Privacy Policy

Updated as of July 2024

Introduction

Passcloud Inc. (“Company” or “we” “us” and “our”) values your privacy and is committed to maintaining your trust. We provide this Privacy Policy to inform you of our policies and procedures regarding the collection, use, and disclosure of personally identifiable information received from visitors to and/or users of the Company’s website located at passcloud.ai (the "Website") and provision of services online. Specifically, the Company provides a SaaS platform that enables companies to issue native digital wallet cards to consumers through its Website (collectively the "Services").

General Data Protection Regulation

This Company is headquartered in Washington. However, our Website does not restrict visitors from the EU; we do not have in place any protections to prevent EU residents from accessing our Website. As a result, we provide the foregoing disclosure to EU data subjects.

The Company’s processing of the Personal Information such as the name, address, email address, or telephone number of an EU data subject (hereinafter “Personal Information” or “Personal Data”) that is voluntarily supplied by the individual or supplied by an authorized third party shall always be in line with the General Data Protection Regulation (“GDPR”) and in accordance with the country-specific data protection regulations applicable to the Company.

By means of this Privacy Policy, our Company would like to inform you of the nature, scope, and purpose of the Personal Information we collect, use, and process as defined herein. Specifically, if you are an EU data subject visiting our Website, you are hereby informed by means of this section of our Privacy Policy of the rights to which you are entitled and the recourse you may seek if you have any questions regarding the collection, use, and processing of Personal Information by the Company. You may email us with requests at hello@passcould.ai.

Your Privacy Rights under the GDPR

The GDPR includes the following rights for you as an EU data subject if you provide Personal Information to the Company in connection with accessing the Services or visiting our Website:

• The right to be informed about how we store, use, or share your data;
• The right to access your data;
• The right to rectify your data;
• The right to have us erase your data;
• The right to prevent us from processing your data;
• The right to request copies of your data from us in a commonly-used and machine-readable format free of charge for the purposes of transfer to a third party where technically feasible;
• The right to object to the use or sharing of your data; and
• The right not to be subject to automated decision-making including profiling.

Legitimate Business Interest under the GDPR

Our use of your Personal Information is based on the legitimate business grounds that:

• The use is necessary in order to fulfill our commitments to you under our Terms of Service or other agreements with you or is necessary to administer your account – for example, in order to enable access to our Website on your device or charge you for our Services;
• The use is necessary for compliance with a legal obligation;
• The use is necessary in order to protect your vital interests or those of another person or entity;
• We have a legitimate interest in using your information – for example, to provide and update our Website or Services to improve our Website or Services so that we can offer you an even better user experience to safeguard our Website or Services to communicate with you to measure, gauge, and improve the effectiveness of our advertising and better understand user retention and attrition to monitor and prevent any problems with our Services and to personalize your experience; and/or
• You have given us your consent.

Data Retention/Erasure

We will retain your Personal Information for as long as needed to provide the applicable Services or for a minimum period of four (4) years. If at any time after agreeing to this Privacy Policy you:

• Change your mind about receiving information from us;
• Wish to revoke permission for us to retain and use your Personal Information;
• Wish to object to the processing of your Personal Information; or
• Wish for us to erase a copy of your data, please make a request to the Company at hello@passcould.ai. If you request erasure of your data, we may retain some of your Personal Information only for legitimate business interests such as fraud detection, prevention, and enhancing the safety of our Website; and to comply with our legal obligations, specifically our tax, legal reporting, and auditing obligations.

Our Response to Your Requests

If you make any requests regarding your Personal Information, we will not charge you for compliance with the request. The Company will respond and comply within 30 days. The Company reserves the right to refuse or charge for requests that are manifestly unfounded or excessive. If we refuse your request, we will tell you why we are refusing your request. You have the right to complain to the relevant supervisory authority and to a judicial remedy, but you must do so within one month of our refusal.

Data Controller

The Company is the “data controller” as defined under the GDPR or the legal entity which determines the purposes and means of the processing of Personal Information of the customers of the Company and visitors to its Website. The Company is responsible for collecting your consent, managing consent-revoking, enabling right to access, etc. If you wish to revoke consent for us to store, use, or share your Personal Information, you may contact us at hello@passcould.ai.

Data Processor

The Company is the “data processor" as defined under the GDPR or the legal entity which processes, as this term is defined here in footnote 1, your Personal Information. The Company has not retained any third-party service provider to process your Personal Information. Any processing of Personal Information shall be done solely by the Company. The Company maintains records of any processing activities it performs and is able to show how the Company complies with the data protection principles under the GDPR. It has effective policies and procedures in place. If you have questions regarding the processing of your Personal Data, you may contact us at hello@passcould.ai.

Data Protection Officer

The Company is not formally required to designate a Data Protection Officer (“DPO”) because it is not:

• A public authority;
• An organization that carries out regular and systematic monitoring of individuals on a large scale; or
• An organization that carries out large-scale processing of special categories of data such as health information or information about criminal convictions.

Breach

The Company has reasonable internal policies and procedures in place to effectively detect, report, and investigate a data breach. The GDPR defines a Personal Information breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Information.” Pursuant to the GDPR, the Company will notify you of a Personal Information breach where the Personal Information breaches are likely to present a risk to data subjects, to data protection authorities (“DPAs”) without undue delay and within 72 hours if feasible after becoming aware of the breach; and communicate high-risk breaches to affected data subjects without undue delay. In the unfortunate event of breach, the Company shall provide you with:

• Contact details of the DPO or other contact person for the Company
• A description of the nature of the breach
• Likely consequences of the breach
• Measures the Company has taken or proposes to take to address the breach
• Advice on steps data subjects can take to protect themselves.

Note: Data Protection Impact Assessment (DPIA)

The Company is not required to undergo a DPIA because it does not carry out processing that is likely to result in a high risk to the rights and freedoms of individuals.

Information Collection and Use

Our primary goals in collecting information are to provide and improve our Services, to administer your use of the Services, and to enable you to enjoy and easily navigate our Website.

Information You Provide

When you register with us through the Services or when you choose to create an account, we will ask you for personally identifiable information. This refers to information about you that can be used to contact or identify you (“Personal Information”). Personal Information includes, but is not limited to, your name, phone number, email address, and home and business postal addresses. If you use our Services to send information to another person, we will store the information you provide in order to allow you and your recipients access to that information.

Use of Information

We use your Personal Information mainly to provide the Services and administer your inquiries. We may also use your Personal Information to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications.

Log Data

When you visit the Website, whether as a registered user or a non-registered user just browsing (any of these, a “User”), our servers automatically record information that your browser sends whenever you visit a website (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type or the webpage you were visiting before you came to our Website, pages of our Website that you visit, the time spent on those pages, information you search for on our Website, access times and dates, and other statistics.

Cookies

Like many websites, we use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use cookies for two purposes. First, we utilize persistent cookies to save your login information for future logins to the Website. Second, we utilize session ID cookies to enable certain features of the Website, to better understand how you interact with the Website, and to monitor aggregate usage by Users and web traffic routing on the Website.

Information Sharing and Disclosure

Passcloud Inc. does not sell your Personal Information. We may share your Personal Information with third parties only in the ways that are described in this Privacy Policy. We may also disclose your Personal Information if we believe in good faith that such disclosure is necessary to (i) comply with relevant laws or to respond to subpoenas or warrants served on us; or (ii) to protect and defend the rights or property of Passcloud Inc. or users of the Services.

Business Transfers

Passcloud Inc. may sell, transfer, or otherwise share some or all of its assets, including your Personal Information, in connection with a merger, acquisition, reorganization, or sale of assets, or in the event of bankruptcy. You will have the opportunity to opt-out of any such transfer if the new entity’s planned processing of your information differs materially from that set forth in this Privacy Policy.

Security

The security of your Personal Information is important to us. We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

Changes to this Privacy Policy

This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy on our Website. You are advised to consult this Privacy Policy regularly for any changes.

Contacting Us

If you have any questions about this Privacy Policy, please contact us at hello@passcould.ai.