Privacy Policy

1. Collection of Personal Data

The personal data we collect depends on how you interact with us, the Services you use, and the choices you make. We collect information about you from different sources and in various ways when you access or use our Services, including information you provide directly, third-party data sources, information collected automatically, and data we infer or generate from other data.

Information you provide directly.

We collect personal data you provide to us. For example:

c)

Payment Information. If you make a purchase or other financial transaction, we collect credit card numbers, financial account information, and other payment details.

d)

Communications. If you send us email messages, survey responses, or other direct communications, we will collect and retain those communications.

e)

Content and communications we process on your behalf. We collect the information you enter or provide in connection with your use of Services in accordance with the Terms and Conditions that govern your access to and use of the Services (the “Agreement”).

f)

Sensitive Personal Data.

Account Access Information. We collect information such as a username or account number in combination with a password, security or access code, or other credential that allows access to an account.

Information we obtain from third party sources.

We also obtain information from third parties. These third-party sources include, for example:

a)

Third Party Partners. Companies or third parties, such as when you sync a third party account or service with your Service.

b)

Service providers. Companies that supplement the personal data you give us (e.g., validate your mailing address) to help us maintain the accuracy of your data and provide you with better service.

Information we collect automatically.

When you use our Services, we collect some internet and other electronic activity information automatically. For example:

a)

Identifiers and device information. When you visit our websites, our web servers automatically log your Internet Protocol (IP) address and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. As further described in our Cookie Policy, our websites and online Services store and retrieve cookie identifiers, mobile IDs, and other data.

b)

Geolocation data. If applicable and if you enable location-based Services, we may also collect Global Positioning System (GPS) location data and/or motion data.

c)

Usage data. We may also automatically collect certain usage information when you access our Services (“Usage Data”), such as Internet Protocol (“IP”) addresses, log files, unique device identifiers, pages viewed, browser type, any links you click on to leave or interact with our Services, and other usage information collected from cookies and other tracking technologies.

Information we create or generate.

We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your general geographic location (such as city, state, and country) based on your IP address.

When you are asked to provide personal data, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain products or features, those products or features may not be available or function correctly.

2. Use and Sharing of Personal Data.

2.1 Graphite as a Processor.

Our services are intended for and provided to businesses and other organizations, and not individual consumers or end-users. In some cases, in providing those services, we collect and process personal data of consumers or end-users at the direction of our customers. When we do, we do so as a service provider or a “data processor” to those organizations, but we do not control and are not responsible for the privacy practices of those organizations. This Privacy Policy does not apply to personal data we process as a service provider or data processor on behalf of our customers. If you are a consumer end-user of one of those organizations, you should read that organization’s privacy statement and direct any privacy inquiries to that organization.

2.2 Graphite as a Controller.

We use the personal data we collect for purposes described in this Privacy Policy or as otherwise disclosed to you. For example, we use personal data for the following purposes:

(a)

We process personal data for our business and commercial purposes such as:

(i)

To register and manage your account for certain Services we provide and to communicate important information to you. We may obtain additional personal data about you, such as address change information, from commercially available sources, to keep our records current. If you set up an administrator account that may be accessed by people other than you, please note that they may see and have the ability to change or delete your personal data.

(ii)

To communicate with you about our Services and to give you offers for third party products and services that we think may be of interest to you. Please see below under “Choice and Control of Personal Data” for the choices you have regarding these communications.

(iii)

To personalize or customize your experience and the Service, improve our Services, develop new features or services, monitor how, and from where, users are interacting with our Services, and conduct research and to improve the overall quality of the Services.

(iv)

To operate our business, including providing Services you requested, providing you with support related to our Services, billing, and accounting, and to help us protect our Services, including to detect and prevent fraudulent and illegal activity, and protect your information.

(v)

To provide customer and technical support, resolve questions you may have about our Services, and to follow up with you about your experience. We also offer various Internet chat services, for example, to speak with a support representative or other advisor. Internet Chat transmissions may be intercepted by third parties, so you should not supply more personal data than is reasonably necessary to address your specific issue. We retain a transcript of any Chat session to resolve questions or issues related to our Services.

(vi)

We may use any information you provide to us via survey responses and combine them with answers from other customers in order to better understand our Services and how we can improve them.

(vii)

We will use information, including personal data, within the scope of any rights granted to us in the Agreement or as otherwise permitted under the Agreement.

(viii)

We combine data we collect from different sources for these purposes and to give you a more seamless, consistent, and personalized experience.

(b)

We disclose your personal data with your consent or as we determine necessary to complete your transactions or provide the Services you have requested or authorized. In addition, we disclose each of the categories of personal data described above, to the types of third parties described below, for the following business purposes:

(i)

Public information. You may select options available through our services to publicly display and disclose your name and/or username and certain other information, such as your profile, demographic data, content, and files, or geolocation data.

(ii)

Service providers. We provide personal data to vendors or agents working on our behalf for the purposes described in this statement. For example, companies we’ve hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal data to provide those functions. may collect and share with the respective third parties certain information for security purposes and in order to verify your authorized access to an account or to reset your password if you cannot access your Services account. You may be able to log into our Services using a shared credential pass-through mechanism, where you log into our Services using credentials provided by another party, or where we use your login credentials for the Services to give you access to services operated by other parties. For example, you may use your Gmail or Facebook credentials to log into our Services. Some Services may require added security and you may be asked to provide additional information. The email address and password that you use to sign up for a Services account are your “credentials” that you will use to authenticate with our platform. We may assign a unique ID number to your credentials to track you and your associated information. You are responsible for keeping your login credentials safe and secure. Our Services do not allow sharing of accounts between users or individuals, and you will not share your Services account with any other party. You will also not use another party’s Services account.

(iii)

Financial services & payment processing. When you provide payment data, for example, to make a purchase, we will disclose payment and transactional data to banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, analytics, or other related financial services. You may choose to sync certain Services with information from other financial accounts. To sync your financial account information, we must access your online account with your financial institution. We may request your username, password, and any other login bank data that you have set up with your financial institution to enable access. We may use this information to update and maintain the account information you download, to assist with the download process, and to enhance the Services we may provide in the future.

(iv)

Independent Providers. We work with other companies or developers to offer you products and services, and you may choose to sync, link or connect other third-party services with the Services. Sometimes we may let you know about a service, or another company may let you know about a service or product offered by us. It will be clear who is referring the service or product, and who is providing the service or product. If you choose to accept these services, providing your consent (where required by law) to either the third party or to us, we may exchange your information, including your personal data, as well as information about how you interact with each company’s service or product. This exchange of information is necessary to maintain business operations and to provide the ongoing service you’ve requested. By requesting or accepting these products or services, you are permitting us to provide your information, including your personal data, to the other party.

(v)

Analytics and advertising companies. These providers collect personal data through our website and apps, including transaction details, account information, marketing and communications data, demographic data, content and files, geolocation data, usage data, and inferences associated with identifiers and device information (such as cookie IDs, device IDs, and IP address) as described in the Cookies and Tracking Technologies section of this Privacy Policy. For example, we use Google Analytics on our website to help us understand how users interact with our website; you can learn how Google collects and uses the information at www.google.com/policies/privacy/partners.

(vi)

Corporate transactions. We may disclose personal data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.

(vii)

Legal and law enforcement. We will access, disclose, and preserve personal data when we believe that doing so is necessary to comply with applicable law or respond to valid legal processes, including from law enforcement or other government agencies.

(viii)

Security, safety, and protecting rights. We will disclose personal data if we believe it is necessary to:

• protect our customers and others, for example, to prevent spam or attempts to commit fraud or to help prevent the loss of life or serious injury of anyone;
• operate and maintain the security of our services, including preventing or stopping an attack on our computer systems or networks; or
• protect the rights or property of ourselves or others, including enforcing our agreements, terms, and policies.

(a)

Access, correction, and deletion. How you can access and control information that identifies you will depend on which Services you use. You can access, update, change, and delete the information we have about you by contacting us at [email protected].

(i)

In connection with your right to manage the personal data you provide to us, you may access, update, change, correct, or request deletion of your information either through your account on the Service or through our Customer Support team. You can reach our Customer Support team by using the contact information provided on our website.

(ii)

If you have created an online account with us and would like to access, update, correct or delete the personal data you have provided to us, you may be able to access your account to view and make changes or corrections to your personal data directly through your account.

However, to the extent permitted by applicable law, we reserve the right to decline requests that are unreasonable or excessive, where providing the data would be prohibited by law or could adversely affect the privacy or other rights of another person, or where we are unable to authenticate you as the person to whom the data relates.

(b)

Communications Preferences. We will honor your choices when it comes to receiving marketing communications from us. You have the following choices if you have been receiving marketing communications from us that you no longer wish to receive:

(i)

Click the “unsubscribe” link in the email or newsletter you received.

(ii)

Adjust your settings in your Services account.

(iii)

For SMS messages, if applicable, reply “STOP” or follow the instructions in the message or settings to discontinue those communications.

(iv)

If applicable, our Services may send notifications to your mobile device. If you are receiving notifications from us on a mobile device and no longer wish to receive these types of communications, you may turn them off at the device level.

You will always receive mandatory or critical communications from us, no matter if you opt-out of marketing communications.

(c)

Social Media. Some of our Services may use social media features provided or shared with other parties (e.g., Facebook, LinkedIn, etc.). These features may collect your IP address and which page you are visiting within our Service and may set a cookie to enable the feature to function properly. Social media features may be hosted by another party or may be hosted directly on our Services. Your interactions with these features are governed by the Privacy Policy of the party providing the relevant social media features.

(d)

Choices for Cookies and Similar Technologies. See the Cookies section below for choices about cookies and other analytics and advertising controls.

If the processing of personal data about you is subject to data protection law in the European Union, United Kingdom, European Economic Area, or Switzerland, you have certain rights with respect to that data:

• You can request access to, and rectification or erasure of, personal data;
• If any automated processing of personal data is based on your consent or a contract with you, you have a right to transfer or receive a copy of the personal data in a usable and portable format;
• If the processing of personal data is based on your consent, you can withdraw consent at any time for future processing;
• You can to object to, or obtain a restriction of, the processing of personal data under certain circumstances; and
• For residents of France, you can send us specific instructions regarding the use of your data after your death.

To make such requests, please use the contact information in Section 9 below.

The choices above apply where we are the data controller. When we are processing data on behalf of another party that is the “data controller,” you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.

We rely on different lawful bases for collecting and processing personal data about you, for example, with your consent and/or as necessary to provide the Services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests.

We and our analytics and advertising partners use cookies and similar tracking technologies to collect personal data (such as the pages you visit, the links you click on, and similar usage information when you use our Services, including personal data about your online activities over time and across different sites and online services. Please review our Cookie Policy for more information.

As further described in our Cookie Policy, we and our analytics and advertising partners use cookies and similar technologies (e.g., web beacons, pixels, and device identifiers) to recognize you and/or your device(s) on, off and across different Services and devices. We also allow some third-party companies to use cookies as described in our Cookie Policy. This information is used to store your preferences and settings, enable you to sign-in, analyze how our websites and apps perform, track your interaction with the site or app, develop inferences, detect and prevent fraud, and fulfill other legitimate purposes. We and/or our partners also share the information we collect or infer with third parties for these purposes.

You can control cookies through your browser settings and other tools as further described in our Cookie Policy.

Advertising controls.

Our advertising and analytics partners may participate in associations that provide simple ways to opt out of analytics and ad targeting, which you can access at:

• United States: NAI (http://optout.networkadvertising.org) and DAA (http://optout.aboutads.info/)
• Canada: Digital Advertising Alliance of Canada (https://youradchoices.ca/) 
• Europe: European Digital Advertising Alliance (http://www.youronlinechoices.com/)

These choices are specific to the browser you are using, so if you access our services from other devices or browsers, also visit these links from those to ensure your choices apply to the data collected when you use those devices or browsers.

Mobile advertising ID controls.

iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.

Email web beacons.

Most email clients have settings which allow you to prevent the automatic downloading of images, including web beacons, which prevents the automatic connection to the web servers that host those images.

We retain personal data for as long as necessary to provide the services you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations.

We take reasonable and appropriate steps to help protect personal data from unauthorized access, use, disclosure, alteration, and destruction. To help us protect personal data, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.

The personal data we collect may be stored and processed in your country or region, or in any other country where we or our service providers maintain facilities. Currently, we primarily use data centers in Canada and the United States. The storage location(s) are chosen to operate efficiently and improve performance. We take steps designed to ensure that the data we collect under this Privacy Policy is processed and protected according to the provisions of this Privacy Policy and applicable law wherever the data is located.

Location of Processing European, UK, and Swiss Personal Data. We transfer personal data from the European Union, European Economic Area (EEA), UK, and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal data protections, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

If you have questions or comments about this Privacy Policy, have a privacy concern, complaint, or question for us, please contact us as follows:

(a)

Via Email. If you have questions or complaints regarding our Privacy Policy or practices, please contact us by email at [email protected]

(b)

Via Direct Mail. Please write to us the following address: Graphite Systems Inc. 3400 Ashton Blvd, Suite 220, Lehi, UT 84043

We will update this Privacy Policy when necessary to reflect changes in our Services, how we collect, use, or share personal data, or the applicable law. When we post changes to the Privacy Policy, we will revise the “Last Updated” date at the top of the policy. If we make material changes to the Privacy Policy, we will provide notice or obtain consent regarding such changes as may be required by law.