Privacy Policy

1. Introduction

This Privacy Policy describes how Friendswith Limited, operating under the brand name "Vibed Unicorn" ("Company," "we," "us," or "our"), collects, uses, shares, and protects your personal information when you use our AI-powered property communication platform (the "Platform"). We are committed to protecting your privacy and adhering to all relevant data protection laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and its amendments, the Australian Privacy Act 1988, the UK General Data Protection Regulation (UK GDPR), and other applicable privacy laws in jurisdictions where we operate. By using the Platform, you consent to the collection, use, and sharing of your information as described in this Privacy Policy.

2. Information We Collect

We collect various types of information to provide and improve our Platform services. This includes information you provide directly, data collected automatically through your usage of the Platform, and information from third parties.

2.1 Information You Provide Directly

Account Information: When you create an account, we collect personal details such as your name, contact information (email address and phone number), profile details, and user type designation (e.g., agent/owner or buyer). We also collect account credentials and authentication data to secure your access.

Property-Related Content: If you are an agent or property owner, you may upload content like property documents (e.g., PDFs, images, videos), property descriptions, and attribute details. Buyers or users interacting with properties may provide search queries or preferences. Any chat messages or conversations you have with our AI system about properties are also collected as part of the property-related content you provide.

Communication Data: We collect communications you send through the Platform, such as messages exchanged between agents and buyers, support requests or correspondence with our team, feedback submissions, and survey responses. This helps us facilitate transactions and respond to your inquiries.

2.2 Information Collected Automatically

When you use the Platform, we automatically gather certain information about your device and how you interact with our services. This Usage Information includes the pages or screens you visit, features you use, the time spent on the Platform, click patterns, and navigation paths. We also collect Technical Information like your IP address (which may indicate general location), device identifiers, browser type and version, operating system, and other device characteristics. We use cookies and similar tracking technologies to remember your preferences and analyze usage of our Platform (see Section 8: Cookies and Tracking Technologies below for more details). Additionally, when you interact with our AI features, we collect AI Interaction Data such as chat conversation logs with the AI, requests for document analysis and the results provided, property search queries and the corresponding results, and other user preference data inferred from your interactions. This information helps us understand how users engage with our AI-powered services and allows us to improve the accuracy and relevance of responses.

2.3 Information from Third Parties

We may receive information about you from third-party sources to supplement or verify the data you provide:

Authentication Services: If you sign up or log in via third-party authentication providers (for example, using Firebase Authentication or a social media login), we receive basic information from those services to help identify you. This can include your name, email, and any other details you have agreed to share via the third-party login.

Integration Partners: If you choose to connect your account with other real estate platforms or services (for instance, if we integrate with a real estate listing service or a document processing service), we may receive data from those partners. This could include property information, analytics data, or verification details that help streamline your experience on our Platform.

Analytics Providers: We use third-party analytics and performance monitoring services that may collect data about how the Platform is used. These partners provide us with aggregated insights (e.g., usage trends, feature performance) which do not identify individuals.

We ensure that any third-party sources are lawfully permitted to share your data with us and that we handle all incoming data in accordance with this Privacy Policy and applicable laws.

3. How We Use Your Information

We use the collected information for various purposes to operate and enhance the Platform, to communicate with you, to conduct our business operations effectively, and, with your consent, to engage in marketing activities.

3.1 Platform Operation and Improvement

We process your information to provide and maintain the Platform's core services. This includes using your account data to authenticate you and personalize your experience, and using your property-related content and preferences to facilitate property communications between agents and buyers. For example, if you upload property documents, our AI might analyze those to extract key details (with your permission), and if you search for properties, we use your preferences to deliver relevant results. We also analyze usage patterns and feedback to improve our Platform's functionality and the performance of our AI. This may involve fixing bugs, enhancing user interface flows, and refining the AI algorithms so that responses to queries become more accurate and relevant over time. All such improvements are done in a manner that respects your privacy (e.g., using anonymized and aggregated data for analysis).

3.2 Communication and Support

We use your contact information and communication data to respond to your inquiries and support requests. For instance, if you reach out to our support team with a problem, we will review your account and prior communications to assist you. We also send you service-related notifications and updates, such as alerts about messages you've received on the Platform, changes to your account, or important updates about the Platform's status. We may contact you to inform you of new features or changes that could affect your use of the Platform. Additionally, if you participate in surveys or provide feedback, we use that information to address concerns and improve our services. All communications will be handled in line with your preferences and applicable law (for example, certain essential service notifications may be sent even if you've opted out of marketing emails).

3.3 Business Operations

Your information is used to support our day-to-day business needs. This includes analyzing overall Platform usage to understand performance and user engagement (e.g., tracking how many users engage with a new feature), conducting research and development for new products or services, and monitoring for security threats or fraudulent activities. We process data to ensure the Platform's integrity and security, such as using technical logs (IP addresses, device info) to detect and prevent fraud, spam, or malicious behavior. In certain cases, we may need to use your information to comply with legal obligations – for example, keeping records as required by law or cooperating with regulatory authorities. All these uses are based on legitimate interests in running and protecting our business, provided such interests are not overridden by your data protection rights.

3.4 Marketing and Promotional Activities

With your consent (where required), we may use your contact details and preferences to send you marketing communications. These can include promotional emails, newsletters, or in-app messages about new features, services, or special offers that Vibed Unicorn provides. We might also invite you to participate in market research or user surveys to collect your opinions. To make our marketing more relevant, we may analyze your usage patterns or preferences to tailor the content (for example, sending real estate agents information on new tools for property listings, or sending buyers updates on new property listings in their area of interest). You have control over receiving marketing: you can opt out of these communications at any time (see Section 7.4 Opt-Out Rights below), and opting out will not affect your access to the Platform.

3.5 Email Communications and Notification Preferences

Operational Emails: By signing up and using the Platform, you agree that we may send operational and service-related emails necessary to provide the service and administer your account. These include account verification and authentication messages (including Google Firebase Auth emails), security alerts, password resets, important service announcements, and activity or transaction confirmations related to your account.

• Account Creation and Verification: When you create an account, we send a verification and/or sign-in authentication email via Firebase Auth. Completion of this process is required to activate and secure your account.
• Buyer Emails (Preference-Based): Buyers will only receive property update emails if they (i) enter property preferences and (ii) enable email notifications in Preferences. If a Buyer disables email notifications, property update emails will not be sent. Buyers may also receive an email when an Agent updates or corrects AI-generated chat messages within that Buyer’s specific conversation, to maintain transparency and accuracy.
• Agent Emails (Operational): Agents may receive emails when: (a) submitting a property package to go live; (b) editing a property package; (c) a property package is approved/accepted and marked LIVE; and (d) a user starts or engages in a chat with their property package. We may apply reasonable frequency limits, aggregation, or digests.
• Admin Emails (Operational): Vibed Unicorn admins may receive emails when: (a) a new Buyer signs up; (b) an Agent submits a property package to go live; or (c) an Agent edits a property package that is LIVE. These are for service administration and quality assurance.
• Preferences and Opt-Out: Buyers can control property update emails via Preferences. For non-operational or promotional emails, you may opt out at any time via unsubscribe links or settings. Opting out does not affect operational emails that are necessary to provide the service.
• Lawful Basis: We rely on contract performance and legitimate interests for operational emails, and consent (where required) for marketing or optional notifications. See Section 12 for legal bases.
• Accuracy of Contact Details: Keep your email address current in your account settings to ensure delivery.
• Compliance: Emails are sent in accordance with applicable laws (e.g., NZ Unsolicited Electronic Messages Act, CAN-SPAM, GDPR/ePrivacy as applicable) and include unsubscribe mechanisms where required.

4. AI Processing and Data Use

Our Platform utilizes artificial intelligence to enhance the property communication experience. This section explains how AI features work and how data is handled in relation to AI.

4.1 AI-Powered Features

Our Platform provides several AI-driven functionalities to help users get the most out of their real estate data:

Document Analysis: The AI can analyze uploaded property documents (such as home inspection reports, floor plans, etc.) and extract key information or summaries for easier understanding. For example, the AI might summarize a lengthy PDF or highlight important points about a property's features.

Query Responses: You can ask our AI questions about a property or the real estate market, and it will generate responses based on the information it has (from the documents or general knowledge it's been trained on). This enables natural language conversations about real estate – for instance, a buyer might ask, "What are the main features of this house?" and the AI will provide an answer drawn from the property description or documents.

Property Search and Recommendations: The AI assists in searching for properties by understanding user queries in natural language and matching them with listings. It can also learn from a user's preferences to recommend other properties that might be of interest.

Chat Conversations: Our AI is designed to engage in natural language conversations. Agents and buyers can converse with the AI as they would with an assistant – e.g., a buyer might ask follow-up questions about a property's neighborhood, and the AI will attempt to help with relevant information.

All these AI-powered features are built to facilitate a smoother and more informative interaction between agents, buyers, and property data, in a way that feels conversational and efficient.

4.2 AI Training and Improvement

We continuously work to improve our AI models, but we do not use any personal data or content that you upload to the Platform to train our AI models. This means that property documents, chat conversations, images, or any other user-provided information are not fed into our model training process. Our AI is initially trained on broad datasets and can improve through system updates, but these improvements utilize test data and aggregated non-identifying information. In other words, your specific data remains confidential and is not used to "teach" our AI – a practice aligned with emerging industry standards for privacy. By avoiding the use of customer data in training, we protect your proprietary information and ensure that sensitive details about your properties or conversations remain exclusively within the context of providing services to you, not as fodder for general AI model development. We may internally review aggregated usage metrics or AI performance (which could include anonymized prompts or queries) to identify areas where the AI can be improved, but those reviews do not incorporate any personal identifiers or raw data that would compromise your privacy.

4.3 AI Data Retention

Interactions you have with the AI (such as chat logs or document analysis outputs) are stored for a period of time to allow you to review past conversations and to help us ensure service quality. For example, retaining chat logs temporarily enables you to revisit an answer the AI gave you earlier, and it helps us troubleshoot if you report an incorrect or problematic AI response. Document analysis results may also be kept so that you can easily retrieve AI-generated summaries or insights without needing to re-upload the same document repeatedly. Importantly, while we store these AI interaction records to support functionality and quality assurance, we do not use them to further train the AI models (as noted above). We apply the same security measures to this AI interaction data as we do for other personal data (see Section 6: Data Security and Protection). If you wish to have specific AI conversation data deleted, you can contact us, and we will address such requests in line with our data deletion procedures and legal obligations.

4.4 AI Training Data Practices

To reiterate our data use approach for clarity: any data used for AI model training or improvement is either non-personal or fully anonymized/aggregated. For instance, we might use a collection of general real estate facts or public property listings to fine-tune an AI feature. If we ever use Platform-related data for testing or improving our AI, we ensure that it contains no information that can be linked back to any individual user or specific property. Personal identifiers are removed or obfuscated in any dataset before it's considered for AI development purposes. Our goal is to continuously enhance our AI capabilities without compromising user privacy or confidentiality, and we periodically review our AI training processes to ensure they remain in compliance with this commitment and with applicable regulations.

5. Information Sharing and Disclosure

We understand the importance of keeping your personal information secure and only sharing it when necessary. This section outlines how and with whom we may share information, and the circumstances under which such sharing occurs.

5.1 Sharing Between Users

Agent-Buyer Interactions: The Platform is designed to facilitate communication and transactions between real estate agents (or property owners) and potential buyers (or renters). As such, some information is shared between users by the very nature of the service:

When an agent uploads property information or documents to the Platform for a listing, that content (including descriptions, images, and attached documents) can be viewed by users interested in the property.

If a buyer asks a question via our AI chat about a property, the agent associated with that property may see the inquiry and the AI's response (especially if the question triggers a notification to the agent or is part of a shared conversation).

Chat messages exchanged through the Platform between a buyer and an agent (or owner) are visible to both participants. We treat these chat conversations as private between the parties involved; however, both the sender and recipient will have access to the communication history for their transaction.

If you explicitly share your contact information or other personal details with another user (for example, an agent providing a phone number to a buyer, or a buyer sharing their email), that is considered a direct user-to-user disclosure which both parties will have in their records.

We do not broadly publish your personal contact information to other users without your consent – you are in control of what contact data you share in conversations. The Platform may note certain interaction data (e.g., that a particular buyer viewed a property or that a conversation took place) and make it available to the relevant parties (such as the agent of the property viewed), but this is all within the expected scope of agent-buyer communications.

5.2 Service Providers and Partners

We may share your information with trusted third-party service providers and business partners who perform services on our behalf, but only for the purposes described in this Privacy Policy. These third parties are contractually obligated to protect your data and use it only as necessary to fulfill their services to us. Key categories of service providers and partners include:

Cloud Hosting and Storage Providers: We utilize cloud infrastructure (such as Firebase/Google Cloud) to host the Platform and store data. Your information (including personal data and uploaded content) is stored on these secure cloud servers. These providers have access to data for storage and backup purposes but cannot use it independently.

AI and Machine Learning Service Providers: To power certain AI features, we may use external AI platforms or APIs. If we send data to an AI service (for example, to process a natural language query), we ensure the provider does not use that data for any purpose other than giving us the result of the processing. We also leverage in-house AI systems; whether external or internal, all AI processing is done under strict confidentiality and privacy safeguards (as described in Section 4).

Analytics Services: We use analytics tools (e.g., Google Analytics or similar) to understand how users interact with the Platform. These tools may process usage data and device identifiers to provide insights like user traffic patterns, feature popularity, or demographic trends. Data shared with analytics services is typically in aggregated form or associated with an anonymous identifier; these services do not receive your name or contact information.

Customer Support Tools: We may use third-party platforms to manage support tickets, chat support, or email communications (for example, a CRM or helpdesk software). When you contact us for help, details of your request and contact info may be stored in these systems to help us manage your inquiry.

Security and Fraud Prevention: We might share data with security service providers who help us identify and prevent security threats or fraudulent activities. For example, information like IP addresses or login attempts could be sent to services that monitor for suspicious patterns.

In all cases, we only share the minimum information necessary for the provider to perform their function. We also review our providers' data protection measures to ensure they meet high standards of security. We do not allow our service providers to use your personal information for their own marketing or other purposes.

5.3 Legal and Compliance Requirements

We may disclose your information when we reasonably believe that doing so is necessary to comply with a legal obligation, regulation, or valid legal process (such as a subpoena or court order). Specifically, your information could be disclosed:

In Response to Legal Process or Government Requests: If law enforcement agencies, courts, or regulators with appropriate authority request data and are legally entitled to obtain it, we may provide the requested information. We will evaluate each request to ensure it has appropriate legal basis, and we'll narrow the disclosure to only what is required by law.

To Protect Rights, Property, or Safety: We may share information if we believe it's necessary to enforce our terms of service, protect the rights and property of the Company, our users, or the public. For example, we might report accounts engaged in fraudulent or illegal behavior and provide relevant data to authorities.

Investigations and Fraud Prevention: If you engage in or are suspected of engaging in any activities that violate the law or our policies (such as fraud, harassment, hacking, etc.), we may disclose information to investigators or relevant third parties (including counsel) to facilitate resolving the matter and preventing harm.

Compliance and Regulatory Oversight: Should we be subject to an audit, inquiry, or assessment by a regulatory body (for instance, a privacy commissioner or data protection authority), we might be required to provide access to certain records as part of demonstrating compliance with privacy laws.

We will attempt to notify you of any legal demands for your data when allowed, so you have an opportunity to object (for instance, seeking legal protection), except in cases where the law or court order prohibits such notification.

5.4 Business Transfers

If we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your personal information may be among the assets transferred. In such an event, the acquiring company will take on the rights and obligations regarding your personal information as described in this Privacy Policy. We will ensure that any successor entity either adheres to the same privacy commitments or provides you with notice of changes and choices regarding your personal information. For example, if Vibed Unicorn is acquired by a larger real estate platform, the personal data and content we have (including user accounts and property data) would be transferred to that new owner so they can continue providing the service to you. However, your information would remain subject to the promises made in this policy unless you're notified otherwise. We would inform users of any such business transfer via prominent notice on our Platform or via email, and outline any choices you may have as a result.

6. Data Security and Protection

We take the security of your personal information seriously. We implement a range of technical and organizational measures to guard against unauthorized access, alteration, disclosure, or destruction of your data.

6.1 Security Measures

Encryption: We use encryption to protect data both in transit and at rest. This means that when your data is being transmitted to our servers (for example, when you log in or upload documents), it is encrypted via HTTPS/TLS so that it cannot be easily intercepted. Similarly, sensitive data stored in our databases or cloud storage is encrypted at rest, adding an extra layer of protection in case of any unauthorized access to the storage media.

Access Controls: We restrict access to personal information to authorized personnel and service providers who need it to operate the Platform. Strict authentication measures (such as strong password requirements and, where possible, multi-factor authentication) are in place for our internal systems to prevent unauthorized login. We also employ the principle of least privilege, meaning our team members are granted the minimum access necessary for their role. Administrative access to systems that contain personal data is limited to a small number of trained individuals.

Security Testing and Maintenance: We conduct regular security assessments, including vulnerability scanning and penetration testing, to identify and address potential security weaknesses. Our systems are monitored for suspicious activities, and we keep our software and infrastructure updated with the latest security patches.

Employee Training and Policies: We train our employees on data protection best practices and confidentiality. All staff and any contractors who handle personal data are bound by confidentiality agreements. We conduct periodic training sessions to ensure everyone at the Company is aware of security policies, phishing risks, and proper data handling procedures.

Incident Response: We have an incident response plan in place. In the event of a security breach or suspected incident, we will swiftly investigate and take action to mitigate any harm. If a data breach occurs that affects your personal information, we will notify you and relevant authorities as required by law, and provide updates on steps taken and any recommended actions for you to protect yourself (such as changing passwords).

6.2 Data Retention

We retain personal information for only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In practice, this means:

Account and Profile Information: We keep your basic account information (like name, contact details, account credentials) for as long as your account is active. If you delete your account or it becomes inactive, we will remove or anonymize this information after a reasonable period, unless it needs to be retained for legal reasons (such as record-keeping, fraud prevention, or dispute resolution).

Property Content and Chat Data: Content you upload (property documents, descriptions, etc.) and chat conversations on the Platform are retained to serve their function. For example, property documents remain available as long as the listing is active; chat logs are kept so that users can review their communications. We may archive older conversations or content after a certain time to improve performance, but will still enable you to request those records if needed (until ultimate deletion).

Usage Data: Usage analytics data (pages visited, feature usage, etc.) is typically retained in aggregate form for a longer period for trend analysis and Platform improvement, but this data does not directly identify individuals. Raw logs tying usage to user IDs or IP addresses may be kept for a shorter duration (often a few months) unless required for security analysis.

Compliance with Legal Obligations: We might need to keep certain data for an extended period to comply with laws (e.g., finance or tax regulations might require preserving transaction records for a number of years, or privacy laws might require us to document consents and requests). In all cases, where data is retained for legal compliance, it will be isolated from regular access and only used for those compliance purposes.

Once the retention period expires or the data is no longer needed, we will ensure it is either securely deleted or anonymized (so that it can no longer be associated with you). We periodically review the data we hold and erase or anonymize information that is no longer necessary.

6.3 Data Deletion

You have the ability to request deletion of your personal information (see Section 7.3 Deletion and Restriction for your rights). Upon receiving a verified deletion request, we will delete or anonymize your personal information from our active databases, subject to certain exceptions. These exceptions include:

Legal Retention Requirements: If applicable laws require us to keep certain data for a set time (for example, financial records, proof of consent, or records of transactions), we will retain that information for the duration mandated by law. We will, however, restrict access to such retained data so that it's not readily accessible for other business purposes.

Legitimate Business Purposes: In some cases, even if you request deletion, we might retain minimal information to prevent fraud, resolve disputes, or enforce our agreements. For instance, we may keep a record that you had an account and the date of deletion to avoid re-creating the same account fraudulently, or to honor an opt-out request for communications. Any such retention will be limited in scope and duration as necessary.

AI Training Data Considerations: As noted in Section 4.2, our AI training datasets do not include personal data or user-uploaded content. In the event any user data was ever incorporated into an AI model in an anonymized, aggregated way (which our policy is to avoid), it may not be feasible to extract or delete that specific contribution from the model without impacting the model's integrity. However, since we have committed not to use identifiable user data in training, this situation should not arise. If it does, we would take steps to ensure that no identifiable data remains in any AI models.

When we delete personal data, we follow industry best practices for secure deletion or destruction. For example, we ensure that electronic records are permanently erased and physical media are securely destroyed if applicable. After processing a deletion request, we will also inform any third-party service providers who had access to your data (through our direction) to delete the data from their systems, provided this is feasible and required.

7. Your Privacy Rights

Depending on your jurisdiction and the applicable privacy laws, you have certain rights regarding your personal information. We are committed to honoring these rights and have processes in place to help you exercise them. Below is an overview of rights that may be available to you as a user of the Platform, and how you can use them.

7.1 Access and Portability

Access: You have the right to request confirmation of whether we are processing personal information about you, and to obtain access to the specific pieces of personal information we hold about you. This is often known as a data subject access request. Upon request, we will provide you with a copy of your personal data in our records, typically in a structured, commonly used electronic format. This will include information on how we've used your data, what types of data we have, and who we have shared it with. Portability: In addition, you have the right to request that we provide your data in a format that can be transferred to another service provider. Where applicable (for example, under GDPR's data portability right), we will give you an electronic file containing the personal information that you have provided to us and that we process by automated means, so you can transfer it to another platform. This might include, for instance, your profile information and transaction history on the Platform. If technically feasible, and if you request, we may also be able to transmit that data directly to another organization at your direction. To exercise access or portability, you can contact us using the information in the Contact section below. We will need to verify your identity before fulfilling such requests (to ensure we don't release data to an unauthorized person). We will respond within the timeframe required by applicable law (e.g., within 30 days for many jurisdictions, with the possibility of a reasonable extension when necessary). Keep in mind that these rights are not absolute – if a request infringes on the rights of others or is excessively repetitive, we may limit the scope or decline, but we will explain our reasoning in such cases.

7.2 Correction and Updates

We want to make sure that the personal information we maintain is accurate and up-to-date. You have the right to request correction of any inaccuracies in your personal data. Most of your basic account information can be updated directly by you through your account settings on the Platform. For example, you can log in and change your contact details, update your profile information, or modify preferences at any time. We encourage you to promptly update your information if it changes or if you notice any inaccuracies. If you find that certain information cannot be changed via the user interface, you can contact us with a request to correct or update that data. For instance, if you are an agent and your professional license information or agency name on your profile needs to be corrected, we can assist with updating those records. When you request a correction, we may ask for documentation or verification if necessary (for example, proof of the correct information) to ensure the accuracy of our records. In addition to correcting wrong data, you can also add context to incomplete data. For example, if some record is incomplete, you have the right to provide the additional information so that the record presents a full picture. We will make the corrections as requested and inform you when done. If for some reason we cannot fulfill your request (such as if the information is required to be retained in its original form by law), we will explain the basis for the refusal and inform you of any further options.

7.3 Deletion and Restriction

Deletion (Right to Erasure): You have the right to request that we delete your personal information, sometimes known as the "right to be forgotten." You can request deletion of your entire account or specific information. When you delete your account through the Platform interface (if that functionality is available) or request deletion through our support channels, we will remove your personal data from our active systems, as described in Section 6.3. This includes your profile information, uploaded content, and chat history associated with your identity, unless an exception applies. We will also direct our service providers to delete your information from their records where applicable. Do note that deletion is irreversible – if your account is deleted, you will lose access to Platform services and this action cannot be undone. If you wish to use the Platform again, you would need to create a new account. There are circumstances where we may not be able to fully comply with a deletion request: for example, if we are required to keep certain data for legal compliance (see Section 6.3 on Data Deletion for details on exceptions). We will inform you of any such retention. In some cases, instead of full deletion, we may offer to anonymize your data (so it no longer can be associated with you) if deletion is not feasible or if the data is needed in aggregate form. An example might be converting a transaction record to an anonymous entry for statistical purposes while removing personal identifiers. Restriction: You also have the right to request that we restrict the processing of your personal information under certain conditions. This means we would mark the stored data to limit how it's used – essentially pausing active use of it. You might request restriction if you contest the accuracy of your data (for the period it takes for us to verify it), or if you object to processing and we are evaluating that objection, or if you need us to preserve the data for legal claims while we would otherwise delete it. When processing is restricted, we will not use or share the data except for storage and to the extent necessary to handle the restriction (for example, to ensure no further changes happen while it's under review). If the restriction is lifted (such as when a dispute is resolved or accuracy confirmed), we will inform you. To request deletion or restriction, please contact us using the information in Section 14. We will verify your identity and then proceed with your request in accordance with applicable law. Our goal is to honor such requests within statutory timelines and to let you know once completed or if any issue prevents completion.

7.4 Opt-Out Rights

You have the right to opt out of certain uses of your personal information, particularly around marketing and data sharing:

Marketing Communications: If you previously consented to receive promotional emails or newsletters from us, you can opt out at any time. Every marketing email will contain an "unsubscribe" link that you can click to stop receiving that type of communication. You can also adjust your preferences in your account settings if such an option is provided, or contact us directly to request removal from our marketing list. Please note that even if you opt out of marketing messages, we may still send you essential service or transactional communications (such as password reset emails, legally required notices, or support responses).

Non-Essential Data Collection: You can opt out of certain data collection activities, especially those related to analytics or advertising. For instance, you can disable non-essential cookies or use browser settings and opt-out mechanisms (see Section 8.2 on Cookie Management) to limit tracking. If we ever participate in any form of personal data sharing that constitutes a "sale" or "sharing" under laws like the CCPA (for targeted advertising purposes, for example), we will provide you with a clear ability to opt out of that sharing. As of the Last Updated date of this policy, we do not sell personal information for monetary gain, and any sharing is only as described in this Policy (primarily service providers or user-directed sharing). If that ever changes, we will update our practices and provide opt-out choices as required.

AI Training Data Use: Although we do not use your data for AI training by default, if there are any optional programs or future features where you could choose to contribute data to improving our AI (for example, an opt-in program to share feedback or specific interactions), you would have the ability to opt out or not opt in to begin with. We would clearly explain any such program and obtain consent. Absent your participation, your data stays out of the AI training loop.

Third-Party Data Sharing: We generally only share data with third parties as needed for services (Section 5.2) and for legal reasons (5.3). If in the future we consider sharing information with third parties beyond those contexts (say, sharing with a strategic partner for joint marketing), we will provide a clear opt-out (or opt-in if required by law) for that kind of sharing.

Exercising opt-out rights will never result in any discrimination or less favorable service from us. For example, if you opt out of marketing emails, we will not downgrade your account or restrict your Platform features – we fully respect such choices, as required by laws like CCPA/CPRA that prohibit discrimination for exercising privacy rights.

8. Cookies and Tracking Technologies

Like many online services, we use cookies and similar tracking technologies (such as pixel tags and web beacons) to help us operate the Platform and enhance your user experience. This section explains what cookies are, how we use them, and your choices regarding them.

8.1 What Are Cookies and How We Use Them

Cookies are small data files that are placed on your device (computer, smartphone, tablet) when you visit a website. They allow the website to recognize your device and remember certain information about your preferences or activities. We use cookies and similar technologies for several purposes:

Essential Cookies: These are cookies that are absolutely necessary for the Platform to function properly. They enable basic functions like page navigation, access to secure areas of the website, and authentication (keeping you logged in). Without these cookies, the Platform cannot work as intended. Examples include session cookies that identify you during your login session, cookies that remember your language preference so that the site displays in the correct language, and security cookies that help protect against fraudulent logins. These essential cookies are exempt from consent requirements because they are strictly necessary for providing the service you have requested.

Performance and Analytics Cookies: These cookies help us understand how users interact with the Platform by collecting information about your usage patterns. They tell us which pages are most visited, how long users spend on different sections, what features are used most frequently, and where users experience difficulties. This information is typically anonymized or aggregated, meaning it cannot identify you personally. We use this data to improve the Platform's performance, fix bugs, and develop new features that better serve our users. For example, if analytics show that many users have trouble finding a particular feature, we might redesign the interface to make it more accessible.

Functional Cookies: These cookies allow the Platform to remember choices you make and provide enhanced, more personalized features. For example, functional cookies may remember your display preferences (such as text size or layout), the properties you've viewed recently, or your location settings for search functionality. They help to make your experience more convenient and tailored to your preferences. Unlike essential cookies, functional cookies improve your experience but are not absolutely necessary for the basic operation of the Platform.

Targeting and Advertising Cookies (if applicable): Currently, we do not use targeting or advertising cookies on the Platform. If we ever decide to implement such cookies in the future (for example, to show targeted advertisements or track conversions from marketing campaigns), we would update this Privacy Policy and provide clear opt-in or opt-out options as required by law. These would be cookies that track your activity across different websites to build a profile of your interests for advertising purposes.

8.2 Cookie Management and Your Choices

You have several options for managing cookies on your device:

Browser Settings: Most web browsers allow you to control cookies through their settings menu. You can typically set your browser to refuse all cookies, to only accept certain types of cookies (like first-party but not third-party cookies), or to prompt you before accepting each cookie. You can also delete cookies that have already been placed on your device. Note that if you disable essential cookies, some parts of the Platform may not function properly. Each browser is slightly different, but you can usually find cookie settings under "Privacy" or "Security" in your browser's preferences or settings menu.

Cookie Preference Center: We may provide a cookie preference center or similar tool that allows you to easily manage your cookie preferences directly on the Platform. This would allow you to opt in or out of different categories of cookies (except essential ones) without having to adjust your browser settings. If we implement such a tool, it will be accessible through a link on the Platform, and your choices will be respected across your sessions.

Analytics Opt-Out: For analytics services (such as Google Analytics, if we use it), you can opt out of data collection through specific opt-out tools. For example, Google provides a browser add-on that prevents Google Analytics from collecting data about your website visits. Information about available opt-out tools will be made available if we use such analytics services.

Third-Party Tools: You can also use browser extensions or privacy tools that block cookies and trackers across websites. These tools can provide more granular control over what tracking technologies are allowed to run.

Please keep in mind that if you disable cookies, your experience on the Platform may be affected. For instance, you may need to re-enter information that would normally be remembered, or certain features may not work as expected. However, you should still be able to access the core functionality of the Platform.

8.3 Other Tracking Technologies

In addition to cookies, we may use other tracking technologies:

Web Beacons (Pixel Tags): These are tiny graphics files that contain a unique identifier that enables us to recognize when someone has visited the Platform or opened an email from us. We might use web beacons to track the effectiveness of our communications or to gather usage statistics.

Local Storage: We may use local storage technologies (such as HTML5 local storage) to store information locally on your device. This can improve performance by reducing the need to fetch data from our servers every time you use the Platform.

Device Fingerprinting: We may collect information about your device and browser configuration (such as screen resolution, operating system, browser version) to help identify and prevent fraud or abuse. This information is typically used in combination with other security measures and is not used to personally identify you for marketing purposes.

The choices you make regarding cookies generally apply to these other tracking technologies as well. For example, if you disable certain cookies, related web beacons may also be disabled.

9. INTERNATIONAL DATA TRANSFERS

9.1 Cross-Border Processing

Your information may be processed in countries other than your residence, including:

• United States (Firebase/Google Cloud infrastructure)
• European Union (data processing partners)
• Other jurisdictions where our service providers operate

9.2 Transfer Safeguards

We ensure appropriate safeguards for international transfers:

• Standard contractual clauses
• Adequacy decisions by relevant authorities
• Certification schemes and codes of conduct
• Binding corporate rules and privacy frameworks

10. CHILDREN'S PRIVACY

10.1 Age Restrictions

The Platform is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

10.2 Parental Rights

If we become aware that we have collected information from a child under 18, we will:

• Delete the information promptly
• Notify parents or guardians
• Implement additional safeguards
• Comply with applicable children's privacy laws

14. Updates to This Privacy Policy

14.1 Policy Changes

We may update this Privacy Policy from time to time to reflect:

• Changes in our data collection, use, or sharing practices
• New features, services, or AI capabilities
• Legal or regulatory requirements and compliance obligations
• Industry best practices and evolving privacy standards
• User feedback and privacy enhancement initiatives
• Changes in our business operations or corporate structure

14.2 Types of Changes

14.3 Notification Methods

For material changes, we will notify users through:

• Email notifications: Sent to your registered email address at least 30 days before changes take effect
• Platform notifications: Prominent banners or notices displayed when you log in
• In-app alerts: Push notifications or pop-up messages highlighting important changes
• Website updates: Notice posted on our main website and legal pages
• Version tracking: Clear indication of what has changed in each policy version

14.4 Your Options

When we make material changes to this Privacy Policy:

• You will have the opportunity to review the changes before they take effect
• Continued use of the Platform after the effective date constitutes acceptance of the new terms
• If you do not agree to the changes, you may delete your account before they take effect
• We may provide options to opt out of specific new data uses while maintaining your account

14.5 Version History

We maintain a version history of this Privacy Policy. Previous versions are available upon request for transparency and compliance purposes.

15. Contact Information and Privacy Requests

15.1 General Privacy Inquiries

15.2 Data Subject Rights Requests

15.3 Data Protection Officer

15.4 Security Incidents and Data Breaches

15.5 Response Times and Process

15.6 Regulatory Authorities and Complaints