Privacy policy Effective date: January 4, 2023 At Trelly, we take your privacy seriously. Please read this privacy policy to learn how we treat your personal information. By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and share your information as described in this privacy policy. Remember that your use of the Services is at all times subject to our terms and conditions, which incorporates this privacy policy. Any terms we use in this Policy without defining them have the definitions given to them in the terms and conditions. You may print a copy of this privacy policy at https://app.trelly.com/legal/privacy. If you have a disability, you may access this privacy policy in an alternative format by contacting support@trelly.com. What this Privacy Policy Covers This privacy policy covers how we treat Personal Data that we gather when you access or use our Services. "Personal Data" means any information that identifies or relates to a particular individual and also includes information referred to as "personally identifiable information" or "personal information" under applicable data privacy laws, rules or regulations. This privacy policy does not cover the practices of companies we don't own or control or people we don't manage. Categories of Personal Data We Collect The chart in this section details the categories of Personal Data that we collect and have collected over the past 12 months: 1. Category of Personal Data Profile Information Transaction Information 2. Personal Data We Collect • Name • Email address • Phone number • Other personal information shared as part of your private or public postings on the Services • Billing address • Payment information • Government-issued ID 3. Source(s) of Personal Data You 4. Categories of Third Parties With Whom We Share this Personal Data for a Business Purpose: • Selected recipients • Affiliates • Service Providers Sources of Personal Data We collect Personal Data about you from the following categories of sources: • "You" • When you provide such information directly to us. • When Personal Data about you is automatically collected in connection with your use of our Services (see the subsection titled "Information Collected Automatically" below). • "Third Parties" • Third parties that provide us with Personal Data about you. Third Parties that share your Personal Data with us include: • Service providers. For example, we may use analytics service providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support or payment processing. Information Collected Automatically The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs and JavaScript (collectively, "Cookies") to enable our servers to recognize your web browser and tell us how and when you visit and use our Services, to analyze trends, learn about our user base and operate and improve our Services. Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). Please note that because of our use of Cookies, the Services do not support "Do Not Track" requests sent from a browser at this time. How We Use Your Personal Data We process Personal Data to operate, improve, understand and personalize our Services. We use Personal Data for the following purposes: • To meet or fulfill the reason you provided the information to us. • To communicate with you about the Services, including Service announcements, updates or offers. • To provide support and assistance for the Services. • To create and manage your Account or other user profiles. • To personalize website content and communications based on your preferences. • To process transactions. • To respond to user inquiries and fulfill user requests. • To improve and develop the Services, including testing, research, analysis and product development. • To protect against or deter fraudulent, illegal or harmful actions and maintain the safety, security and integrity of our Services. • To comply with our legal or contractual obligations, resolve disputes, and enforce our terms and conditions. • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. • To send marketing and promotional communications from Third Parties. • For any other business purpose stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws, such as the California Consumer Privacy Act (the "CCPA"). We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you notice. As noted in the list above, we may communicate with you if you've provided us the means to do so. For example, if you've given us your email address, we may send you promotional email offers or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us, which helps us improve our Services. If you do not want to receive communications from us, please indicate your preference by emailing us at support@trelly.com. How We Share Your Personal Data Categories of Third Parties with Whom We Share Personal Data We disclose your Personal Data as indicated in the chart above to the following categories of service providers and other parties. Service Providers • These are third parties that help us provide our Services, including payment processors, security and fraud prevention providers, hosting and other technology and communications providers, analytics providers, and staff augmentation and contract personnel. Acquirers • These are parties who acquire your Personal Data through an acquisition or other change of control. Personal Data may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Selected Recipients • These are third parties that we share your Personal Data with, including: • Other users (where you post information publicly or as otherwise necessary to effect a transaction initiated or authorized by you through the Services). • Social media services (if you intentionally interact with them through your use of the Services). • Third-party business partners who you access through the Services. • Third-party business partners who offer Services related to your activity. • Other parties authorized by you Disclosures of Personal Data for a Business Purpose We disclose your Personal Data to service providers and other parties for the following business purposes: • Auditing related to a current interaction and concurrent transactions, including, but not limited to, auditing compliance with this specification and other standards. • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity. • Debugging to identify and repair errors that impair existing intended functionality. • Short-term, transient use of Personal Data that is not used by another party to build a consumer profile or otherwise alter your consumer experience outside the current interaction. • Performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, verifying customer information, or processing payments. • Undertaking internal research for technological development and demonstration. Third Parties with Whom We Share Personal Data The following are some third parties with whom we share your Personal Data with. By continuing to use this service you confirm that you have read, understand and accept these terms. Expo • https://expo.dev/privacy Google • https://policies.google.com/privacy Jumio • https://www.jumio.com/legal-information/privacy-notices/jumio-corp-privacy-policy-for-online-services/ Data Security and Retention We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. For example, the Services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of Personal Data you provide to us. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the Internet or storing data is completely secure. We cannot guarantee the complete security of any data you share with us, and except as expressly required by law, we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content. We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you with our Services. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally. Personal Data of Children As noted in the terms and conditions, we do not knowingly collect or solicit Personal Data about children under 13 years of age; if you are a child under the age of 13, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 13 years of age, we will delete that information as quickly as possible. If you believe that a child under 13 years of age may have provided Personal Data to us, please contact us at support@trelly.com. Changes to this Privacy Policy We're constantly trying to improve our Services, so we may need to change this privacy policy from time to time, but we will alert you to any such changes by placing a notice on the Trelly website, by sending you an email and/or by some other means. Please note that if you've opted not to receive legal notice emails from us (or you haven't provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the privacy policy have been posted, that means you agree to all of the changes. Use of information we collect is subject to the privacy policy in effect at the time such information is collected. Contact Information If you have any questions or comments about this privacy policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at: support@trelly.com.