Privacy Policy

OVERVIEW

Effective Date/Last Modified:[4/8/2024]

This Privacy Policy describes:

• Information that we receive from you when you interact with the Services

• How we use and process the information that we receive

• If and why Personal Information may be disclosed to third parties

• Your choices regarding the collection and processing of your Personal Information

Please note that this Privacy Policy does not apply to information collected through third-party websites or services that you may access through the Services, or that you submit to us via e-mail, telephone, or through third parties.

PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY. When you submit information to or through the Services, you consent to the collection and processing of your information as described in this Privacy Policy.

By using the Services, you accept the terms of this Privacy Policy and our Terms of Service and consent to our collection, use, disclosure and retention of your information as described in this Privacy Policy.

If you have not done so already, please also review our Terms of Service [hyperlink ToS]. The Terms of Service contain provisions that limit our liability to you, and require you to resolve any dispute with us individually, and not as a part of a group or class, and through arbitration.

IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY OR OUR TERMS OF SERVICE, PLEASE DO NOT USE ANY OF THE SERVICES.

The Effective Date of this Privacy Policy is set forth at the top of this Policy. Whenever possible, we will provide you with advance written notice of our changes to this Privacy Policy. We will not make retroactive changes that reduce your privacy rights unless we are legally required to do so. Your continued use of the Services after the Effective Date constitutes your acceptance of the amended Privacy Policy. The amended Privacy Policy supersedes all previous versions.

INFORMATION WE COLLECT

Types of Information

We collect various kinds of information that you provide to us as well as information we obtain from your use of the Services. Some of the types of information that we collect include:

“Personal Information”—information associated with or used to identify or contact a specific person. Personal Information includes: (1) contact data (such as e-mail address, telephone number and employer); (2) demographic data (such as gender, date of birth and zip code); (3) certain Usage Data (defined below), such as IP address; and (4) financial information including, but not limited to, banking login information and information regarding sources and amounts of income and expenses.

Certain Personal Information, such as information about personal health or finances, is characterized as Sensitive and subject to stricter regulation than other personal information. Before providing it to use, we urge you to carefully consider whether to disclose your Sensitive Personal Information to us. If you do provide Sensitive Personal Information to us, you consent to its use and disclosure for the purposes and in the manner described in this Privacy Policy.

“Usage Data”—information about an individual's online activity that, by itself, does not identify the individual, such as:

• technical information, including your browser type, service provider, IP address, operating system and webpages visited;

• information about what you've searched for and looked at while using the Services;

• metadata, which means information related to items you made available through the Services, such as the date, time or location that a shared photograph or video was taken or posted.

(Generally, we do not consider Usage Data as Personal Information because Usage Data by itself usually does not identify an individual. Personal Information and Usage Data may be linked together. Different types of Usage Information also may be linked together and, once linked, may identify an individual person. Some Usage Data may be Personal Information under applicable law.)

“Location Data” is a category of Personal Information collected about the location of a mobile device or computer, including:

• the location of the mobile device or computer used to access the Services derived from GPS or WiFi use;

• the IP address of the mobile device or computer or internet service used to access the Services,

• other information made available by a user or others that indicates the current or prior location of the user, such as geotag information which may be attached to any photographs you may submit.

How We Collect Information

Whether we collect certain types of information and how we process it depends on how you use and access the Services. Some information is collected automatically through use of cookies and similar data collection tools. We collect information about you in the following ways:

From You. We collect information from you when you:

• Use the Services. We collect Personal Information from you when you create an account to use one of the Services, contact us for help or information or otherwise voluntarily provide your Personal Information. We collect the information and content that you submit to us, such as when you submit a review or provide comments, including submissions through third parties.

• Connect with social media though the Services. The Services may offer you the ability to use Facebook Connect or other social media services (collectively, “social media”) in conjunction with certain Services. When you access the Services through your Facebook or other Social Media account, the Services may, depending on your privacy settings, have access to information that you have provided to the Social Media platform. We may use this information for the purposes described in this Privacy Policy or at the time the information was collected.

• Surveys. The Services may offer you the ability to submit evaluations and comments regarding the services rendered, or otherwise participate in market research. We may use this information for the purposes described in this Privacy Policy or at the time the information was collected.

From Our Business Partners and Service Providers. Third parties that assist us with our business operations also collect information (including Personal Information and Usage Data) about you through the Services and share it with us. For example, our vendors collect and share information with us to help us detect and prevent fraud.

We may combine the information we collect from you with information from other sources and use the combined information as described in this Privacy Policy.

Usage Data. We also automatically collect Usage Data when you interact with the Services.

From cookies and other data collection tools.. We, along with the service providers that help us provide the Services, use small text files called “cookies”, which are small computer files sent to or accessed from your web browser or your computer's or tablet's hard drive that contain information about your computer, such as a user ID, user settings, browsing history and activities conducted while using the Services. Cookies are not themselves personally identifiable, but may be linked to Personal Information that you provide to us through your interaction with the Services. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier.

Cookies help us improve the Services by tracking users' navigation habits and storing users' password, customizing users' experience with the Services; enabling us to analyze technical and navigational information about the Services; and helping to detect and prevent fraud.

We also use other cookies and other data collection tools (such as web beacons and server logs), which we collectively refer to as “data collection tools,” to help improve your experience with the Services. Data collection tools help us remember users and make the Services more relevant to them.

The Services also may use data collection tools to collect information from the device used to access the Services, such as operating system type, browser type, domain and other system settings, as well as the operating system used and the country and time zone in which the computer or device is located.

Web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to manage and delete cookies, visit www.allaboutcookies.org. Some web browsers (including some mobile web browsers) provide settings that allow a user to reject cookies or to alert a user when a cookie is placed on the user's computer, tablet or mobile device. Most mobile devices also offer settings to reject mobile device identifiers. Although users are not required to accept cookies or mobile device identifiers, blocking or rejecting them may prevent access to some features available through the Services.

How We Use Your Information

We may use the information we collect for any of the following purposes include all that apply and add any additional uses, as applicable:

To provide the Services to you;
To operate, improve and personalize the products and services we offer, and to give each user a more consistent and personalized experience when interacting with us;
For customer service, security, to detect fraud or illegal activities, or for archival and backup purposes in connection with the provision of the Services;
To communicate with users via e-mail, telephone, and SMS message;
To better understand how users access and use the Services, for the purposes of trying to improve the Services and to respond to user preferences, including language and location customization, personalized help and instructions, or other responses to users' usage of the Services;
To help us develop our new products and services and improve our existing products and services;
To provide users with advertising and direct marketing that is more relevant to you;
To enforce our Terms of Service or other applicable contracts and policies;
To assess the effectiveness of and improve advertising and other marketing and promotional activities on or in connection with the Services.

Please note that, in order to provide you with a better experience and to improve the Services, information collected through the Services may be used in an aggregated or individualized manner.

For example, personal information collected during use of one of the services may be used to suggest particular content that can be made available to the user on another of the Services or be used to try to present more relevant advertising in another of the Services.

How We Share and Disclose Your Information

We may share and disclose information as described at the time information is collected or as follows:

When you consent. We may share Personal Information with third parties if you have given us your consent to do so. We will only share Sensitive Personal Information when you have given us your opt-in consent.

To perform services. We may disclose Personal Information to third parties in order to perform services requested or functions initiated by users, such as debt resolution providers with whom we partner and ultimately provide services to users. In addition, we may disclose Personal Information in order to identify a user in connection with communications sent through the Services. We also may offer users the opportunity to share information with friends and other users through the Services.

With third party service providers performing services on our behalf. We share information, including Personal Information, with our service providers to perform the functions for which we engage them (such as hosting and data analyses). We may share information as needed to operate other related services.

For legal purposes. We also may share information that we collect from users, as needed, to enforce our rights, protect our property or protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions. We will disclose Personal Information as we deem necessary to respond to a subpoena, regulation, binding order of a data protection agency, legal process, governmental request or other legal or regulatory process. We may also share Personal Information as required to pursue available remedies or limit damages we may sustain.

In aggregated form. We may share Personal Information about you in an aggregated form—that is, in a statistical or summary form that does not include any personal identifiers—with third parties in order to discover and reveal trends about how users like you interact with our services.

During corporate changes. We may transfer information, including your Personal Information, in connection with a merger, sale, acquisition or other change of ownership or control by or of us or any affiliated company (in each case whether in whole or in part). When one of these events occurs, we will use reasonable efforts to notify users before your information is transferred or becomes subject to a different privacy policy.

Information Storage and Security

We retain information as long as it is necessary and relevant for our operations. We also retain Personal Information from closed and inactive accounts to comply with applicable laws and regulations, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Service, collect any fees owed, and other actions permitted by law. After it is no longer required or necessary for us to retain information, we dispose of it according to our data retention and deletion policies.

We employ industry-standard security measures designed to protect the security of all information submitted through the Services. However, the security of information transmitted through the internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Services are responsible for maintaining the security of any password, user ID or other form of authentication involved in obtaining access to password protected or secure areas of any of our digital services. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure areas of any of the Services are restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.

Your Rights

It is important to us that you are able to access and review the Personal Information we have about you and make corrections to it or delete it, as necessary. You can visit your account to manage and correct the information we have on file about you. If you have any questions about how to access your Personal Information, please contact us at support@mitigately.com

Links to Third Party Services

The Services may contain links to third-party websites and services (“Third Party Services”) with which we have no affiliation. A link to any Third Party Service does not mean that we endorse it or the quality or accuracy of information presented on it. If you decide to visit a Third Party Service, you are subject to its privacy policy and practices and not this Privacy Policy. We encourage you to carefully review the legal and privacy notices of all other digital services that you visit.

Disclaimer: Not Child-Directed

The Services are not intended for use by children. If you are under the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian.

Consistent with the requirements of the Children's Online Privacy Protection Act (COPPA), if we learn that we have received any information directly from a child under age 13 without first receiving his or her parent's verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services and subsequently we will delete that information.

U.S./EU/Swiss Data Privacy Framework Certification

We comply with the EU-U.S. Data Privacy Framework (DPF) and the Swiss-U.S. Data Privacy Framework (DPF), as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. We have certified that we adhere to the DPF Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov.

Any personal information collected about EU visitors through the Services is processed in the United States by us or by a party acting on our behalf. When you provide personal information to us through the Services, you consent to the processing of your data in the United States. The Services are hosted in the United States.

California Privacy Rights Act (“CPRA”)

The following terms used in this Agreement shall have the same meanings as those terms in the California Privacy Rights Act of 2020 (the “CPRA”), respectively: Business, Business Purpose, Collects, Commercial Purpose, Consumer, Contractor, Cross-Context Behavioral Advertising, Person, Personal Information, Process, Sell, Sensitive Personal Information, Service Provider, and Share.

Pursuant to the terms of this Agreement:

Mitigately is a Person to that Processes Personal Information on behalf of Clarity Debt Resolution, Inc. Clarity Debt Resolution, Inc. (“Clarity”) is a person to which Mitigately makes available Consumer’s Personal Information for a Business Purpose pursuant to the Agreement.

The Personal Information is disclosed by Mitigately for the specified purposes under the Agreement.

Mitigately is prohibited from: (a) Selling or Sharing Personal Information that it Collects pursuant to the Agreement, (b) retaining, using, or disclosing (i) such Personal Information thatMitigately Collected pursuant to the Agreement for any purpose other than for the Business Purposes specified in the Agreement as set forth on Schedule 1 attached hereto or as otherwise permitted by the CPRA or the CPRA regulations, (ii) the Personal Information that Mitigately and Clarity Collected pursuant to the Agreement outside the direct business relationship between Mitigately and Clarity, unless expressly permitted by the CPRA or the CPRA regulations, and (iii) the Personal Information that Mitigately Collected pursuant to the Agreement for any Commercial Purpose, other than the Business Purposes specified in the Agreement or as otherwise permitted by the CPRA and the CPRA regulations, (c) combining or updating Personal Information that Mitigately Collected pursuant to the Agreement with Personal Information that Mitigately received from another source or Collected from Clarity’s own interaction with the Consumer, unless expressly permitted by the CPRA or the CPRA regulations, and (d) providing Cross-Context Behavioral Advertising under the Agreement Mitigately hereby certifies that Mitigately understands the foregoing restrictions in this Section and will comply with them.

4. Clarity shall: (a) comply with all applicable sections of the CPRA and the CPRA regulations, including, with respect to the Personal Information that Clarity Collected pursuant to the Agreement, providing the same level of privacy protection as required of Businesses by the CPRA and the CPRA regulations, (b) notify Mitigately in writing if Clarity makes a determination that it can no longer meet Clarity’s obligations under the CPRA and the CPRA regulations, (c) cooperate with Mitigately in responding to and complying with Consumers’ requests made pursuant to the CPRA, and (d) enable Mitigately to comply with consumer requests made pursuant to the CPRA or require Mitigately to inform Clarity of any Consumer request made pursuant to the CPRA that Clarity must comply with and provide the information necessary for Clarity to comply with the request.

5. Mitigately is granted the right: (a) to take reasonable and appropriate steps to ensure that Clarity uses the Personal Information that Clarity Collected pursuant to the Agreement in a manner consistent with Mitigately’s obligations under the CPRA and the CPRA regulations, and (b) upon notice, to take reasonable and appropriate steps to stop and remediate Clarity’s unauthorized use of Personal Information.

6. Clarity is only required to limit its use of Sensitive Personal Information received pursuant to the Agreement in response to instructions from Mitigately and only with respect to Clarity’s relationship with Mitigately.

7. Clarity, which Collects Personal Information pursuant to the Agreement, shall assist Mitigately through appropriate technical and organizational measures in complying with the requirements of Cal. Civ. Code § 1798.100(d), (e) and (f), taking into account the nature of the Processing.

8. If Clarity subcontracts with another Person in providing services to Mitigately for which it is a Service Provider or a Contractor, then Clarity shall have a written contract with such subcontractor that complies with all of the requirements set forth in Sections X.1 through X.8 and the CPRA and the CPRA regulations.

Sample Definition of Personal Information

Personal information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular California resident or household:

• Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

Any categories of personal information described in Cal. Civ. Code § 1798.80(e).
Characteristics of protected classifications under California or federal law.
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Biometric information.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a California resident's interaction with an internet website, application, or advertisement.
Geolocation data.
Audio, electronic, visual, thermal, olfactory, or similar information.
Professional or employment-related information.
Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g; 34 C.F.R. Part 99).
Inferences drawn from any of the information identified in this subdivision to create a profile about a California resident reflecting the California resident's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Cal. Civ. Code § 1798.140(v)(1).
Sensitive personal information, meaning:

- Personal information that reveals:

□ a California resident's Social Security, driver's license, state identification card, or passport number.

□ a California resident's account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.

□ a California resident's precise geolocation (as defined in Cal. Civ. Code § 1798.140(w)).

□ a California resident's racial or ethnic origin, religious or philosophical beliefs, or union membership.

□ the contents of a California resident's mail, email, and text messages unless the business is the intended recipient of the communication.

□ a California resident's genetic data. Cal. Civ. Code § 1798.140(ae)(1).

- The processing of biometric information for the purpose of uniquely identifying a California resident.

- Personal information collected and analyzed concerning a California resident's health.

- Personal information collected and analyzed concerning a California resident's sex life or sexual orientation. Cal. Civ. Code § 1798.140(ae)(2). Cal. Civ. Code § 1798.140(v)(1).

Personal information does not include publicly available information or lawfully obtained, truthful information that is a matter of public concern. Publicly available means information that is lawfully made available from federal, state, or local government records, or information that a business has a reasonable basis to believe is lawfully made available to the general public by the California resident or from widely distributed media, or information made available by a person to whom the California resident has disclosed the information if the California resident has not restricted the information to a specific audience, but does not mean biometric information (as defined in Cal. Civ. Code § 1798.140(c)) collected by a business about a California resident without the California resident's knowledge. Cal. Civ. Code § 1798.140(v)(2).

Sensitive personal information that is publicly available pursuant to the immediately preceding paragraph is not considered sensitive personal information or personal information. Cal. Civ. Code § 1798.140(ae)(3).

Personal information does not include California resident information that is deidentified (as defined in Cal. Civ. Code § 1798.140(m)) or aggregate consumer information (as defined in Cal. Civ. Code § 1798.140(b)). Cal. Civ. Code § 1798.140(v)(3).

‍