Privacy Policy

Introduction

Workonomy Technologies, Inc. (“Workonomy”, “Company”, “we”, or “us”) is committed to protecting your privacy. This Privacy Policy describes the personal data we collect through our business card scanning and enrichment platform (the “Service”), how we use and share it, and your rights regarding that data. This Policy is designed to comply with applicable privacy laws, including the EU General Data Protection Regulation (GDPR) and Japan’s Act on the Protection of Personal Information (APPI). While our Service is available to users globally, it is operated from the United States. Your information will be processed under applicable privacy standards, subject to the specific rights granted to you by laws in your jurisdiction as described in this Policy. By using our Service or creating an account, you agree to the collection and use of your information as described in this Privacy Policy.

Controller Contact: For the purposes of data protection laws, Workonomy is the data controller for personal data you provide directly. You can contact us at privacy@workonomy-ai.com.

Information We Collect

We collect various types of personal data to operate our Service effectively: * Account Information: When you create an account, we collect personal identifiers such as your name, email address, password, and any contact details you provide. If you subscribe to a paid plan, our payment processor (a third-party) will collect your payment details (e.g. credit card number and billing address) on our behalf. We may also collect company or job title information if you choose to provide it in your profile. * Business Card Data (Third-Party Information): Our Service allows you to upload images of business cards or input contact details of other individuals. The information on these business cards may include personal data about third parties – for example, another person's name, employer, job title, phone number, email address, and other contact details. You should only upload other people's business card information if you have the legal right to do so (for instance, you obtained the card from them or otherwise have their consent or a lawful basis). We treat this uploaded contact data as personal data and protect it in accordance with this Policy. * Enriched Data from Third-Party Sources: To enhance and update contact information, we use AI tools and legal web scraping to gather additional details about the contacts on uploaded business cards. For example, we may retrieve a contact's professional social media profile, updated job title, company information, or publicly available email address from third-party data providers or public websites. This enrichment process might involve sending limited contact details (such as a name or company name) to external data enrichment services and APIs that return supplemental information. We only use reputable sources and APIs and take steps to ensure these third parties handle data lawfully. The enriched data we obtain about contacts is stored in your account along with the original business card details. * Communications and Support: If you contact us with an inquiry, feedback, or request (for example, via email or customer support channels), we will collect the information you provide in that correspondence (such as your name, email and the contents of your message). We also retain records of your marketing preferences (e.g. whether you opted in to newsletters). * Usage and Device Data: We automatically collect certain information about how you access and use our website and Service. This includes technical data such as your IP address, device type, browser type, operating system, referring URLs, and device identifiers. We log usage data like the dates and times you log in, features or pages you interact with, search queries, and other actions within the Service. We use cookies and similar tracking technologies to collect some of this data (see Cookies and Tracking below). This information helps us secure the Service and understand user engagement. * Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to personalize your experience and analyze usage. For example, cookies allow you to stay logged in, and help us recall your preferences. We also use cookies from analytics providers to help measure traffic and usage trends. You can control or delete cookies through your browser settings. However, note that disabling cookies may affect certain functionality of our Service (such as staying logged in).

We do not knowingly collect sensitive personal data (e.g. government ID numbers, financial account info, or biometric data) through our Service, and you should refrain from uploading such data. We also do not intentionally collect any personal data from children under 13 (see Children's Privacy below).

How We Use Your Information

We use the collected personal data for the following purposes: * Providing and Improving the Service: We process your personal data to create and manage your account, authenticate you at login, and provide the core Service features (such as scanning business cards, extracting text, and enriching contact details). This includes using uploaded contact data and running it through our AI models and third-party enrichment APIs to return additional information to you. We also use data to operate, maintain, and improve the Service's functionality and performance (for example, fixing bugs, analyzing usage patterns to improve user interface, and developing new features). * Contact Management: Information you upload (including other people's contact details) is used to organize and display your digital address book within the platform. We may format and present the data in useful ways (e.g. sorting contacts, linking to social profiles) for your convenience. Any personal data of third parties that you upload is processed on your behalf for storage and retrieval as part of the Service. * AI Processing and Enrichment: We utilize automated systems, including optical character recognition (OCR) and machine learning, to extract text from business card images and interpret or standardize that data. We also use algorithms and external data sources to enrich contacts with additional information. These processes are done to enhance the accuracy and completeness of the contact data you have submitted. No solely automated decisions producing legal effects are made about individuals, but the Service may use automation to augment data (for example, suggesting a likely LinkedIn profile for a contact). We may also analyze aggregated data to improve our AI models (see "Product Improvement" below). * Communications: We use your contact information (such as email address) to send you service-related communications. These include confirmations of account actions, transactional emails (e.g. password resets, billing receipts), and important administrative messages (such as updates to our terms or policies, or security notices). We may also send marketing communications about product news, promotions, or new features if you have opted in or if otherwise permitted by law. (See Marketing Communications below for more detail.) We will not send you third-party marketing unless you consent. You can unsubscribe from promotional emails at any time. * Customer Support: If you reach out for support, we will use your information to respond to and resolve your questions or issues. This may involve accessing your account information or the data you have provided to troubleshoot problems. * Analytics and Product Improvement: We analyze usage data, feedback, and trends to understand how our Service is used. This helps us improve the user experience, optimize workflows, and develop new products or services. We may use aggregated, de-identified data across our user base to enhance our AI algorithms (for example, improving the accuracy of data extraction or enrichment). When using personal data for product development and improvement, we either aggregate or pseudonymize it so it does not directly identify individuals, or we ensure we have a lawful basis to use identifiable data (see Legal Bases below). * Security and Fraud Prevention: We process personal data as necessary to secure our Service, including monitoring for and preventing fraud, spam, unauthorized access, or other harmful or illegal activities. For example, we may use IP addresses and log-in activity to detect suspicious logins, or review uploads to ensure they do not contain malware. We also enforce our Terms & Conditions through such monitoring. If we detect activity that we believe violates our terms or is illegal, we may investigate and take appropriate action (which could include banning an account or reporting to authorities if required). * Legal Compliance: We may use or disclose personal data as we believe necessary or appropriate to comply with applicable laws, regulations, legal processes, or governmental requests. For instance, we may process data to fulfill tax and accounting obligations (for paid accounts), to respond to subpoenas or court orders, or to exercise our legal rights or defend against legal claims.

If we intend to use your personal data for any purpose that is incompatible with the purposes outlined in this Policy or not obvious to you, we will notify you and obtain your consent where required.

Legal Bases for Processing (GDPR & APPI)

For individuals in the European Economic Area (EEA), United Kingdom, or other regions with data protection laws requiring a "legal basis" for processing personal data, we process your information on the following bases: * Performance of a Contract: Most of our data processing is necessary to provide the Service you requested under our Terms & Conditions. When you create an account and use our platform, we process your personal data (and that of any contacts you upload) to perform our contract with you – e.g. to scan cards and return enriched contact data, maintain your account, and provide related services. This basis covers activities like user authentication, storing your contacts, and displaying results. * Consent: We rely on your consent in certain cases. For example, we will obtain your opt-in consent before sending marketing emails where required by law. If you are in the EU/EEA, we will only send you promotional communications if you have given consent (or under a soft opt-in exception for existing users as allowed). You may also be prompted for consent before we collect or use certain data through our website (for instance, some non-essential cookies). Additionally, if you are a user in Japan, APPI requires consent before transferring personal information to third parties or overseas in many cases – we will seek your consent for such transfers unless we have an alternative legal mechanism in place. You have the right to withdraw your consent at any time, and we will then stop the processing that was based on consent. * Legitimate Interests: We may process personal data as necessary for our legitimate interests, provided those interests are not overridden by your data protection rights. Our legitimate interests include improving and securing our Service, understanding how it is used, developing new features, and promoting our services to existing customers. For instance, it is in our legitimate interests to analyze aggregate usage of our platform to improve performance, or to use uploaded contact data to enhance our AI models (in a privacy-protective manner). When we rely on legitimate interests, we consider any potential impact on you and ensure that we do not use data in ways you would not reasonably expect or that would unduly intrude on your privacy. Note: If you upload personal data of third parties (like business card contacts), we rely on your representation that you have a legitimate basis (such as those individuals' consent or your own legitimate interest) to collect and share that data with us for processing. We process such third-party data on your behalf to fulfill the service (which may also be seen as necessary for performance of our contract with you). * Legal Obligation: In certain cases, we must process personal data to comply with a legal obligation, such as retaining transaction records for financial reporting, or disclosing information to authorities under law. When we are subject to such obligations, this forms the legal basis of the processing. * Vital Interests/Public Interest: These bases are likely not applicable to our typical Service operations. However, if ever processing is necessary to protect someone's life or for a task in the public interest, we would rely on those legal bases as appropriate.

Japanese users may exercise their rights under APPI — including the right to request disclosure, correction, suspension of use, or deletion of their personal information — by contacting us at privacy@workonomy-ai.com.

Obligations of Japanese Business Operators Uploading Third-Party Personal Data

If you are located in Japan and use our Service to upload or otherwise provide personal information relating to other individuals (e.g., the details on a business card), you are deemed a “Personal Information Handling Business Operator” under Japan’s Act on the Protection of Personal Information (APPI). Consequently, you – not Workonomy – are solely responsible for:

1. Clearly specifying and notifying each data subject of the purposes of use under APPI Articles 17–18 (or obtaining their prior consent where an exemption does not apply).
2. Obtaining any consents required under APPI before disclosing personal information to Workonomy or to any overseas destination, including the specific, informed consent described in Articles 23-2 and 28-2. You must also provide the data subject with details regarding:
   • (a) the legal framework for personal data protection in the recipient country (e.g., the United States), and
   • (b) the safeguards applied by Workonomy and its subprocessors (e.g., contractual arrangements and DPAs), in accordance with PPC Guidelines.
3. Responding to and fulfilling all data-subject rights requests made under APPI Articles 27–33 (disclosure, correction, utilization cease, deletion, etc.).
4. Re-obtaining consent if the purposes of use change, and refraining from uploading any “special care-required personal information” (as defined in Article 2-3) without the explicit consent mandated by Article 17-2.
5. Complying with all incident response obligations, including reporting any data breaches involving uploaded personal data to the Personal Information Protection Commission (PPC) and notifying affected individuals, as required by APPI Articles 22-2 and 26-2.

By using the Service, you represent and warrant that you have met – and will continue to meet – all of the above obligations, and that your instructions to Workonomy do not cause Workonomy to violate APPI.
You agree to indemnify, defend, and hold Workonomy harmless from and against any and all claims, damages, penalties, or regulatory actions arising out of your failure to comply with APPI.

Obligations of Users Uploading Third-Party Personal Data (EU/UK/Switzerland)

If you are located in the European Union (EU), European Economic Area (EEA), United Kingdom (UK), or Switzerland and use our Service to upload or otherwise provide personal information about other individuals (for example, by scanning or enriching business cards), you are solely responsible for ensuring your compliance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), UK GDPR, and the Swiss Federal Act on Data Protection (FADP).

In particular, you agree and acknowledge that you:

1. Act as a data controller when uploading or submitting third-party personal data to the Service;
2. Must have a valid legal basis (such as the data subject’s consent or legitimate interest) for collecting and disclosing that personal information to us;
3. Are solely responsible for informing the data subject of the purposes and scope of processing, including cross-border transfers and automated processing (e.g., AI enrichment);
4. Must comply with all applicable obligations to respond to data subject rights requests (e.g., access, rectification, erasure, objection, restriction, or portability);
5. Must refrain from uploading any special category data (as defined under Article 9 GDPR or equivalent) unless all lawful requirements — including explicit consent — are met;
6. May be required to enter into additional contractual arrangements or provide notice regarding transfers to countries that do not offer adequate protection (such as the United States).

By using the Service, you represent and warrant that all personal data you upload was collected and shared in full compliance with applicable laws and that your use of the Service will not cause Workonomy to violate any data protection regulations.

You agree to indemnify, defend, and hold Workonomy harmless from and against any and all claims, regulatory actions, fines, or liabilities arising out of your failure to comply with the obligations described above.

Sharing of Personal Data

We may share or disclose personal data in the following circumstances to operate, improve, and monetize the Service in lawful and responsible ways:

Service Providers and Subprocessors

We use trusted third parties to help operate and support our platform, including providers for:

• Cloud infrastructure and data storage
• OCR and AI processing
• Data enrichment APIs
• Email delivery
• Customer support tools
• Payment processors These partners act under our instructions and are contractually obligated to use data solely for our business purposes and to implement appropriate security safeguards.

Analytics, Advertising, and Data Enrichment Partners

We may share limited personal data (such as names, email hashes, cookie IDs, or business-related contact details) with:

• Analytics providers to understand product usage
• Advertising platforms to run or measure marketing campaigns
• Data enrichment or validation providers to augment contact records Where required, we minimize data disclosure and contractually restrict use to defined purposes. We do not share the contents of your address book with advertisers for their independent use.

Note on “Sales” of Data (e.g. under CPRA/CCPA):
We do not currently sell personal data in exchange for money. However, we may share or disclose certain information in ways that could be classified as a “sale” or “share” under applicable laws (such as California’s CPRA), including for analytics, marketing, or commercial partnerships. Where required by law, we provide mechanisms to opt out of such disclosures. You may contact us at privacy@workonomy-ai.com to request this.

Business Partners and Integrations

At your request or direction, we may share your data with third-party tools or services that you choose to connect with our platform (e.g., exporting contacts to your CRM). If we offer a joint feature or promotion with a partner and you opt in, we may share your relevant data with them (such as your contact details or usage preferences).

Affiliates and Internal Use

We may share data with our affiliates, subsidiaries, or parent entities (if any) for internal administration, security, platform optimization, or to support future development.

Legal and Compliance

We may disclose data:

• To comply with legal obligations (e.g., subpoenas, court orders, law enforcement requests)
• To investigate or prevent fraud, abuse, or security issues
• To protect the rights, safety, or property of Workonomy or others

Where feasible, we will notify you of any government request unless prohibited by law.

Business Transfers

In the event of a merger, acquisition, asset sale, bankruptcy, or similar transaction, personal data may be disclosed or transferred to the acquiring entity. That entity will be bound by obligations consistent with this Privacy Policy.

Aggregated or De-Identified Data

We may share aggregated, anonymized, or statistical information that cannot reasonably be used to identify you. For example, we may publish metrics about overall user engagement or average number of cards scanned per user, without exposing any identifiable data.

Note on Third-Party Personal Information (e.g. Uploaded Business Cards)

If you upload business cards or other contact information of third parties (such as individuals you met at an event), we treat that data as part of your account. We process it to provide the features you request, including enrichment, storage, and integration. We do not expose uploaded contacts to other users or share them externally except:

• As necessary to provide the Service (e.g., AI enrichment)
• As directed by you (e.g., exporting to your CRM)

By uploading such data, you confirm you have obtained any necessary rights or consents under applicable law (e.g., APPI, GDPR, CPRA).

International Data Transfers

Workonomy is a U.S.-based company. The personal data we collect is primarily stored and processed on servers located in the United States. However, we have users around the world, and our team and service providers may be located in multiple countries. This means your personal data may be transferred to, or accessed from, jurisdictions outside of your home country. In particular, if you are located outside the U.S., your personal data will be transferred to the United States. Likewise, data may be accessed by our authorized personnel or contractors in other countries (for example, support staff or engineering teams) strictly on a need-to-know basis.

Data Protection Differences: Countries to which your data is transferred may have different data protection laws than your country. For instance, the United States is currently not deemed to have an "adequate" level of data protection by EU authorities. We are committed to protecting your information no matter where it is processed, and we take appropriate safeguards to ensure such transfers comply with applicable laws.

International Data Transfers

We operate globally and may transfer your personal data outside your country of residence — including to the United States — where privacy protections may differ.

• For EU/EEA, UK, or Swiss users, we rely on lawful transfer mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs), incorporated into our Data Processing Addendum. We also apply supplementary safeguards where appropriate, including encryption and strict access controls.
• For Japanese users, we comply with the Act on the Protection of Personal Information (APPI). Where required, we obtain your opt-in consent or implement contractual safeguards (in line with Articles 23–2 and 28–2) before transferring personal data outside Japan.

By using our Service, you consent to these transfers, and where you upload third-party data, you confirm that you have obtained all necessary permissions under applicable law.

Other Regions: For individuals in other jurisdictions (such as Canada, Australia, etc.), we transfer data internationally in accordance with your country's laws. We will obtain any required consents for transfer or implement appropriate safeguards as mandated. We strive to ensure that any international transfer has an adequate level of protection.

Regardless of where your data is processed, we will apply the protections described in this Privacy Policy and take reasonable measures to protect the privacy and security of your personal information.

Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Policy, unless a longer retention period is required or permitted by law. In general: * Account Data: We keep the personal information associated with your account (such as your name, email, and account settings) for as long as your account is active. If you delete your account or if it's terminated, we will initiate deletion of this information. However, we may retain certain data for a brief period in backups or archives (see below), or as required for legal compliance. * Business Card and Contact Data: All contact information and business card details you have uploaded will remain in your account until you choose to delete them or delete your account. You have control to modify or remove individual contacts at any time. If you delete a contact or business card entry, it will no longer be accessible in the app; the underlying data may persist in our system backups for a short period but will be purged according to our routine backup deletion schedules. If you delete your account entirely, we will delete or anonymize all personal contacts and card data associated with your account within a reasonable time after account closure (typically within 30 days, barring unforeseen technical delays). We do not retain your uploaded third-party contact data after account deletion except as needed for legal reasons. * Enriched Data: Any enriched information retrieved about your contacts is treated as part of that contact's data and retained in the same manner (i.e., it stays until you or we delete the contact or account). We may keep non-personal insights derived from enrichment (e.g. statistical information) indefinitely, but such data will not identify individuals. * Communications: If you correspond with us, we may retain those communications for a period necessary to address your inquiry, provide support, and for our training or quality assurance purposes. Typically, support emails and chat logs are kept for at least a year, unless you request deletion and we have no ongoing need to retain them. * Analytics Data: We retain aggregated analytics data (which does not directly identify individuals) indefinitely to help us understand long-term usage trends. For user-specific analytics or logs tied to personal identifiers, we typically pseudonymize or aggregate the data after a certain period. Raw logs may be kept for a short time (a few months) for debugging and security, then either deleted or stored only in aggregate form. * Legal Compliance and Protection: We might retain information as needed to comply with legal obligations (for example, records of transactions for accounting/tax, or information required by financial regulations). If we are under a legal hold or involved in a dispute, we may retain relevant data until the issue is resolved. We also retain data if necessary to enforce our agreements or to protect our legal rights (in which case, only the data necessary for that purpose will be retained and for only as long as needed).

After the applicable retention period, we will either delete or anonymize personal data. When we delete data, we use reasonable measures to ensure the information cannot be readily recovered. If complete deletion is not immediately feasible (for example, because the data is stored in a secure backup), we will continue to safeguard the data and isolate it from further use until deletion is possible.

Your Rights

Depending on your jurisdiction, you may have certain legal rights regarding your personal data. Workonomy is committed to honoring these rights. These rights may include: * Access and Portability: You have the right to request a copy of the personal data we hold about you and to obtain information about how we process it. We will provide this in a commonly used electronic form. For EU residents, this aligns with the right of access under GDPR Article 15. You also may have the right to data portability, meaning in certain situations you can ask to receive your personal data in a structured, machine-readable format, or request that we transmit it to another controller where technically feasible. * Rectification (Correction): If any of your personal data is inaccurate or incomplete, you have the right to request that we correct or update it. You can also review and update basic account information (like your name, email, password) at any time by logging into your account settings. For other corrections, contact us and we will rectify errors or omissions as required. * Deletion (Erasure): You have the right to request deletion of your personal data. This is sometimes called the "right to be forgotten." You can delete specific contact data or your entire account using the Service's interface. Additionally, you may request that we erase certain or all personal data we hold about you. We will honor such requests to the extent required by applicable law. For example, EU users have the right to erasure under GDPR Article 17 for certain reasons (e.g., data no longer needed, consent withdrawn, etc.), and Japanese data subjects can request deletion or suspension of use of their data in broader circumstances since the 2020 APPI amendments. Do note that we may need to retain some information for legal compliance or legitimate interests (see Data Retention above); if so, we will inform you. * Restriction of Processing: You have the right to ask us to limit the processing of your personal data in certain situations – for instance, while we address a correction request or an objection, or if you believe our processing is unlawful but you prefer restriction over deletion. When processing is restricted, we will still store your data but not use it until the restriction is lifted (unless for legal reasons). We will inform you before a restriction is lifted. * Objection to Processing: In certain cases, you may object to our processing of your personal data. For example, EU individuals have the right to object to processing based on our legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop sending it. If you object to processing based on legitimate interests, we will evaluate whether our interests in the processing outweigh your privacy rights; if not, we will cease or adjust the processing. * Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. For example, you can opt out of marketing emails by withdrawing your consent (via unsubscribe link or account preferences). Withdrawal of consent will not affect the lawfulness of any processing done prior to such withdrawal. * Automated Decision-Making: We do not use your personal data to make decisions that produce legal or similarly significant effects on you solely by automated means. If that changes, and you are subject to GDPR or similar laws, you would have the right not to be subject to such decisions without your input, in most cases. * Complaints: You have the right to lodge a complaint with a supervisory authority or regulatory agency about our data practices. If you are in the EU, you can contact the data protection authority in your country (for example, the ICO in the UK, CNIL in France, etc.). If you are in Japan, you can reach out to the Personal Information Protection Commission (PPC) or other relevant authority. We would appreciate the chance to address your concerns directly first, so we encourage you to contact us with any complaint and we will try to resolve it. Nonetheless, this right exists irrespective of any direct engagement with us.

The rights available to you may vary depending on your country's laws. For instance, residents of California (USA) have rights under the CCPA/CPRA to access specific pieces of personal information, request deletion, and opt out of certain data sharing ("sale" of personal information). Japanese individuals have rights to be informed of the purpose of use, to request disclosure, correction, stop usage, and so on, as described above. We extend core privacy rights to all our users where possible, but will formally prioritize compliance with rights requests from users in jurisdictions where such rights are legally mandated.

How to Exercise Your Rights: You can exercise many of the above rights by logging into your account settings (for access, correction, deletion of your data). For requests that cannot be handled through the product interface (such as a complete data export, or an objection request), please contact us at privacy@workonomy-ai.com with your specific request. For your security, we may need to verify your identity (for example, by confirming control of your email address or asking for additional information) before processing certain requests. We will respond to your request as soon as practicable and no later than the timeframe required by law. If we cannot fulfill your request, we will explain the reason (e.g., if the request is unfounded or excessive, or conflicts with legal obligations).

We do not typically charge a fee for rights requests, but if a request is manifestly unfounded or excessive (for example, repetitive), we may either charge a reasonable fee or refuse to act on it, as allowed by law.

Marketing Communications

With your permission, we may send you marketing communications to inform you about our new features, newsletters, events, or promotions. We aim to communicate in a manner that is useful and respectful of your preferences. Below is how we handle marketing and how you can manage your choices: * Consent for Marketing: If you are in a jurisdiction that requires consent for marketing (such as the EU, under GDPR, and many other countries), we will ensure we have your consent before sending you promotional emails or texts. Typically, when you sign up for an account, we may ask you to opt-in (for example, by ticking a box) to receive newsletters or special offers. You can choose not to opt-in. If you do give consent, you have the right to withdraw it at any time (see below). In some cases, where allowed by local law, we may send existing customers marketing about our own similar products or services on an opt-out basis (for instance, under the "soft opt-in" rule of EU e-Privacy law for customers who provided an email in the context of a sale). In all cases, we will honor your opt-out choices. * Opt-Out Mechanism: Every marketing email from us will include an "unsubscribe" link or instructions to opt out. You can click that link or follow the instructions to stop receiving further promotional emails. You may also adjust your communication preferences in your account settings if that feature is available, or by contacting us at any time with a request to be removed from our marketing lists. We will process your opt-out request as soon as possible, and in any event within the time required by law. Please note that even if you opt out of marketing, we may still send you non-promotional messages related to your account or transactions (for example, service notifications, password resets, security alerts, etc.), as those are not marketing communications. * Types of Communications: Marketing communications we send might include email newsletters, announcements of new features or services, special offers, or event invitations. If we ever decide to send SMS/text message alerts or perform telephone marketing, we will do so in compliance with telemarketing laws (and likely ask for explicit consent, as required). As of now, we primarily use email for marketing outreach. * Third-Party Marketing: We will not share your personal information with third-party companies for them to market to you without your explicit consent. If one of our partners would like to offer something to our users, we would either send that message ourselves (so your contact info isn't shared) or we would present it to you and ask if you want to opt-in to receive communications from that partner. If you do opt in, you can always opt out later by contacting that third party or through us.

Cookies and Tracking Technologies

We use a limited set of cookies and similar tracking technologies to operate and improve our Service. These may include:

• Strictly necessary cookies – Required for secure login, fraud prevention, and to remember session preferences.
• Performance and analytics cookies – Used to measure and improve user experience. We use privacy-respecting tools that do not track you across sites or identify you personally.
• Advertising-related tools – We may show you Workonomy ads on other platforms (e.g. Google, LinkedIn) based on your interactions with our website. These are based on general interest categories, not sensitive profiling. Where required by law, such tools will only activate after user interaction or opt-in.

We do not allow third parties to set cookies for their own marketing purposes without your explicit permission.

You can control cookies through your browser settings or industry opt-out mechanisms (such as www.youronlinechoices.eu or www.aboutads.info/choices).

We do not use cookie-based tracking to collect sensitive personal data, nor do we create persistent behavioral profiles across unrelated services.

We strive to make our marketing content relevant and unobtrusive. If you have any issues with our communications, please let us know, and we will work to address your concerns.

Data Security

We take security very seriously and implement a variety of technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include: * Encryption: All communications between your device and our Service are encrypted using TLS/SSL protocols when transmitted over the internet. This means that data (including contact details and personal information) is protected in transit. We also encrypt sensitive data at rest in our databases or employ other safeguards (for example, hashing and salting passwords using strong algorithms). * Access Controls: We limit access to personal data strictly to authorized personnel who need it to operate or support the Service. Workonomy staff and contractors are bound by confidentiality obligations. We implement role-based access controls so that, for example, our support team can only access information necessary to assist you, and our developers have limited access to production data unless absolutely needed for troubleshooting. Each employee is trained on data security and privacy best practices. * Infrastructure Security: Our servers are hosted in secure facilities with measures such as firewalls, intrusion detection systems, and continuous monitoring. We regularly update our software and systems to address security vulnerabilities. We also employ anti-virus and anti-malware protections and monitor for suspicious activities in our environment. * Testing and Assessments: We periodically test and evaluate the effectiveness of our security measures. This may include conducting vulnerability scans, penetration testing by third-party security experts, and audits of our processes. We also maintain an incident response plan to handle any potential security incidents swiftly and effectively. * Sub-processor Safeguards: When we use third-party service providers to process personal data, we ensure they meet high security standards. We vet our sub-processors for strong security practices and include data protection obligations in our agreements with them. For example, our cloud storage provider maintains industry-standard security certifications and compliance (such as SOC 2 or ISO 27001). We require service providers to notify us promptly in the event of any security breach involving user data. * User Responsibilities: Keep in mind that you also play a role in keeping your data secure. We urge you to choose a strong, unique password for your Workonomy account and to keep it confidential. Do not share your account credentials with others. You are also responsible for the security of the devices and network connections you use to access the Service. If you suspect any unauthorized access to your account, please notify us immediately. Also, remember that emails or messages purporting to be from Workonomy should be treated cautiously if they request personal information – we will never ask for your password via email. Always ensure you are using our official website or applications.

While we strive to protect your data, no system can be 100% secure. Therefore, we cannot guarantee absolute security of information. In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant authorities as required by law. For example, EU and UK users will be notified of certain breaches in accordance with GDPR, and Japanese users will be notified consistent with APPI's breach notification requirements (which mandate reporting to the PPC and possibly to individuals in certain cases).

By using our Service, you acknowledge that you understand these security measures and inherent risks, and you agree that we are not liable for security incidents beyond our reasonable control (subject to applicable law). If you have any questions about the security of our platform, feel free to contact us.

Children's Privacy

Our Service is not intended for children and we do not knowingly collect personal information from individuals under the age of 13 (or the minimum age required by law in your jurisdiction, if higher). Workonomy is a business tool aimed at adult professionals and we expect that users will be at least 18 years old, or using the Service with proper consent and supervision. If you are under 13, do not use or provide any information on our website or Service.

If we learn that we have inadvertently collected personal data from a child under 13 without verifiable parental consent, we will take prompt steps to delete that information from our records. If you are a parent or guardian and believe that a child under your care has provided personal information to us without your consent, please contact us immediately at our contact email below so that we can investigate and address the issue.

In certain jurisdictions, such as the European Union, different age limits may apply (for example, GDPR sets 16 as the default age at which parental consent is no longer required, though EU member states may set a lower age, not below 13). We do not knowingly offer our Service to minors below the applicable age of consent for data processing. If a teenager between 13 and 18 (or the age of majority in their location) uses the Service, we advise that they do so with parental permission and guidance, and we may require parental consent in jurisdictions where that is mandated.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, legal or regulatory requirements, or improvements in how we handle privacy. If we make material changes (for example, if we start processing personal data for new purposes, or if we change how we share data), we will provide you with clear notice. We may notify you by email (sent to the address associated with your account) and/or by placing a prominent notice on our website or in the application. We will indicate at the top of this Policy the date of the latest revision.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Continued use of the Service after any changes to the Privacy Policy become effective will signify your acceptance of the updated terms, to the extent permitted by law.

If you do not agree with any updates to the Privacy Policy, you may need to stop using the Service and/or delete your account. We will always give a reasonable notice period for significant changes to allow you to review and understand the updates. For minor or clarifying changes that do not materially affect your rights, we may simply post the revised Policy and update the "Last updated" date.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can reach our privacy team at:

Workonomy Technologies, Inc. Email: hello@workonomy-ai.com

We will do our best to address any issues and answer your questions. Your privacy is important to us, and we welcome your feedback.

Data Processing Addendum (DPA)

The following Data Processing Addendum ("DPA") is incorporated into the Privacy Policy and applies to the handling of personal data subject to certain data protection laws (such as GDPR) when Workonomy processes personal data on behalf of the user (you). This DPA mainly concerns personal data you upload about third parties (e.g. business card contacts) for which you act as a data controller. It outlines the responsibilities of each party for such data. In case of any conflict between this DPA and the rest of the Privacy Policy, this DPA will prevail to the extent it pertains to processing of Customer Personal Data (defined below).

1. Definitions

For the purposes of this DPA: * "Customer Personal Data" means the personal data that you (the "Customer") provide or upload to the Service, which is about individuals other than yourself (for example, the contact details on the business cards you scan). Customer Personal Data does not include data that Workonomy collects directly from you about yourself (such as your account information), which Workonomy uses as a controller under the main Privacy Policy. * "Data Controller" (or "Controller") means the entity that determines the purposes and means of processing personal data. For purposes of this DPA, you are the Data Controller with respect to Customer Personal Data that you upload or otherwise provide to the Service. (If you are using Workonomy on behalf of a company or organization, that organization is the Controller.) * "Data Processor" (or "Processor") means the entity that processes personal data on behalf of the Controller. For purposes of this DPA, Workonomy acts as the Data Processor for the Customer Personal Data, processing it only to provide the Service and in accordance with your instructions. (Under Japan's APPI, Workonomy would be a "trustee" processing data on behalf of the business operator.) * The terms "personal data", "processing", "data subject", "supervisory authority", and other relevant terms shall be interpreted in accordance with applicable data protection laws (such as GDPR). "Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.

2. Scope and Role of the Parties

This DPA applies only to Customer Personal Data. In this context, you (the user/Customer) are the Controller and determine the purposes and means of the processing of Customer Personal Data. Workonomy is your contracted Processor, processing Customer Personal Data only on your behalf and for your benefit, as described in the Agreement and this Privacy Policy. Each party shall comply with the obligations that apply to it under applicable data protection laws. You are responsible for ensuring that you have the necessary rights and legal basis to collect and disclose Customer Personal Data to Workonomy for processing. Workonomy, as Processor, will process Customer Personal Data only for the following purposes: (a) as needed to provide and support the Service (including scanning, storing, enriching, and managing the contacts you upload), (b) as further instructed by you through your use of the Service (for example, if you instruct us to share data with an integration), and (c) to comply with our legal obligations or other lawful instructions (see Section 4(f) below regarding legal requirements).

For clarity, Workonomy is independently a Controller for certain data it collects (such as your account data, and usage analytics) and for certain processing of personal data for its own legitimate purposes (such as improving the Service or complying with laws). Those processing activities are covered by the main Privacy Policy and not by this DPA. In Processor capacity, Workonomy will not use or disclose Customer Personal Data for any purpose other than providing services to you, unless otherwise permitted by this DPA or required by law.

3. Instructions for Processing

Workonomy will process Customer Personal Data only on your documented instructions. By using our Service and uploading personal data, you are instructing Workonomy to process the data for the provision of the Service and any processing related to that (including, for example, transmitting the data to sub-processors as needed to perform OCR or enrichment, indexing it to make it searchable for you, making it available for you to view and edit, and backing it up for recovery purposes). Workonomy will not process Customer Personal Data for any additional or incompatible purpose unless you (the Controller) authorize it or it is required by applicable law. If we are required by law to process Customer Personal Data beyond your instructions (for example, responding to a court order), we will inform you of that requirement (unless the law prohibits such notice) so you have a chance to object or seek relief.

You (Customer) may provide additional instructions to Workonomy regarding processing of Customer Personal Data as necessary to comply with your obligations under data protection laws. If such instructions go beyond the agreed Service scope, we will work with you in good faith to accommodate them, but we reserve the right to charge a reasonable fee or require an amendment to the Agreement if they involve material additional work.

4. Our Obligations as Processor

When processing Customer Personal Data on your behalf, Workonomy agrees to:

a. Confidentiality: Ensure that all personnel (employees and contractors) authorized to process Customer Personal Data are under appropriate obligations of confidentiality. We restrict access to Customer Personal Data to individuals who need it to perform their job duties for delivering the Service. We train our staff on privacy and security to maintain confidentiality.

b. Security Measures: Implement appropriate technical and organizational measures to protect Customer Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, or disclosure. These measures are outlined in the Security section of our Privacy Policy and include, for example, encryption, access controls, and regular security assessments. We shall ensure a level of security appropriate to the risk, including measures required by GDPR Article 32 and other applicable laws. Specific security measures include (without limitation): pseudonymization or encryption of data where suitable, systems to ensure ongoing confidentiality, integrity, availability and resilience of processing systems, the ability to restore data from backups, and processes to regularly test and evaluate the effectiveness of security measures. Workonomy will also assist you, taking into account the nature of processing and the information available to us, in ensuring compliance with your own security obligations under data protection laws (for example, by providing you with relevant documentation or certifications upon request, as reasonably necessary).

c. Limitations on Personnel: Ensure that only personnel who need to process Customer Personal Data are able to do so, and that they process it strictly in line with your instructions. We will take reasonable steps to ensure the reliability of any person who has access to Customer Personal Data, and we will promptly remove access for any personnel who no longer require it.

d. Sub-Processors: Workonomy is authorized to engage third-party sub-processors to assist in processing Customer Personal Data for the Service, provided that: (i) any sub-processor is bound by terms that are substantially as protective of Customer Personal Data as this DPA (including confidentiality, security, and cooperation with data subject rights), and (ii) Workonomy remains fully liable for the sub-processor's performance of its data protection obligations. In Section 7 below, we list our major sub-processors. We will make available a current list of sub-processors upon your request (and via our website if we maintain one there). If we need to add a new sub-processor that will process Customer Personal Data, we will provide notice (for example, by updating our sub-processor list online or emailing you) and give you an opportunity to reasonably object on legitimate grounds. If you object and we cannot resolve your concerns, you may terminate your account for convenience (with a pro-rata refund of any prepaid fees for the remaining term) as your sole remedy.

e. Assistance with Data Subject Requests: Taking into account the nature of the processing, Workonomy will assist you by appropriate technical and organizational measures, insofar as possible, to fulfill your obligation to respond to requests from individuals (data subjects) to exercise their rights under data protection laws. This means if an individual whose data is part of the Customer Personal Data contacts you or us to access, correct, or delete their data, or to exercise any right (such as objection or portability), we will cooperate with you to fulfill the request. Typically, you will be able to directly access and rectify or delete the data using our Service interface (since you control the contacts in your account). If the request is made to us, we will notify you without undue delay and, except as required by law, will not respond directly to the individual without your permission (we will instead refer them to contact you as the Controller). In cases where the law requires us to respond (for example, if we are clearly identified as the controller in the individual's eyes or if we must by law), we will limit our response to what is legally necessary and inform you, so you are aware.

f. Assistance with Compliance and DPIAs: Workonomy will, upon reasonable request, provide you with information necessary to demonstrate our compliance with this DPA and allow for and contribute to audits (as described in Section 6 below). We will also assist you in meeting your obligations under data protection laws Articles 32 to 36 of GDPR (and analogous provisions under other laws), which include: keeping personal data secure, notifying personal data breaches to supervisory authorities and/or data subjects, conducting Data Protection Impact Assessments (DPIAs), and consulting with supervisory authorities as needed. Specifically, if you require information from us to complete a DPIA or to consult with a regulator, we will provide relevant information about our Service upon request, to the extent that such information is within our control and not already available to you. We will notify you of any personal data breach affecting Customer Personal Data as described in Section 5 below.

g. Legal Compliance and Law Enforcement: We shall promptly inform you if we receive any communication from a data protection authority relating to the processing of Customer Personal Data, or if we receive any legal requests (such as subpoenas or court orders) for disclosure of Customer Personal Data. We will not turn over Customer Personal Data to a third-party (including law enforcement) unless required by law. If disclosure is compelled by law, we will limit it to the minimum necessary and, if permitted, give you notice so you may object or seek a protective order.

5. Data Breach Notification

In the event Workonomy becomes aware of a personal data breach (security incident leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data) while processing Customer Personal Data, we will notify you without undue delay. Such notification will include, to the extent known at the time, relevant information about the nature of the breach, the data impacted, the likely consequences, and any measures we have taken or plan to take to address and mitigate the breach. We will provide additional information as it becomes available in a timely manner. We will cooperate with you in your own breach notification obligations – for example, by assisting in communication drafts or providing technical details you might need to report to authorities or data subjects. Both parties agree to coordinate in good faith on breach response. You (as Controller) are responsible for determining whether to notify supervisory authorities or affected individuals of the breach, considering information provided by Workonomy and the requirements of applicable law. Workonomy will not make any public statements or notifications about the breach that mention you (the Customer) without your prior consent, unless required by law.

6. Audits and Documentation

Workonomy will make available to you all information reasonably necessary to demonstrate compliance with this DPA and allow for and contribute to audits or inspections conducted by you or an auditor mandated by you. Specifically, upon reasonable written notice, we will permit you to conduct an audit (which may include inspection of our facilities, systems, and relevant records) no more than once per year, except in case of a demonstrated security incident or suspected breach of this DPA. The audit shall be conducted during normal business hours, in a manner not disruptive to our operations, and subject to appropriate confidentiality obligations. You shall be responsible for any audit costs. Before any on-site audit, we may require the auditor to sign a non-disclosure agreement. Alternatively, we may fulfill audit obligations by providing third-party certifications or audit reports (such as SOC 2 Type II reports, ISO 27001 certifications, or similar) that evaluate our practices. If our security certifications and documentation sufficiently demonstrate our compliance, that will typically satisfy audit requests. In any event, you agree to treat any information obtained in the course of an audit as Workonomy's confidential information and not use it for any purpose other than to verify compliance.

7. Sub-Processors (Third-Party Providers)

As mentioned, Workonomy uses certain third parties to help deliver the Service. Current key sub-processors for Customer Personal Data may include: * Cloud Hosting Provider: (e.g., Amazon Web Services or similar) – for data storage, databases, backup, and servers located in the U.S. (and possibly other locations as needed). * OCR and AI Service Providers: – to perform text recognition on business card images and to enrich contact data. For example, an OCR engine might process card images to extract text, and a data enrichment API might receive a name or company to return public social links. We ensure any such provider only receives limited data and is bound to privacy safeguards. * Email/SMS Delivery Provider: – to send out verification emails, notification messages, or SMS codes (if applicable). * Analytics/Crash Reporting Tools: – to help us understand performance issues in the app or usage (these would typically only collect system logs or aggregated data, not the content of your contacts). * Payment Processor: – to handle credit card transactions and subscription billing information (e.g., Stripe, PayPal, or similar). Such processors are PCI-DSS compliant and process payment data securely; Workonomy itself does not store your full credit card details.

This list is not exhaustive. Other ancillary sub-processors may include customer support ticketing systems, content delivery networks (CDNs), or backup storage providers. All sub-processors are bound by data protection agreements. If you need a full list of sub-processors or more detail, please contact us. We will update you of any significant changes to sub-processors as described in Section 4(d).

8. International Data Transfers (for Customer Personal Data)

When acting as Processor, Workonomy will ensure that international transfers of Customer Personal Data are done in compliance with data transfer laws. If Customer Personal Data from the EEA, UK, or Switzerland is transferred to Workonomy in the U.S., the Standard Contractual Clauses (SCCs) between you (data exporter) and Workonomy (data importer) are hereby incorporated into this DPA by reference. By agreeing to this DPA, you and Workonomy are deemed to have signed the SCCs where required, with the relevant details completed as: the "module" applicable is Controller-to-Processor, the optional docking clause is in effect to allow additional parties if needed, the governing law of the SCCs is the law of the EU member state where you are established (or if you have no EU presence, then the law of Ireland by default), and Annexes to the SCCs (listing data categories, etc.) are deemed to include the relevant information from this Privacy Policy (types of data include contact information and business card data; data subjects include your contacts; processing nature is storage, analysis, enrichment as per the Service; and duration is until deletion of data as per your instructions). We also agree to abide by the UK International Data Transfer Addendum or the Swiss addendum if applicable, with similar terms. For data transfers from Japan to outside (including to us in the U.S. or to our sub-processors in other countries), we confirm that we have implemented a personal information protection system by contract to ensure the equivalent level of protection as required by APPI. Specifically, this DPA and our agreements with sub-processors contain the necessary safeguards required under APPI for overseas transfers, and/or we obtain consent from you (and you obtain consent from data subjects if required) for such transfers.

If future data transfer frameworks or certifications become available (for example, a new EU-U.S. adequacy arrangement or an APEC CBPR certification), Workonomy may adopt those as appropriate, but until then, SCCs and contractual measures will remain in place as needed.

9. Customer (Controller) Obligations

You, as the Controller of Customer Personal Data, agree and warrant that: * You will comply with all applicable data protection laws in your use of the Service and your processing of Customer Personal Data. This includes providing any required notices to individuals and obtaining any necessary consents or authorizations for the processing and transfer of personal data to Workonomy and to other third parties as described in the Privacy Policy. You acknowledge that Workonomy relies entirely on your compliance with these obligations. You agree that you are solely responsible for the lawfulness of the collection and processing of all Customer Personal Data you provide to the Service. For users subject to APPI: You specifically warrant that you have obtained all required consents for overseas transfer of personal information, have provided all necessary notifications to data subjects about the purposes of use, and have complied with all APPI requirements before uploading any personal information to our Service. You acknowledge that failure to comply with APPI may result in penalties under Japanese law, and you agree to hold Workonomy harmless from any such violations. For example, if GDPR applies, you confirm that you have a lawful basis (such as consent or legitimate interest) to collect each contact's personal data and upload it to Workonomy, and to allow us to process it on your behalf. If APPI applies, you confirm that you have complied with any requirements under APPI to disclose the purpose of use to the individual or to obtain consent, especially if their data will be transferred to us overseas. * You shall not instruct Workonomy to process any personal data in a manner that would violate any law or that would cause Workonomy to be in breach of applicable data protection law. If any of your instructions infringe applicable law, we will inform you (unless prohibited by law) and we may suspend processing until the instruction is clarified or modified. * You are responsible for the quality and accuracy of Customer Personal Data. Should you become aware that any data you provided is inaccurate or outdated, you will correct it or instruct us to correct or delete it. * You must ensure that any personal data you upload excludes data that is not necessary for the intended purpose. You will not upload excessive or irrelevant personal information about individuals. You will also refrain from uploading any sensitive personal data (such as health information, social security numbers, credit card numbers, biometric identifiers, etc.) to the Service, as the Service is not designed to handle such data. Workonomy shall not be liable for any claim arising from your uploading of sensitive data or any data in violation of law or this Agreement. * You shall keep any login credentials or API keys secure and not share them unauthorizedly, to prevent unauthorized access to Customer Personal Data. Any third-party use of your account will be considered as your instructions to process data, so you must maintain control of access to the Service. * In the event an individual data subject whose data you uploaded exercises their rights (such as asking for deletion or access), you are responsible for responding to such requests. You may use the tools provided in the Service to fulfill the request (e.g., deleting the contact). If additional assistance is needed from Workonomy, you will contact us promptly with details, and we will assist as described earlier. * You will inform Workonomy promptly if you decide to stop using the Service and need all Customer Personal Data returned or deleted, or if you believe that further retention by us is no longer necessary. Upon termination of your account, it is your responsibility to export any data you need before deletion. We will make reasonable efforts to enable you to retrieve your data prior to deletion. * You agree to indemnify and hold Workonomy harmless from any losses, fines, or claims (including reasonable legal fees) arising from your breach of the above obligations or any violation of data protection laws in your capacity as Controller. This includes, for example, any claim that you lacked proper consent or lawful basis to collect and share a third party's personal data with our Service, or any fines imposed due to your failure to comply with your Controller obligations. (This indemnity is in addition to any indemnification clause in the main Terms & Conditions.)

10. Return or Deletion of Data

Upon termination or expiration of your use of our Service, you as Controller may choose to delete all Customer Personal Data via the Service interface. We strongly encourage you to export or download any data you wish to retain before closing your account. After account deletion (or upon your written request), Workonomy will promptly delete all Customer Personal Data from active systems, except to the extent retention is required by law or permitted under Section 9 of the main Privacy Policy (Data Retention) and applicable law. In practice, once your account is deleted, your contacts and uploaded data become inaccessible to you and are scheduled for deletion from our databases, typically within 30 days. Any residual data in backups will be overwritten or securely destroyed in the ordinary course of backup rotation (within an additional period, usually not exceeding 60-90 days). If you require certification of deletion, we can provide a confirmation once the data has been purged. If you prefer the data to be returned to you prior to deletion, you must request this before account closure. We can provide common format exports of your contact data upon request. After termination, Workonomy will not actively process any Customer Personal Data except for storage as part of archival backups (until those are deleted) or as required to fulfill any post-termination legal obligations.

11. Liability and Indemnification

Each party's liability arising out of or in connection with this DPA (whether in contract, tort, or under any theory of liability) is subject to the limitations and exclusions of liability set forth in the Workonomy Terms & Conditions (the "Principal Agreement"). You agree that any claim or remedy you may have arising from Workonomy's processing of personal data (including Customer Personal Data) must be brought under the Terms & Conditions, and this DPA does not grant you additional remedies. In no event shall either party's total liability under this DPA exceed the limitations provided in the Principal Agreement, and Workonomy's total aggregate liability for all claims arising from the Agreement (including this DPA) shall not exceed the limitations stated in the Principal Agreement. No limitation of liability applies to any party's violation of data protection laws to the extent such limitation is prohibited by law, nor does it limit your or our liability to data subjects as provided by law. Additionally, you acknowledge your indemnification obligations in Section 9 above and under the Principal Agreement with respect to your responsibilities as Controller.

12. General Provisions

This DPA is effective for the duration that Workonomy processes Customer Personal Data on your behalf. Termination of the Principal Agreement or your account will terminate this DPA's applicability, except for provisions that naturally survive (such as confidentiality, deletion, etc., until completed). This DPA is governed by the same law and jurisdiction as the Principal Agreement (unless otherwise required by applicable law; for example, Standard Contractual Clauses may stipulate EU law for certain disputes). Any conflict between a provision of this DPA and a provision of the Principal Agreement or Privacy Policy shall be resolved such that the provision most protective of personal data and individuals' privacy shall prevail. In all other cases, the terms of the Principal Agreement remain in full force.

By using the Service and agreeing to the Privacy Policy, you are also agreeing to this DPA. Both parties warrant that they have full authority to bind themselves to this DPA. This DPA may be modified only by a written amendment signed (or acknowledged electronically) by both parties.

— End of Data Processing Addendum —

Please feel free to contact us as provided above if you have any questions about this DPA or need any clarifications on how your data is handled in our role as a Processor. We value the trust you place in us as both a Service provider and a data processor and are committed to handling Customer Personal Data in compliance with all applicable regulations and the commitments outlined here.