1. Collection of Personal Data

The personal data we collect depends on how you interact with us, the Services you use, and the choices you make. We collect information about you from different sources and in various ways when you use our Services, including information you provide directly, information collected automatically, third-party data sources, and data we infer or generate from other data.

Information you provide directly.

We collect personal data you provide to us.

b)

Payment Information. If you make a purchase or other financial transaction, we collect credit card numbers, financial account information, and other payment details.

c)

Communications. If you send us email messages, survey responses, or other direct communications, we will collect and retain those communications.

d)

Content and communications we process on your behalf. We collect the information you enter or provide in connection with your use of Services in accordance with the Terms and Conditions that govern your access to and use of the Services (the “Agreement”). 

Information we obtain from third party sources.

We also obtain information from third parties. These third-party sources include, for example: 

a)

Third Party Partners. Companies or third parties, such as when you sync a third party account or service with your Service.

b)

Service providers. Companies that supplement the personal data you give us (e.g., validate your mailing address) to help us maintain the accuracy of your data and provide you with better service.

Information we collect automatically.

When you use our Services, we collect some information automatically. For example:

a)

Identifiers and device information. When you visit our websites, our web servers automatically log your Internet Protocol (IP) address and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. As further described in our Cookie Policy, our websites and online Services store and retrieve cookie identifiers, mobile IDs, and other data.

b)

Geolocation data. If applicable and if you enable location-based Services, we may also collect Global Positioning System (GPS) location data and/or motion data.

c)

Usage data. We may also automatically collect certain usage information when you access our Services (“Usage Data”), such as Internet Protocol (“IP”) addresses, log files, unique device identifiers, pages viewed, browser type, any links you click on to leave or interact with our Services, and other usage information collected from cookies and other tracking technologies.

Information we create or generate.

We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your general geographic location (such as city, state, and country) based on your IP address.

When you are asked to provide personal data, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain products or features, those products or features may not be available or function correctly.

2. Use and Sharing of Personal Data.

2.1 Graphite as a Processor.

Except where noted in Section 2.2 below, Graphite acts as a data processor on your behalf when you provide Graphite with personal data (or Graphite collects or otherwise processes personal data) in connection with your access to and use of the Services. Graphite will only share personal data to provide the Services or as otherwise instructed by you in connection with the Service, such as when you access and use the Service to invite (or accept an invite from) a prospective customer or vendor to connect with you in or when you communicate with other customers you have invited or been invited to engage with as part of the Services.

2.2 Graphite as a Controller.

Graphite acts as a data controller and uses and shares personal data for its own business purposes when you provide Graphite with personal data (or Graphite collects or otherwise processes personal data) to register and manage your account with Graphite (for example, to permit Graphite to invoice you for the Services) or for its other business activities such as when you visit our public-facing website, register or participate in a Graphite webinar or other event, when we engage in marketing and sales activities,  or to provide you with customer or technical support, as follows:

(a)

We use the personal data we collect for purposes described in this Privacy Policy or otherwise disclosed to you.  And, we combine data we collect from different sources to achieve these purposes and to give you a more seamless, consistent, and personalized experience. For example, we use personal data for the following purposes:

(i)

Except where noted in Section 2.2 below, Graphite acts as a data processor on your behalf when you provide Graphite with personal data (or Graphite To register and manage your account for certain Services we provide and to communicate important information to you. We may obtain additional personal data about you, such as address change information, from commercially available sources, to keep our records current. If you set up an administrator account that may be accessed by people other than you, please note that they may see and have the ability to change or delete your personal data.

(ii)

To communicate with you about our Services and to give you offers for third party products and services that we think may be of interest to you. Please see below under “Choice and Control of Personal Data” for the choices you have regarding these communications.

(iii)

To personalize or customize your experience and the Service, improve our Services, develop new features or services, monitor how, and from where, users are interacting with our Services, and conduct research and to improve the overall quality of the Services.

(iv)

To operate our business, including providing Services you requested, provide you with support related to our Services, billing and accounting, and to help us protect our Services, including to detect and prevent fraudulent and illegal activity, and protect your information.

(v)

To provide customer and technical support, resolve questions you may have about our Services and to follow up with you about your experience. We also offer various Internet chat services, for example, to speak with a support representative or other advisor. Internet Chat transmissions may be intercepted by third parties, so you should not supply more personal data than is reasonably necessary to address your specific issue. We retain a transcript of any Chat session to resolve questions or issues related to our Services.

(vi)

We may use any information you provide to us via survey responses and combine them with answers from other customers in order to better understand our Services and how we can improve them.

(vii)

We will use information, including personal data, within the scope of any rights granted to us in the Agreement or as otherwise permitted under the Agreement.

(b)

We may share your information with third parties or our affiliates or subsidiaries. For example:

(i)

We may prepare and share information about our customers with third parties, such as advertisers or partners, for research, academic, marketing and/or promotional purposes. Information shared for these purposes will be de-identified and aggregated, such that it does not identify you personally. For example, we may share demographic data that describes the percentage of our customers who use certain features within our Services or who use a particular operating system. We or our third-party partners may publicly report the aggregated findings of the research or analysis in a way that would not allow you or any other person to be identified.

(ii)

We may collect and share with the respective third parties certain information for security purposes and in order to verify your authorized access to an account or to reset your password if you cannot access your Services account. You may be able to log into our Services using a shared credential pass-through mechanism, where you log into our Services using credentials provided by another party, or where we use your login credentials for the Services to give you access to services operated by other parties. For example, you may use your Gmail or Facebook credentials to log into our Services. Some Services may require added security and you may be asked to provide additional information. The email address and password that you use to sign up for a Services account are your “credentials” that you will use to authenticate with our platform. We may assign a unique ID number to your credentials to track you and your associated information. You are responsible for keeping your login credentials safe and secure.  Our Services do not allow sharing of accounts between users or individuals, and you will not share your Services account with any other party. You will also not use another party’s Services account.

(c)

We share personal data with your consent or as necessary to complete your transactions or provide the Services you have requested or authorized. For example, when you provide payment data to make a purchase, we will share that data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services.  In addition, we share each the categories of personal data described above for the following business purposes:

(i)

We may share your information with third party service providers who perform various functions to enable us to provide our Services and help us operate our business, such as website design, sending email communications, fraud detection and prevention, customer care, operate and maintain the security of our Services, including to prevent or stop an attack on our computer systems or networks. Our contracts with these third parties require them to maintain the confidentiality, integrity, and availability of the personal data we provide to them, only act on our behalf and under our instructions, and not use personal data for purposes other than the product or service they’re providing to us or on our behalf.

(ii)

We may share your information to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.

(iii)

We may share account information, personal data and Usage Data when we believe it is appropriate to enforce our agreements; or to protect our rights and property, the Services, our users, or others. This may include exchanging information with other companies and organizations for fraud protection and credit risk reduction.

(iv)

We may share your information with credit bureaus, consumer reporting agencies, and card associations. Late payments, missed payments, or other defaults on your account may be reflected in your credit report and consumer report. We may also share your information with other companies, lawyers, credit bureaus, agents, government agencies, and card associations in connection with issues related to fraud, credit, or debt collection.

(v)

We may share your information, including your personal data, with and among our affiliates and subsidiaries, except where prohibited by law, regulation, or a contractual obligation. Affiliates and subsidiaries means companies related by common ownership or control. The reasons why we share your information include for our everyday business purposes, such as to: process your transactions, maintain your accounts, operate our business, facilitate access to your Services account, and so on. We may also share your information in order for us to be able to offer the Services and other products and services to you. We may also share information about your creditworthiness, your transactions and experience so that we can operate our business effectively, detect and prevent fraud, and improve our Services.

(vi)

 If we sell, merge, or transfer any part of our business, we may be required to share or transfer your information, in which case we may share your information with, or transfer your information to the entity that operates the Services relevant to this Privacy Policy after such transaction.

(d)

You may choose to sync certain Services with information from other financial accounts. To sync your financial account information, we must access your online account with your financial institution. We may request your username, password, and any other login bank data that you have set up with your financial institution to enable access. We may use this information to update and maintain the account information you download, to assist with the download process, and to enhance the Services we may provide in the future.

(e)

We work with other companies or developers to offer you products and services and you may choose to sync, link or connect other third-party services with the Services. Sometimes we may let you know about a service, or another company may let you know about a service or product offered by us. It will be clear who is referring the service or product, and who is providing the service or product. If you choose to accept these services, providing your consent (where required by law) to either the third party or to us, we may exchange your information, including your personal data, as well as information about how you interact with each company’s service or product. This exchange of information is necessary to maintain business operations and to provide the ongoing service you’ve requested. By requesting or accepting these products or services, you are permitting us to provide your information, including your personal data, to the other party.

(f)

Third party analytics and advertising companies also collect personal data through our website and apps including, transaction details, account information, marketing and communications data, demographic data, content and files, geolocation data, usage data, and inferences associated with identifiers and device information (such as cookie IDs, device IDs, and IP address) as described in the Cookies and Tracking Technologies section of this Privacy Policy.

(g)

Finally, we may share de-identified information in accordance with applicable law. 

Please note that some of our Services include references or links to products provided by third parties whose privacy practices differ from ours. If you provide personal data to any of those third parties, or consent to our sharing personal data with them, that data is governed by their Privacy Policies.

(a)

Access, correction, and deletion. How you can access and control information that identifies you will depend on which Services you use.    You can access, update, change, and delete the information we have about you by contacting us at [email protected].

(i)

In connection with your right to manage your personal data you provide to us, you may access, update, change, correct or request deletion of your information either through the your account on the  Service or through our Customer Support team. You can reach our Customer Support team by using the contact information provided on our website.

(ii)

If you have created an online account with us and would like to access, update, change, correct or delete the personal data you have provided to us, you may be able to access your account to view and make changes or corrections to your personal data directly through your account.

However, to the extent permitted by applicable law, we reserve the right to decline requests that are unreasonable or excessive, where providing the data would be prohibited by law or could adversely affect the privacy or other rights of another person, or where we are unable to authenticate you as the person to whom the data relates.

(b)

Communications Preferences. We will honor your choices when it comes to receiving marketing communications from us. You have the following choices if you have been receiving marketing communications from us that you no longer wish to receive:

(i)

Click the “unsubscribe” link in the email or newsletter you received.

(ii)

Adjust your settings in your Services account.

(iii)

For SMS messages, if applicable, reply “STOP” or follow the instructions in the message or settings to discontinue those communications.

(iv)

If applicable, our Services may send notifications to your mobile device. If you are receiving notifications from us on a mobile device and no longer wish to receive these types of communications, you may turn them off at the device level.

You will always receive mandatory or critical communications from us, no matter if you opt-out of marketing communications.

(c)

Social Media. Some of our Services may use social media features provided or shared with other parties (e.g., Facebook, LinkedIn, etc.). These features may collect your IP address and which page you are visiting within our Service and may set a cookie to enable the feature to function properly. Social media features may be hosted by another party or may be hosted directly on our Services. Your interactions with these features are governed by the Privacy Policy of the party providing the relevant social media features.

(d)

Choices for Cookies and Similar Technologies. See the Cookies section below for choices about cookies and other analytics and advertising controls.

If the processing of personal data about you is subject to data protection law in the European Union, United Kingdom, European Economic Area, or Switzerland, you have certain rights with respect to that data: 

• You can request access to, and rectification or erasure of, personal data; 
• If any automated processing of personal data is based on your consent or a contract with you, you have a right to transfer or receive a copy of the personal data in a usable and portable format;
• If the processing of personal data is based on your consent, you can withdraw consent at any time for future processing; 
• You can to object to, or obtain a restriction of, the processing of personal data under certain circumstances; and
• For residents of France, you can send us specific instructions regarding the use of your data after your death.

To make such requests, please use the contact information in Section 9 below.  

The choices above apply where Graphite is the data controller. When we are processing data on behalf of another party that is the “data controller,” you should direct your request to that party.  You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.

We rely on different lawful bases for collecting and processing personal data about you, for example, with your consent and/or as necessary to provide the Services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests.

We and our analytics and advertising partners , use cookies and similar tracking technologies to collect personal data (such as the pages you visit, the links you click on, and similar usage information when you use our Services, including personal data about your online activities over time and across different sites and online services. Please review our Cookie Policy for more information.

As further described in our Cookie Policy, we and our analytics and advertising partners use cookies and similar technologies (e.g., web beacons, pixels, and device identifiers) to recognize you and/or your device(s) on, off and across different Services and devices. We also allow some third-party companies to use cookies as described in our Cookie Policy.  This information is used to store  your preferences and settings, enable you to sign-in, analyze how our websites and apps perform, track your interaction with the site or app, develop inferences, detect and prevent fraud, and fulfill other legitimate purposes. We and/or our partners also share the information we collect or infer with third parties for these purposes.

You can control cookies through your browser settings and other tools as further described in our Cookie Policy.

Advertising controls.

Our advertising and analytics partners may participate in associations that provide simple ways to opt out of analytics and ad targeting, which you can access at:

• United States: NAI (http://optout.networkadvertising.org) and DAA (http://optout.aboutads.info/) 
• Canada: Digital Advertising Alliance of Canada (https://youradchoices.ca/) 
• Europe: European Digital Advertising Alliance (http://www.youronlinechoices.com/)

These choices are specific to the browser you are using, so if you access our services from other devices or browsers, also visit these links from those to ensure your choices apply to the data collected when you use those devices or browsers.

Mobile advertising ID controls.

iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.

Email web beacons.

Most email clients have settings which allow you to prevent the automatic downloading of images, including web beacons, which prevents the automatic connection to the web servers that host those images.

California “Do Not Sell My Personal Data”

The California Consumer Protection Act (“CCPA”) requires us to describe the categories of personal data we sell to third parties and how to opt-out of future sales. The CCPA defines personal data to include online identifiers, including IP addresses, cookies IDs, and mobile IDs. The law also defines a “sale” to include simply making data available to third parties in some cases.  We let advertising and analytics providers collect IP addresses, cookie IDs, and mobile IDs, along with associated device and usage data, when you access our online services, but we do not “sell” any other personal data. 

If you do not wish for us or our partners to “sell” personal data relating to your visits to our sites for advertising purposes, you can make your Do Not Sell Request by visiting the links above (see Advertising Controls). If you opt-out using those links, we will not share or make available such personal data in ways that are considered a “sale” under the CCPA.  However, we will continue to make available to our partners (acting as our service providers) some personal data to help us perform advertising-related functions such as, but not limited to, measuring and reporting on the effectiveness of our ads, managing how many times you may see an ad, ensuring services are working correctly and securely, providing aggregate statistics and analytics, improving when and where you may see ads, and/or reducing ad fraud. Further, using those links will not opt you out of the use of previously “sold” personal data or stop all interest-based advertising.

Mobile advertising ID controls.

iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.

Even after termination of Service we still retain and use some of your information to comply with applicable laws and regulations.

(a)

In accordance with and as permitted by our Agreement with you or applicable law and regulations, we may retain your information as long as necessary to serve you, to maintain your account for as long as your account is active, or as otherwise needed to operate our business. When you close your account, we may continue to communicate with you about our Services, give you important business updates that may affect you, and let you know about products and services that may interest you, unless you have opted out of receiving marketing communications.

(b)

We may also continue to use some of your information for business purposes and to improve our offerings or in some cases to develop new ones.

(c)

We will retain and use your information as required by applicable regulations and by our records and information management policies to comply with our legal and reporting obligations, resolve disputes, enforce our agreements, complete any outstanding transactions and for the detection and prevention of fraud.

We take reasonable and appropriate steps to help protect personal data from unauthorized access, use, disclosure, alteration, and destruction. 

To help us protect personal data, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.

The personal data we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. Currently, we primarily use data centers in the United States. The storage location(s) are chosen to operate efficiently and improve performance. We take steps designed to ensure that the data we collect under this Privacy Policy is processed and protected according to the provisions of this Privacy Policy and applicable law wherever the data is located.

Location of Processing European, UK, and Swiss Personal Data. We transfer personal data from the European Union, European Economic Area (EEA), UK, and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal data protections, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

If you have questions or comments about this Privacy Policy have a privacy concern, complaint, or a question for us, please contact us as follows:

(a)

Via Email. If you have questions or complaints regarding our Privacy Policy or practices, please contact us by email at [email protected]

(b)

Via Direct Mail. Please write to the following address: Graphite Systems Inc. 2901 W Bluegrass Blvd Suite 205, Lehi, UT 84043

We will update this Privacy Policy when necessary to reflect changes in our Services, how we collect, use, or share personal data, or the applicable law. When we post changes to the Privacy Policy, we will revise the “Last Updated” date at the top of the policy.  If we make material changes to the Privacy Policy, we will provide notice or obtain consent regarding such changes as may be required by law.