Privacy Policy

This Privacy Policy ("Policy" or "Privacy Policy") explains how we ("Company", we", "our" or "us"), the developer and provider of "Stackem" webapp (the "Product"), collects, stores, uses, discloses, and otherwise processes Personal Data related to you when you ("you", "your" or "Users") install, access, use, or otherwise engage with the Product and any of our other online activities made available by us in connection with the Product. This Privacy Policy forms an integral part of our End User License Agreement or any other agreement that references this Privacy Policy.

We encourage you to read this Policy carefully and reach out to us if you have any further questions. You acknowledge that the provision of Personal Data is voluntary. Where required under applicable law, we will process Personal Data relating to you based on your consent. You are not legally obligated to provide us with Personal Data; however, if you choose not to provide certain Personal Data, or not to permit us to process it, certain features or functionalities of the Product may not operate properly or may not be available.

U.S. State Privacy Specifications: See Section 11 – "Additional notice for United States residents" to learn more about our privacy practices and your rights under U.S. jurisdiction, including, to the extent that the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA") applies to the processing of Personal Data, the "Additional notice for United States residents" shall serve as a Notice at Collection and Privacy Policy as required under the CCPA.

1. Updates and Amendments

We may update and amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be accessible from our website- https://www.stackemapp.com/ ("Website"). The updated date of the Policy will be reflected in the "last modified" heading. In case of a material change, or if required by law, we will provide notice reflecting these changes, and any such material amendments to our privacy practices described under this Policy will become effective within the period noted in such notice. Unless otherwise notified, any changes will become effective when we publish the modified Policy.

2. Data Controller

We are the "data controller" and define the purposes and means of data processing.

If you have any questions about this Privacy Policy, or if you believe that your privacy rights are compromised, please email: [email protected].

3. Personal Data We Process & Purpose of Collection and Use

"Personal Data" means information that identifies an individual or that can reasonably be used to identify an individual, either directly or indirectly, as further defined under applicable laws (including equivalent terms such as "personal information" or "personally identifiable information"). "Non-Personal Data" means technical information that does not identify an individual, such as language preference, screen resolution, etc. Non-Personal Data connected or linked to any Personal Data shall be deemed Personal Data for as long as it remains combined.

We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Product. We have detailed below the Personal Data processed, the purpose and operation, and the lawful basis. In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Product and to enforce our End User License Agreement, as well as to protect the security or integrity of our databases and the Product, and to take precautions against legal liability. Such processing is based on our legitimate interests.

The Product is not intended to collect or process (and to the best of our knowledge does not) "Sensitive Data" as defined under applicable laws (including equivalent terms such as "highly sensitive information", "special categories of personal data", or "sensitive personal information"). Users are therefore requested not to submit or upload any such Sensitive Data through the Product, which includes, depending on the jurisdiction and applicable laws, racial or ethnic origin, religious or philosophical beliefs, sexual orientation, health related information, certain financial information, etc.

Detailed information on the Personal Data processed, the purpose and the lawful basis:

3.1. Unique Identifiers: When you use the Product (including tools and features made available through the Product), we, or our third-party partners, identify unique identifiers associated with your device, IP address, cookie ID, installation ID, affiliate ID, etc. ("Unique Identifiers"). Unique Identifiers are used for analytics and operational purposes, correcting errors and bugs, to secure our Product and related systems, to enable you to use the Product and to provide you with its functionalities, and are processed subject to our legitimate interest in ensuring the security of our Product, authentication, understanding how our Product is used, correcting errors, and enhancing experience.

3.2. Usage Data: We further process, directly or indirectly through our third-party service providers, usage data, including information regarding your interaction with the Product, features used, time stamp and duration of use, click stream data, errors that occurred (collectively, "Usage Data"). We will use Usage Data and inferred data for statistical and analytical purposes and internal development. These data sets are processed based on legitimate interest in operating, maintaining, enhancing, and improving our Product.

3.3. Support: When you contact us for customer support, we will process your contact information, as well as any information you choose to provide as part of our communications and correspondence. We will use contact information to provide customer support and communicate with you. We will retain such communications to have records of the support that was provided for any future needs as well as to further improve our Product and support. We process such information for the purpose of providing the support and performing our contract with you. We will further retain our communications for record keeping and Product improvement, including training our customer support team, based on our legitimate interest.

3.4. User Images and Content: The Product enables you to create a collage ("Collage") by selecting a template, placing your images into designated cells, adjusting spacing, colors, and other design elements, and downloading the final output image, all as detailed in the End User License Agreement or contact [email protected].

4. How We Collect Your Information

Depending on the nature of your interaction with us, we may collect the Personal Data detailed above from you, as follows: (i) Automatically, when you interact with our Website, including through the use of cookies and similar tracking technologies (as detailed below), as well as, where applicable; and (ii) Directly from you, when you voluntarily choose to provide us with information, such as when you upload User Content that contains Personal Data.

5. Cookies and Similar Technologies

Cookies and similar technologies may include cookies, local storage, pixels, scripts, plugins, and other technologies that store or access information on a user's device. We use cookies and similar technologies solely on our Website or other digital assets promoting the Product. These providers include:

• Google Analytics, a web analytics service provided by Google, Inc. Google's privacy practices are subject to Google's privacy policy, available here: https://policies.google.com/privacy?hl=en-US.
• Cloudflare, which we use for content delivery, security, and performance services. Cloudflare's privacy practices are subject to Cloudflare's privacy policy, available here: https://www.cloudflare.com/privacypolicy/.

6. Data Sharing – Categories of Recipients We Share Personal Data With

We share Personal Data relating to you with third parties, including our partners or service providers that help us provide our Product. When we share data with service providers and partners, we ensure they only have access to such information that it is strictly necessary for us to provide the Product. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all applicable data protection regulations (such service providers may use other Non-Personal Data for their own benefit).

You can find here information about the categories of such third-party recipients:

6.1. Service Providers: Service providers process Personal Data on our behalf and are limited to using such Personal Data solely for the purpose of providing the services, specifically:

6.1.1. General Service Providers: Process all Personal Data listed above, except for the User Content stored locally on your device, including cloud hosting providers, CDNs, internet service providers, operating systems and platforms, data and cybersecurity services, fraud detection services, billing and payment processing services, etc.

6.1.2. Trackers and Analytic Providers: Process the Unique Identifiers and Usage Data to provide us with analytic information, crashes and errors, etc.

6.2. Subsidiaries and Affiliated Companies: We may share Personal Data, internally within our Company or in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy. Such recipients process all Personal Data except for data which is stored locally on your device.

6.3. Authorities, Security Providers, Governmental Agencies: Such disclosure or access may occur if we believe in good faith that: (a) we are legally compelled to do so; (b) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) such disclosure is required to protect our legitimate business interests, including the security or integrity of our Product. The Personal Data could include any Personal Data, except for data which is stored locally on your device, depending on the purpose and needs.

7. Your Rights

We understand that privacy preferences vary among individuals, and we are committed to transparency regarding the Personal Data we collect and how it is used. Depending on your relationship with us, your location, and applicable data protection laws, you may have certain rights and choices with respect to Personal Data relating to you. We usually provide individuals with the rights to exercise the rights under the EU General Data Protection Regulation ("GDPR") as a benchmark; these rights include rights to access Personal Data, portable Personal Data, delete Personal Data, or opt-out, and withdraw consent for processing Personal Data, among others. For more information, please see: https://commission.europa.eu/law/law-topic/data-protection/information-individuals_en. U.S. state laws provide similar rights with certain differences; in the U.S. supplement in Section 11, you can review a list of such rights.

At any time, you may lodge a complaint with the applicable regulatory authority or contact us at [email protected]. You also have the right to appeal. If we decline to take action on your request, we will inform you without undue delay, as required under applicable law.

8. Data Retention

In general, unless a different retention period is described above, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, when permissible by law or regulation, or until you request to delete your information, where applicable.

Other circumstances in which we may retain Personal Data relating to you for longer periods of time when permissible by law or regulation include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to Personal Data relating to you.

Please note that except as required by applicable law or our specific agreements with you, we will not be obliged to retain Personal Data relating to you for any particular period, and we are free to securely delete it or restrict access to it for any reason and at any time, with or without notice to you.

9. Security Measures and Transfers

We implement appropriate and industry-standard technical, organizational, and security measures to reduce the risks of damage to (or loss of) information, or any unauthorized access or use of information. This includes a protocol for responding to a data security incident that may compromise the security of Personal Data. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure Personal Data relating to you, it is not guaranteed, and you cannot expect that the Product will be immune to information security risks or attacks. Also, as the security of information depends in part on the security of the computer, device or network you use to communicate with us, the security of Personal Data relating to you depends on you as well. Please make sure to take appropriate measures including the use of secure networks and devices and the protection of your access credentials.

We will take necessary steps to ensure that sufficient safeguards are provided during the transfer of such Personal Data, in accordance with the provisions of the EU, UK, or Swiss Standard Contractual Clauses or, as applicable, the EU/UK-U.S. Data Privacy Framework. Thus, we will obtain contractual commitments or assurances from the data importer to protect Personal Data relating to you, using contractual protections that regulators have pre-approved to ensure Personal Data relating to you is protected.

Please contact us if you become aware of a third party's attempt to gain unauthorized access to any Personal Data relating to you. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to Personal Data relating to you.

10. Eligibility and Children's Privacy

The Product is not intended for use by children under the age of 13, and we do not knowingly process children's information. We will discard any information we receive from a User who is considered a child immediately upon discovering that such a User shared information with us. Please contact us and let us know if you have reason to believe that a child has shared any information with us.

11. Additional Notice for United States Residents

The information provided below supplements the information contained in this Privacy Policy and applies to residents of such states. These additional disclosures are intended to provide you with additional information regarding our handling of Personal Data relating to you and certain consumer rights. Residents of certain U.S. states may have additional rights under applicable privacy laws and be entitled to additional disclosures.

Under applicable U.S. privacy laws, "Personal Data" generally means any information that is linked or reasonably linkable to an identified or identifiable individual (and usually does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the state law's scope).

"Sensitive Data" includes data revealing racial, ethnic or national origin; religious beliefs; information regarding an individual's medical history, mental or physical health condition, diagnosis or medical treatment; neural data; status as transgender or non-binary; sex life or sexual orientation; status as a victim of a crime; citizenship or immigration status; genetic or biometric data; Personal Data collected from a known child; and precise geolocation data.

We are required to provide you with a clear and accessible privacy notice that includes the categories of Personal Data processed, the purpose of processing, the categories of Personal Data shared with third parties, the categories of third parties with whom Personal Data is shared, the categories of Personal Data that are sold or used for targeted advertising, if any, the categories of third parties to whom the Personal Data is sold, if any, a list of your data rights, and instructions for exercising those rights and appealing decisions, and our contact information. This information is detailed under this Privacy Policy and further below.

1. Categories of Personal Data & Categories of Third Parties with Whom Personal Data is Shared:

Under Section 3 of the Privacy Policy, "Personal Data We Process & Purpose of Collection and Use," we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored, or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent, unless we are otherwise entitled, required, or permitted under applicable laws.

Additionally, under Section 6 of the Privacy Policy, "Data Sharing – Categories of Recipients We Share Personal Data With", we detail and disclose the categories of third parties with whom we share Personal Data for business purposes.

2. Consumer Rights Related to Their Personal Data:

Section 7 under this Privacy Policy "Your Rights" provides additional information regarding your principal rights. Residents of certain U.S. states may have additional rights under applicable privacy laws, subject to certain limitations, which may include:

2.1. Access – the right to confirm whether we are processing their Personal Data and to obtain a copy of their Personal Data in a portable and, to the extent technically feasible, readily usable format.

2.2. List of Third Parties – the right to receive a list of the specific third parties to which we have disclosed either Personal Data relating to you or any Personal Data.

2.3. Delete – the right to request us to delete their Personal Data provided to or obtained by us.

2.4. Correct – the right to request us to correct inaccuracies in their Personal Data, taking into account the nature and purposes of the processing of the Personal Data.

2.5. Opt-Out – the right to opt out of certain types of processing, including: (i) to opt out of the "sale" of their Personal Data; (ii) to opt out of targeted advertising by us; and (iii) to opt out of any processing of Personal Data for profiling in furtherance of making decisions that produce legal or similarly significant effects. However we do not engage in profiling in furtherance of legal or similarly significant decisions.

2.6. Appeal – the right to appeal if we decline to take action in response to your exercise of a privacy right.

2.7. Non-Discrimination – the right not to be discriminated against for exercising your privacy rights.

For more information about rights for U.S. residents, please see: https://oag.ca.gov/privacy/ccpa.

Exercising Consumer Privacy Rights:

You may submit a request to exercise most of your privacy rights under U.S. state privacy laws by contacting us at: [email protected].

Further, certain rights can be exercised directly from our Product: you may correct, revise, and delete information using the Product settings at any time. Additionally, any consent provided may be easily withdrawn or you may opt out of certain features and tracking. Therefore, we recommend you use the technical solutions we have provided you with to exercise your rights.

We will respond to your request within the timeframe required under applicable law, and we reserve the right to extend the response time subject to applicable law requirements. If we refuse to take action on a request, we will notify you, and our notification will include a justification for declining to take action and instructions on how you may appeal. Within the timeframe set out under applicable law upon our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the applicable authority or Attorney General of your jurisdiction.