PRIVACY POLICY

Last Updated: January 18, 2026

We take your privacy seriously.

OK Peter LLC, doing business as Ello Charlie ("Company", "we", "us", or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

1. INFORMATION WE COLLECT

Data Minimization Commitment:

We are committed to data minimization principles. We collect only the minimum personal information necessary to provide our Services, fulfill our legitimate business purposes, and comply with legal obligations. We do not collect information beyond what is required for these purposes.

We collect information in three main categories:

1.1 Information You Provide to Us

Account Information:

• Name, email address, phone number

• Company name

• Billing address and payment information

• Username and password

• Profile information and preferences

Customer Data:

Data you upload, store, or transmit through the Services, including:

•. Contact information (names, emails, phone numbers, addresses)

• Lead and sales data

• Customer support tickets and communications

• Project information and documentation

• Meeting notes and scheduling data

• Chat transcripts and messages

• Form responses and survey data

• Custom fields and data you create

Communications:

• Messages you send to our support team

• Feedback, survey responses, and feature requests

• Comments and interactions with our team

End-User Data:

• When you use our forms, chat widgets, or scheduling tools on your website or product, we collect information from your End-users on your behalf

• This data is processed as a data processor under your instruction

• You are responsible for obtaining consent from your End-users and complying with privacy laws

1.2 Information We Collect Automatically

Usage Information:

• Pages or features you access

• Time and date of access

• Time spent on pages

• Click and navigation patterns

• Search queries within the Services

• Feature usage and interaction data

• API calls and integrations used

Device and Technical Information:

• IP address

• Browser type and version

• Operating system

• Device type (desktop, mobile, tablet)

• Screen resolution

• Language preferences

• Referring URLs

• Internet Service Provider

Location Information:

• Approximate geographic location based on IP address

• We do not collect precise geolocation without your permission

Cookies and Similar Technologies:

• Session cookies

• Persistent cookies

• Analytics cookies

• Preference cookies

• Security cookies

• See Section 7 for detailed information

1.3 Information from Third Parties

Integration Partners:

• Data from services you connect (calendar apps, email services, CRM systems, etc.)

• OAuth authentication data

• Synced contact and calendar information

Payment Processors:

• Payment confirmation and transaction data

• We do not store full credit card numbers

Marketing and Analytics Providers:

• Campaign performance data

• Web analytics data

• Attribution information

2. HOW WE USE YOUR INFORMATION

2.1 To Provide and Improve the Services

• Create and manage your account

• Process transactions and send billing invoices

• Provide customer support and respond to inquiries

• Deliver the features and functionality you've requested

• Store and process your Customer Data as instructed by you

• Maintain, improve, and optimize the Services

• Develop new features and products

• Troubleshoot technical issues

2.2 For Communication

• Send service-related announcements and updates

• Notify you about changes to our Services or policies

• Respond to your requests and questions

• Send important security or account notifications

• Provide technical support

• Send product update notifications

2.3 For Marketing (With Your Consent)

• Send newsletters and promotional materials

• Inform you about new features, products, or services

• Invite you to webinars, events, or surveys

• Share educational content and best practices

• You may opt out of marketing communications at any time

2.4 For Analytics and Research

• Understand how users interact with the Services

• Analyze usage patterns and trends

• Measure effectiveness of features

• Conduct market research

• Create aggregated, anonymized statistics

• Generate benchmarks and industry reports

2.5 For Artificial Intelligence and Machine Learning

Current AI Usage:

We currently use artificial intelligence in limited ways to enhance our Services:

AI-Powered Chat Widget:

• We use AI technology to power our customer support chat widget

• The AI helps search and retrieve relevant information from our support documentation

• The AI assists in providing automated responses to common support questions

• The AI analyzes user queries to deliver more accurate and helpful support responses

What We Do NOT Do:

• We do not use your personal data or Customer Data to train our AI models

Data Processing in Chat Widget: When you interact with our AI-powered chat widget:

• Your questions and chat messages are processed in real-time to provide support

• We may temporarily store chat transcripts for quality assurance and support purposes

• Chat data is retained according to our standard retention policies (see Section 5)

• We use AI to analyze the content of your question to match it with relevant documentation

• No personal data from chat interactions is used for AI model training

Future AI Features:

If we expand our AI capabilities or introduce new AI-powered features in the future, we will:

• Provide clear notice and update this Privacy Policy before implementation

• Obtain your explicit consent before using your data to train AI models

• Provide opt-out mechanisms for any AI training activities

• Clearly disclose when and how AI is being used in our Services

• Maintain transparency about AI data processing activities

• Not use your Customer Data for AI training without your explicit permission

Automated Decision-Making:

We do not currently engage in automated decision-making that produces legal effects or similarly significantly affects you. Our AI chat widget provides support recommendations only and does not make automated decisions.

If we introduce automated decision-making in the future, we will:

• Notify you of the use of automated decision-making

• Provide information about the logic involved

• Give you the right to request human review of automated decisions

• Comply with all applicable laws regarding automated decision-making (including GDPR Article 22, Colorado CPA requirements, and other state laws)

AI Transparency Commitments:

We are committed to responsible AI use:

• We clearly identify when you are interacting with AI (e.g., our chat widget indicates it is AI-powered)

• We maintain human oversight of AI systems

• We regularly review AI outputs for accuracy and bias

• We do not use AI to make consequential decisions without human involvement

• We comply with all applicable AI disclosure laws, including California AB 2013

Third-Party AI Services:

Our chat widget may use third-party AI services (such as large language models) to process queries. When we use third-party AI:

• We ensure contractual protections prohibit the AI provider from using your data for their own training

• We select AI providers with strong privacy and security practices

• We do not share more data than necessary to provide the support function

Your Rights Regarding AI:

You have the right to:

• Know when AI is being used to interact with you or your data

• Opt out of AI-powered chat (access and self-service with Plus Plan)

• Request deletion of AI chat transcripts (subject to retention requirements)

With questions or to exercise these rights, contact us at [email protected] with subject line AI.

2.6 For Security and Fraud Prevention

• Detect and prevent security threats

• Monitor for suspicious activity or Terms violations

• Investigate and prevent fraud or abuse

• Verify user identity

• Enforce our Terms of Service

• Comply with legal obligations

2.7 For Legal Compliance

• Respond to legal requests (subpoenas, court orders)

• Comply with applicable laws and regulations

• Protect our rights and property

• Defend against legal claims

• Prevent harm to users or the public

2.8 With Your Consent

• Any other purposes disclosed to you at the time of collection

• Any purposes for which you provide consent

3. HOW WE SHARE YOUR INFORMATION

We do not sell or share your personal information for cross-context behavioral advertising. We share information only in the following circumstances:

3.1 Service Providers and Subprocessors

We share information with third-party service providers who perform services on our behalf:

Infrastructure and Hosting:

• Google Cloud (GCP)

• Content delivery networks (CDN)

Payment Processing:

• Stripe

Communication Tools:

• Email delivery services (Resend)

Analytics and Monitoring:

• Google Analytics

• Application performance monitoring

• Error tracking and logging services

Security Services:

• Cloudflare

• DDoS protection

• Security monitoring

All service providers are contractually obligated to:

• Use your information only for the specified purposes

• Maintain appropriate security measures

• Comply with applicable privacy laws

• Not use your data for their own purposes

3.2 Business Transfers

If we are involved in a merger, acquisition, asset sale, bankruptcy, or reorganization:

• Your information may be transferred to the acquiring entity

• We will provide notice before your information is transferred

• The new entity will be bound by this Privacy Policy

3.3 Legal Requirements

We may disclose information when required by law or in good faith belief that disclosure is necessary to:

• Comply with legal process (subpoenas, court orders, legal requests)

• Enforce our Terms of Service or other agreements

• Protect our rights, property, or safety

• Protect the rights, property, or safety of our users or the public

• Detect, prevent, or address fraud, security, or technical issues

• Respond to government requests

3.4 With Your Consent

We may share information for any other purposes disclosed to you at the time of collection or with your consent.

3.5 Aggregated or Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you:

• Industry benchmarks and statistics

• Usage trends and analytics

• Research and publications

• Marketing materials

This data is not subject to this Privacy Policy.

4. DATA STORAGE AND SECURITY

4.1 Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards:

• Encryption in transit using TLS 1.2 or higher

• Encryption at rest using AES-256 or equivalent

• Secure API authentication and authorization

• Regular security vulnerability scans

• Intrusion detection and prevention systems

• Multi-factor authentication options

• Automated backups and disaster recovery

Administrative Safeguards:

• Employee background checks

• Security awareness training

• Access controls and least-privilege principles

• Confidentiality agreements

• Incident response procedures

• Regular security audits

Physical Safeguards:

• Secure data center facilities

• Physical access controls

• Environmental controls

• 24/7 monitoring

4.2 Data Storage Locations

Your data is primarily stored in:

• United States

We use reputable cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications.

4.3 Limitations

No system is 100% secure. While we strive to protect your information:

• Unauthorized access, data breaches, or loss may occur

• You transmit information at your own risk

• You are responsible for maintaining the security of your account credentials

4.4 Your Responsibilities

To help protect your information:

• Use strong, unique passwords

• Enable two-factor authentication

• Keep your login credentials confidential

• Log out of shared devices

• Promptly notify us of unauthorized access

• Keep your contact information current

4.5 Data Breach Notification

In the event of a data breach affecting your personal information:

• We will notify affected users without undo delay and within 72 hours of discovery (or as required by applicable law)

• We will notify regulators within 72 hours where required by GDPR

• For state law compliance, we will notify in the most expedient time possible and without unreasonable delay

• We will provide details about the nature of the breach

• We will explain steps we're taking to address it

• We will provide information about steps you can take to protect yourself

• We will comply with all applicable breach notification laws

5. DATA RETENTION

5.1 Account Data

We retain your account information and Customer Data:

• While your account is active: For as long as you maintain an account

• After account termination: Up to 60 days to allow for data recovery

• Backups: Up to 90 days in backup systems

• Legal requirements: Longer if required by law or legal process

5.2 End-User Data

Data collected from your end-users via forms, widgets, or chat:

• Retained according to your instructions

• Deleted when you delete it from the Services

• Removed from backups within 90 days

5.3 Usage and Analytics Data

• Usage logs: Typically 12-24 months

• Aggregated analytics: Indefinitely (anonymized)

• Security logs: Up to 12 months or as required by law

5.4 Marketing Data

• Marketing contacts: Until you unsubscribe

• Email engagement data: 24 months

• Campaign data: 36 months

5.5 Financial Records

Billing and transaction records:

• Retained for 7 years for tax and accounting purposes

• As required by applicable financial regulations

5.6 Legal Hold

We may retain information longer when:

• Required by law or regulation

• Needed for litigation or investigations

• Necessary to enforce our rights

5.7 Deletion

When data is deleted:

• It is removed from active systems within 60 days

• Backup copies are overwritten within 90 days

• Some metadata may remain in logs

• Aggregated anonymized data may be retained

6. YOUR PRIVACY RIGHTS

6.1 Access and Portability

You have the right to:

• Access your personal information

• Request a copy of your data in a portable format (CSV)

• Export your Customer Data through our dashboard or API

6.2 Correction

You have the right to:

• Correct inaccurate personal information

• Update your account information at any time

• Request correction of data we hold about you

6.3 Deletion

You have the right to:

• Delete your account and associated data

• Request deletion of specific data

• Have your data removed from our systems (subject to retention requirements)

To delete your account:

• Use the account deletion feature in Settings

• Contact us at [email protected] with subject line ACCOUNT DELETION

• Data will be deleted according to Section 5

6.4 Objection and Restriction

You have the right to:

• Object to processing of your personal information

• Request restriction of processing in certain circumstances

• Opt out of marketing communications

6.5 Withdraw Consent

Where processing is based on consent:

• You may withdraw consent at any time

• This does not affect the lawfulness of processing before withdrawal

6.6 How to Exercise Your Rights

To exercise any of these rights:

• Email Support: [email protected] with subject line PRIVACY RIGHTS

We will respond within:

• 30 days for most requests

• 45 days for complex requests

• We may request verification of your identity

6.7 No Discrimination

We will not discriminate against you for exercising your privacy rights.

7. COOKIES AND TRACKING TECHNOLOGIES

7.1 What Are Cookies

Cookies are small text files placed on your device to collect standard internet log information and visitor behavior.

7.2 Types of Cookies We Use

Essential Cookies (Always Active):

• Session management and authentication

• Security and fraud prevention

• Load balancing

• These cannot be disabled as they are necessary for the Services to function

Functional Cookies (Can be Disabled):

• Remember your preferences and settings

• Provide enhanced features

• Personalize your experience

Analytics Cookies (Can be Disabled):

• Understand how visitors use the Services

• Measure effectiveness of features

• Improve user experience

• We use: Google Analytics

Marketing Cookies (Can be Disabled):

• Track effectiveness of marketing campaigns

• Deliver relevant advertisements

• Measure ad performance

• We use: Google Ads

7.3 Other Tracking Technologies

Web Beacons (Pixels):

• Track email opens and clicks

• Measure campaign effectiveness

Local Storage:

• Store preferences and settings

• Cache data for performance

Session Replay:

• We do not currently use session replay technology

• If introduced, sensitive data will be masked and you can opt out in Settings

7.4 Third-Party Cookies

Third-party services may set their own cookies:

• Analytics providers (Google Analytics)

• Advertising networks (Google Ads, LinkedIn)

• Social media platforms (if social sharing is enabled)

• Integration partners

We do not control third-party cookies. Review their privacy policies for details:

• Google Privacy Policy: https://policies.google.com/privacy

• LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy

7.5 Managing Cookies

Browser Settings:

• Most browsers allow you to refuse or delete cookies

• Chrome: Settings > Privacy and Security > Cookies

• Firefox: Settings > Privacy & Security > Cookies and Site Data

• Safari: Preferences > Privacy > Cookies and website data

• Edge: Settings > Cookies and site permissions

Do Not Track:

• We do not currently respond to Do Not Track signals

• We may in the future as standards develop

Opt-Out Tools:

• Google Analytics: https://tools.google.com/dlpage/gaoptout

• Network Advertising Initiative: https://optout.networkadvertising.org

• Digital Advertising Alliance: https://optout.aboutads.info

Note: Disabling cookies may limit functionality of the Services.

8. THIRD-PARTY SERVICES

8.1 Third-Party Integrations

When you connect third-party services:

• You authorize data sharing between the Services and that service

• The third party's privacy policy governs their use of your data

• We are not responsible for third-party privacy practices

• Review each integration's permissions before connecting

8.2 Third-Party Links

The Services may contain links to third-party websites:

• We do not control these websites

• This Privacy Policy does not apply to them

• We are not responsible for their content or privacy practices

• Review their privacy policies before providing information

8.3 Embedded Content

If you embed our widgets, forms, or chat tools on your website:

• You are responsible for your own privacy policy

• You must obtain consent from your End-users

• You must disclose that data is collected and processed by us

• You are the data controller; we are the data processor

• You must comply with all applicable privacy laws for your End-users

9. INTERNATIONAL DATA TRANSFERS

9.1 Data Transfers

Our Services are operated in the United States. If you access the Services from outside the United States:

• Your information will be transferred to, stored, and processed in the United States

• The United States may have different data protection laws than your jurisdiction

9.2 Legal Basis for Transfers

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland:

Standard Contractual Clauses:

• We use European Commission-approved Standard Contractual Clauses (SCCs)

• These provide appropriate safeguards for your data

• Available for review at: https://www.ellocharlie.com/scc

UK-US Data Bridge:

• For UK transfers, we rely on the UK Extension to the EU-US Data Privacy Framework (when applicable)

• We comply with UK adequacy requirements

Swiss-US Data Privacy Framework:

• For Swiss transfers, we comply with Swiss-US Data Privacy Framework principles (when applicable)

Your Consent:

• By using the Services, you consent to transfer of your information to the United States

9.3 Additional Safeguards

We implement additional safeguards:

• Encryption in transit and at rest

• Access controls and authentication

• Regular security assessments

• Contractual protections with service providers

• Data localization options for enterprise customers (contact sales)

10. CHILDREN'S PRIVACY

10.1 Age Restriction

The Services are not intended for children under 13 (or 16 in the EEA).

We do not knowingly collect personal information from children under 13 (or 16 in the EEA).

10.2 Age Verification

We do not have specific age verification mechanisms in place. We rely on:

• Terms of Service age requirements

• Parental supervision

• User representations that they meet age requirements

10.3 If You Are a Parent or Guardian

If you believe we have collected information from a child under the applicable age:

• Contact us immediately at [email protected]

• Provide proof of guardianship

• We will delete the information promptly (within 30 days)

10.4 Customer Responsibility

If you use our Services to collect information from End-users:

• You are responsible for COPPA and applicable children's privacy law compliance

• You must not use our forms, widgets, or chat tools to knowingly collect children's data without proper consent mechanisms

• You must implement age gates or parental consent workflows as required

• See our Terms of Service Section 17.3

11. CALIFORNIA PRIVACY RIGHTS

11.1 CCPA/CPRA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know:

• Categories of personal information collected

• Categories of sources

• Business or commercial purposes for collection

• Categories of third parties with whom we share information

• Specific pieces of personal information collected about you

Right to Delete:

• Request deletion of personal information we collected

• Subject to certain exceptions (legal obligations, fraud prevention, etc.)

Right to Correct:

• Request correction of inaccurate personal information

Right to Opt-Out of Sale/Sharing:

• We do not sell personal information

• We do not share personal information for cross-context behavioral advertising

• If our practices change, we will provide a "Do Not Sell or Share My Personal Information" link

Right to Limit Use of Sensitive Personal Information:

• You have the right to limit our use of sensitive personal information

• We do not use sensitive personal information beyond what is necessary to provide the Services

Right to Non-Discrimination:

• We will not discriminate for exercising your CCPA/CPRA rights

11.2 Categories of Personal Information Collected

In the past 12 months, we have collected:

• Identifiers: Name, email, address, IP address, account credentials

• Commercial Information: Purchase history, subscription details, billing information

• Internet Activity: Browsing history, interactions with the Services, usage data

• Geolocation Data: Approximate location from IP address

• Professional Information: Company name, job title, business contact information

• Inferences: Preferences, characteristics, behavior patterns

Sensitive Personal Information:

• Account login credentials (encrypted)

• We do not collect: Social Security numbers, driver's license numbers, precise geolocation, racial/ethnic origin, religious beliefs, health data, sexual orientation, or other sensitive categories

11.3 Business Purposes for Collection

We collect information for:

• Providing and improving the Services

• Customer support

• Security and fraud prevention

• Legal compliance

• Marketing (with consent)

• Research and analytics

11.4 Categories of Third Parties

We share information with:

• Service providers and subprocessors (see Section 3.1)

• Payment processors

• Analytics providers

• Marketing partners (for our own marketing, not yours)

• Professional advisors (legal, accounting)

• Legal and regulatory authorities (when required)

11.5 Exercising CCPA/CPRA Rights

To submit a CCPA/CPRA request:

• Email: [email protected] with subject line CCPA/CPRA

We will:

• Verify your identity using information we have on file

• Respond within 45 days (extendable by 45 days for complex requests)

• Provide information free of charge (up to twice per year)

Authorized Agents:

• You may designate an authorized agent to make requests on your behalf

• We may require proof of authorization and verification of your identity

• Authorized agent must provide: (1) written permission from you, or (2) valid power of attorney

11.6 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing. We do not share personal information with third parties for their direct marketing purposes.

11.7 California Online Privacy Protection Act (CalOPPA)

We comply with CalOPPA by:

• Identifying the categories of personal information we collect

• Providing this Privacy Policy with a link in our website footer

• Allowing you to review and request changes to your personal information

• Notifying you of Privacy Policy changes

12. EUROPEAN PRIVACY RIGHTS (GDPR)

12.1 Legal Basis for Processing

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data based on:

Contract Performance:

• To provide the Services you've requested

• To fulfill our obligations under the Terms of Service

Legitimate Interests:

• Improving and optimizing the Services

• Security and fraud prevention

• Customer support

• Internal analytics

• Direct marketing to business contacts (with opt-out)

Consent:

• Marketing communications to individuals

• Optional features requiring consent

• Non-essential cookies

Legal Obligations:

• Complying with laws and regulations

• Responding to legal requests

12.2 GDPR Rights

You have the right to:

Access:

• Obtain confirmation whether we process your data

• Receive a copy of your personal data

• Receive information about processing activities

Rectification:

• Correct inaccurate personal data

• Complete incomplete data

Erasure ("Right to be Forgotten"):

Request deletion of personal data when:

• Data no longer necessary for original purpose

• You withdraw consent

• You object to processing and no overriding legitimate grounds exist

• Data processed unlawfully

• Required by legal obligation

Restriction:

Request restriction of processing when:

• You contest accuracy of data

• Processing is unlawful but you don't want erasure

• We no longer need data but you need it for legal claims

• You object to processing pending verification

Data Portability:

• Receive your data in a structured, machine-readable format (JSON, CSV)

• Transmit data to another controller

• Applies to data processed by automated means based on consent or contract

Object:

• Object to processing based on legitimate interests

• Object to direct marketing (absolute right - we will stop immediately)

• Object to automated decision-making

Automated Decision-Making:

• Right not to be subject to decisions based solely on automated processing

• We do not engage in automated decision-making with legal or significant effects

Withdraw Consent:

• Withdraw consent at any time

• Does not affect lawfulness of processing before withdrawal

12.3 Exercising GDPR Rights

Contact us at:

• Email: [email protected] with subject line GDPR

We will respond within one month (extendable by two months for complex requests).

12.4 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority:

• EEA: https://edpb.europa.eu/about-edpb/board/members_en

• UK: Information Commissioner's Office (ICO) - https://ico.org.uk

• Switzerland: Federal Data Protection and Information Commissioner (FDPIC)

We encourage you to contact us first so we can address your concerns.

12.5 Data Protection Officer

We have not appointed a Data Protection Officer as we are not required to do so under GDPR Article 37. For privacy inquiries, contact [email protected].

If we appoint a DPO in the future, contact information will be updated here.

12.6 EU Representative

For users in the EEA, our EU representative (if appointed) can be reached at:

[To be appointed if processing activities require under GDPR Article 27]

12.7 Data Processing Agreement

If you are a business customer subject to GDPR:

• We will execute a Data Processing Agreement (DPA) with you

• The DPA governs our processing of personal data on your behalf

• Request a DPA at: [email protected]

• Self-service DPA available at: https://www.ellocharlie.com/dpa

13. OTHER STATE PRIVACY LAWS

13.1 Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Other States

If you are a resident of Virginia, Colorado, Connecticut, Utah, Iowa, Montana, Oregon, Texas, Delaware, Indiana, Tennessee, New Jersey, New Hampshire, Maryland, Minnesota, Kentucky, or other states with comprehensive privacy laws, you have rights similar to those described in Sections 11 and 12, including:

• Right to access your personal data

• Right to correct inaccuracies

• Right to delete personal data

• Right to data portability

• Right to opt out of:

◦ Targeted advertising

◦ Sale of personal data

◦ Profiling in furtherance of decisions with legal or similarly significant effects

We do not:

- Sell personal data

- Process personal data for targeted advertising (beyond our own marketing)

- Engage in profiling that produces legal or similarly significant effects



To exercise these rights, contact us at [email protected] with the subject line OPT OUT.

13.2 State-Specific Provisions

Automated Decision-Making (Colorado):

• We do not make decisions automatically that produce legal or similarly significant effects

• If this changes, Colorado residents will be notified

Data Protection Assessments:

• We conduct privacy impact assessments for high-risk processing activities

• Available to regulators upon request

14. CHANGES TO THIS PRIVACY POLICY

14.1 Updates

We may update this Privacy Policy from time to time to reflect:

• Changes to our practices

• Legal or regulatory requirements

• New features or services

• User feedback

• Industry best practices

14.2 Notice of Changes

When we make material changes:

• We will update the "Last Updated" date at the top

• We will notify you via email to your registered email address

• We may display a prominent notice within the Services

• For significant changes, we may require acceptance of the new policy

14.3 Effective Date

Changes take effect:

• Immediately for new users upon posting

• 30 days after notice for existing users (unless required sooner by law)

• Immediately if required by law or for security purposes

14.4 Your Continued Use

Continued use of the Services after changes take effect constitutes acceptance of the revised Privacy Policy.

If you do not agree to changes:

• You may terminate your account before changes take effect

• We will provide information on how to export your data

14.5 Reviewing Changes

We encourage you to review this Privacy Policy periodically.

15. CONTACT US

15.1 Privacy Inquiries

For questions about this Privacy Policy or our privacy practices:

• Email: [email protected] subject line PRIVACY

15.2 Data Protection Officer

We have not appointed a Data Protection Officer. For all privacy inquiries, use the contact information in Section 15.1.

15.3 Support

For general support (non-privacy related):

• Email: [email protected]

APPENDIX A: DATA PROCESSING AGREEMENT (DPA)

For business customers who are data controllers under GDPR or other privacy laws:

A Data Processing Agreement (DPA) can be requested:

• Email: [email protected] with subject line DPA