Privacy Policy

Table of Contents

1. 01Introduction and Scope
2. 02Definitions
3. 03Information We Collect
4. 04How We Collect Your Information
5. 05How We Use Your Information
6. 06Legal Basis for Processing (GDPR and International)
7. 07Data Sharing and Disclosure
8. 08Third-Party Services and Integrations
9. 09Cookies, Tracking Technologies, and Advertising
10. 10Data Retention and Deletion
11. 11Data Security and Breach Notification
12. 12International Data Transfers
13. 13Your Rights and Choices
14. 14California Privacy Rights (CCPA/CPRA)
15. 15Virginia Consumer Data Protection Act (VCDPA)
16. 16Colorado Privacy Act (CPA)
17. 17Connecticut Data Privacy Act (CTDPA)
18. 18Utah Consumer Privacy Act (UCPA)
19. 19Canada Personal Information Protection and Electronic Documents Act (PIPEDA)
20. 20Brazil Lei Geral de Protecao de Dados (LGPD)
21. 21Australia Privacy Act
22. 22India Digital Personal Data Protection Act (DPDP)
23. 23Children's Privacy and COPPA Compliance
24. 24Profiling, Automated Decision-Making, and AI
25. 25Social Media Features and Widgets
26. 26Testimonials, Reviews, and User-Generated Content
27. 27Job Applications and Employment Data
28. 28Do Not Track Signals and Browser Fingerprinting
29. 29Data Ownership, License, and Usage Rights
30. 30User Consent and Agreement
31. 31Arbitration Agreement and Class Action Waiver
32. 32Limitation of Liability and Disclaimer of Warranties
33. 33Indemnification
34. 34Changes to This Privacy Policy
35. 35Governing Law and Jurisdiction
36. 36Severability, Waiver, and Entire Agreement
37. 37Data Protection Officer and Contact Information

1. Introduction and Scope

1.1 Welcome

OUTGRAVE ("we," "us," "our," or "the Company") is a software technology company dedicated to building world-class desktop, mobile, and web applications, as well as providing digital goods and technology knowledge services. We take your privacy seriously. This Privacy Policy explains in detail how we collect, use, store, process, share, transfer, protect, and ultimately handle your personal information when you interact with any of our Services.

1.2 Scope of This Policy

This Privacy Policy applies to all users, visitors, customers, clients, partners, contractors, and any other individuals ("you," "your," "user," "visitor," "data subject") who access or use any of the following:

• Our websites and all subdomains thereof
• Our desktop applications
• Our mobile applications (iOS and Android)
• Our web applications and software-as-a-service products
• Our digital goods, including downloadable content, licenses, and software
• Our API services and developer tools
• Our communication platforms, including email, chat, and support systems
• Our social media pages and channels
• Our marketing and advertising materials
• Any other products, services, or platforms owned, operated, or controlled by OUTGRAVE

All of the above are collectively referred to as "the Services."

1.3 Acceptance of Terms

BY ACCESSING OR USING ANY PART OF OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND EXPRESSLY AGREE TO BE BOUND BY ALL TERMS AND CONDITIONS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE WITH ANY PART OF THIS POLICY, YOU MUST IMMEDIATELY CEASE ACCESSING AND USING OUR SERVICES.

Your continued use of our Services constitutes your ongoing acceptance of this Privacy Policy and any future amendments thereto. We reserve the right to modify this policy at any time, and such modifications shall become effective immediately upon posting. It is your sole responsibility to review this policy periodically.

1.4 Policy Coverage

This policy covers all information collected through your interaction with OUTGRAVE, including but not limited to:

• Browsing or visiting our websites
• Registering for, creating, or maintaining an account
• Purchasing, downloading, or licensing digital goods or services
• Using our desktop, mobile, or web applications
• Contacting our customer support or technical teams
• Subscribing to our newsletters, marketing communications, or notifications
• Participating in promotions, contests, surveys, sweepstakes, feedback programs, or beta tests
• Interacting with us on social media platforms
• Applying for employment or contracting positions
• Posting comments, reviews, or other user-generated content
• Any other interaction, communication, or transaction with OUTGRAVE

1.5 No Prior Notice for Changes

We reserve the right to update, modify, amend, replace, or change this Privacy Policy at any time, for any reason, with or without prior notice. Unless otherwise specified, changes become effective immediately upon being posted on our website or within our applications. Your continued use of the Services after such changes constitutes your binding acceptance of the updated policy.

2. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below:

• "Company," "we," "us," "our" — refers to OUTGRAVE, its owners, directors, officers, employees, agents, affiliates, subsidiaries, successors, and assigns.
• "You," "your," "user," "data subject" — refers to any individual who accesses or uses our Services, regardless of whether they have registered an account.
• "Services" — collectively refers to all websites, applications, platforms, products, digital goods, and services offered by OUTGRAVE.
• "Personal Data" or "Personal Information" — any information relating to an identified or identifiable natural person, including but not limited to name, email address, IP address, device identifiers, location data, online identifiers, or any other information that can be used to identify a specific individual.
• "Sensitive Data" — personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for unique identification, health data, or data concerning a person's sex life or sexual orientation.
• "Processing" — any operation or set of operations performed on personal data, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
• "Data Controller" — OUTGRAVE, which determines the purposes and means of processing personal data.
• "Data Processor" — a third party that processes personal data on behalf of OUTGRAVE.
• "Consent" — any freely given, specific, informed, and unambiguous indication of your wishes by which you agree to the processing of your personal data.
• "Data Breach" — a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.
• "Third Party" — any natural or legal person, public authority, agency, or body other than the data subject, the data controller, the data processor, or persons who are authorized to process data under the direct authority of the data controller or processor.
• "Cookies" — small text files stored on your device by your web browser when you visit websites.
• "Anonymized Data" — data that cannot be used to identify a specific individual, either alone or in combination with other information.
• "Aggregated Data" — statistical or demographic data derived from personal information but that has been aggregated so that it no longer reveals the identity of any individual.

3. Information We Collect

We collect various types of information to provide, improve, and protect our Services. The categories and specific data points we collect are described in detail below.

3.1 Personal Information You Voluntarily Provide

When you interact with our Services, you may voluntarily provide us with the following categories of personal information:

3.1.1 Identity Information

• Full legal name
• Username or display name
• Profile or avatar image
• Gender (if voluntarily provided)
• Date of birth or age range
• Government-issued identification (for verification purposes, where required by law)

3.1.2 Contact Information

• Email address (personal and/or business)
• Phone number (mobile and/or landline)
• Physical address (street, city, state, postal code, country)
• Mailing address

3.1.3 Account and Authentication Information

• Account username and password
• Security questions and answers
• Multi-factor authentication credentials
• Account preferences and settings
• Account recovery information

3.1.4 Financial and Transaction Information

• Credit card numbers (processed through secure third-party payment gateways; we do not retain full credit card numbers on our servers)
• Debit card information
• Bank account details (for direct payments or refunds)
• Billing address and tax identification information
• Purchase history, order details, and transaction records
• Subscription and license information
• Invoice and receipt data

3.1.5 Communications and Correspondence

• Emails sent to or received from OUTGRAVE
• Live chat transcripts and support ticket content
• Customer service call recordings (where permitted by law)
• Feedback, complaints, and dispute communications
• Survey responses and questionnaire submissions

3.1.6 User-Generated Content

• Comments, reviews, and ratings
• Forum posts and community discussions
• Blog comments
• Uploaded content, including documents, images, videos, and files
• Testimonials and success stories

3.1.7 Marketing and Preference Information

• Marketing preferences and communication opt-ins
• Interest categories and content preferences
• Newsletter subscriptions
• Event registration information
• Contest and sweepstakes entries

3.1.8 Any Other Information You Provide

Any other information you choose to share with us through any means of communication, including but not limited to forms, surveys, emails, phone calls, social media interactions, or in-person meetings.

3.2 Information Collected Automatically

When you access, use, or interact with our Services, we may automatically collect the following information:

3.2.1 Device Information

• Device type, model, and manufacturer
• Operating system and version (e.g., Windows, macOS, iOS, Android, Linux)
• Browser type, version, and language settings
• Screen resolution, color depth, and display settings
• Hardware specifications (processor, RAM, graphics)
• Unique device identifiers (IMEI, MEID, MAC address, advertising ID, device ID)
• Device settings and configurations
• Installed fonts and plugins
• Battery level and charging status

3.2.2 Usage Information

• Pages, screens, and features viewed or accessed
• Time and duration of visits and sessions
• Clickstream data and navigation paths
• Links clicked, buttons pressed, and interactions performed
• Search queries entered
• Features used and features ignored
• Scroll depth and hover patterns
• Content viewed, downloaded, or shared
• Purchase and download history
• Frequency and recency of visits

3.2.3 Technical and Log Information

• IP address (including geolocation data derived therefrom)
• Referring URL and exit pages
• Server access logs
• Error logs, crash reports, and diagnostic data
• API call logs
• Bandwidth usage and data transfer volumes
• Network connection type and speed
• Browser-requested URLs and status codes

3.2.4 Location Information

• Approximate geographic location derived from IP address (city, region, country)
• Precise location data (if you grant permission through your device settings)
• Wi-Fi access point locations
• Cell tower triangulation data

3.2.5 Performance and Diagnostic Information

• Application load times and response times
• Feature usage frequency and patterns
• Crash reports and stack traces
• Error messages and system logs
• Performance metrics and bottlenecks
• Battery and resource consumption data

3.2.6 Tracking and Identification Technologies

• Cookie identifiers (see Section 9 for full details)
• Pixel tag and web beacon data
• Local storage and session storage data
• ETag and cache identifiers
• Fingerprinting data (browser, device, canvas, audio, WebGL)
• Session identifiers and authentication tokens

3.3 Information Collected from Third-Party Sources

We may receive information about you from various third-party sources, including:

3.3.1 Social Media Platforms

When you connect your social media accounts (e.g., Facebook, Google, Apple, Twitter/X, LinkedIn, GitHub, Discord) to our Services, we may receive:

• Your social media profile name and picture
• Email address associated with your social media account
• Friend list and connections
• Public profile information
• Pages and content you have liked or shared
• Any other information you have authorized the social media platform to share

3.3.2 Payment Processors

• Payment confirmation and receipt data
• Billing address
• Transaction status and history
• Fraud scoring and risk assessment indicators (not full payment credentials)

3.3.3 Analytics Providers

• Aggregated usage statistics and trends
• Audience demographic and interest data
• Campaign performance metrics
• Behavioral segments and cohorts

3.3.4 Advertising and Marketing Partners

• Advertisement interaction data
• Campaign attribution information
• Audience insights and lookalike segments
• Conversion tracking data

3.3.5 Data Brokers and Public Sources

• Publicly available information from government records, public databases, and directories
• Information from data enrichment services (as permitted by applicable law)
• Credit and fraud prevention databases

3.3.6 Referral Programs and Partners

• Information about you from referral partners or affiliate programs
• Information from co-branded services or joint marketing arrangements

3.4 Sensitive Data

We generally do not seek to collect sensitive data as defined in Section 2. However, if you voluntarily provide sensitive data through our Services (for example, by including it in a support request, feedback form, or user-generated content), you explicitly consent to our collection and processing of such data as described in this policy. We will use such data only for the specific purpose for which it was provided and will take appropriate safeguards to protect it.

3.5 Consequences of Not Providing Information

If you choose not to provide certain information that is necessary for the provision of our Services, we may be unable to:

• Create or maintain your account
• Process your transactions or fulfill your orders
• Provide customer support
• Deliver certain features or functionality
• Comply with legal or regulatory requirements

4. How We Collect Your Information

We collect information through the following methods and channels:

4.1 Direct Interactions

• When you fill out forms on our websites or applications
• When you create or modify your account
• When you make purchases or complete transactions
• When you communicate with us via email, chat, phone, or support tickets
• When you subscribe to newsletters or marketing communications
• When you participate in surveys, contests, promotions, or beta programs
• When you post comments, reviews, or other user-generated content
• When you apply for employment or contracting opportunities

4.2 Automated Technologies

• Through cookies and similar tracking technologies (see Section 9)
• Through server logs and analytics tools
• Through software development kits (SDKs) integrated into our applications
• Through error reporting and crash detection tools
• Through session recording and heat mapping tools
• Through fingerprinting technologies

4.3 Third-Party Sources

• Through social media authentication and integration
• Through payment processing partners
• Through analytics and advertising partners
• Through data brokers and publicly available sources
• Through referral programs and affiliate networks

4.4 Passive Collection

Even if you do not create an account or actively provide information, we may still collect certain information automatically as described in Section 3.2, including your IP address, device information, and browsing behavior.

5. How We Use Your Information

We use the information we collect for a wide range of purposes, as described in detail below.

5.1 Core Service Operations

• To provide, operate, deliver, maintain, and improve our Services
• To process and fulfill transactions, orders, purchases, and downloads
• To create, manage, and maintain your user account
• To authenticate your identity, verify your credentials, and secure your account
• To provide customer and technical support
• To respond to your inquiries, requests, comments, or questions
• To communicate with you regarding your account, transactions, subscriptions, or technical issues
• To process refunds, returns, and exchanges
• To generate invoices, receipts, and tax documents
• To manage your preferences and settings

5.2 Marketing, Promotional, and Commercial Use

BY AGREEING TO THIS PRIVACY POLICY, YOU EXPLICITLY AND IRREVOCABLY CONSENT TO OUTGRAVE USING YOUR PERSONAL DATA — INCLUDING BUT NOT LIMITED TO YOUR NAME, EMAIL ADDRESS, PHONE NUMBER, USAGE HISTORY, PURCHASE HISTORY, PREFERENCES, DEMOGRAPHIC INFORMATION, DEVICE INFORMATION, LOCATION DATA, AND BEHAVIORAL DATA — FOR THE FOLLOWING MARKETING, PROMOTIONAL, AND COMMERCIAL PURPOSES:

5.2.1 Direct Marketing

• Sending promotional emails, newsletters, offers, deals, and updates about our products and services
• Sending personalized product recommendations and content suggestions
• Sending targeted push notifications and in-app messages
• Sending SMS, MMS, or text message marketing (where you have provided your phone number)
• Sending physical mail marketing materials

5.2.2 Advertising and Personalization

• Displaying personalized advertisements and content across our websites, applications, and platforms
• Displaying targeted advertisements on third-party websites, social media platforms, and advertising networks
• Creating custom audience segments for advertising campaigns (including lookalike audiences)
• Serving retargeting and remarketing advertisements
• Conducting ad attribution and performance measurement

5.2.3 Market Research and Analysis

• Conducting market research and consumer behavior analysis
• Performing demographic and psychographic analysis
• Segmenting users based on behavior, preferences, and characteristics
• Testing and optimizing marketing campaigns and messaging
• Developing customer profiles and personas

5.2.4 Promotions and Contests

• Administering contests, sweepstakes, promotions, and loyalty programs
• Verifying eligibility and processing entries
• Communicating with participants and announcing winners
• Conducting prize fulfillment and delivery

5.2.5 Publicity and Brand Promotion

• Using your testimonials, reviews, and feedback for promotional purposes (see Section 26)
• Featuring your name, likeness, and content in marketing materials (subject to additional consent where required by law)
• Creating case studies, success stories, and featured customer content

You may opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or by contacting us directly. However, opting out of marketing communications does not:

• Revoke our right to use your data for internal analytics, product improvement, or legal compliance purposes
• Affect our use of your data for transactional or service-related communications
• Limit our ability to use anonymized or aggregated data derived from your information

5.3 Business Improvement and Product Development

• To analyze usage trends, patterns, and behaviors across our Services
• To improve the user experience, interface design, and functionality
• To develop new features, products, services, and offerings
• To diagnose technical issues, fix bugs, and resolve errors
• To optimize performance, speed, and reliability
• To train, test, and improve machine learning models, algorithms, and artificial intelligence systems (in anonymized or aggregated form where possible, but not limited thereto)
• To conduct research and development activities
• To perform data analysis, data mining, and statistical modeling
• To create anonymized and aggregated datasets for business intelligence

5.4 Security, Fraud Prevention, and Risk Management

• To detect, prevent, investigate, and respond to fraud, abuse, unauthorized access, and illegal activities
• To monitor and enforce compliance with our Terms of Service, this Privacy Policy, and other agreements
• To verify user identity and authenticate account access
• To protect the security, integrity, and availability of our Services and infrastructure
• To conduct security audits, vulnerability assessments, and penetration testing
• To manage and mitigate risk across our business operations
• To implement and maintain access controls and authentication mechanisms

5.5 Legal and Regulatory Compliance

• To comply with applicable laws, regulations, statutes, ordinances, and legal requirements
• To respond to subpoenas, court orders, legal process, or government requests
• To establish, exercise, or defend legal claims
• To enforce our rights under contracts and agreements
• To cooperate with law enforcement, regulatory authorities, and government agencies
• To comply with audit, reporting, and record-keeping obligations
• To resolve disputes and investigate complaints

5.6 Data Combination and Cross-Referencing

We may combine, link, cross-reference, and integrate information collected from different sources (including information collected across different devices, platforms, and services) to:

• Create a unified and comprehensive profile of your interests, preferences, and behaviors
• Improve the accuracy and completeness of our data
• Enhance personalization and targeting across all touchpoints
• Conduct more effective analytics and research
• Improve fraud detection and risk assessment

5.7 Automated Decision-Making and Profiling

We may engage in automated decision-making and profiling activities based on your data, including:

• Automated assessment of creditworthiness and fraud risk
• Automated categorization and segmentation of users
• Automated content and product recommendations
• Automated pricing and offer optimization
• Automated moderation and content filtering

Where such activities produce legal effects or similarly significant effects, we will implement appropriate safeguards as required by applicable law.

6. Legal Basis for Processing (GDPR and International)

If you are located in the European Economic Area (EEA), the United Kingdom, Switzerland, or other jurisdictions with comprehensive data protection laws, we process your personal data based on the following legal grounds:

6.1 Consent (Article 6(1)(a) GDPR)

We rely on your consent when:

• You subscribe to our marketing communications
• You provide optional information that is not required for service delivery
• We use non-essential cookies and tracking technologies
• We process sensitive data that you voluntarily provide
• We engage in certain types of profiling and automated decision-making

You have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

6.2 Contractual Necessity (Article 6(1)(b) GDPR)

We process your data as necessary to:

• Perform our obligations under our Terms of Service or other agreements with you
• Process transactions and fulfill orders you have requested
• Provide customer support and account management
• Deliver the Services you have requested

6.3 Legal Obligation (Article 6(1)(c) GDPR)

We process your data as necessary to comply with legal obligations, including:

• Tax and accounting record-keeping requirements
• Anti-money laundering and counter-terrorism financing obligations
• Consumer protection and product safety regulations
• Data breach notification requirements
• Court orders and legal process compliance

6.4 Legitimate Interests (Article 6(1)(f) GDPR)

We process your data based on our legitimate interests, provided your interests and fundamental rights do not override those interests. Our legitimate interests include:

• Service improvement: analyzing usage patterns to improve and optimize our Services
• Security: protecting our systems, users, and data from threats and abuse
• Marketing: promoting our products and services (with appropriate opt-out mechanisms)
• Business operations: managing our business operations efficiently and effectively
• Fraud prevention: detecting and preventing fraudulent activities
• Legal compliance: establishing, exercising, or defending legal claims

Where we rely on legitimate interests, we have conducted a Legitimate Interest Assessment (LIA) and have implemented appropriate safeguards to protect your rights.

6.5 Vital Interests (Article 6(1)(d) GDPR)

We may process your data where necessary to protect your vital interests or those of another person, such as in a medical emergency.

6.6 Public Interest (Article 6(1)(e) GDPR)

We may process your data where necessary for the performance of a task carried out in the public interest.

7. Data Sharing and Disclosure

We may share, disclose, transfer, or otherwise make available your information in the following circumstances and to the following categories of recipients:

7.1 Service Providers and Vendors

We engage trusted third-party service providers, vendors, contractors, and agents to perform functions on our behalf. These providers have access to your personal data only as necessary to perform their functions and are contractually obligated to protect your data and use it only for the purposes we specify. Categories of service providers include:

7.1.1 Cloud Computing and Hosting Providers

• Infrastructure-as-a-service (IaaS) providers
• Platform-as-a-service (PaaS) providers
• Data storage and backup services
• Content delivery networks (CDNs) such as Cloudflare and Vercel

7.1.2 Payment Processing

• Credit card processing services
• Digital wallet providers
• Fraud detection and prevention services
• Invoicing and billing platforms

7.1.3 Analytics and Measurement

• Web and app analytics platforms
• Business intelligence tools
• Session recording and heat mapping services
• A/B testing and experimentation platforms

7.1.4 Marketing and Advertising

• Email marketing and automation platforms
• Advertising networks and exchanges
• Social media advertising platforms
• Customer relationship management (CRM) systems

7.1.5 Customer Support

• Help desk and ticketing systems
• Live chat and chatbot providers
• Knowledge base platforms
• Phone and VoIP services

7.1.6 Communication Services

• Email delivery services
• SMS and push notification providers
• Video conferencing platforms
• Messaging platforms

7.1.7 Security and Fraud Prevention

• Identity verification services
• Fraud detection and prevention systems
• Security monitoring and threat detection tools
• Encryption and key management services

7.1.8 Professional Services

• Legal counsel and law firms
• Accounting and auditing firms
• Consultants and business advisors
• Insurance providers

7.2 Business Transfers and Corporate Transactions

In the event of any of the following corporate transactions or events, your information may be transferred, sold, assigned, or disclosed as part of that transaction:

• Merger, consolidation, or combination with another entity
• Acquisition or purchase of all or substantially all of our assets or stock
• Reorganization, restructuring, or recapitalization
• Bankruptcy, insolvency, or receivership proceedings
• Sale, divestiture, or spin-off of a business unit or product line
• Joint venture or strategic partnership
• Financing or investment transaction

We will use reasonable efforts to notify you via email or prominent notice on our website of any such transfer and any change in ownership or data usage practices. However, we reserve the right to complete such transactions without prior notice where required by confidentiality obligations or legal restrictions.

7.3 Legal Compliance and Enforcement

We may disclose your information if we believe in good faith that such disclosure is necessary to:

• Comply with applicable laws, regulations, statutes, or ordinances
• Respond to a subpoena, court order, legal process, or government request
• Cooperate with law enforcement, regulatory authorities, or government agencies
• Enforce our Terms of Service, this Privacy Policy, or other agreements
• Protect our rights, property, safety, or interests
• Protect the rights, property, safety, or interests of our users or the public
• Prevent, detect, or investigate fraud, abuse, security incidents, or illegal activities
• Establish, exercise, or defend legal claims

7.4 Affiliated Companies and Subsidiaries

We may share information with our parent company, subsidiaries, affiliates, joint venture partners, and other entities under common control or ownership. These entities will use your information in a manner consistent with this Privacy Policy and applicable law.

7.5 With Your Consent

We may share your information for any other purpose with your explicit consent, obtained in writing, electronically, or verbally as permitted by applicable law.

7.6 Aggregated and Anonymized Data

We may share aggregated or anonymized data that cannot reasonably be used to identify you with any third party for any lawful purpose, including:

• Research and academic studies
• Industry benchmarking and reporting
• Marketing and advertising analytics
• Product development and improvement
• Publicly available statistical reports

7.7 Sale of Personal Information

To the extent that our sharing of personal information for advertising or other purposes constitutes a "sale" under applicable laws (such as the California Consumer Privacy Act), we engage in such activities. For more information about your rights regarding the sale of personal information, please see Sections 13 and 14.

8. Third-Party Services and Integrations

8.1 Third-Party Links

Our Services may contain links to third-party websites, platforms, services, or applications that are not owned, operated, or controlled by OUTGRAVE. This includes but is not limited to:

• Social media platforms (Facebook, Instagram, Twitter/X, LinkedIn, YouTube, TikTok, Pinterest, Snapchat, Reddit, Discord, Telegram, WhatsApp)
• Payment processing pages (Stripe, PayPal, Razorpay, Square, Apple Pay, Google Pay)
• Cloud service dashboards
• Partner and affiliate websites
• Third-party content and embedded media (videos from YouTube/Vimeo, maps from Google Maps, social media feeds)

We are not responsible for the privacy practices, data collection methods, or content of these third-party services. We encourage you to review the privacy policies and terms of service of any third-party services you access through our Services before providing them with your personal information.

8.2 Third-Party Integrations

Our Services may integrate with third-party services and platforms that you choose to connect to your OUTGRAVE account. When you enable such integrations, we may share certain information with the third-party service as necessary for the integration to function. The third party's use of your information is governed by its own privacy policy and terms of service, not by this Privacy Policy.

8.3 Social Media Authentication and Single Sign-On

We may offer you the ability to register for, log into, or connect to our Services using social media accounts or single sign-on (SSO) services (such as "Sign in with Google," "Sign in with Apple," "Sign in with Facebook," or "Log in with GitHub"). When you use these services, the third-party provider may share certain information with us as described in Section 3.3.1. Your use of such authentication services is subject to the third party's own privacy policy and terms.

8.4 Embedded Content and Widgets

Our Services may include embedded content, widgets, plugins, or other features hosted by third parties. These elements may collect your IP address, track your interactions, and set cookies or other tracking technologies. Your interactions with these features are governed by the privacy policy of the third-party provider.

9. Cookies, Tracking Technologies, and Advertising

9.1 What Are Cookies and Tracking Technologies?

Cookies are small text files that are placed on your device (computer, tablet, smartphone) by websites and applications that you visit or use. They are widely used to make websites and applications work efficiently, enhance user experience, and provide information to the owners of the service.

We also use other similar tracking technologies, including:

• Web Beacons (Pixel Tags) — small invisible images that track user behavior and collect usage data
• Local Storage and Session Storage — browser storage mechanisms that store data locally on your device
• ETags and Cache Mechanisms — browser caching identifiers used for tracking
• Fingerprinting — collection of device and browser characteristics to create a unique identifier
• Software Development Kits (SDKs) — code libraries embedded in our mobile and desktop applications for tracking and analytics
• JavaScript Tags — scripts that track user interactions on our websites

9.2 Why We Use Tracking Technologies

We use cookies and similar tracking technologies for the following purposes:

9.3 Specific Cookies and Tracking Technologies We Use

This list is not exhaustive and may be updated from time to time. For a complete and current list, please contact us at privacy@outgrave.com.

9.4 Your Choices Regarding Tracking Technologies

9.4.1 Browser Settings

Most web browsers allow you to control cookies through their settings. You can typically:

• View and delete cookies
• Block third-party cookies
• Block all cookies
• Set preferences for specific websites
• Enable "Do Not Track" signals (see Section 28)

Please note that disabling or blocking certain cookies may affect the functionality and performance of our Services, and some features may not work as intended.

9.4.2 Opt-Out Tools

You can opt out of certain tracking and advertising through the following industry tools:

• Your Online Choices (EU): www.youronlinechoices.com
• Network Advertising Initiative (US): www.networkadvertising.org/choices
• Digital Advertising Alliance (US): www.aboutads.info/choices
• Google Analytics Opt-Out: tools.google.com/dlpage/gaoptout
• Facebook Ad Preferences: www.facebook.com/ads/preferences

9.4.3 Mobile Device Settings

On mobile devices, you can limit advertising tracking through:

• iOS: Settings > Privacy > Tracking > "Allow Apps to Request to Track" (off) or Settings > Privacy > Apple Advertising > "Personalized Ads" (off)
• Android: Settings > Google > Ads > "Opt out of Ads Personalization"

9.4.4 Cookie Consent Banner

On your first visit to our website, you will be presented with a cookie consent banner that allows you to choose which categories of cookies you wish to accept. You can change your preferences at any time through the cookie settings link in our website footer.

9.5 Consequences of Rejecting Tracking Technologies

If you reject or disable certain tracking technologies:

• Our Services may still function, but some features may be limited or unavailable
• Your preferences may not be remembered
• You may see less relevant advertisements
• We may not be able to provide personalized content or recommendations
• Some security features may be affected

10. Data Retention and Deletion

10.1 Retention Principles

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, or as required by applicable law.

The criteria we use to determine retention periods include:

• The duration of your relationship with us and your use of our Services
• Whether we have a legal, contractual, or regulatory obligation to retain the data
• Whether retention is advisable for our legal position (e.g., for statute of limitations, litigation, or regulatory investigations)
• The nature and sensitivity of the data
• Whether the data is necessary for security, fraud prevention, or business operations

10.2 Specific Retention Periods

10.3 Data Deletion

When data is no longer needed for the purposes described in this policy, we will:

• Permanently delete the data from our active systems
• Anonymize the data so that it cannot be associated with you
• Retain only aggregated or anonymized data for analytical purposes

However, we may retain certain data for longer periods where:

• Required by applicable law, regulation, or legal process
• Necessary for fraud prevention or security purposes
• Needed for the establishment, exercise, or defense of legal claims
• Required for tax, accounting, or audit purposes

10.4 Account Deletion

You may request deletion of your account at any time by contacting us at privacy@outgrave.com. Upon receiving a verified deletion request, we will:

1. 01Deactivate your account within 5 business days
2. 02Begin the deletion process within 30 days
3. 03Complete deletion of your personal data within 90 days, subject to legal and operational retention requirements

Please note that account deletion is irreversible and will result in loss of access to all Services, content, and data associated with your account.

11. Data Security and Breach Notification

11.1 Security Measures

We implement comprehensive technical, organizational, and physical security measures to protect your personal data against unauthorized access, alteration, disclosure, destruction, or loss. These measures include:

11.1.1 Technical Measures

• Encryption: SSL/TLS encryption (2048-bit RSA, TLS 1.2+) for all data in transit; AES-256 encryption for data at rest
• Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), and principle of least privilege
• Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), DDoS protection (Cloudflare)
• Monitoring: 24/7 system monitoring, security information and event management (SIEM), anomaly detection
• Vulnerability Management: Regular vulnerability scanning, penetration testing, and security audits
• Patch Management: Timely application of security patches and updates
• Secure Development: Secure software development lifecycle (SDLC), code reviews, static/dynamic analysis
• Backup and Recovery: Encrypted backups, disaster recovery plans, business continuity procedures
• Endpoint Protection: Antivirus, anti-malware, endpoint detection and response (EDR)

11.1.2 Organizational Measures

• Policies: Written information security policies, data protection policies, and incident response plans
• Training: Regular security awareness training for all employees and contractors
• Confidentiality Agreements: All personnel with access to personal data are bound by confidentiality agreements
• Background Checks: Pre-employment screening for relevant positions
• Access Reviews: Periodic reviews of access permissions and entitlements
• Third-Party Due Diligence: Security assessment of service providers and vendors

11.1.3 Physical Measures

• Facility Security: Access control systems, surveillance, visitor management
• Equipment Security: Locked server rooms, secure device storage, asset tracking
• Remote Work Security: VPN requirements, endpoint security policies, device management

11.2 No Guarantee of Absolute Security

Despite our best efforts, no method of transmission over the internet, method of electronic storage, or security system is 100% secure. We cannot guarantee the absolute security of your personal data. You acknowledge and agree that you provide your information to us at your own risk.

We are not responsible for the security of data transmitted outside our control, including data transmitted via third-party networks, public Wi-Fi, or unsecured communication channels.

11.3 Data Breach Notification

In the event of a data breach that affects your personal data, we will:

1. 01Investigate: Promptly investigate the breach to determine its scope, cause, and impact
2. 02Notify You: Notify affected users without undue delay and within the timeframes required by applicable law (generally within 72 hours for GDPR breaches)
3. 03Notify Regulators: Notify relevant data protection authorities as required by applicable law
4. 04Provide Information: Inform you of:

• The nature and scope of the breach
• The categories and approximate number of data subjects affected
• The categories and approximate number of personal data records affected
• The likely consequences of the breach
• The measures we have taken or propose to take to address the breach
• Recommendations for mitigating potential adverse effects

1. 01Remediate: Take immediate steps to contain, mitigate, and remediate the breach

Notification will be sent via email (if we have your email address), through a prominent notice on our website, through in-app notifications, or through other reasonable means as required by law.

11.4 Security Incident Response

We maintain a comprehensive Security Incident Response Plan (SIRP) that outlines procedures for detecting, reporting, investigating, containing, and recovering from security incidents. Our incident response team is available 24/7 to respond to security events.

12. International Data Transfers

12.1 Global Operations

OUTGRAVE operates globally, and your personal data may be transferred to, stored, and processed in countries outside your country of residence, including but not limited to:

• United States
• European Union member states
• United Kingdom
• Canada
• Australia
• India
• Singapore
• Japan

These countries may have data protection laws that differ from those in your country of residence.

12.2 Transfer Safeguards

When we transfer your personal data from the European Economic Area (EEA), United Kingdom, Switzerland, or other jurisdictions with comprehensive data protection laws to countries that have not been deemed to provide adequate data protection, we implement appropriate safeguards, including:

12.2.1 Standard Contractual Clauses (SCCs)

We use the European Commission's Standard Contractual Clauses (2021 version) and the UK International Data Transfer Agreement (IDTA) to govern transfers of personal data from the EEA and UK to third countries.

12.2.2 Adequacy Decisions

We may transfer data to countries that have been deemed adequate by the European Commission, UK Government, or other relevant authorities.

12.2.3 Binding Corporate Rules (BCRs)

We may adopt Binding Corporate Rules for intra-group data transfers.

12.2.4 Other Lawful Transfer Mechanisms

We may rely on other lawful transfer mechanisms as permitted by applicable law, including:

• Your explicit consent to the transfer
• Transfer necessary for the performance of a contract with you
• Transfer necessary for important reasons of public interest
• Transfer necessary for the establishment, exercise, or defense of legal claims
• Transfer necessary to protect your vital interests

12.3 Your Consent to International Transfers

BY USING OUR SERVICES AND PROVIDING US WITH YOUR PERSONAL DATA, YOU EXPLICITLY CONSENT TO THE TRANSFER, STORAGE, AND PROCESSING OF YOUR PERSONAL DATA IN COUNTRIES OUTSIDE YOUR COUNTRY OF RESIDENCE, INCLUDING COUNTRIES THAT MAY HAVE DIFFERENT OR LESS PROTECTIVE DATA PROTECTION LAWS THAN YOUR COUNTRY OF RESIDENCE.

13. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data. We will respond to all legitimate requests within the timeframes required by applicable law (generally 30 days, with a possible extension of 60 additional days for complex requests).

13.1 Right to Access

You have the right to request confirmation of whether we process your personal data and, if so, to access that data along with information about:

• The categories of data we process
• The purposes of processing
• The categories of recipients with whom we share data
• The retention period or criteria used to determine retention
• The source of the data (if not collected directly from you)
• The existence of automated decision-making and profiling

13.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. We will make corrections promptly upon verification.

13.3 Right to Deletion ("Right to Be Forgotten")

You have the right to request deletion of your personal data where:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw your consent and there is no other legal basis for processing
• You object to processing based on legitimate interests and there are no overriding legitimate grounds
• The data was unlawfully processed
• Deletion is required to comply with a legal obligation
• The data was collected in relation to the offer of information society services to a child

This right is subject to exceptions, including compliance with legal obligations, establishment/exercise/defense of legal claims, and public interest reasons.

13.4 Right to Restrict Processing

You have the right to request restriction of processing where:

• You contest the accuracy of the data (for a period enabling us to verify accuracy)
• Processing is unlawful and you oppose deletion
• We no longer need the data but you require it for legal claims
• You have objected to processing based on legitimate interests (pending verification of overriding grounds)

13.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON) and to transmit that data to another controller without hindrance, where:

• Processing is based on consent or contract
• Processing is carried out by automated means

13.6 Right to Object

You have the right to object, on grounds relating to your particular situation, to processing based on legitimate interests, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

Where we process your data for direct marketing purposes, you have an absolute right to object at any time, and we will cease processing for such purposes immediately.

13.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. You may withdraw consent by:

• Updating your account settings
• Clicking the "unsubscribe" link in marketing emails
• Contacting us at privacy@outgrave.com

13.8 Right to Lodge a Complaint

If you believe that our processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with your local data protection authority:

• EEA: Your local data protection authority (list available at edpb.europa.eu)
• UK: Information Commissioner's Office (ico.org.uk)
• Switzerland: Federal Data Protection and Information Commissioner (edoeb.admin.ch)
• Canada: Office of the Privacy Commissioner of Canada (priv.gc.ca)
• Australia: Office of the Australian Information Commissioner (oaic.gov.au)
• Brazil: Autoridade Nacional de Protecao de Dados (anpd.gov.br)
• India: Data Protection Board of India (as established under DPDP Act)

We encourage you to contact us first at privacy@outgrave.com so that we may attempt to resolve your concerns directly.

13.9 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. This means we will not:

• Deny you goods or services
• Charge you different prices or rates
• Provide you with a different level or quality of service
• Suggest that you may receive a different price or level of service

13.10 How to Exercise Your Rights

To exercise any of your rights under this Privacy Policy, please contact us using one of the following methods:

• Email: privacy@outgrave.com
• Web Form: [Coming soon — privacy.outgrave.com/request]
• Postal Mail: [OUTGRAVE Privacy Team — address upon request]

We will respond to your request within 30 days of receipt. For complex or high-volume requests, we may extend this period by up to 60 additional days, in which case we will inform you of the extension and the reasons for it.

Verification: We may require you to provide reasonable verification of your identity before processing your request. This may include:

• Providing additional information that matches our records
• Confirming your email address or phone number
• Providing a government-issued identification (for sensitive requests)
• Responding to a verification email or SMS

Fees: We will generally process your first request in a 12-month period free of charge. For excessive, repetitive, unfounded, or manifestly unfounded requests, we reserve the right to:

• Charge a reasonable fee (based on the administrative costs of providing the information)
• Refuse to act on the request

13.11 Authorized Agents

Where permitted by applicable law, you may designate an authorized agent to make a request on your behalf. We may require:

• Proof of your written authorization (signed by you)
• Verification of your agent's identity
• Direct verification of your identity with us

14. California Privacy Rights (CCPA/CPRA)

If you are a resident of the State of California, USA, the following additional rights and disclosures apply to you under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), and other applicable California privacy laws.

14.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information from California residents:

14.2 Sources of Personal Information

Our sources of personal information include:

• You (directly, through your use of our Services)
• Your devices (automatically, through tracking technologies)
• Social media platforms (when you connect your accounts)
• Advertising and analytics partners
• Data brokers and publicly available sources (as permitted by law)

14.3 Business or Commercial Purpose for Collection

We collect your personal information for the business and commercial purposes described in Section 5 of this Privacy Policy.

14.4 Retention Period

We retain each category of personal information as described in Section 10.2 of this Privacy Policy.

14.5 Sale or Sharing of Personal Information

Under the CCPA/CPRA, "sale" includes sharing personal information for monetary or other valuable consideration. "Sharing" includes cross-context behavioral advertising.

In the preceding 12 months, we have sold or shared the following categories of personal information:

• Identifiers (e.g., IP address, device ID, cookie ID, advertising ID)
• Internet or electronic network activity information (e.g., browsing history, search history, interactions with our Services)
• Geolocation data (approximate location derived from IP address)
• Inferences drawn from the above

We have sold or shared this information to/with:

• Advertising networks
• Data analytics providers
• Social media platforms
• Marketing and advertising partners

We do not have actual knowledge that we sell or share the personal information of minors under 16 years of age.

14.6 Your California Rights

14.6.1 Right to Know

You have the right to request that we disclose the following information covering the 12-month period preceding your request:

• The categories of personal information we collected about you
• The categories of sources from which the personal information was collected
• The business or commercial purpose for collecting, selling, or sharing your personal information
• The categories of third parties to whom we disclosed, sold, or shared your personal information
• The specific pieces of personal information we collected about you

14.6.2 Right to Delete

You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (e.g., completing transactions, detecting security incidents, complying with legal obligations, internal uses consistent with your expectations).

14.6.3 Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you.

14.6.4 Right to Opt Out of Sale/Sharing

You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. You can exercise this right by:

• Clicking the "Do Not Sell or Share My Personal Information" link in our website footer
• Enabling a recognized Global Privacy Control (GPC) signal in your browser
• Contacting us at privacy@outgrave.com

We will not discriminate against you for exercising any of your CCPA/CPRA rights.

14.6.5 Right to Limit Use of Sensitive Personal Information

We do not collect or process sensitive personal information for purposes that require a right to limit. If this changes, we will update this policy accordingly.

14.7 Requests in the Preceding 12 Months

14.8 Financial Incentives

We do not currently offer financial incentives (such as discounts or rewards) in exchange for the collection of personal information. If we do so in the future, we will provide you with notice of the material terms and obtain your opt-in consent.

14.9 Shine the Light (California Civil Code Section 1798.83)

California residents may also have the right under California Civil Code Section 1798.83 ("Shine the Light") to request, once per calendar year, information about our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at privacy@outgrave.com.

15. Virginia Consumer Data Protection Act (VCDPA)

If you are a resident of the Commonwealth of Virginia, USA, the following additional rights apply to you under the Virginia Consumer Data Protection Act (VCDPA), effective January 1, 2023.

15.1 Your Virginia Rights

• Right to Confirm: You have the right to confirm whether we are processing your personal data.
• Right to Access: You have the right to access your personal data.
• Right to Correct: You have the right to correct inaccuracies in your personal data.
• Right to Delete: You have the right to delete your personal data.
• Right to Data Portability: You have the right to obtain a copy of your personal data in a portable and readily usable format.
• Right to Opt Out: You have the right to opt out of:
• The sale of your personal data
• Targeted advertising
• Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you

15.2 Appeals Process

If we decline to take action on your request, we will inform you of our reason and provide instructions on how to appeal. If your appeal is denied, you may contact the Virginia Attorney General to lodge a complaint.

15.3 Exercising Your Virginia Rights

To exercise your rights under the VCDPA, please contact us at privacy@outgrave.com.

16. Colorado Privacy Act (CPA)

If you are a resident of the State of Colorado, USA, the following additional rights apply to you under the Colorado Privacy Act (CPA), effective July 1, 2023.

16.1 Your Colorado Rights

• Right to Access: You have the right to confirm whether we are processing your personal data and to access that data.
• Right to Correct: You have the right to correct inaccuracies in your personal data.
• Right to Delete: You have the right to delete your personal data.
• Right to Data Portability: You have the right to obtain a copy of your personal data in a portable and readily usable format.
• Right to Opt Out: You have the right to opt out of:
• The sale of your personal data
• Targeted advertising
• Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you

16.2 Appeals Process

If we decline to take action on your request, we will inform you of our reason and provide instructions on how to appeal. If your appeal is denied, you may contact the Colorado Attorney General to lodge a complaint.

16.3 Exercising Your Colorado Rights

To exercise your rights under the CPA, please contact us at privacy@outgrave.com.

17. Connecticut Data Privacy Act (CTDPA)

If you are a resident of the State of Connecticut, USA, the following additional rights apply to you under the Connecticut Data Privacy Act (CTDPA), effective July 1, 2023.

17.1 Your Connecticut Rights

• Right to Access: You have the right to confirm whether we are processing your personal data and to access that data.
• Right to Correct: You have the right to correct inaccuracies in your personal data.
• Right to Delete: You have the right to delete your personal data.
• Right to Data Portability: You have the right to obtain a copy of your personal data in a portable and readily usable format.
• Right to Opt Out: You have the right to opt out of:
• The sale of your personal data
• Targeted advertising
• Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you

17.2 Appeals Process

If we decline to take action on your request, we will inform you of our reason and provide instructions on how to appeal. If your appeal is denied, you may contact the Connecticut Attorney General to lodge a complaint.

17.3 Exercising Your Connecticut Rights

To exercise your rights under the CTDPA, please contact us at privacy@outgrave.com.

18. Utah Consumer Privacy Act (UCPA)

If you are a resident of the State of Utah, USA, the following additional rights apply to you under the Utah Consumer Privacy Act (UCPA), effective December 31, 2023.

18.1 Your Utah Rights

• Right to Access: You have the right to confirm whether we are processing your personal data and to access that data.
• Right to Delete: You have the right to delete your personal data.
• Right to Data Portability: You have the right to obtain a copy of your personal data in a portable and readily usable format.
• Right to Opt Out: You have the right to opt out of:
• The sale of your personal data
• Targeted advertising

18.2 Exercising Your Utah Rights

To exercise your rights under the UCPA, please contact us at privacy@outgrave.com.

19. Canada Personal Information Protection and Electronic Documents Act (PIPEDA)

If you are a resident of Canada, the following additional disclosures apply to you under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

19.1 Consent

We obtain your consent for the collection, use, and disclosure of your personal information, except where otherwise permitted or required by law. The form of consent may vary depending on the circumstances and the sensitivity of the information.

19.2 Access and Correction

You have the right to request access to the personal information we hold about you and to request corrections if you believe it is inaccurate or incomplete.

19.3 Withdrawal of Consent

You may withdraw your consent to our collection, use, or disclosure of your personal information at any time, subject to legal and contractual restrictions. Withdrawal of consent may affect our ability to provide you with certain services.

19.4 Challenging Compliance

You have the right to challenge our compliance with PIPEDA by contacting our Privacy Officer (see Section 37). If your concern is not resolved, you may file a complaint with the Office of the Privacy Commissioner of Canada.

19.5 Exercising Your Canadian Rights

To exercise your rights under PIPEDA, please contact us at privacy@outgrave.com.

20. Brazil Lei Geral de Protecao de Dados (LGPD)

If you are a resident of Brazil, the following additional rights apply to you under the Lei Geral de Protecao de Dados Pessoais (LGPD), Law No. 13,709/2018.

20.1 Your Brazilian Rights

• Right to Confirmation: Confirmation of the existence of processing
• Right to Access: Access to your personal data
• Right to Correct: Correction of incomplete, inaccurate, or outdated data
• Right to Anonymization/Blocking/Deletion: Anonymization, blocking, or deletion of unnecessary or excessive data
• Right to Portability: Data portability to another service provider
• Right to Deletion: Deletion of data processed with your consent
• Right to Information: Information about public and private entities with which we have shared your data
• Right to Information About Denial: Information about the possibility of denying consent and the consequences thereof
• Right to Withdraw Consent: Withdrawal of your consent

20.2 Data Protection Officer for Brazil

Our Data Protection Officer can be contacted at privacy@outgrave.com.

20.3 Exercising Your Brazilian Rights

To exercise your rights under the LGPD, please contact us at privacy@outgrave.com. If your request is not resolved, you may lodge a complaint with the Autoridade Nacional de Protecao de Dados (ANPD).

21. Australia Privacy Act

If you are a resident of Australia, the following additional disclosures apply to you under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

21.1 Collection Notice

We collect your personal information for the purposes described in this Privacy Policy. If you do not provide the information we request, we may be unable to provide you with our Services.

21.2 Access and Correction

You have the right to request access to the personal information we hold about you and to request correction of any inaccuracies.

21.3 Complaint Process

If you believe that we have breached the Australian Privacy Principles, please contact us at privacy@outgrave.com. We will investigate and respond to your complaint within 30 days. If you are dissatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

21.4 Overseas Disclosures

Your personal information may be disclosed to recipients located outside Australia, including in the countries listed in Section 12.1.

22. India Digital Personal Data Protection Act (DPDP)

If you are a resident of India, the following additional rights and disclosures apply to you under the Digital Personal Data Protection Act, 2023 (DPDP Act).

22.1 Your Indian Rights

• Right to Information: The right to know about the personal data we collect, the purpose of processing, and the recipients with whom it is shared
• Right to Access: The right to access and obtain a summary of your personal data
• Right to Correction: The right to correct, update, or complete your personal data
• Right to Deletion: The right to request deletion of your personal data
• Right to Grievance Redressal: The right to have your grievances addressed promptly
• Right to Nominate: The right to nominate a person to exercise your rights in the event of your death or incapacity

22.2 Consent Manager

We have appointed a Consent Manager (as defined under the DPDP Act) who will be responsible for managing your consent preferences. You may contact our Consent Manager at privacy@outgrave.com.

22.3 Grievance Officer

Our Grievance Officer for DPDP Act compliance can be contacted at:

Email: grievance@outgrave.com Response Time: We will acknowledge your complaint within 24 hours and resolve it within 30 days.

23. Children's Privacy and COPPA Compliance

23.1 Age Restrictions

Our Services are not directed to, intended for, or designed for children under the age of 13 (or 16 in certain jurisdictions, including the EEA, UK, Brazil, and South Korea). We do not knowingly collect, use, or disclose personal information from children.

23.2 Children's Online Privacy Protection Act (COPPA)

If you are under 13 years of age in the United States, you are not authorized to use our Services. We comply with the Children's Online Privacy Protection Act (COPPA) and will not knowingly collect personal information from children under 13.

23.3 What We Do If We Discover Child Data

If we become aware that a child under the applicable age has provided us with personal information without verifiable parental consent, we will:

1. 01Immediately delete the child's personal information from our systems
2. 02Delete the child's account (if one exists)
3. 03Notify the parent or guardian if contact information is available

23.4 Parental Rights

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at privacy@outgrave.com. You have the right to:

• Review your child's personal information
• Request deletion of your child's personal information
• Refuse further collection or use of your child's information

23.5 Encouragement for Parents

We encourage parents and guardians to:

• Monitor their children's online activities
• Educate their children about safe online practices
• Review the privacy settings on their children's devices and accounts
• Use parental control tools and software

24. Profiling, Automated Decision-Making, and AI

24.1 Profiling Activities

We may engage in profiling activities using your data, including:

• Behavioral profiling: Analyzing your usage patterns, preferences, and interactions to predict future behavior
• Interest profiling: Determining your interests and preferences for content and advertising personalization
• Risk profiling: Assessing risk factors for fraud detection, security, and creditworthiness
• Segmentation: Grouping users into segments based on shared characteristics for analytics and marketing

24.2 Automated Decision-Making

We may make automated decisions about you based on your data, including:

• Content recommendations: Automated selection of products, content, or features based on your profile
• Pricing decisions: Automated determination of prices, discounts, or offers
• Fraud detection: Automated assessment of transaction risk and potential fraud
• Account actions: Automated suspension, restriction, or termination of accounts based on detected violations

24.3 Artificial Intelligence and Machine Learning

We may use artificial intelligence (AI) and machine learning (ML) technologies to:

• Analyze and interpret user data at scale
• Improve and personalize user experiences
• Develop new features and products
• Automate customer support and communication
• Enhance security and fraud detection
• Generate insights and predictions

Your data may be used to train, validate, test, and improve our AI/ML models. Where possible, we use anonymized or aggregated data for AI/ML training, but we reserve the right to use personal data where necessary for model development and improvement.

24.4 Your Rights Regarding Automated Decisions

Where automated decision-making produces legal effects or similarly significant effects concerning you, you have the right to:

• Obtain human intervention in the decision-making process
• Express your point of view
• Contest the decision
• Receive an explanation of the decision reached

To exercise these rights, please contact us at privacy@outgrave.com.

25. Social Media Features and Widgets

25.1 Social Media Integration

Our Services may include social media features, widgets, plugins, and buttons (such as the Facebook Like button, Twitter/X share button, LinkedIn share button, Instagram embed, Discord widget, and other similar features). These features may:

• Collect your IP address and page visit information
• Set cookies or similar tracking technologies
• Track your interactions with the feature (e.g., clicking "Like" or "Share")
• Identify you if you are logged into the social media platform

Your interactions with these features are governed by the privacy policies of the respective social media platforms, not by OUTGRAVE's Privacy Policy.

25.2 Social Media Pages

We maintain pages and profiles on various social media platforms (including but not limited to Facebook, Instagram, Twitter/X, LinkedIn, YouTube, TikTok, Discord, GitHub, and Reddit). When you interact with our social media pages, the social media platform may collect information about you in accordance with its own privacy policy. We may receive aggregated analytics and demographic information about our social media audiences from these platforms.

25.3 Social Media Content

If you choose to post content on our social media pages, participate in our social media campaigns, or use our branded hashtags, you acknowledge that such content is publicly available and may be used by us for promotional purposes as described in this Privacy Policy.

26. Testimonials, Reviews, and User-Generated Content

26.1 Public Content

Our Services may allow you to post, upload, publish, display, or transmit reviews, comments, testimonials, ratings, questions, answers, forum posts, and other user-generated content ("UGC"). Any UGC you submit may be publicly accessible and may be indexed by search engines.

26.2 Use of Testimonials and Reviews

BY SUBMITTING ANY TESTIMONIAL, REVIEW, OR FEEDBACK, YOU GRANT OUTGRAVE A PERPETUAL, IRREVOCABLE, WORLDWIDE, ROYALTY-FREE, FULLY PAID-UP LICENSE TO USE, REPRODUCE, MODIFY, ADAPT, PUBLISH, TRANSLATE, CREATE DERIVATIVE WORKS FROM, DISTRIBUTE, PERFORM, DISPLAY, AND OTHERWISE EXPLOIT SUCH CONTENT IN ANY FORM, MEDIUM, OR TECHNOLOGY NOW KNOWN OR HEREAFTER DEVELOPED, FOR ANY PURPOSE, INCLUDING BUT NOT LIMITED TO MARKETING, ADVERTISING, PROMOTIONAL, AND COMMERCIAL PURPOSES, WITHOUT ANY COMPENSATION, ATTRIBUTION, OR NOTICE TO YOU.

26.3 Your Responsibilities

When submitting UGC, you represent and warrant that:

• You own or have the necessary licenses, rights, consents, and permissions to publish the content
• Your content does not infringe the intellectual property rights, privacy rights, or other rights of any third party
• Your content complies with applicable laws and regulations
• Your content is not defamatory, obscene, abusive, harassing, or otherwise objectionable

26.4 Removal Requests

You may request the removal of your UGC from our Services by contacting us at privacy@outgrave.com. However, we may not be able to remove content that:

• Has been publicly distributed or syndicated
• Is required for legal or operational purposes
• Has been incorporated into other content or features

27. Job Applications and Employment Data

27.1 Applicant Information

If you apply for employment or a contracting position with OUTGRAVE, we may collect the following information:

• Name, contact information, and identification details
• Resume/CV, cover letter, and work history
• Education, certifications, and professional qualifications
• References and recommendations
• Portfolio and work samples
• Interview notes and assessment results
• Background check information (where permitted by law)
• Any other information you voluntarily provide during the application process

27.2 Use of Applicant Data

We use applicant information solely for:

• Evaluating your qualifications and suitability for the position
• Communicating with you about the application process
• Conducting interviews and assessments
• Performing background and reference checks (with your consent where required)
• Complying with legal and regulatory requirements
• Maintaining our recruitment records

27.3 Retention of Applicant Data

If your application is unsuccessful, we may retain your information for up to 24 months for consideration for future positions, unless you request earlier deletion. If you are hired, your application data will become part of your employment record and will be retained in accordance with our internal data retention policies.

28. Do Not Track Signals and Browser Fingerprinting

28.1 Do Not Track (DNT)

"Do Not Track" is a privacy preference that you can set in your web browser to signal to websites that you do not want your online activity tracked. Currently, there is no universally accepted standard for how websites should respond to DNT signals. As a result, our Services do not currently respond to or honor Do Not Track signals from browsers, except where required by applicable law.

28.2 Global Privacy Control (GPC)

We recognize and honor the Global Privacy Control (GPC) signal as an opt-out request for the sale or sharing of personal information for California residents under the CCPA/CPRA. If you enable GPC in your browser, we will treat this as a valid opt-out request.

28.3 Browser Fingerprinting

We may use browser fingerprinting technology to identify your device based on its unique characteristics, including:

• Browser type and version
• Operating system
• Installed fonts and plugins
• Screen resolution and color depth
• Time zone and language settings
• Hardware configuration

Fingerprinting may be used for fraud prevention, security, analytics, and advertising purposes.

29. Data Ownership, License, and Usage Rights

29.1 Data You Provide

You retain ownership of any personal data you provide to us. However, by providing such data through our Services, you grant OUTGRAVE the rights described in this Section.

29.2 License to Use Your Data

BY USING OUR SERVICES AND ACCEPTING THIS PRIVACY POLICY, YOU GRANT OUTGRAVE A PERPETUAL, IRREVOCABLE, WORLDWIDE, NON-EXCLUSIVE, TRANSFERABLE, SUB-LICENSABLE, ROYALTY-FREE, FULLY PAID-UP LICENSE TO:

• Use, access, store, reproduce, modify, adapt, translate, and create derivative works from your personal data
• Distribute, publish, publicly perform, publicly display, transmit, and broadcast your personal data
• Combine your personal data with data from other sources
• Analyze, mine, and extract information from your personal data
• Create anonymized and aggregated datasets from your personal data

29.3 Ownership of Anonymized and Aggregated Data

OUTGRAVE retains full ownership, title, and interest in and to:

• Any anonymized or aggregated data derived from your personal information
• Any insights, analysis, models, algorithms, or intellectual property created using your data
• Any derivative works, compilations, or datasets incorporating your data

You acknowledge that anonymized and aggregated data is not personal data and may be used, exploited, commercialized, and shared by OUTGRAVE for any lawful purpose without any restriction, compensation, or obligation to you.

29.4 No Expectation of Privacy in Public Content

Any information you choose to make publicly available through our Services (such as reviews, comments, forum posts, or public profile information) is not subject to privacy protections. You should have no expectation of privacy with respect to such publicly available information.

30. User Consent and Agreement

30.1 Explicit Agreement

BY ACCESSING, BROWSING, OR USING OUR SERVICES, YOU EXPLICITLY ACKNOWLEDGE, REPRESENT, WARRANT, AND AGREE THAT:

1. 01You have read, understood, and accepted this Privacy Policy in its entirety, including all sections, subsections, and referenced documents.
2. 02You are at least 18 years of age, or if you are under 18, you have obtained parental or guardian consent to use our Services.
3. 03You consent to the collection, use, storage, processing, sharing, transfer, retention, and disclosure of your personal information as described in this Privacy Policy.
4. 04You grant OUTGRAVE the right to use your data for marketing, promotional, advertising, research, analytics, product development, and any other lawful business purpose as described in this policy.
5. 05You acknowledge that OUTGRAVE may modify this Privacy Policy at any time, without prior notice, and your continued use of the Services constitutes your binding acceptance of such modifications.
6. 06You waive any claim, cause of action, demand, or proceeding arising from or relating to OUTGRAVE's use of your personal data as permitted under this Privacy Policy, except where such waiver is prohibited by applicable law.
7. 07You confirm that all information you provide to OUTGRAVE is accurate, complete, current, and not misleading.
8. 08You are solely responsible for maintaining the confidentiality and security of your account credentials, including your username and password.
9. 09You will not hold OUTGRAVE, its owners, directors, officers, employees, agents, affiliates, subsidiaries, successors, or assigns liable for any damages, losses, costs, or expenses arising from OUTGRAVE's use of your personal data in compliance with this Privacy Policy.
10. 10You release OUTGRAVE from any and all claims, demands, and damages (actual, direct, indirect, consequential, punitive, or otherwise) arising out of or in connection with the use of your personal data as permitted by this Privacy Policy.

30.2 Binding Effect

This Privacy Policy constitutes a legally binding agreement between you and OUTGRAVE. Your use of our Services creates a contractual relationship governed by this policy.

30.3 Electronic Consent

By using our Services, you consent to receive this Privacy Policy and any other communications, notices, disclosures, and agreements in electronic form. You agree that electronic communications satisfy any legal requirement that such communications be in writing.

30.4 No Duress

You acknowledge that you are entering into this agreement freely, voluntarily, and without duress or coercion. You have had the opportunity to seek independent legal advice regarding this Privacy Policy before using our Services.

30.5 Entire Agreement

This Privacy Policy, together with our Terms of Service and any other agreements referenced herein, constitutes the entire agreement between you and OUTGRAVE regarding the collection, use, and processing of your personal data, and supersedes all prior or contemporaneous understandings, agreements, representations, and warranties, whether written or oral.

31. Arbitration Agreement and Class Action Waiver

31.1 Binding Arbitration

PLEASE READ THIS SECTION CAREFULLY. IT AFFECTS YOUR LEGAL RIGHTS AND REQUIRES YOU AND OUTGRAVE TO RESOLVE DISPUTES THROUGH BINDING INDIVIDUAL ARBITRATION RATHER THAN IN COURT.

Except for disputes that qualify for small claims court or that involve intellectual property infringement, any dispute, claim, or controversy arising out of or relating to this Privacy Policy, your use of our Services, or your relationship with OUTGRAVE (including but not limited to disputes regarding privacy, data protection, data breaches, data use, data sharing, marketing, advertising, and all other matters) shall be resolved exclusively through binding individual arbitration administered by a recognized arbitration organization in accordance with its commercial arbitration rules.

31.2 Arbitration Procedure

• The arbitration shall be conducted by a single neutral arbitrator
• The arbitration shall be conducted in English
• The arbitration may be conducted in person, by telephone, by video conference, or based solely on written submissions
• The arbitrator's decision shall be final and binding
• Judgment on the arbitration award may be entered in any court having jurisdiction

31.3 Class Action Waiver

YOU AND OUTGRAVE AGREE THAT EACH PARTY MAY BRING DISPUTES AGAINST THE OTHER PARTY ONLY IN ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, REPRESENTATIVE, OR PRIVATE ATTORNEY GENERAL PROCEEDING. THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON'S CLAIMS OR PRESIDE OVER ANY CLASS OR REPRESENTATIVE PROCEEDING.

31.4 Opt-Out

You may opt out of this arbitration agreement by providing written notice to OUTGRAVE within 30 days of first accepting this Privacy Policy. Your notice must include your full name, address, email address, and a clear statement that you opt out of the arbitration agreement. Send your opt-out notice to privacy@outgrave.com.

31.5 Severability

If any part of this Section 31 is found to be unenforceable or invalid, the remainder shall remain in full force and effect. If the class action waiver is found to be unenforceable, the entire arbitration agreement shall be void.

32. Limitation of Liability and Disclaimer of Warranties

32.1 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL OUTGRAVE, ITS OWNERS, DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, AFFILIATES, SUBSIDIARIES, SUCCESSORS, OR ASSIGNS BE LIABLE FOR:

• ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES
• ANY LOSS OF DATA, LOSS OF PROFITS, LOSS OF BUSINESS, LOSS OF GOODWILL, OR LOSS OF OPPORTUNITY
• ANY DAMAGES ARISING FROM UNAUTHORIZED ACCESS TO OR USE OF YOUR PERSONAL DATA
• ANY DAMAGES ARISING FROM ERRORS, OMISSIONS, INACCURACIES, OR INCOMPLETENESS IN YOUR DATA
• ANY DAMAGES ARISING FROM THIRD-PARTY CONDUCT, THIRD-PARTY SERVICES, OR THIRD-PARTY PLATFORMS
• ANY DAMAGES ARISING FROM YOUR FAILURE TO PROTECT YOUR ACCOUNT CREDENTIALS

OUTGRAVE'S TOTAL CUMULATIVE LIABILITY TO YOU FOR ANY AND ALL CLAIMS ARISING OUT OF OR RELATING TO THIS PRIVACY POLICY OR YOUR USE OF OUR SERVICES SHALL NOT EXCEED THE GREATER OF: (A) THE AMOUNT YOU HAVE PAID TO OUTGRAVE IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY, OR (B) ONE HUNDRED DOLLARS ($100.00).

32.2 Disclaimer of Warranties

OUR SERVICES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO:

• WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT
• WARRANTIES THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR VIRUS-FREE
• WARRANTIES REGARDING THE ACCURACY, RELIABILITY, OR COMPLETENESS OF ANY CONTENT OR INFORMATION
• WARRANTIES THAT DATA TRANSMISSION OR STORAGE WILL BE 100% SECURE

No advice or information, whether oral or written, obtained by you from OUTGRAVE shall create any warranty not expressly stated in this Privacy Policy.

33. Indemnification

33.1 Your Indemnification Obligation

You agree to defend, indemnify, and hold harmless OUTGRAVE, its owners, directors, officers, employees, agents, affiliates, subsidiaries, successors, and assigns from and against any and all claims, demands, actions, liabilities, losses, damages, judgments, settlements, costs, and expenses (including reasonable attorneys' fees and court costs) arising out of or relating to:

1. 01Your use of our Services
2. 02Your violation of this Privacy Policy
3. 03Your violation of any applicable law, regulation, or third-party right
4. 04Your inaccurate, incomplete, or misleading information provided to us
5. 05Any content you submit, post, upload, or transmit through our Services
6. 06Any claim that your data or content infringes the rights of a third party
7. 07Your failure to protect your account credentials
8. 08Any dispute between you and a third party arising from your use of our Services

33.2 Reservation of Rights

OUTGRAVE reserves the right, at its own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you. You shall not settle any such matter without OUTGRAVE's prior written consent.

34. Changes to This Privacy Policy

34.1 Right to Modify

We reserve the right, at our sole discretion, to update, modify, amend, supplement, replace, or change this Privacy Policy at any time and for any reason, with or without prior notice. Changes become effective immediately upon posting, unless otherwise specified.

34.2 Notification of Material Changes

For material changes to this Privacy Policy, we will make reasonable efforts to notify you through one or more of the following methods:

• Email notification (if you have provided your email address)
• Prominent notice on our website homepage
• In-app notification or pop-up
• Notification through your account dashboard

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of our Services after any changes constitutes your acceptance of the updated policy.

34.3 Date of Last Update

The "Last updated" date at the top of this Privacy Policy indicates when it was last revised. The "Effective Date" indicates when the current version became effective.

34.4 Previous Versions

Previous versions of this Privacy Policy are available upon request by contacting us at privacy@outgrave.com.

35. Governing Law and Jurisdiction

35.1 Governing Law

This Privacy Policy and all disputes, claims, or controversies arising out of or relating thereto (including non-contractual disputes) shall be governed by, construed, and enforced in accordance with the laws of the jurisdiction in which OUTGRAVE is registered and operates, without regard to its conflict of law principles.

35.2 Jurisdiction and Venue

Subject to the arbitration agreement in Section 31, any legal suit, action, or proceeding arising out of or relating to this Privacy Policy shall be instituted exclusively in the competent courts of the jurisdiction in which OUTGRAVE operates. You submit to the personal jurisdiction of such courts and waive any objection to venue or inconvenient forum.

35.3 International Users

If you access our Services from outside the jurisdiction in which OUTGRAVE operates, you do so at your own initiative and are responsible for compliance with local laws. We make no representation that our Services or this Privacy Policy comply with the laws of any country outside the applicable jurisdiction.

36. Severability, Waiver, and Entire Agreement

36.1 Severability

If any provision, clause, or part of this Privacy Policy is found to be invalid, illegal, unenforceable, or void by a court, arbitrator, or other authority of competent jurisdiction, such provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions of this Privacy Policy shall remain in full force and effect.

36.2 No Waiver

The failure of OUTGRAVE to enforce any right or provision of this Privacy Policy shall not constitute a waiver of such right or provision, nor shall it prevent OUTGRAVE from enforcing such right or provision at a later time. No waiver shall be effective unless in writing and signed by an authorized representative of OUTGRAVE.

36.3 No Third-Party Beneficiaries

This Privacy Policy is for the benefit of you and OUTGRAVE and is not intended to confer any rights or benefits upon any third party, except as expressly provided herein.

36.4 Assignment

OUTGRAVE may assign or transfer its rights and obligations under this Privacy Policy, in whole or in part, at any time without notice to you, including in connection with a merger, acquisition, reorganization, or sale of assets. You may not assign or transfer any rights or obligations under this Privacy Policy without OUTGRAVE's prior written consent.

36.5 Relationship of the Parties

Nothing in this Privacy Policy shall create or be deemed to create a partnership, joint venture, employment, agency, or fiduciary relationship between you and OUTGRAVE.

36.6 Force Majeure

OUTGRAVE shall not be liable for any failure or delay in performance of its obligations under this Privacy Policy where such failure or delay is caused by events beyond our reasonable control, including but not limited to acts of God, natural disasters, war, terrorism, civil unrest, pandemics, government actions, strikes, labor disputes, internet service disruptions, power outages, cyberattacks, or failures of third-party systems or services.

37. Data Protection Officer and Contact Information

37.1 Data Protection Officer (DPO)

OUTGRAVE has appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with this Privacy Policy, applicable data protection laws, and best practices. The DPO serves as the point of contact for:

• Data subjects exercising their rights
• Regulatory authorities and supervisory bodies
• Internal data protection compliance and training
• Data breach response and notification

37.2 Contact Information

If you have any questions, concerns, complaints, requests, or inquiries regarding this Privacy Policy, your personal data, or our data practices, please contact us through any of the following channels:

Data Protection Officer: OUTGRAVE Privacy Team Email: privacy@outgrave.com Subject Line: Please include the nature of your inquiry (e.g., "Privacy Question," "Data Access Request," "Data Deletion Request," "Opt-Out Request," "Complaint")

Grievance Officer (India - DPDP Act): Email: grievance@outgrave.com

Marketing Opt-Out: Email: unsubscribe@outgrave.com Web: [Preference center link — coming soon]

Security Concerns (Confidential): Email: security@outgrave.com

37.3 Response Times and Commitment

We are committed to addressing all privacy-related inquiries, requests, and complaints promptly and fairly:

37.4 Supervisory Authorities

If you are not satisfied with our response to your inquiry or complaint, you have the right to lodge a complaint with your local data protection authority or supervisory authority as described in Section 13.8.

37.5 Language

This Privacy Policy may be available in multiple languages for convenience purposes. In the event of any conflict, inconsistency, or discrepancy between the English version and any translated version, the English version shall prevail, govern, and control.

This Privacy Policy was last updated on June 4, 2026. Effective Date: June 4, 2026. This policy supersedes and replaces all previous versions, whether written or oral.

Copyright © 2026 OUTGRAVE. All rights reserved. No part of this Privacy Policy may be reproduced, distributed, or transmitted in any form or by any means without the prior written permission of OUTGRAVE.