PRIVACY POLICY

This Privacy Policy (this “Policy”) explains how Platform Factory Inc (“we” or “us”) collects, uses, and discloses information about you. This Policy applies when you use our websites, mobile applications, and other products and services that link to this Policy (collectively, the “Services”). It also applies when you interact with us, including contacting our customer service team or engaging with us on social media.

We may change this Policy at any time. If we do make any such changes, we will revise the date at the top of this Policy and may provide you with additional notice. Please review this Policy regularly to stay informed about our practices and the choices available to you.

INFORMATION WE COLLECT

We collect personal information in the following ways.

Information You Provide to Us

• Provided Information: We collect information you provide directly to us, such as when you fill out a form, create an account, submit or post content via our Services, or otherwise communicate with us. The types of information we may collect include, but is not limited to, your name, email address, your content, social security number, employer identification number (if applicable), business information (if applicable), mailing address, and any other information you choose to provide. Different features of the Services may require different information, and such features might not work correctly or at all without that information.
• Payment Information: When you purchase something on the Services, you may be able to store your payment information for future purchases. When you opt in to store your payment information, you agree to allow us to store your banking or credit card information, and you further agree that we will periodically collect and process, among other things, account owner information, account number and details, and credentials until you ask us to disconnect your payment information.

Information We Collect Automatically When You Interact with Us

We may also automatically collect certain information in some instances, including:

• Transactional Information: When you purchase something on the Services, we collect information about the transaction, such as purchase price, the date of the transaction, and other details about the purchase.
• Activity Information: We collect information about your activity on the Services, such as your history on the Services.
• Device and Usage Information: We collect information about how you access the Services, including data about the networks and devices you use such as your hardware model, operating system version, IP address, mobile network, unique device identifiers, and browser type. We also collect information about your activity on the Services, including access times, pages viewed, links clicked, and the page you visited before navigating to the Services.
• Information from Cookies and Other Tracking Technologies: We use cookies and other tracking technologies to collect information about your use of the Services. Cookies are small data files stored on your hard drive or in device memory that help us improve the Services and your experience, see which areas and features of the Services are popular, and count visits. When you return to websites that save cookies on your device—or visit websites that use the same cookies—the websites recognize the cookies and your browsing device. We also work with third-party analytics providers, including Google Analytics, who use cookies, web beacons, and other technologies to collect information about your use of the Services and other websites and applications, including pages viewed, time spent on our pages, links clicked, your mobile network information, your IP address, and your web browser information. We may use this information to analyze and track data, improve the Services, and better understand your activity and experience. For more information about cookies and how to disable them, see the Your Choices section below.

Information We Collect from Other Sources

We obtain information from third-party sources. For example, we may collect information about you from data analytics providers or social networks. If you create or log into the Services through a third-party platform (such as Facebook or Google) we will have access to certain information from that platform, such as your name, profile picture, and email address, in accordance with the authorization procedures determined by such third-party platform.

Information We Derive

We may draw inferences to derive information about you based on other information we collect. For example, we may make inferences about your location based on your IP address.

‍USE OF INFORMATION

We use the information collected to provide, maintain, and improve the Services. We also use the information we collect to:

• Create and maintain your account;
• Provide and improve the Services;
• Process transactions and send related information such as confirmations, receipts, and user experience surveys;
• Send you technical notices, security alerts, and support messages;
• Respond to your comments and questions and provide customer service;
• Communicate with you about new services and features we offer, as well as other information we think will interest you (see Your Choices below for information about how to opt out of these communications at any time);
• Monitor and analyze trends, usage, and activities in connection with the Services;
• Detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity and protect the rights and property of us and others;
• Identify and repair errors in the Services;
• Comply with our legal and financial obligations; and
• Carry out any other purpose described to you at the time the information was collected.

SHARING OF INFORMATION

We share personal information in the following circumstances or as otherwise described in this Policy:

• We share personal information with vendors, service providers, and consultants that need to access the information to perform services for us, such as companies that assist us with web hosting, storage, and other infrastructure, analytics, payment processing, fraud prevention and security, customer service, communications, and marketing.
• We share personal information with our attorneys and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
• We may disclose personal information if we believe such disclosure is in accordance with, or required by, any applicable law or legal process.
• We may share personal information if we believe you have violated the law, if we believe that your actions are inconsistent with our policies or user agreements, or if we believe it is necessary to protect the rights, property, and safety of us or others.
• We may share personal information in connection with, or during negotiations concerning, a merger, sale of company assets, financing, or acquisition or all or part of our business by another company.
• We share personal information between and among us and our current and future parents, affiliates, and companies under common ownership.
• We share personal information with your consent or at your direction.
• We share aggregated or de-identified information that cannot reasonably be used to identify you.

The following are subprocessors that we are currently engaged with and the purpose for which we work with them:

• AWS (https://aws.amazon.com) – Primary hosting platform
• Cloudflare (https://www.cloudflare.com) - CDN

‍TRANSFER OF INFORMATION

We are headquartered in the United States and have operations and service providers in the United States and other countries. Accordingly, we and our service providers may transfer your personal information to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of your home jurisdiction. [For example, we transfer personal data to Amazon Web Services, one of our service providers that processes personal information for us in various data center locations across the globe, including those listed here.] We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it.

‍DATA PROCESSING

In submitting any third-party personal data within the context of the Services (“Third-Party Data”), the parties agree that you shall be the Data Controller and you appoint us as a Data Processor of such data, for the purpose of providing the Services. To the extent that we are a “Data Processor” for you in respect of such Third-Party Data, we will:

• Implement appropriate technical and organizational measures to safeguard the Third-Party Data against any unauthorized or unlawful access, loss, destruction, theft, use or disclosure. We implement basic level security in accordance with United States law. If higher levels of security are required, please contact us.
• Limit access to the Third-Party Data only to those employees who need to know it to enable the Data Processor to perform the Services, and we will take appropriate steps to ensure the reliability of those of our employees or subcontractors who have access to such Third-Party Data.
• Only process the personal data as specified by this Policy and in accordance with your instructions, and will not use the Third-Party Data for any purposes other than those related to the performance of the Services or pursuant to your written instructions.
• Upon the expiry or termination of this Privacy Policy, or upon your request, cease any and all use of the Third-Party Data and destroy or return it to you.
• Not disclose the Third-Party Data to any third-party without your prior written consent. Such consent is granted on, for example, your instruction to share a dashboard with third parties (public or within a restricted group).

We as Data Processor may provide access to a subcontractor processor to any such Third-Party Data if we reasonably consider such access and processing necessary to the performance of the Services. In the event of such access and before the access takes place, we will ensure that an agreement with the third-party is in place which is sufficient to require it to treat personal data in accordance with the applicable provisions of this Policy and applicable law. In particular, you authorize us to subcontract the provision of technology and commercial services to members of our corporate group.

You represent and warrant that you have all the appropriate consents from data subjects whose personal data are submitted to us in the course of the provision of the Services.

‍YOUR CHOICES

Account Information

You may access, correct, and delete your account information by contacting us via email at: [email address]. If you choose to delete your account, we may continue to retain certain information about you as required by law or for our legitimate business purposes.

Cookies

Most web browsers are set to accept cookies by default. You can generally adjust your browser settings to remove or reject browser cookies; however, please note that removing or rejecting cookies could affect the availability and functionality of the Services.

Communications Preferences

You may opt out of receiving certain marketing communications from us by following the instructions in the communications—generally, clicking an unsubscribe link at the bottom of any marketing email. You cannot generally opt out of transactional or administrative emails, so we may continue to send you those emails even if you opt out from marketing communications.

‍CALIFORNIA PRIVACY RIGHTS

The California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.) affords consumers residing in California certain rights with respect to their personal information. If you are a California resident, this section applies to you.

In the preceding 12 months, we have collected the following categories of personal information: identifiers, commercial information, internet or other electronic network activity information, and inferences. For details about the precise data points we collect and the categories of sources of such collection, please see the Collection of Information section above. We collect personal information for the business and commercial purposes described in the Use of Information section above. In the preceding 12 months, we have disclosed the following categories of personal information for business purposes to the following categories of recipients:

Subject to certain limitations, you have the right to (1) request to know more about the categories and specific pieces of personal information we collect, use, and disclose about you, (2) request deletion of your personal information, (3) opt out of any sales of your personal information, if we engage in that activity in the future, and (4) not be discriminated against for exercising these rights. You may make these requests by emailing us at: support@payengine.co. We will verify a webform request by asking you to provide identifying information. We will not discriminate against you if you exercise your rights under the CCPA.

If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf. This may include requiring you to verify your identity. If you are an authorized agent seeking to make a request, please email us at: support@payengine.co.

Under the CCPA’s broad definition of “sell,” this could be considered a sale. If you wish to opt out of this activity, you may do so. We do not knowingly collect personal information from persons under the age of 18. Data will not be shared with any third parties for their marketing purposes.

‍EUROPEAN PRIVACY RIGHTS

If you are located in the European Economic Area (“EEA”), the United Kingdom, or Switzerland, you have certain rights and protections under applicable law regarding the processing of your personal data, and this section applies to you.

Legal Basis for Processing

When we process your personal data, we do so in reliance on the following lawful bases:

• To perform our responsibilities under our agreement with you (e.g., providing the products and services you requested).
• When we have a legitimate interest in processing your personal data to operate our business and protect our interests (e.g., to provide, maintain, and improve our products and services, conduct data analytics, and communicate with you).
• To comply with our legal obligations (e.g., to maintain a record of your consents and track those who have opted out of non-administrative communications).
• When we have your consent to do so (e.g., when you opt in to receive non-administrative communications from us). When consent is the legal basis for our processing your personal data, you may withdraw such consent at any time.

Data Retention

We store personal data associated with your account for as long as your account remains active. If you close your account, we will delete your account data within 14 days. We store other personal data for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.

Data Subject Requests

Subject to certain limitations, you have the right to request access to the personal data we hold about you and to receive your data in a portable format, the right to ask that your personal data be corrected or erased, and the right to object to, or request that we restrict, certain processing. To exercise your rights:

• You may request an export of your personal information by contacting us at: support@payengine.co.
• You may correct information associated with you by contacting us at: support@payengine.co.
• You may withdraw consent by contacting us at: support@payengine.co (except to the extent we are prevented by law from deleting your information).
• You may object at any time to the use of your personal data by contacting us at: support@payengine.co.

Questions or Complaints

If you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:

• For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
• For individuals in the UK: https://ico.org.uk/global/contact-us/
• For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

‍CONTACT US

If you have any questions about this Policy, please contact us at: support@payengine.co.