Privacy Policy

Last updated: June 10, 2024

This Privacy Policy outlines Our policies regarding the collection, processing, and use of Your Personal Data when You interact with the Service. It informs You about Your privacy rights and how legal frameworks protect Your data. By using the Service, You consent to the practices described herein, enabling Us to provide and enhance the Service in accordance with applicable laws.

Interpretation and Definitions

Interpretation

The capitalized terms have defined meanings as set forth below. These shall be interpreted uniformly irrespective of their singular or plural usage.

Definitions

For the purposes of this Privacy Policy:

• Account
  A unique account is established specifically for you to access our Service or parts of our Service.
• Affiliate
  An entity that controls or is controlled by another party where 'control' is defined as owning at least 50% of shares, equity interest, or other voting securities.
• Application
  The software program named Buteo, provided by the Company, which is made available for download by you on any electronic device,
• Business
  Under the CCPA (California Consumer Privacy Act), the Company is identified as the legal entity that collects Consumers' Personal Data and determines the purposes and means of processing such information, either independently or on behalf of another entity. This designation applies specifically to businesses operating within the State of California.
• Company
  In this Agreement, "We," "Us," or "Our" refers to Buteo Inc., 3540 Toringdon Way. Ste 200, Charlotte NC 28277. For the purposes of the General Data Protection Regulation (GDPR), the Company is designated as the Data Controller.
• Consumer
  For the purpose of the CCPA (California Consumer Privacy Act), means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.
• Cookies
  Small files placed on Your Device, such as computers or mobile devices, by a website, used to track browsing history and other activities.
• Country
  Refers to North Carolina, United States.
• Data Controller
  Under the GDPR (General Data Protection Regulation), the Company is recognized as the legal entity that either independently or in collaboration with others determines the purposes and methods for processing Personal Data.
• Device
  Any machine capable of connecting to the Service, such as a computer, phone, or tablet.
• Do Not Track (DNT)
  A framework promoted by The U.S. Federal Trade Commission (FTC) for the Internet industry to develop mechanisms enabling internet users to manage the tracking of their online activities across multiple websites.
• Personal Data
  Personal Data refers to any information that relates to an identified or identifiable individual. Under the GDPR, Personal Data includes details such as your name, identification number, location data, online identifier, or factors specific to your physical, physiological, genetic, mental, economic, cultural, or social identity. For the CCPA, Personal Data encompasses any information that identifies, relates to, describes, is associated with, or could be reasonably linked, directly or indirectly, to You.
• Sale
  For the purpose of the CCPA (California Consumer Privacy Act), means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer's personal information to another business or a third party for monetary or other valuable consideration.
• Service
  Refers vto the Application or the Website or both.
• Service Provider
  A Service Provider refers to any natural or legal entity processing data on behalf of the Company. This includes third-party companies or individuals engaged by the Company to facilitate the Service, provide related services, or analyze Service usage. Under the GDPR, t Service Providers are classified as Data Processors.
• Third-party Social Media Service
  Any website or social network that allows Users to log in or create an account for Service access.
• Usage Data
  Refers to data gathered automatically through interaction with the Service or its underlying systems (e.g., tracking how long a page is viewed).
• Website
  Refers to the Buteo platform, accessible from https://buteo.app
• You
  The individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under the GDPR (General Data Protection Regulation), You is recognized as the Data Subject or User or the individual utilizing the Service.

Collecting and Using Your Personal Data

Personal Data

When You use Our Services, We may collect certain personally identifiable information ('Personal Data') from You, which We may use to contact or identify You. Personally identifiable information may include, but is not limited to:

• Email Address
• Phone Number
• Usage Data

Usage Data

When using the Service, Usage Data is generated and collected automatically.

Usage Data encompasses details including Your Device's Internet Protocol address (e.g., IP address), browser type and version, pages of our Service visited, the time and date of Your visit, duration spent on those pages, unique device identifiers, and other diagnostic data.

When You access the Service via a mobile device, We may collect specific information, including Your Device type, unique ID, IP address, operating system, browser details, and other related diagnostic data.

We may also collect information that Your browser transmits when You visit our Service or access it via a mobile device.

Information Collected while Using the Application

When using Our Application, we may collect with your prior permission certain information in order to provide necessary features or Services:

• Pictures and other files, or data from your Device's camera and photo library

This information is utilized by Us to provide and enhance features of Our Service or customize Our Service to your needs. It may be stored either on our servers, a Service Provider's server, or Your device.

You can manage access to this information at any time through Your Device Settings.

Tracking Technologies and Cookies

We employ Cookies and comparable tracking technologies to authorize access to specific sections, settings, and features of Our Service. Cookies are also used to monitor activity and store information. These tools may include beacons, tags, and scripts designed to collect and analyze data to enhance and optimize Our Service. The technologies We utilize may include:

• Cookies
  A cookie is a small file stored on Your Device that enables functionality of our Service or Website. You may configure Your browser settings to refuse Cookies or receive notifications when Cookies are being sent. However, refusing Cookies will prevent You from signing in or accessing features of Our Service. Unless Your browser is specifically set to refuse Cookies, Our Service will utilize them for purposes outlined in this Privacy Policy.
• Web Beacons
  Certain sections of our Service and emails may include small electronic files known as web beacons (also referred to as clear gifs, pixel tags, or single-pixel gifs). These tools allow the Company to track user interactions, such as counting visits to specific pages, monitoring email opens, and collecting website statistics. This data helps assess the popularity of certain sections or features and ensures system and server integrity.

Cookies can be classified as either "Persistent" or "Session" specific. Persistent Cookies remain on your personal computer or mobile device even when offline, while Session Cookies are deleted once You close Your web browser.

We use both Session and Persistent Cookies for the purposes set out below:

We employ Session and Persistent Cookies for the following purposes:

• Functionality Essential Service Cookies
  Persistent Cookies administered by Us. These Cookies are essential to provide You with services available through the Service or Website and to enable You to use some of its features. They authorize users, save login credentials, remember preferences, enhance security, and prevent fraudulent use of user accounts. Persistent Cookies are Without these Cookies, the services that You require cannot be provided, and We only use these Cookies to provide You with those services.
• Cookies Policy / Notice Acceptance Cookies
  Persistent Cookies administered by Us. These Cookies identify if users have accepted the use of cookies on the Website.
• Performance and Tracking Cookies
  Persistent cookies managed by third parties are utilized to monitor Website or Service traffic patterns and user interactions. These cookies may indirectly identify individual users through pseudonymous identifiers associated with their Devices. Additionally, such cookies can be employed to evaluate consumer reactions to new features or functions of the Service or on the Website.
• Targeting and Advertising Cookies
  Persistent Cookies administered by Third-Parties are used to track your browsing habits with the aim of delivering advertising that aligns with your interests. These Cookies analyze your browsing history to categorize You into groups with similar preferences. With this information, and Our Permission, third-party advertisers may place additional Cookies on Your Device, enabling them to display targeted adverts across third-party websites.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

• To provide and maintain our Service
  Including to monitor the usage of our Service.
• To manage Your Account
  By providing Your Personal Data, You enable the creation of an Account and gain access to functionalities of the Service available to registered users.
• For the performance of a contract
  The creation, compliance with, and fulfillment of purchase contracts for products, items, or services You have acquired or any other agreements entered with Us through the Service.
• To communicate with You
  We communicate with you through various means, such as email, telephone calls, SMS messages, mobile application push notifications, or similar electronic methods to provide updates and inform you about necessary security updates, functionalities, products, or services related to our Business.
• To provide You
  with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
• To handle Your requests
  To attend and manage Your requests to Us.
• To deliver targeted advertising to You
  We may utilize Your information to develop, display, and optimize tailored content and advertising for You, in collaboration with third-party vendors, based on Your interests and/or geographic location. Your information may also be used for measuring the effectiveness of our advertising efforts.
• For business transfers
  We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
• For other purposes
  We may utilize Your information for purposes such as data analysis, identifying usage trends, evaluating the effectiveness of promotional campaigns, and enhancing our Service, products, features, marketing efforts, and your overall experience.

We may share Your personal information in the following situations:

• Service Providers
  We may share Your personal information with Service Providers for purposes including monitoring and analyzing the use of our Service, processing payments, displaying advertisements to You to support Our Service, to advertise on third party websites to You after visiting our Service or Website, and to contact You.
• Business Transfers
  We may disclose or transfer Your Personal Data in connection with, or during negotiations of, any merger, sale of Company assets, financing transaction, or acquisition involving all or a portion of the Business to another company.
• Affiliates
  We may share Your information with Our Affiliates, who are required to adhere to this Privacy Policy. Affiliates include subsidiaries, joint venture partners, or other entities We control or that are under common control with Us.
• Business Partners
  We may share Your information with Our business partners in order to offer You products, services, or promotions.
• Other Users
  When You share Personal Data or interact in public areas on the Website, such information may be visible to all users and could potentially be shared externally.
• Your Consent
  We may share Your Personal Data for any other purpose only with Your consent.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. We will store and utilize Your Personal Data as required by our legal obligations (such as compliance with applicable laws), address disputes, and enforce our legal agreements and policies.

The Company also retains Usage Data for internal analysis purposes, typically for a limited time. However, this data may be retained longer if necessary to enhance security, improve functionality, or comply with legal obligations.

Transfer of Your Personal Data

Your Personal Data is processed at the Company's operating offices and any other locations where the parties involved in processing are based. This means Your information may be transferred to and maintained on computers located outside Your state, province, country, or jurisdiction, where data protection laws may differ from Your local jurisdiction.

By consenting to this Privacy Policy and submitting Your information, You agree to the transfer.

The Company will implement all reasonable measures to ensure Your Personal Data is handled securely and in compliance with this Privacy Policy. No transfer of Your Personal Data to an organization or country will occur unless adequate safeguards are in place, including ensuring the protection of Your data and other personal information.

Disclosure of Your Personal Data

Business Transactions

In the event of a merger, acquisition, or asset sale involving the Company, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

In certain situations, the Company may be legally obligated to disclose Your Personal Data when required by authorities such as law enforcement, courts, or government agencies.

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of Users, of the Service, or the public
• Protect against legal liability

Security of Your Personal Data

We are committed to safeguarding Your Personal Data, though we must emphasize that no data transmission over the Internet or electronic storage method is 100% secure. While We employ commercially acceptable measures to protect Your Personal Data, We cannot guarantee its absolute security.

Detailed Information on the Processing of Your Personal Data

The Service Providers we use may have access to Your Personal Data. These third-party vendors collect, store, process, and transfer information about Your activity on Our Service in accordance with their Privacy Policies.

Analytics

We may utilize third-party service providers to monitor and analyze the usage of the Service.

• Google Analytics
  Google Analytics is a web analytics service that tracks and reports website traffic, enabling us to monitor and analyze Service usage. Google collects data through cookies and other tracking technologies, which may be shared across its services for purposes such as contextualizing and personalizing ads on its advertising network. Users can opt out of having their activity tracked by Google Analytics by installing the browser add-on or adjusting Your mobile Device settings. For further details on privacy practices, consult Google's Privacy Policy: [https://policies.google.com/privacy](https://policies.google.com/privacy).

Advertising

We may utilize Service Providers to display advertisements to You in order to support and maintain Our Service.

• Google AdSense & DoubleClick Cookie
  Google, as a third-party service provider, uses cookies on our Service to serve ads. The DoubleClick cookie enables Google and its partners to display targeted ads based on users' online activity across various sites. You can opt out of interest-based advertising by adjusting your settings at http://www.google.com/ads/preferences/. These settings provides control over how your data is used for ad targeting.
• AdMob by Google
  AdMob by Google, is operated by Google Inc., You opt out of its services by following instructions located at: https://support.google.com/ads/answer/2662922?hl=en. For detailed information on how Google uses collected data, visit ("How Google uses data when you use our partners' sites or app";(https://policies.google.com/technologies/partner-sites) page or review their Privacy Policy. https://policies.google.com/privacy
• Amazon A9 Ads
  Their Privacy Policy can be viewed at https://www.amazon.com/gp/help/customer/display.html/ref=hp_left_sib?ie=UTF8&nodeId=468496

Email Marketing

We utilize Your Personal Data to provide You with newsletters, marketing materials, and promotional content relevant to Your interests. You have the option to opt-out of receiving any or all communications by following the unsubscribe link in any email we send or by contacting us directly.

We may utilize Email Marketing Service Providers to manage and send emails directly to You.

Payments

We may offer paid products or services through our Service, which may involve third-party payment processing (e.g. payment processors) services to facilitate transactions.

We do not store or collect Your payment card details. Such information is provided directly to Our third-party payment processors, whose handling of Your personal data is governed by their respective Privacy Policies. These processors comply with PCI-DSS standards, managed by the PCI Security Standards Council—a collaboration involving major brands including Visa, Mastercard, American Express, and Discover. PCI-DSS requirements aid in the secure handling of payment information.

• Stripe
  Their Privacy Policy can be viewed at https://stripe.com/us/privacy
• Authorize.net
  Their Privacy Policy can be viewed at https://www.authorize.net/company/privacy/

Behavioral Retargeting

The Company may employ retargeting services to target You after accessing or visiting our Service. We, along with Our third-party vendors, utilize cookies and non-cookie technologies to identify Your Device and analyze how You interact with our Service. This enables us to enhance our offerings and deliver advertisements tailored to Your interests, ensuring they are more relevant to You.

These third-party vendors collect, store, use, process, and transfer information about Your activity on Our Service in accordance with their Privacy Policies. This enables Us to:

• Measure and analyze traffic and browsing activity on Our Service
• Show advertisements for our products and/or services to You on third-party websites or apps
• Measure and analyze the performance of Our advertising campaigns

Third-party vendors may utilize non-cookie technologies that are unaffected by browser settings designed to block cookies. It is important to note that Your browser may prevent You from blocking these mechanisms. To manage the usage and blocking of these technologies you may use the following third-party services:

• The NAI's opt-out platform: http://www.networkadvertising.org/choices/
• The EDAA's opt-out platform http://www.youronlinechoices.com/
• The DAA's opt-out platform: http://optout.aboutads.info/?c=2&lang=EN

You may choose to disable personalized advertising by enabling privacy settings on Your mobile device, such as Limit Ad Tracking (iOS) or Opt Out of Ads Personalization (Android). For detailed instructions, consult the Help section of Your device.

The Service may share certain information, such as hashed usernames (if available) or other online identifiers, with third-party vendors. This practice enables vendors to recognize users and deliver targeted advertisements across various Devices and browsers. For further details regarding the technologies and capabilities employed by these vendors, please review their respective Privacy Policies.

The third-party vendors We use are:

• Google's retargeting services, including Google Ads (AdWords), allow users to customize ad preferences and opt out of data collection via the Google Ads Settings page: http://www.google.com/settings/ads. Users can also install the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout) for enhanced privacy controls. For further information on Google's privacy practices, visit https://policies.google.com/privacy.

GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following circumstances:

• Consent: Providing Your consent, You explicitly allow the processing of Personal Data for one or more specific purposes.
• Performance of a contract: The collection and processing of Personal Data are essential for fulfilling obligations under an agreement with You, including any related pre-contractual duties.
• Legal obligations: The Processing of Personal Data is necessary to comply with legal obligations to which the Company is subject.
• Vital interests: Processing of Personal Data is necessary to protect Your vital interests or those of another natural person.
• Public interests: Processing of Personal Data by the Company may be necessary for tasks carried out in the public interest or as part of its official authority under applicable law.
• Legitimate interests: Processing Personal Data is necessary for the legitimate interests pursued by the Company in the context of its business operations.

In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Your Rights under the GDPR

The Company is committed to safeguarding the confidentiality of Your Personal Data and ensuring that You have the ability to exercise your rights.

Under this Privacy Policy and applicable law if you are within e European Union (EU), You have the right to:

• You have the right to request access to, update, or delete Your Personal Data. These actions can often be performed directly through Your Account settings. If You encounter difficulties performing these tasks independently, please reach out to Us for assistance. This process allows You to obtain a copy of the Personal Data We maintain about You.
• You have the right to request correction of any incomplete or inaccurate Personal Data that We hold about You.
• Object to processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing purposes.
• You have the right to request the erasure of Your Personal Data when there is no legitimate reason for its continued processing and storage.
• You have the right to request the transfer of Your Personal Data. We will provide Your Personal Data, either directly to You or to a third-party service of your choosing in a structured, commonly used, and machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.
• You have the right to withdraw your consent for the use of your Personal Data at any time. However, by doing so, certain functionalities of the Service may no longer be accessible to you.

Exercising of Your GDPR Data Protection Rights

You may exercise Your rights of access, rectification, cancellation and opposition by contacting Us. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, We will try our best to respond to You as soon as possible.

You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.

CCPA Privacy

This privacy notice for California residents supplements the information provided in Our Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California.

Categories of Personal Information Collected

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device. The following is a list of categories of personal information which we may collect or may have been collected from California residents within the last twelve (12) months.

This notice pertains to the categories of personal data defined under the California Consumer Privacy Act (CCPA). It is important to note that while these categories are outlined, it does not imply that all possible examples within each category have been collected by Us. For instance, certain types of personal information may only be gathered if directly provided by You to Us.

• Category A: Identifiers. Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver's license number, passport number, or other similar identifiers. Collected: Yes.
• Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. Collected: Yes.
• Category C: Protected classification characteristics under California or federal law. Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). Collected: Yes.
• Category D: Commercial information. Examples: Records and history of products or services purchased or considered. Collected: Yes.
• Category E: Biometric information. Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. Collected: Yes.
• Category F: Internet or other similar network activity. Examples: Interaction with our Service or advertisement. Collected: Yes.
• Category G: Geolocation data. Examples: Approximate physical location. Collected: No.
• Category H: Sensory data. Examples: Audio, electronic, visual, thermal, olfactory, or similar information. Collected: No.
• Category I: Professional or employment-related information. Examples: Current or past job history or performance evaluations. Collected: Yes.
• Category J: Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Collected: No.
• Category K: Inferences drawn from other personal information. Examples: Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Collected: No.

Under CCPA, personal information does not include:

• Publicly available information from government records
• Deidentified or aggregated consumer information
• Information excluded from the CCPA's scope, such as:
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
  • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994

Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

• We collect Personal Data directly from You. This includes information from forms You complete on our Service, Your expressed preferences through our Service, as well as data from Your purchases on our Service.
• Indirectly from You. For example, from measuring and analyzing Your activity on our Service.
• Information may also be collected automatically through Cookies We or our Service Providers set on Your Device when You utilize our Service
• From Service Providers. For example, third-party vendors may be engaged to monitor and analyze the use of our Service, deliver advertisements, including targeted advertising, process payments, or provide other services essential to operating the Service for You.

Use of Personal Information for Business Purposes or Commercial Purposes

We may use or disclose personal information We collect for "business purposes" or "commercial purposes" (as defined under the CCPA), which may include the following examples:

Your Personal Data may be utilized or shared for "business purposes" or "commercial purposes," as defined under the California Consumer Privacy Act (CCPA). This encompasses activities aimed at achieving operational objectives, advancing our business goals, and delivering services effectively.

• To operate our Service and provide You with our Service.
• For auditing and internal administrative purposes.
• To provide You with support and respond to Your inquiries, including investigating and addressing concerns, and monitoring and improving our Service.
• We may use Your Personal Data to fulfill Your need or reason you provided the information. For instance, If You provide Your Personal Data to purchase a product or service, We will use it to process Your payment and facilitate delivery. If You share Your personal information to ask a question about our Service, We will use that information to respond to Your inquiry.
• To comply with legal obligations, respond to law enforcement requests, or adhere to applicable laws, court orders, or governmental regulations.
• As described to You when collecting Your personal information or as otherwise set forth in the CCPA.
• To prevent security breaches and combat malicious, deceptive, fraudulent, or illegal activities, including taking necessary measures to identify and prosecute those responsible when necessary.

The examples provided above are illustrative only and not intended to be exhaustive. For further details on how we use your Personal Data, please refer to the "Use of Your Personal Data" section.

If We decide to collect additional categories of personal information or use the personal information We collected for materially different, unrelated, or incompatible purposes We will update this Privacy Policy.

Disclosure of Personal Information for Business Purposes or Commercial Purposes

We may use or disclose and may have used or disclosed in the last twelve (12) months the following categories of personal information for business or commercial purposes:

We may use, disclose, or have used/disclosed in the past twelve (12) months certain categories of Personal Data for Business or commercial purposes, in accordance with applicable laws such as the GDPR and CCPA.

• Category A: Identifiers
• Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
• Category D: Commercial information
• Category F: Internet or other similar network activity

The categories listed are those defined under the CCPA, but this does not imply that every example of personal data within these categories has been disclosed. Instead, it reflects our good faith belief, based on our knowledge, that some information from these categories may have been shared or could potentially be shared.

When We disclose Personal Data for a Business or Commercial Purpose, We enter into a contract that specifies the purpose of such disclosure, mandates confidentiality, and restricts the recipient from using the information for any other purpose than fulfilling their obligations under the contract.

Sale of Personal Information

As defined in the CCPA, "sell" and "sale" mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to a third party for valuable consideration. We do not sell your personal information. However, We may aggregate information you and others provide through our Services and share it publicly or with third parties.

Please note that the categories below are those defined under the CCPA. This does not mean that all examples of that category of personal information were in fact sold, but reflects our good faith belief to the best of our knowledge that some of that aggregated information from the applicable category may be and may have been shared for value in return.

• Category A: Identifiers
• Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
• Category D: Commercial information
• Category F: Internet or other similar network activity

Share of Personal Information

We may share Your personal information listed in the above categories with the following categories of third parties:

• Service Providers
• Payment processors
• Our affiliates
• Our business partners
• Third-partys service providers to whom You or Your agents have authorized Us to share Your Personal Data in connection with the products or services We provide to You.

Your Rights under the CCPA

Under the California Consumer Privacy Act (CCPA), California residents have specific rights regarding their personal information:

• The right to notice. You have the right to be notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
• The right to notice. You have the right to be notified regarding the categories of Personal Data being collected and the specific purposes for their use.
• The right to request. Under the CCPA, You have the right to request that We disclose information about Our collection, use, sale, disclosure for business purposes, and sharing of Personal Data. Upon receiving and confirming Your request, we will provide this information to You.
  • The categories of personal information We collected about You
  • The categories of sources for the personal information We collected about You
  • Our business or commercial purpose for collecting or selling that personal information
  • The categories of third parties with whom We share that personal information
  • The specific pieces of personal information We collected about You
  • In the event that We sell or disclose Your Personal Data for a business purpose, We will disclose to you:
    • The categories of personal information categories sold
    • The categories of personal information categories disclosed
• You have the option to opt out by directing Us not to sell Your Personal Data. To submit an opt-out request, please contact Us directly.
• You have the right to request the deletion of Your Personal Data, subject to specific exceptions. Upon receiving and confirming Your request, We will delete (and instruct Our Service Providers to delete) Your Personal Data from our records, provided no applicable exceptions apply. Your deletion request may be denied if retaining the information is necessary for Us or Our Service Providers to:
  • Complete transactions for which We collected such information, deliver goods or services requested by You, manage actions reasonably anticipated within the context of our ongoing business relationship with You, and fulfill obligations under our agreements.
  • Detecting security incidents and taking measures to prevent malicious, fraudulent, or illegal activities, as well as pursuing legal action against those responsible for such actions.
  • Debug products to locate and repair errors that impair existing intended functionality.
  • Exercise the right to free speech, ensure another consumer's ability to exercise their own free speech rights, or exercise any other legal right by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. Seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research that serves the public interest, provided it complies with applicable ethics and privacy laws. This applies especially if the deletion of data would significantly hinder the research's completion, if You previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with Us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which You provided it.
• The right not to be discriminated against. You have the right not to be discriminated against for exercising any of Your consumer's rights, including by:
  • Denying goods or services to You
  • Charging different prices or rates for goods or services, including the use of discounts or other benefits, as well as imposing penalties or restrictions.
  • Providing a different level or quality of goods or services to You
  • Suggesting that You will receive a different price or rate for goods or services or a different level or quality of goods or services

Exercising Your CCPA Data Protection Rights

In order to exercise any of Your rights under the CCPA, and if You are a California resident, You can contact Us:

To exercise Your rights under the CCPA, as a California resident, You may contact Us:

• By email: support@buteo.app

Under the California Consumer Privacy Act (CCPA), only You or an individual registered with the California Secretary of State and explicitly authorized by You to act on Your behalf may submit a verifiable request regarding Your personal information.

Your request to Us must:

• Provide sufficient information that allows Us to reasonably verify You are the person about whom We collected personal information or an authorized representative
• Clearly outline your request with sufficient detail that enables us to fully understand, evaluate, and respond appropriately.

Our ability to process and respond to Your request or provide You with the required information depends on Our capacity to verify certain details tied to Your Account or Device. We cannot respond to your request if we cannot:

• verify Your identity or authority to make the request
• confirm that the personal information relates to You

We will disclose and deliver the required information free of charge within 45 days of receiving Your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonable necessary and with prior notice.

Disclosures we provide are limited to the 12-month period preceding the receipt of a verifiable request.

For data portability requests, We will select a format to provide Your personal information that is readily useable and should allow You to transmit the information from one entity to another entity without hindrance.

Website

You may opt out of receiving personalized ads served by our Service Providers by following the instructions available on the Service.

• The NAI's opt-out platform: http://www.networkadvertising.org/choices/
• The EDAA's opt-out platform http://www.youronlinechoices.com/
• The DAA's opt-out platform: http://optout.aboutads.info/?c=2&lang=EN

Opting out will store a cookie specific to the browser you use on Your Device. If you switch browsers or clear cookies, you will need to opt out again.

Mobile Devices

Your mobile Device may enable You the ability to opt out of the use of information about the apps You use in order to serve You ads that are targeted to Your interests:

• "Opt out of Interest-Based Ads" or "Opt out of Ads Personalization" on Android devices
• "Limit Ad Tracking" on iOS devices

You can prevent the collection of location information from Your mobile device by adjusting its settings or preferences on Your Device.

"Do Not Track" Policy as Required by California Online Privacy Protection Act (CalOPPA)

Our Service does not respond to Do Not Track signals.

However, some third-party websites may track Your browsing activities. To manage this tracking, You can adjust Your browser's Do Not Track (DNT) settings. These preferences will inform websites that you do not want to be tracked.

Children's Privacy

Our Service is not intended for individuals under the age of 13, and we do not knowingly collect Personal Data from this demographic. If you are a parent or guardian and discover that your child has shared Personal Data with us, please contact us immediately. In the event that we become aware of such data collection without verified parental consent, we will promptly remove it from our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Your California Privacy Rights (California's Shine the Light law)

Under California Civil Code Section 1798 (California's Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties' direct marketing purposes.

If you'd like to request more information under the California Shine the Light law, and if You are a California resident, You can contact Us using the contact information provided below.

California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)

Under California Business and Professions Code section 22581, California residents under the age of 18 who are registered users of online sites, services, or applications may request and obtain removal of content or information they have publicly posted.

If You are a California resident, and desire to request removal of such data, You may contact Us using the provided information below. Please include the email address associated with Your Account.

Be advised that Your request does not guarantee the complete or comprehensive removal of content or information online, as the law may prevent or not require removal in certain circumstances.

Rights of General Users to Delete Their Account and Data

We prioritize Your privacy and are dedicated to ensuring you have control over Your Personal Data. You have the option to permanently delete your Account and associate Personal Data.

How to Delete Your Account and Data

You may delete Your Account and associated data by using one of the following methods:

1. Self-Service Deletion via the Buteo App

• Log in to your account at https://soar.buteo.app/.
• Navigate to the Account Settings section.
• Select the Delete Account option.
• Follow the on-screen instructions to confirm the deletion process.

2. Request Deletion Assistance

• If you prefer assistance, you may submit a request to our support team via email by sending it to support@buteo.app.
• Please ensure that You provide enough information to confirm Your identity (e.g., an email address associated with Your Account).
• Our team will handle your request and inform you once the deletion process is complete.

Important Notes

Once your account is deleted, your data will be permanently removed from our systems, except in cases where:

Upon deletion of your account, all Personal Data will be permanently removed from our systems, except in cases where:

• Retention is required by law.
• The data is required to complete pending transactions or fulfill active services.
• The data is actively utilized by any teams you were formerly associated with. In which case all personal identifiable information will be removed.
• This data must be retained for internal business purposes, aligned with user expectations (e.g., ensuring service integrity).

This ensures that you can manage your data in the way that best suits your needs.

Links to Other Websites

Our Service may include links to Third-Party services or websites not operated by Us. By clicking on these links, You will be redirected to that third party's site. We strongly recommend reviewing the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Future Privacy Policy Changes

We may update our Privacy Policy from time to time and will notify You of any changes by posting the updated version on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

• By email: support@buteo.app