TACITA, INC.
PRIVACY STATEMENT

Last Updated: August 1, 2024

Your privacy is important to us. This privacy statement explains our collection, use, and disclosure of personal data, which is data linked or reasonably linkable to an identified or identifiable individual (“Personal Data”). This privacy statement applies to Tacita, Inc. and to our controlled affiliates and subsidiaries (“Bright Canary”). References to our “Services” in this statement include our websites, apps, devices, and other products and services. This statement applies to our Services that display or reference this statement, but it does not apply to any Services that display or reference a different privacy statement. Terms used but not defined in this privacy statement have the meaning given to them in our Terms of Use.

PERSONAL DATA WE COLLECT

The Personal Data we collect depends on how you interact with us, the Services you use, and the choices you make.

We collect information about you from different sources and in various ways when you use our Services, including information you provide directly, information collected automatically, third-party data sources, and data we infer or generate from other data.

Information you provide directly. We collect Personal Data you provide to us, including when you register for an account to use the Service. For example:

• Name and contact information. We collect name, username or alias, and contact details such as email address, postal address, and phone number.
• Demographic data. In some cases, we request that you provide age, gender, marital status, and similar demographic details.
• Payment information. If you make a purchase or other financial transaction, we collect credit card numbers, financial account information, and other payment details.
• Content and files. We collect the photos, documents, or other files you upload to our Services; and if you send us email messages or other communications, we collect and retain those communications.

Information we collect automatically. When you use our Services, we collect some information automatically. For example:

• Identifiers and device information. When you visit our websites, apps and connected products, our web servers automatically log your Internet Protocol (IP) address and information about your device, including device identifiers (such as MAC address); device type; and your device’s operating system, browser, and other software including type, version, language, settings, and configuration. As further described in the Cookies, Mobile IDs, and Similar Technologies section below, our websites and online Services store and retrieve cookie identifiers, mobile IDs, and other data.
• Usage data. We automatically log your activity on our websites, apps and connected products, including UUIDs generated by Apple and Google for push notification purposes, the URL of the website from which you came to our sites, pages you viewed, how long you spent on a page, access times, and other details about your use of and actions on our website.
• Linked online accounts. When you link a social media or other account to our Services for purposes of tracking that account’s usage, we automatically collect certain information about that account. This information may include data, such as Personal Data, about the Child whose accounts you linked to Bright Canary. Any information this privacy statement says will be collected about you may also be collected about that Child and other third parties.

Information we create or generate. We infer new information from other data we collect, including using automated means to generate information about likely preferences or other characteristics (“inferences”). For example, we generate and assign content scores for URLs of video, still images, and text content to provide parental alerts. We may develop inferences and other new information using artificial intelligence technologies and similar automated data processing technologies (“Artificial Intelligence”), and we may use any information to train and operate Artificial Intelligence technologies.

Information we obtain from third-party sources. Our Services collect and analyze information acquired from third party applications associated with you or your Child’s account, which information includes your Child’s activities on those third parties applications. We collect this information using the account credentials for those third party applications that you provide to us. We also obtain information from other third parties. These third-party sources include, for example:

• Third party partners. Third party applications and Services, including social networks you choose to connect with or interact with through our Services. These third parties may include apps such as Google, iMessage, Instagram, Snapchat, TikTok, and YouTube.
• Co-branding/marketing partners. Partners with which we offer co-branded Services or engage in joint marketing activities
• Service providers. Third parties that collect, provide, or process data in connection with work they do on our behalf, for example companies that determine your device’s location based on its IP address.
• Publicly available sources. Public sources of information such as open government databases.

We do not collect Personal Data directly from your Child.

When you are asked to provide Personal Data, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain Services or features, those Services or features may not be available or fully functional.

COOKIES, MOBILE IDs AND SIMILAR TECHNOLOGIES

We use cookies, web beacons, mobile analytics and advertising IDs, and similar technologies to operate our websites and online Services and to help collect Personal Data, including usage data, identifiers, and device information.

What are cookies and similar technologies?

Cookies are small text files placed by a website and stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.

Web beacons are electronic images (also called single-pixel or clear GIFs) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content. We also include web beacons in our email messages or newsletters to tell us if you open and act on them.

Mobile analytics and advertising IDs are generated by operating systems for mobile devices (iOS and Android) and can be accessed and used by apps in much the same way that websites access and use cookies. Our apps contain software that enables us and our third-party analytics and advertising partners to access these mobile IDs.

How do we and our partners use cookies and similar technologies?

We, and our analytics and advertising partners, use these technologies in our websites, apps, and online Services to collect personal information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) when you use our Services, including personal information about your online activities over time and across different websites or online Services. This information is used to store your preferences and settings, enable you to sign-in, analyze how our websites and apps perform, track your interaction with the site or app, develop inferences, combat fraud, and fulfill other legitimate purposes. We and/or our partners also share the information we collect or infer with third parties for these purposes. The third-party analytics and advertising providers we use on our Services include, for example:

To learn about their privacy practices and how to opt-out from their use of cookie data for targeted advertising purposes, click on the links above. You may also use the advertising and cookie controls described below.

What controls are available?

• Advertising controls. Our advertising partners may participate in associations that provide simple ways to opt out of ad targeting, which you can access at NAI (http://optout.networkadvertising.org) and DAA (http://optout.aboutads.info/). These choices are specific to the browser you are using. If you access our Services from other devices or browsers, take these actions from those systems to ensure your choices apply to the data collected when you use those systems.
• Browser cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or Services of our website. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated.
• Mobile advertising ID controls. iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.
• Email web beacons. Most email clients have settings which allow you to prevent the automatic downloading of images, including web beacons, which prevents the automatic connection to the web servers that host those images.
• Do Not Track. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our websites do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control Personal Data collection and use, including the cookie controls and advertising controls described above.

OUR USE OF PERSONAL DATA

We use the Personal Data we collect for purposes described in this privacy statement or otherwise disclosed to you. For example, we use Personal Data for the following purposes:

• Product and service delivery. To provide and deliver our Services, including troubleshooting, improving, and personalizing those Services.
• Business operations. To operate our business, such as billing, accounting, improving our internal operations, securing our systems, detecting fraudulent or illegal activity, and meeting our legal obligations.
• Product improvement, development, and research. To develop new Services or features, and conduct research.
• Personalization. To understand you and your preferences to enhance your experience and enjoyment using our Services.
• Customer support. To provide customer support and respond to your questions. Communications. To send you information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
• Marketing. To communicate with you about new Services, offers, promotions, rewards, contests, upcoming events, and other information about our Services and those of our selected partners. Contact us using the information below if you want to request changes to your preferences for promotional communications.

We combine data we collect from different sources for these purposes and to give you a more seamless, consistent, and personalized experience.

OUR SHARING OF PERSONAL DATA

We share Personal Data, including your Child’s Personal Data, with your consent or as necessary to complete your transactions or provide the Services you have requested or authorized. In addition, we share each of the categories of Personal Data described above, with the types of third parties described below, for the following business purposes:

• Service providers. We share Personal Data with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we've hired to provide customer service support or assist in protecting and securing our systems and Services may need access to Personal Data to provide those functions.
• Financial services & payment processing. When you provide payment data, for example to make a purchase, we will share payment and transactional data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services.
• Affiliates. We enable access to Personal Data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access is needed to provide our Services and operate our business.
• Corporate transactions. We may disclose Personal Data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
• Legal and law enforcement. We will access, disclose, and preserve Personal Data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
• Security, safety, and protecting rights. We will disclose Personal Data if we believe it is necessary to:
  • protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone;
  • operate and maintain the security of our Services, including to prevent or stop an attack on our computer systems or networks; or
  • protect the rights or property or ourselves or others, including enforcing our agreements, terms, and policies.

Third party analytics and advertising companies also collect Personal Data through our website and apps including identifiers and device information (such as cookie IDs, device IDs, and IP address), geolocation data, usage data, and inferences based on and associated with that data, as described in the Cookies section of this statement. These third-party vendors may combine this data across multiple sites to improve analytics for their own purpose and others. For example, we use Google Analytics on our website to help us understand how users interact with our website; you can learn how Google collects and uses information at www.google.com/policies/privacy/partners.

Please note that some of our Services include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. If you provide Personal Data to any of those third parties, or allow us to share Personal Data with them, that data is governed by their privacy statements.

Finally, we may share de-identified information in accordance with applicable law.

CHILDREN’S DATA

The Services are for the exclusive use of parent and guardians over the age of 18 who have the legal authority to provide their Child’s access credentials for third party applications to us, so that they can monitor and analyze that Child’s online activity. No one else (including your Child) is permitted to use the Service and or to provide Personal Data to us. We may collect any Personal Data about your Child that this privacy statement says we may collect about you.

RETENTION OF PERSONAL DATA

We retain Personal Data for as long as necessary to provide the Services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different Services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the Personal Data, the availability of automated controls that enable users to delete Personal Data, and our legal or contractual obligations. For example, we may retain the IP Address that your mobile device uses to communicate with our servers to analyze our service traffic as part of our system security efforts.

LOCATION OF PERSONAL DATA

The Personal Data we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. Currently, we primarily use data centers in the United States. The storage location(s) are chosen to operate efficiently and improve performance. We take steps designed to ensure that the Personal Data we collect under this statement is processed and protected according to the provisions of this statement and applicable law wherever the data is located.

SECURITY OF PERSONAL DATA

We take reasonable and appropriate steps to help protect Personal Data from unauthorized access, use, disclosure, alteration, and destruction.

To help us protect Personal Data, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.

CHANGES TO THIS PRIVACY STATEMENT

We will update this privacy statement when necessary to reflect changes in our Services, how we use Personal Data, or the applicable law. When we post changes to the statement, we will revise the "Last Updated" date at the top of the statement. If we make material changes to the statement, we will provide notice or obtain consent regarding such changes as may be required by law.

HOW TO CONTACT US

If you have a privacy concern, complaint, or a question for Bright Canary, please contact us at privacy@brightcanary.io.

Please also contact us if you want us to stop collecting Personal Data, including Personal Data of your Child, if you would like to review Personal Data we have about your Child, or if you want us to delete your Child’s Personal Data.

Our mailing address is Tacita Inc., 999 N. Northlake Way, Seattle WA 98103 USA.