This Supplemental U.S. Privacy Notice applies to individuals who reside in the United States and supplements the Level Global Privacy Notice.
Certain U.S. states have enacted privacy laws that provide residents with specific rights regarding their personal data, including, for example, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CCPA/CPRA”), as well as privacy laws in Colorado, Virginia, Connecticut, Utah, Texas, Oregon, and other states.
Where applicable, this Supplemental U.S. Privacy Notice describes those additional rights and how U.S. residents may exercise them. If there is a conflict between this Supplemental U.S. Privacy Notice and the Global Privacy Notice with respect to U.S. residents, this Supplemental U.S. Privacy Notice governs.
Categories of Personal Data Collected
For purposes of operating our business and providing our services, Level may collect and use the following categories of personal data, as defined under applicable U.S. state privacy laws:
| Category | Examples |
| Identifiers | Name, postal address, email address, online identifiers, IP address, booking or confirmation numbers |
| Demographic information | City, state, country, and similar information voluntarily provided |
| Commercial information | Records of services purchased, obtained, or considered, including booking and reservation history |
| Professional or employment-related information | Job history, resume/CV, application materials |
| Geolocation data | Approximate location derived from IP address or device information |
| Internet or electronic activity | Browsing history, website navigation, interactions with advertisements |
| Audio, electronic, visual information | Images captured by video surveillance at our properties (where applicable) |
| Inferences | Preferences or interests inferred from interactions |
Sources of Personal Data
Levels collects personal data from the following sources:
- Directly from you, when you make reservations, submit inquiries, apply for jobs, sign up for communications, or otherwise interact with us;
- From third parties, such as booking providers, recruitment platforms, analytics providers, and marketing partners; and
- Automatically, through your interactions with our websites and digital services, including cookies and similar technologies.
Use and Disclosure of Personal Data
Level uses and discloses personal data in accordance with the purposes described in the “How We Collect and Process Your Personal Data” and “Who Has Access to Your Personal Data” sections of the Global Privacy Notice.
Disclosures of Personal Data for a Business Purpose
Level has disclosed personal data within the last twelve (“12”) months in the categories identified in this Supplemental U.S. Privacy Notice for the business and commercial purposes described above.
These disclosures are made to service providers and other third parties that assist us in operating our business, including technology providers, booking and reservation partners, analytics providers, and marketing partners, as permitted by applicable law. We retain personal data only for as long as reasonably necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
Sale or Sharing of Personal Data
Some U.S. state privacy laws use the terms “sale,” “sharing,” or “targeted advertising” to describe certain disclosures of personal data, including disclosures for cross-context behavioral advertising.
Level does not sell personal data for monetary consideration. However, depending on how these terms are defined under applicable law, Level may share certain personal data (such as identifiers, online activity data, and inferences) with advertising and analytics partners to support legitimate business purposes including marketing, advertising, audience measurement, and service improvement. You may opt out of such sharing as described below.
Your U.S Privacy Rights
Depending on your state of residence, you may have the right to:
- Request to know what personal data has been collected, disclosed, sold, or shared about you;
- Request correction of personal data we hold about you that you believe is inaccurate;
- Request deletion of personal data, subject to certain legal exceptions, including where retention is necessary to complete transactions, detect security incidents, comply with legal obligations, maintain business records, or exercise free speech rights;
- Request data portability, meaning you may request a copy of specific pieces of personal information we collected about you in the past twelve (12) months in an electronic format;
- Request that we limit the use or disclosure of sensitive personal information, unless such use is required to provide our services or comply with legal obligations; and
- Opt out of the sale or sharing of your personal data at any time.
Information Provided in Response to a “Right to Know” Request
Once we receive and verify your request, and to the extent we are able to match the information you provide to personal data in our systems, we will provide the following information for the preceding twelve (“12”) months, as required by law:
- the categories of personal data collected about you;
- the sources from which we obtained your personal data;
- the purposes for which we used your personal data;
- the categories of third parties with whom we shared your personal data; and
- whether we sold or shared your personal data for Levels’ business purposes.
Other rights relating to your personal data are described in the Global Privacy Notice, which applies alongside this Supplemental U.S. Privacy Notice.
Response Timing and Non-Discrimination
We aim to respond to verified requests within forty-five (“45”) days of receipt. If additional time is required (up to an additional forty-five (“45”) days), we will notify you of the reason for the extension within the initial forty-five (“45”) day period. For complex or numerous requests, additional time may be necessary to ensure accuracy and completeness.
We will respond by mail or electronically, depending on your preference and the nature of the request. We will not discriminate against you for exercising your privacy rights. However, we may charge a reasonable fee or decline requests that are manifestly unfounded, excessive, or repetitive, as permitted by applicable law.
Automated Decision-Making
Level does not engage in automated decision-making, including profiling, that produces legal or similarly significant effects using personal data, and we do not plan to do so without providing advance notice where required by law.
Authorized Agents
You may designate an authorized agent to submit requests on your behalf. We will require verification that you authorized the agent to act for you. Unless otherwise required by law:
- the authorized agent must provide your contact details; and
- we may contact you directly to confirm your authorization before responding to the request.
Once authorization is verified, we will respond in accordance with applicable law. If we deny your request, in whole or in part, you may have the right to appeal that decision as required by applicable state law. We will provide information about how to appeal in our response.
Exercising Your U.S. Privacy Rights
To exercise your U.S. privacy rights, including California privacy rights, you may contact us using one of the following methods:
- Email: [email protected]
To protect your privacy and security, we may require additional information to verify your identity before processing your request. We may deny requests if we cannot verify your identity or authority to make the request. The information we require for verification may vary depending on the nature and sensitivity of the request and the risk of harm from unauthorized access or deletion.
Biometric Information (U.S. Only)
Where applicable, Level complies with U.S. laws regulating the collection and use of biometric identifiers and biometric information, such as fingerprints, facial geometry, or similar identifiers.
Biometric information, if used (for example, for employee timekeeping systems or access control systems that may be operated by Level, its affiliates, franchisees, or third-party vendors), is collected only with informed consent where required by law, used solely for authorized purposes, and retained only for as long as necessary or as required by law. Individuals may decline or withdraw consent without adverse consequences, where permitted by law.
Updates to This Notice
We may update this Supplemental U.S. Privacy Notice from time to time. Any changes will become effective when posted, and the “Last Updated” date will reflect the most recent revision.
Last Updated: March 17th, 2026.
