Privacy Policy

PLEASE READ CAREFULLY THIS PRIVACY POLICY BEFORE YOU ACCESS, DOWNLOAD, OR OTHERWISE USE OUR SERVICES. ACCESSING, DOWNLOADING OR OTHERWISE USING OUR SERVICES INDICATES THAT YOU ACCEPT AND AGREE TO BE BOUND BY THIS PRIVACY POLICY IN FULL. IF YOU DO NOT ACCEPT THIS PRIVACY POLICY, DO NOT ACCESS, DOWNLOAD, OR OTHERWISE USE OUR SERVICES.

Effective from October [15], 2024.

MAIIN & Co. and its affiliates and subsidiaries, if any (collectively referred to as the “Company,” or “we/us/our”), are committed to protecting your privacy and security of your personal information. In this Privacy Policy, we describe how we collect, use, and disclose information that we obtain about you when you access, download, or otherwise use: (i) our website located at www.mygratia.com (the “Site”); (ii) our mobile applications named Gratia that may be downloaded by you on any electronic device (the “Mobile App”), or; (iii) other delivery methods including, but not limited to, e-mail or social media pages (Site, Mobile App, and other delivery methods collectively referred to as the “Services”).

This Privacy Policy is part of our Terms of Service, which state the terms, disclaimers, and limitations of liability governing your use of the Services. Any terms defined in the Terms of Service shall have the same meaning in this Privacy Policy. This Privacy Policy pertains to your accessing and using the Services, services offered through third parties, and our social media accounts, like through [Facebook, LinkedIn and YouTube], including all content available through these various platforms.

Please review the entire Privacy Policy and feel free to contact us using the contact information in section 13 if you have any questions. By using the Services, you consent to the collection, use, and disclosure of your information in accordance with this Privacy Policy.

1.   Collection of Information

We collect information from you when you use our Services, contact us, or interact with us in the manner described below. If you submit any personal information in connection with using the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with the Privacy Policy.

a. Information You Provide Directly to Us

We may collect information that you provide to us in connection with your use of the Services or your interactions with us, when you: (i) create an account to register as a user of the Services, if you choose to register; (ii) make a purchase through our Services; (iii) participate in interactive features; (iv) send e-mail messages, forms, or other information to us; (v) communicate with us via social media platforms; and/or (vi) otherwise interact with the Services. This information may include:

  • Identifying and contact information: your first and last names and your e-mail address

  • Payment information: credit card or bank account information

  • Sensitive information: password, text of journal entries, mood check-ins and survey responses

  • Communication information: Feedback, survey responses, and other information included within your interactions with us or otherwise provided via the Services

b. Information We Collect Automatically

When you access or use the Services, we may automatically collect the following information regarding you and your device:

  • Usage information: pages viewed, links clicked, content listened to, screens or features accessed, time spent on the Services, and other similar types of usage information

  • Health information: mindfulness time

  • Transactional information: information about a purchase, such as subscription and time and date of the transaction

  • Browser and device information: IP address, device ID, device operating system, application version, web browser type, date and time of visit, pages visited before and after navigating the Site, and other standard server log information

c. Information We Collect from Other Sources

We may also collect certain information about you from third party sources, such as the App Store and Google Play platform providers, including:

  • Transactional information: details from third parties you use to install Mobile App or purchase a subscription

  • Cookie data: we may collect information via cookies and web beacons.

  • Public information: information you have made publicly available, including from websites and online services you use, consumer research platforms, and/or business contact databases.

The Site provides links to [Facebook, LinkedIn and YouTube], but collects none of your profile information from the specified social media platforms. However, these third party services may be able to collect information about you, including information about your activity on the Site, and they may notify your connections on the third party services about your use of the Site, in accordance with their own privacy policies. Please be aware that we are not responsible for the privacy practices of such other websites. This Privacy Policy applies solely to information collected by these Services.

d. Non-Identifiable Information

We may create or collect certain personally non-identifiable information by using various technologies. We may use such information and pool it with other information to track, for example, the total number of visitors to the Site, the number of visitors to each page of the Site, and the domain names of our visitors' Internet service providers. It is important to note that such aggregated and/or anonymous information is not personal information.

2. Use of Information

We may use the information that we collect for several purposes including:

  • To serve the purposes for which you provided it;

  • To provide access to the Services and communicate with you;

  • To administer, operate, and improve the Services or develop new Services;

  • To analyze the accuracy, effectiveness, usability, or popularity of the Services;

  • To personalize, customize, measure, and improve the Services, content, and advertising;

  • To prevent, detect, and investigate potentially prohibited or illegal activities or a breach of the applicable agreement(s) between you and the Company;

  • To comply with our legal obligations including responding to subpoenas, court orders, or other legal processes;

  • To generate and review data about our userbase and usage patterns of the Services;

  • To compile aggregate data for internal and external business purposes;

  • To resolve disputes and troubleshoot problems; and

  • To contact you with information, including promotional, marketing, and advertising information and recommendations that we believe may be of interest to you.

As explained elsewhere in this Privacy Policy, personal information we collect may be processed by our partners in providing services related to the Services (such as administration services, technical services relating to the maintenance, and upgrading of the Services, software, hosting services, and customer service, among others).

3.   Disclosure of Information

Information may be disclosed to third parties as follows and as otherwise described in this Privacy Policy:

a.   Third Party Service Providers and Business Partners

We may use third party service providers and business partners to perform functions in connection with the Services, such as analytics, payment processing, remarketing, hosting, customer and technical support, and other services. We also may share your personal information with advertisers for their direct marketing and promotional purposes and so they can provide services to you. Third party service providers may help with some of our processing and storage, or answering your questions, and may also assist with monitoring our servers for technical problems. These third party service providers can access certain information about you or your account only in line with this work.

b.  Business Changes

If we become involved in a merger, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution, or other transaction or if the ownership of all or substantially all of our business otherwise changes, we may transfer your information to a third party or parties in connection therewith.

c.   Aggregated Information

We may share non-personal information relating to visitors and users of our Services with affiliated or unaffiliated third parties on an aggregate basis. While this information will not identify you personally, in some instances these third parties may be able to combine this information with other data they have about you, or that they receive from third parties, in a manner that allows them to associate this aggregated data with your personal data.

d.  Investigations and Law

We may disclose information about you to third parties if we believe that such disclosure is necessary to:

  • Investigate fraud and abuse on the Services;

  • Enforce applicable provisions of our Terms of Service located at [www.mygratia.com/terms], including investigation of potential violations;

  • Take action regarding suspected illegal activities;

  • Comply with the law or guidance and cooperate with government or law enforcement officials or private parties;

  • Respond to claims and legal process; and/or

  • Protect against legal liability.

We may dispute any third party demands to share your information when we believe, in our sole discretion, that the requests may be unenforceable, overbroad, vague or lack proper authority; however, we do not commit to challenge every such demand.

4.   Third Party Advertising and Analytics

We use third party analytics tools to help us measure traffic and usage trends for the Services. These third parties use cookies and other technologies to collect or receive information about your use of the Services that assists us in improving the Services, such as pages visited, places where users click, time spent on each page, IP address, type of operating system used, location-based data, device ID, and search history. Such information may be used to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests, and better understand your online activity.

These third parties may collect such information over time and combine with information collected on different websites and online services, which may be used to display advertisements across the Internet tailored to your interests, preferences, and characteristics. We are not responsible for the privacy practices of these third parties, and the information practices of these third parties are not covered by this Privacy Policy. Some of these third parties may participate in an industry organization that gives users the opportunity to opt out of receiving advertisements that are tailored based on your online activities. Please see Opting Out in section 12 for more information on how you can opt out of interest-based advertising from participating advertising companies.

5.   Cookies and Other Tracking Technologies

A cookie is a small text file that a web server used to operate a website generates and sends to a web browser. Its purpose is to manage your website experience, help prevent fraud, and allow for customization of the web pages presented to you when you return to the website. Web beacons are small graphic images or small pieces of data embedded in images (also known as “pixels,” “web bugs,” or “clear GIFs”) used to keep track of your navigation through the Services and your electronic communication with us. An embedded script is a programming code that is designed to collect information about your interactions with the Services, such as information about the links on which you click. The code is temporarily downloaded onto your device from our web server or a third party service provider. The code is active only while you are connected to the Services, and is deactivated or deleted once you disconnect from the Services.

We use cookies and similar technologies to enable the efficient operation of the Services, to enhance the ease of use of the Services, and to gather statistics on how you use our Services. Please see our Cookie Policy for more information. By using the Services, you consent to our use of cookies and similar technologies. You may opt out of cookies and similar technologies in accordance with section 12 below.

6.   Data Security and Retention

The Services take precautions to protect personal information collected. When you submit personal information to us via the Services, we use accepted industry measures to safeguard personal information once we receive it, including storing the information you have provided to us in password-secured databases. In addition to our technical safeguards, we limit the number of employees who have access to your personal information and train all employees who have access to personal information in privacy.

While we take reasonable measures to protect the information you submit via the Services against loss, theft and unauthorized use, disclosure, or modification, we cannot guarantee its absolute security. No Internet, e-mail, or mobile application transmission is ever fully secure or error free. You should use caution whenever submitting information through the Services and take special care in deciding which information you provide us. We cannot guarantee that transmissions of your personal information will be fully secure and that third parties will never be able to defeat our security measures or the security measures of our partners. We assume no liability for disclosure of your information due to transmission errors, third party access or causes beyond our control.

You have the obligation to protect your own personal information, and we are in no event responsible for any issues or problems arising out of the leak of personal information caused by your own negligence (such as, transfer, lease or loss of your access medium, etc., leaving a computer without logging out, and the like), inherent problems in Internet such as, vulnerability of browsers, hacking by use of such technology or method which are not controllable despite reasonable care taken by us to prevent the same, and the like, in each case, so long as it is not attributable to us.

If you have an account with us and you suspect unauthorized use of your account or its credentials, you should contact us immediately at support@mygratia.com.

We will retain your information for as long as you use the Services or as otherwise necessary to provide you with our Services. In some cases we retain personal information for longer, if doing so is necessary to comply with our legal or business obligations, resolve disputes or collect fees owed, or is otherwise required by applicable law, rule or regulation. For example, we keep your account information, such as your first and last names, e-mail address, and password, for as long as your account exists so that you may access it. We may also retain information in an anonymous, de-identified, and/or aggregated form such that information would not identify you personally.

7.   Data Transfer

We are based in the United States (the “U.S.”) and maintain your information in accordance with the laws of the U.S., which may not provide the same level of protection as the laws in your jurisdiction. By using the Services and providing us with your information, you understand that your information may be transferred to and stored on servers in the U.S., and authorize us to transfer, store, and process such information to and in the U.S., and possibly in other countries, in accordance with this Privacy Policy.

8.   Your Privacy Rights

Subject to certain limits and conditions provided under law, you have the right to request to: (i) know more about the information we have about you; (ii) export the information we have about you in a structured and machine readable form; (iii) opt out of targeted advertising; (iv) correct inaccurate information we have about you, if any; (v) delete the information we have about you. If you have an account with us, you can change certain information (such as your first name, last name, and password) or delete your account by going to Profile, clicking Settings, and accessing Manage Personal Info in the Mobile App while signed into your account. If you request to delete your information, please note that we retain certain information as necessary to comply with our legal or business obligations.

You can make the request by contacting us as indicated in section 13. We will not provide discriminatory treatment against anyone that exercises any of their rights to make such request.

Where appropriate under applicable law, such as with respect to requests to know, correct, or delete, we may verify your request by asking you to provide information that matches information we have on file. You may designate an authorized agent to exercise any of the rights set out in this Privacy Policy on your behalf. Authorized agents should submit requests through the same channels, but we may require proof that the person is authorized to act on your behalf and may also still ask you to verify your identity with us directly. Please note that we will not fulfill your request if you do not provide sufficient information to verify your identity or to verify that a third party making the request is authorized to act as your representative.

Some jurisdictions provide residents with certain rights with respect to their personal information as defined under applicable law. These rights are subject to the specific laws of that jurisdiction and certain other rights might apply. Please review Additional Rights for Certain Jurisdictions in section 10 for more information on rights and terms specific to your location or place of residence.

9.   Personal Information of Children

Our Services are generally intended for individuals at least sixteen (16) years old and we do not intentionally collect or solicit personally identifiable information from individuals under sixteen (16) years old without obtaining verifiable consent from that child’s parent or guardian (the “Parental Consent”), except for the limited amount of personally identifiable information we need to collect in order to obtain Parental Consent. If you are under the age of sixteen (16), please do not submit any personal information to us, you may rely on your parent or guardian to assist you.

If you are a parent or guardian and believe that a child under age sixteen (16) has provided us with personally identifiable information without Parental Consent, please contact us at support@mygratia.com. At any time, a parent or guardian of a user of our Service who is under sixteen (16) years old can contact us via our e-mail address listed above to request that: (i) you review any personally identifiable information in our possession about such user; (ii) we stop collecting personally identifiable information regarding such user; (iii) we delete such information in our possession (although we may retain information in an anonymous, de-identified, or aggregated form where that information would not identify such user personally); or (iv) we stop disclosing personally identifiable information collected from such user to third parties, but continue to allow for collection and use of the personally identifiable information collected from such user in connection with the Services.

10.  Additional Rights for Certain Jurisdictions

a.   California

This section is provided for residents of California in order to include additional disclosures required by the California Consumer Privacy Act and its amendments (collectively, the “CCPA”). If you are a California resident, you have the rights set forth in this section.

Access: You have the right to receive certain disclosures about our collection and use of your personal information in the past twelve (12) months. In response, we will provide you with the following information:

  • The categories of personal information that we have collected about you.

  • The categories of sources from which that personal information was collected.

  • The business or commercial purpose for collecting or sharing your personal information.

  • The categories of third parties with whom we have shared your personal information.

  • The specific pieces of personal information that we have collected about you.

If we have disclosed your personal information to any third parties for a business purpose in the past twelve (12) months, we will identify the categories of personal information shared with each category of third party recipient.

Correction: You have the right to request that we correct any inaccurate personal information we have collected about you. Under CCPA, this right is subject to certain exceptions: for example, if we decide, based on the totality of circumstances related to your personal information, that such information is correct. If your correction request is subject to one of these exceptions, we may deny your request.

Deletion: You have the right to delete, or request that we assist in deleting, the personal information that we have collected about you. Under CCPA, this right is subject to certain exceptions: for example, we may need to retain your personal information to provide you with the Services or perform our obligations to you. If your deletion request is subject to one of these exceptions, we may deny your deletion request.

Exercise of Your Right: To exercise the rights described above, you must send us a request that: (i) provides sufficient information (e.g., login credentials to your account) to allow us to verify that you are the person about whom we have collected personal information, and; (ii) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a valid request and we will work to respond to your such request within forty-five (45) days of receipt. You may submit a valid request by sending us an e-mail at: support@mygratia.com with the subject line “CCPA Rights Request.” Exceptions may still apply as described in section 8.

Non-Discrimination: You have the right not to receive discriminatory treatment for the exercise of the privacy rights under CCPA.

Personal Data Sharing: As described in our Cookie Policy, we have incorporated cookies and similar tracking technologies from certain third parties into our Services. These cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on other websites you visit. Under CCPA, sharing your data through third party cookies for online advertising may be considered a “sale” or “sharing” of information. You have the right to opt out of the “sale” and/or “sharing” of your personal information by a business.

Right to Opt Out: As mentioned above, we “sell” and “share” personal information under the CCPA’s broader definition of “sale” or “share.” CCPA provides you a right to opt out of such “sales” and “shares.” You may exercise the right to opt out of such “sales” and “shares” under CCPA by [clicking the “Manage Cookies” link in the footer of the Site]. Please review Opting Out in section 12 for more information on how you manage cookies and similar technologies.

b.  Virginia, Connecticut, Colorado, Utah, and Nevada

This section is intended to comply with the privacy laws of other U.S. states by supplementing the information provided elsewhere in the Privacy Policy. These privacy laws include the Virginia Consumer Data Privacy Act (the “VCDPA”), the Connecticut Data Privacy Act (the “CTDPA”), the Utah Consumer Privacy Act (the “UCPA”), the Colorado Privacy Act (the “CPA”), and the Nevada Privacy Law (the “NPL”). If you are a resident of Virginia, Connecticut, Colorado, Utah, or Nevada, you have the rights set forth in this section.

We generally provide the privacy rights described in section 8 above to you regardless of your location. Your state may afford you additional privacy rights as noted below. To exercise your right, you must send us a request that: (i) provides sufficient information (e.g., login credentials to your account) to allow us to verify that you are the person about whom we have collected personal information, and; (ii) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a valid request and we will work to respond to your such request within the time limit afforded under applicable law. You may submit a valid request by sending us an e-mail at: support@mygratia.com with the subject line “Privacy Rights Request.” Exceptions may still apply as described in section 8.

  • Residents of Colorado, Connecticut, Virginia, and Utah have the right to opt out of targeted advertising and sales. If you are a resident of these states, you may opt out by [clicking the “Manage Cookies” link in the footer of the Site]. Please review Opting Out in section 12 for more information on how you manage cookies and similar technologies.

  • Users in Colorado, Connecticut and Virginia may opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. While you may still make this request, we do not currently use profiling in this manner.

  • Nevada provides its residents with a limited right to opt out of the sale of personal information. Please note that we do not trigger this requirement because we do not sell, nor do we plan to sell, your personal information for payment.

 

c.   EEA, Switzerland, and UK

The section applies to you if you use the Services while in the European Economic Area, Switzerland, or United Kingdom (collectively, the “Europe”). The Company operates as a data controller of your personal information detailed in section 1 under the General Data Protection Regulation (the “GDPR”) and the version of the GDPR retained in UK law (the “UK GDPR”).

If there are any conflicts between this section and any other provision of this Privacy Policy, the policy or portion that is more protective of personal information shall govern to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us as indicated in section 13.

Legal Bases for Processing Information

We use and disclose personal information as explained in section 2 and 3 respectively. We will process your personal information only if we have a legal basis allowing us to do so. Legal bases include consent, contractual necessity, legal obligations, and legitimate interests, as described below:

  • Consent: In some cases, we process your personal information based on the consent you expressly grant to us at the time we collect such information. We will obtain your consent to collect and use such information when we are required to do so by law. For example, we obtain your consent as described in our Cookie Policy in relation to cookies and similar technologies. When we process personal information based on your consent, it will be expressly indicated to you at the point and time of collection.

  • Contractual necessity: We process certain personal information in order to perform our contractual obligations to you. For example, when you purchase a subscription from us, we may process your payment and contact information as necessary to confirm and provide you with support services you request. Failure to provide the requested information could prevent or delay the fulfillment of the contractual obligations.

  • Legal obligations: We may need to process and share your personal information to comply with our legal obligations, if it is necessary to protect our rights or the rights of others. For example, we are required to collect certain information from you when processing your subscription payment for tax or financial reporting reasons.

  • Legitimate interest: We process certain personal information to meet our legitimate interests, including our advertising and marketing purposes. For example, our legitimate interests include making improvements to, customizing and understanding how you interact with the Services and related content, products or services, sending you communications about products and services we think may be of interest to you, and meeting legal requirements and enforcing legal terms. To accomplish our legitimate interests, we may share your personal information with our affiliates and subsidiaries, service providers and business partners and in the context of a corporate transaction. We maintain safeguards to protect the information we process to pursue our legitimate interests.

Data Subject Rights

We generally provide the privacy rights described in section 8 above to you regardless of your location. Subject to certain limits and conditions provided under law, you have additional rights to:

  • Request that we restrict processing in certain circumstances, such as receiving direct marketing.

  • Withdraw any consent you have provided.

  • File a complaint regarding our data protection practices with a supervisory authority. If you are in the European Economic Area, you can view the contact information for your data protection authority here. If you are in Switzerland, please see this site for contact information. If you are in the United Kingdom, please visit this site for contact information. We ask that you contact us first to see if we can resolve your issue.

Exercise of Your Right

To exercise the rights described above, you must send us a request that: (i) provides sufficient information (e.g., login credentials to your account) to allow us to verify that you are the person about whom we have collected personal information, and; (ii) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a valid request and we will work to respond to your such request within thirty (30) days of receipt unless we request an extension. You may submit a valid request by sending us an e-mail at: support@mygratia.com with the subject line “GDPR Rights Request.” Exceptions may still apply as described in section 8. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law.

11.  Changes to the Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices or to comply with legal requirements. If a material change to this Privacy Policy occurs, we will notify you by posting the revised Privacy Policy on our Site or providing additional notice by e-mail or in-app message. We encourage you to review this Privacy Policy periodically for any updates. Your continued use of the Services after any modifications to this Privacy Policy constitutes your acceptance of those changes. This Privacy Policy was made effective on the date indicated at the top.

12.  Opting Out

You may opt out of cookies and similar technologies at any time.

You can disable advertising cookies used by our Site by customizing your cookie preferences using our [“Manage Cookies”] controls. In order to opt out of interest-based or online behavioral advertising across browsers and devices from advertising companies that participate in Digital Advertising Alliance or Network Advertising Initiative opt-out programs, please visit their respective websites. You may also personalize the ads you receive or opt out of ads from Google by visiting Google My Ad Center.

You may adjust your mobile device settings to limit ad tracking. Specifically, on iOS devices, visit Settings > Privacy & Security > Tracking > Allow Apps to Request to Track. On Android devices, visit Settings > Google > Ads > Opt out of Ads Personalization. Please note that your opt-out choice may apply only to the browser or device you are using when you opt out, so you should opt out on each of your browsers and devices if you want to disable all cross-device linking for interest-based advertising. If you opt out, you will still receive ads but they may not be as relevant to you and your interests, and your experience on our Services may be degraded.

Please see our Cookie Policy for more information on how you manage cookies and similar technologies.

13.  How to Contact Us

If you have any questions about this Privacy Policy or our use of your personal information, please contact us at:

www.mygratia.com/contact

support@mygratia.com