executed SCCs with all third-party processors and recipients of personal data

•Adequacy Decisions: We transfer data only to countries with EU adequacy decisions where applicable

•Explicit Consent: We obtain your explicit consent for transfers where required

15.2 Data Transfer Safeguards

All international data transfers are protected by:

•Contractual safeguards (Data Processing Agreements)

•Technical security measures (encryption, access controls)

•Organizational policies and procedures

•Compliance with applicable privacy laws

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

16.1 Notification of Changes

We will notify you of material changes to this Privacy Policy by:

•Posting the updated policy on this page with an updated “Last Updated” date

•Sending you an email notification (if we have your email address)

•Obtaining your explicit consent (if required by applicable law)

16.2 Effective Date of Changes

Material changes will become effective 30 days after posting, unless otherwise required by law. Your continued use of our Site after changes become effective constitutes your acceptance of the updated Privacy Policy.

16.3 Previous Versions

Previous versions of this Privacy Policy are available upon request by contacting us at eric@ericmortimer.com.

17. Data Protection Officer and Privacy Contact

For privacy-related inquiries, concerns, or to exercise your privacy rights, please contact our Data Protection Officer and Privacy Team:

Email: eric@ericmortimer.com

Phone: +1 587-319-2529

Mailing Address: Regis Realm, [Your Physical Address]

Response Time: We will respond to all privacy inquiries within 10 business days

17.1 EU Data Protection Authority

If you are located in the EU and believe we have violated your rights under GDPR, you have the right to lodge a complaint with your local data protection authority:

•European Data Protection Board – Links to all EU data protection authorities

17.2 California Privacy Agency

If you are a California resident and have concerns about our privacy practices, you may contact:

•California Attorney General – Consumer Privacy Division

17.3 Canadian Privacy Commissioner

If you are a Canadian resident and have concerns about our privacy practices, you may contact:

•Privacy Commissioner of Canada

18. Contact Information

Regis Realm

Email: eric@ericmortimer.com

Phone: +1 587-319-2529

Website: https://regisrealm.com/home

For general inquiries, privacy concerns, or to exercise your rights, please use the contact information above. We will respond to all inquiries within 10 business days.

19. Acknowledgment

By using our Site and services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree with this Privacy Policy, please do not use our Site or services.

Last Updated: February 26, 2026

Effective Date: February 26, 2026

Appendix A: Glossary of Terms

Personal Information/Personal Data: Any information that identifies or could reasonably be linked to an individual.

Processing: Any operation performed on personal data, including collection, use, storage, disclosure, or deletion.

Data Controller: The entity that determines the purposes and means of processing personal data (Regis Realm ).

Data Processor: A third party that processes personal data on behalf of the controller.

Data Subject: The individual to whom personal data relates (you, the user).

Consent: Freely given, specific, informed, and unambiguous agreement to processing of personal data.

Legitimate Interest: A legal basis for processing personal data when the controller’s interest outweighs the individual’s privacy rights.

Data Breach: Unauthorized access, disclosure, or loss of personal data.

GDPR: General Data Protection Regulation (EU privacy law).

CCPA/CPRA: California Consumer Privacy Act / California Privacy Rights Act.

PIPEDA: Personal Information Protection and Electronic Documents Act (Canadian privacy law).

TCPA: Telephone Consumer Protection Act (U.S. telemarketing law).

DPA: Data Processing Agreement.

SCC: Standard Contractual Clauses for international data transfers.

Appendix B: Your Privacy Rights by Jurisdiction

European Union (GDPR)

•Right to access your personal data

•Right to rectification of inaccurate data

•Right to erasure (“right to be forgotten”)

•Right to restrict processing

•Right to data portability

•Right to object to processing

•Right to lodge a complaint with a data protection authority

•Rights related to automated decision-making

California (CCPA/CPRA)

•Right to know what personal information is collected

•Right to delete personal information

•Right to opt-out of sale or sharing of personal information

•Right to correct inaccurate personal information

•Right to limit use of sensitive personal information

•Right to non-discrimination for exercising rights

Canada (PIPEDA)

•Right to access your personal information

•Right to request correction of inaccurate information

•Right to withdraw consent

•Right to complain to the Privacy Commissioner

United States (General)

•Right to opt-out of marketing communications

•Right to access and correct information

•Right to request deletion (subject to legal requirements)

•Right to opt-out of SMS marketing (TCPA)

This Privacy Policy is effective as of February 26, 2026, and supersedes all previous privacy policies.