Privacy Policy.

Welcome to SAMMY Labs Ltd T/A SAMMY ("we", "us", or "our"). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our platform and services (collectively, the "Services").

SAMMY Labs operates through two legal entities and the data controller responsible for your personal data depends on where you are located. See Data controller below for details.

SAMMY Labs operates through two legal entities under common control. The data controller responsible for your personal data depends on your location:

• United Kingdom, EEA and Switzerland users: SAMMY Labs Ltd, London, United Kingdom. Processing is carried out under the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and, where applicable, the EU General Data Protection Regulation ("EU GDPR").
• United States and rest-of-world users: SAMMY Labs, Inc., a Delaware corporation, operating from San Francisco, California, USA. Processing is carried out under applicable US federal and state privacy laws, including the California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA"), the Delaware Personal Data Privacy Act, and equivalent state privacy laws in Virginia, Colorado, Connecticut, Utah and other enacting states.

Both entities share a single set of internal privacy practices, security controls, and sub-processors. References to "we", "us" and "our" in this Policy mean whichever SAMMY Labs entity is your data controller. Where the two entities jointly determine the purposes and means of processing, they act as joint controllers within the meaning of Article 26 UK GDPR / EU GDPR; the essence of that arrangement is summarised here and the full terms are available on request to privacy@sammylabs.com.

We may collect and process the following personal data about you:

• Identity data: first name, last name, username or similar identifier.
• Contact data: email address, telephone numbers.
• Financial data: payment card details.
• Profile data: your username and password, preferences, feedback, and survey responses.
• Usage data: information about how you use our Services.
• Marketing and communications data: your preferences in receiving marketing from us and our third parties.

As you interact with our Services, we may automatically collect technical data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Performance of contract: to provide and maintain our Services.
• Legitimate interests: to manage our relationship with you and to improve our Services.
• Legal obligations: to comply with a legal or regulatory obligation.

Purposes for which we will use your personal data include:

• To register you as a new user.
• To process and deliver your subscription.
• To manage our relationship with you.
• To administer and protect our business and Services.
• To deliver relevant content and advertisements to you.
• To make recommendations to you about goods or services which may interest you.

We may share your personal data with:

• Service providers: third parties who provide IT and system administration services.
• Professional advisers: including lawyers, bankers, auditors, and insurers.
• Regulators and other authorities: who require reporting of processing activities.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

Your personal data may be transferred to, and stored at, a destination outside the UK or the European Economic Area ("EEA"). Whenever we transfer your personal data out of the UK or EEA, we ensure a similar degree of protection is afforded to it.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.

You have rights under data protection laws in relation to your personal data, including:

• Access: request access to your personal data.
• Correction: request correction of your personal data.
• Erasure: request erasure of your personal data.
• Restriction: request restriction of processing of your personal data.
• Transfer: request the transfer of your personal data.
• Object: object to processing of your personal data.
• Withdraw consent: withdraw consent at any time where we are relying on consent to process your personal data.

A cookie is a small data text file that is stored on the hard drive of your computer or mobile device. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier, the website's domain name, and some digits and numbers. Cookies cannot be used to run programs or deliver viruses to your computer. At no time will our cookies collect your personally identifiable information.

When you visit our Website, we will store certain types of persistent cookies on your computer in order to authorise access to our private content and to facilitate and customise your use of our Website. A persistent cookie remembers information, settings, preferences, or sign-on credentials that you have previously saved.

Essential cookies

Essential cookies allow us to offer you the best possible experience when accessing and navigating through our Sites and using its features. For example, these cookies let us recognise that you have created an account and have logged into that account.

Functionality cookies

Functionality cookies let us operate the Sites in accordance with the choices you make. For example, we will recognise your username and remember the choices you made during future visits.

Analytical cookies

These cookies enable us and third-party services to collect aggregated data for statistical purposes on how our visitors use our Website. These cookies do not contain or collect personal information and are merely used to help us improve your user experience of the Sites.

Once you leave our Sites, our persistent cookies remain on your hard drive. This helps create a convenient and faster website experience.

You are always free to decline or restrict our cookies through your browser settings. However, due to the nature of our essential cookies, some parts of our Sites may not work properly. You can find general information on the internet about cookies and details on how to delete them from your computer and mobile devices.

At the moment we only use essential cookies, but we reserve the right to add functionality and analytical cookies in the future.

You can opt out of interest-based advertising from third-party providers who follow the Digital Advertising Alliance's Self-Regulatory Principles for Online Behavioural Advertising at www.aboutads.info/choices.

You may at any time:

• Stop receiving marketing or promotional emails, direct mail, phone, and mobile marketing communications.
• Update and correct your personal information.
• Request removal of information you post on our digital properties. In some cases, we may not be able to remove your content or personal information, in which case we will let you know if we are unable to do so and why.

To do any of these, let us know by:

• Following the directions in a marketing email, direct mail, or mobile communication that you receive from us.
• Providing your request and current contact information through one of the contact methods listed under Contact Us below.

We may disclose information collected from and about you as follows:

• To our related companies and service providers, to perform a business, professional, or technical support function for us.
• To our business, sales, and marketing partners and affiliates, advertisers, or other third parties who may contact you with their own offers.
• As necessary if we believe that there has been a violation of the Sites' Terms of Use or of our rights or the rights of any third party.
• To respond to legal process (such as a search warrant, subpoena, or court order) and provide information to law enforcement agencies or in connection with an investigation on matters related to public safety, as permitted by law, or otherwise as required by law.
• In the event that our Company or substantially all of its assets are acquired, or there is a restructuring, your personal information may be one of the transferred assets.

We may also disclose your personal information with your express consent. We may share aggregate, deidentified, or non-personally identifiable information about the Sites' users with third parties.

Please note that if you voluntarily submit any personal information for posting on the Sites (such as a review or a blog post), the information becomes publicly available and can be collected and used by others. Please use care before posting information about yourself online.

We retain personal information that we receive for as long as necessary to fulfil the purposes for which the information was collected, to provide our services and products, to pursue legitimate business purposes, to enforce our agreements, and to comply with all applicable laws.

We maintain commercially reasonable and appropriate measures designed to safeguard the personal information we collect. We have taken physical, electronic, and administrative steps to secure the information we collect from visitors to the Sites.

Unfortunately, no data transmission over the internet nor any data storage system is 100% secure. While we strive to protect your information, we cannot ensure or warrant the security of such information on our or third-party sites. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us using the contact options on our Contact Us page.

The Sites are not directed to children (anyone under 18 years of age), nor do we knowingly solicit or collect any personal information from children without verifiable parental consent. We will promptly investigate and then delete such information from our systems if warranted. If you are a parent or legal guardian of a child and become aware that your child has provided us with personal information, please contact us immediately using the contact information detailed in the Contact Us section below. Parents and legal guardians always have the right to inspect any information we may have inadvertently collected from their child and to request its deletion.

To the maximum extent permitted by law, each of the parties hereby irrevocably waives any and all right to trial by jury in any legal proceeding arising out of or related to this agreement or the transactions contemplated hereby.

Customer agrees that in the event of a breach or threatened breach of the access rights or confidentiality obligations herein, the Company will suffer irreparable harm for which no adequate monetary remedy exists, and shall be entitled to seek injunctive and other equitable relief, in addition to any other legal or equitable remedies available.

We may process personal information under the following conditions:

• Consent: you provided your consent for one or more specific purposes.
• Performance of a contract: provision of personal information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations.
• Legal obligations: processing personal information is necessary for compliance with a legal obligation to which the Company is subject.
• Legitimate interests: we have a business or commercial reason to use your information, so long as this is not overridden by your rights or interests.

We will gladly help clarify the specific legal basis that applies to the processing and whether the personal information is a statutory, contractual, or necessary requirement for entering into a contract.

Below is a summary of what we use (process) your personal information for and our reasons:

• To provide products and/or services to you. For the performance of our contract(s) with you or to take steps at your request before entering into a contract.
• To prevent and detect fraud against you or our Company. For our legitimate interests or those of a third party, to minimise fraud that could be damaging for both parties.
• Gathering and providing information required by or relating to audits, enquiries, or investigations by regulatory bodies. To comply with our legal and regulatory obligations.
• Operational reasons, such as improving efficiency, training, and quality control. For our legitimate interests or those of a third party, to be as efficient as we can.
• Ensuring the confidentiality of commercially sensitive information. For our legitimate interests or those of a third party, to protect trade secrets and other commercially valuable information.
• Statistical analysis to help us manage our business. For our legitimate interests or those of a third party, to be as efficient as we can.
• Preventing unauthorised access and modifications to systems. For our legitimate interests or those of a third party, to prevent and detect unauthorised and/or criminal activity.
• Updating and enhancing customer records. For the performance of our contract(s) with you, to comply with legal and regulatory obligations, and/or for our legitimate interests or those of a third party.
• Corporate filings/statutory returns. To comply with our legal and regulatory obligations.
• Ensuring safe working practices, staff administration, and assessment. To comply with our legal and regulatory obligations and for our legitimate interests, such as following our internal procedures and working efficiently.
• Marketing our existing and new products and services, and those of selected third parties. For our legitimate interests or those of a third party, to promote our business.

We may use your personal information to send you updates (by email, text message, telephone, or post) about our products and services, including exclusive offers, promotions, or new products and services.

We have a legitimate interest in processing your personal information for promotional purposes (see the section above on the Basis for Processing Personal Information). This means we do not usually need your consent to send you promotional communications. However, if consent is needed, we will ask for it separately and clearly.

We will always treat your personal information with the utmost respect and never sell or share it with other organisations outside of the Company for marketing purposes. You have the right to opt out of receiving promotional communications at any time by contacting us using the Contact Us information below.

The Sites may contain links to third-party websites (such as social media sites like Facebook and Twitter) that may have privacy policies different from our own. We are not responsible for the activities and practices on these websites. We recommend reviewing the privacy policy posted on any external site before disclosing any personal information. Please contact those websites directly if you have any questions about their privacy policies.

Personal information may be held at our offices and those of our third-party service providers, representatives, and agents as described above (see Disclosure of Information). Some of these third parties may be based outside the European Economic Area. For more information, including how we safeguard your personal information when this occurs, see Transferring Your Personal Information Out of the EEA.

We may transfer your personal data to countries other than the one in which you live, including transfers to the United States. To the extent that personal information is transferred abroad, we will ensure compliance with the applicable laws in that jurisdiction in line with our obligations.

To deliver services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA); for example, your information (including personal information) may be processed at the Company's operating offices or in other locations where data protection laws differ from those in your jurisdiction. This means that this information may be transferred to, and maintained on, computers located outside your state, province, country, or other governmental jurisdiction.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. No transfer of your personal information will take place to an organisation or country unless there are adequate controls in place, including the security of your data and other personal information.

If you would like further information, please contact us or our Data Protection Officer (see Contact Us below).

We respect your right to access and correct your personal information. You may exercise your rights, subject to applicable laws, to request that we delete or restrict access to your personal information. In some cases, we may need to retain it for legally permitted purposes, and we will explain this to you if necessary.

If you need assistance correcting or updating your personal information, or if you would like to request that we delete your personal information, please contact us using the contact information provided in the Contact Us section.

If you are a California resident, the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), the California Online Privacy Protection Act (CalOPPA), and other applicable privacy and data protection laws provide you with additional rights regarding your personal information. California law permits our customers who are California residents to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. To make such a request, please write to us at privacy@sammylabs.com.

We may update this Privacy Policy from time to time. Any changes we make will be posted on this page, and where appropriate, notified to you by email.