Cedar AI Privacy Policy

Effective as of 7/15/20 (PDF)

This Cedar AI Privacy Policy (“Privacy Policy”) describes how we collect, use, share andotherwise process information relating to individuals (“Personal Data”), and your rights andchoices regarding our processing of your Personal Data.

A reference to “Cedar AI,” “we,” “us” or “the Company” is a reference to Cedar AI, Inc.

1. Responsible Entity

Cedar AI is the controller and responsible for your Personal Data submitted through the CedarAI products (the “Products”), www.cedar.ai and related websites (the “Sites”) or otherwise directly to us.

For the avoidance of doubt, this Privacy Policy does not apply to the extent we process PersonalData in the role of a processor on behalf of our customers, including where we offer to our customers various products and services through which our customers collect, use, share or process Personal Data that they have collected.

For detailed privacy information in a situation where a Cedar AI customer is the controller,please reach out to the respective customer directly. We are not responsible for the privacy ordata security practices of our customers, which may differ from those set forth in this PrivacyPolicy, as further described under Section 10.3 below.

2. Processing activities covered

This Privacy Policy applies to the processing of Personal Data collected by us when you:

Our websites and Products may contain links to other websites, applications and servicesmaintained by third parties. The information practices of such other services, or of social media networks that host our branded social media pages, are governed by third parties’ PrivacyPolicies, which you should review to better understand those third parties’ privacy practices.

3. What Personal Data do we collect?

The Personal Data that we collect directly from you includes the following:

If you provide us or our service providers with any Personal Data relating to other individuals,you represent that you have the authority to do so and acknowledge that it will be used inaccordance with this Privacy Policy. If you believe that your Personal Data has been provided tous improperly, or to otherwise exercise your rights relating to your Personal Data, please contactus by using the information set out in the “Contacting us” section below.

4. What device and usage data we process

We use common information-gathering tools, such as tools for collecting usage data, cookies,web beacons and similar technologies to automatically collect information that may containPersonal Data from your computer or mobile device as you navigate our websites, our services orinteract with emails we have sent to you.

4.1 Device and usage data

As is true of most websites, we gather certain information automatically on connection with the use of the website by individual users. This information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage. This information is used to analyze overall trends, to help us provide and improve our websites and to guarantee their security and continued proper functioning

In addition, we gather certain information automatically as part of your use of the Products and Sites. This information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files viewed, searches and other actions you take, operating system and system configuration information and date/time stamps associated with your usage. This information is used to maintain the security of the services, to provide necessary functionality, as well as to improve performance of the services, to assess and improve customer and user experience of the services, to review compliance with applicable usage terms, to identify future opportunities for development of the services, to assess capacity requirements, to identify customer opportunities and for the security of Cedar AI generally (in addition to the security of our Products and Sites). Some of the device and usage data collected within the services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this device and usage data is primarily used for the purposes of identifying the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers(where we act as a processor).

4.2 Cookies and other tracking technologies

We use cookies and similar technologies such as web beacons, tags and JavaScript, alone or in conjunction with cookies, to compile information about the usage of our websites and interaction with emails from us.

When you visit our websites, we or an authorized third party may place a cookie on your browser and/or device, which collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track usage, determine your browsing preferences and improve and customize your browsing experience.

We use both session-based and persistent cookies on our websites. Session-based cookies exist only during one session and disappear from your computer when you close your browser or turnoff your computer. Persistent cookies remain on your computer or device after you close your browser or turn off your computer. You can control the use of cookies at the individual browser level, but choosing to disable cookies may limit your use of certain features or functions on ourProducts and Sites. To opt out from data collection by Google Analytics, you can download and install a browser add-on, which is available here.

We may also use web beacons on our websites and in email communications. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. Such technologies are used to operate and improve our websites and email communications. For instructions on how to unsubscribe from our marketing emails, please see 10.4 below. Our use of web beacons is for marketing purposes and is not required to use our services.

4.3 Social Media Features

Our websites may use social media features, such as the Facebook “like” button, the “Tweet”button and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third party social media network in order to share with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our website. To the extent the Social Media Features are hosted by the respective social media networks and you click through to these from our website, the latter may receive information showing that you have visited our website. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile.

Cedar AI may also allow you to log in to certain of our websites or services using sign-in services. These services will authenticate your identity and provide you the option to share certain Personal Data from these services with us such as your name and email address to pre-populate our sign-up form.

Your interactions with Social Media Features are governed by the privacy policies of the companies providing the relevant Social Media Features.

5. Purposes for which we process Personal Data

We collect and process your Personal Data for the purposes and on the legal bases identified in the following:

Where we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to perform our contract with you.

6. Who do we share Personal Data with?

We may share your Personal Data as follows:

We may also share anonymous usage data with Cedar AI’s service providers for the purpose of helping Cedar AI in such analysis and improvements. Additionally, Cedar AI may share such anonymous usage data on an aggregate basis in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our services.

For further information on the recipients of your Personal Data, please contact us by using the information in the “Contacting us” section, below.

7. International transfer of Personal Data

Your Personal Data may be collected, transferred to and stored by us in the United States and by the third-party service providers disclosed in Section 6, above, that are based in other countries.

Therefore, your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction. We ensure that the recipient of your Personal Data offers an adequate level of protection, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).

8. Children

Our websites are not directed at children. We do not knowingly collect Personal Data from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in the“Contacting us” section, below, and we will take steps to delete such Personal Data from our systems.

9. How long do we keep your Personal Data?

We may retain your Personal Data for a period of time consistent with the original purpose of collection (see the “Purposes for which we process Personal Data and the legal bases on which we rely” section, above). We determine the appropriate retention period for Personal Data on the basis of the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).

After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.

For further information on applicable data retention periods, please contact us by using the information in the “Contacting us” section, below.

10. Your rights relating to your Personal Data

10.1 Your rights

You have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws and, in particular, if you are located in the European Economic Area (EEA), these rights may include:

If you are a resident of California, under the age of 18 and have registered for an account with us, you may ask us to remove content or information that you have posted to our websites. Please note that your request does not ensure complete or comprehensive removal of the content or information, because, for example, some of your content may have been reposted by another visitor to our websites.

10.2 How to exercise your rights

To exercise your rights, please contact us by using the information in the “Contacting us”section, below. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honor your request. Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive. If you are an employee of a Cedar AI customer, we recommend you contact your company’s system administrator for assistance in correcting or updating your information.

Some registered users may update their user settings, profiles and organization settings by logging into their accounts and editing their settings or profiles.

10.3 Your rights relating to customer data

As described above, we may also process Personal Data submitted by or for a customer to ourProducts and Sites. To this end, if not stated otherwise in this Privacy Policy or in a separate disclosure, we process such Personal Data in the role of a mere processor on behalf of a customer(and/or its affiliates) who is the responsible controller of the Personal Data concerned (see the“Responsible Entity” section above). We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those set forth in this Privacy Policy. If your data has been submitted to us by or on behalf a Cedar AI customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. Because we may only access a customer’s data upon instruction from that customer, if you wish to make your request directly to us, please provide to us the name of the Cedar AI customer who submitted your data to us. We will refer your request to that customer and will support them as needed in responding to your request within a reasonable timeframe.

10.4 Your preferences for email and SMS marketing communications

If we process your Personal Data for the purpose of sending you marketing communications, you may manage your receipt of marketing and non-transactional communications from Cedar AI by clicking on the “unsubscribe” link located on the bottom of Cedar AI marketing emails, or by replying or texting ‘STOP’ if you receive Cedar AI SMS communications.

You may also turn off push notifications on Cedar AI applications on your device.

Please note that opting out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions, service announcements or security information.

11. How we secure your Personal Data

We take precautions including organizational, technical and physical measures to help safeguard against the accidental or unlawful destruction, loss, alteration and unauthorized disclosure of, or access to, the Personal Data we process or use.

While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices and signing out of websites after your sessions. If you have any questions about the security of our websites or services, please contact us by using the information in the“Contacting us” section, below.

12. Changes to this Privacy Policy

We will update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements and other factors. If we do, we will update the “effective date”at the top of this Privacy Policy. If we make a material update, we may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on our website or by contacting you using the email address you provided.

We encourage you to periodically review this Privacy Policy to stay informed about our collection, processing and sharing of your Personal Data.

13. Contacting us

To exercise your rights regarding your Personal Data, or if you have questions regarding this Privacy Policy or our privacy practices please email us at privacy@cedar.ai or mail us at:

Cedar AI Data Protection Officer
408 N 35th St., Suite B
Seattle, WA 98103

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the competent supervisory authority.