Privacy Policy

1. General

Conforma, Inc. (referred to herein as “Conforma”, “we”, “our”, or “us”) has created this privacy policy to address how we collect, store, process, manage, and use your data (including personally identifiable information).

This privacy policy (“Privacy Policy”) applies to your use of our websites (including those at conforma.ai, subdomains of conforma.ai, and third-party platforms like Hubspot, Microsoft Azure and Stripe) (collectively, the “Conforma Websites”) and all other products and services we make available (together with the Conforma Websites, the “Conforma Services”).

By using the Conforma Services, you agree to Conforma’s privacy practices described in this Privacy Policy as well as the collection, usage, and management of your data as described below and in our terms of service, which can be found at www.conforma.ai/trust-center-hub (the “Conforma Terms”).

By using any of the Conforma Services you acknowledge and agree that you have reviewed and understood our policies regarding collection, storage, use and disclosure of your personal information and consent to our use of your information in accordance with those policies.

2. Collection, Use, and Retention of Personal information

2.1 Personal Information Provided to Us

We collect personal information about you when you voluntarily submit information to us through communications with us or submissions on the Conforma Websites. This could include information you provide to use when you register for the Conforma Websites, utilize the Conforma Services, engage with us on social media, report an error relating to the Conforma Services, or use any feature or aspect of the Conforma Services. We rely on the information you give us to provide you the Conforma Services and respond to your requests. You are responsible for complying with the applicable laws and other obligations for any personal information that you provide under the situations described in this paragraph. If you do not provide personal information when requested, you may not be able to use the Conforma Services if that information is necessary to provide you with the service or if we are legally required to collect it.

2.2 Personal Information Received from Other Sources

Conforma may receive additional personal information about you from individuals or entities that are subscribers to the Conforma Services and in cases in which you are designated a user of the Conforma Services either as a contact, collaborator, or in other such capacity and as such terms are used within the Conforma Services. In addition, Conforma utilizes a number of other services, including payment services, advertising networks, analytics providers, search information providers, and other services needed to effectively deliver the Conforma Services, and may receive information about you from them under the agreements and restrictions you have with them. We may link or combine the personal information we collect and/or receive about you and the information we collect automatically to provide you with a personalized experience. Your privacy settings on the third-party service normally control what they share with us. Make sure you are comfortable with what they share by reviewing their privacy policies and, if necessary, modifying your privacy settings directly on the third-party service.

2.3 How We Use Your Personal Information

Generally, Conforma may use your personal information for the following purposes (collectively, the “Business Purposes”):

• (a) provide you with content and the Conforma Services and perform related obligations and those specifically identified under the Conforma Terms;
• (b) communicate with you and provide updates about the Conforma Services;
• (c) support your use of the Conforma Services and communicate with you regarding your use or queries;
• (d) administer the Conforma Services for internal uses such as [data analytics and] product testing as well as to improve the Conforma Services;
• [(e) market, measure, and understand the effectiveness of advertising methods that we use;]
• (f) develop new services;
• (g) detect, prevent, and investigate security incidents, potential abuse or misuse, and investigate any security alerts; 
• (h) to comply with applicable legal requirements, such as tax and other government regulations and industry standards, contracts, and law enforcement requests; and
• (i) other legitimate business purposes relating to the Conforma Services or our legitimate interests.

Conforma will only process personal information for the Business Purposes. Conforma may use outside services to help us with accomplishing the Business Purpose; a list of software and the types of personal information used in each is available in Exhibit B. Exhibit B also sets out the categories of personal information you provide to us and that we receive from other sources and how we use that information and related details. Conforma further will only process your personal information within the legal bounds of the applicable law in your jurisdiction (See Jurisdiction Addendums).

Further information regarding the collection of your information, the types of data, and the primary purposes for collection and use of such data collected, is set forth in Exhibit A.

2.4 Third Party Plugins

We may share personal information with website plugins or similar third-party services to improve your experience, at your direction, or when you intentionally interact with the plug-in. For example, when you use a third-party service to create or log in to your account, we may share your personal information with that third party service.

2.5 Marketing and Advertising

We may periodically contact you electronically with relevant information about the Conforma Services and other products and services offered by Conforma. We may use personal information we have received under section 2.1 and 2.2 of this policy to determine the most relevant information to share with you. If you don’t want to hear from us, you can do so by letting us know when you first provide your contact information, or  by emailing us at privacy@conforma.ai.

2.6 Social Media

The Conforma Websites may have social media features such as Facebook’s Like button and sharing buttons. These features may collect your IP address, which page you are visiting on our Website, and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of the company providing it.

2.7 Address and Browser Information

When you access the Conforma Websites, we receive information about the IP address making the request, the date and time of such request, the browser and operating request of the device making the request, the requested URL, the referring website from which you made the request, and other data that allows us to serve you the Conforma Websites and optimize the Conforma Services. Conforma may also collect information relating to usage, such as the number and frequency of visitors to the Conforma Websites.

2.8 Limitations on Use of Personal Information

Conforma does not sell personal information shared by you. All use of personal information is done solely for the Business Purposes.

2.9 Anonymization and Aggregation of Data

We may anonymize and aggregate any of the personal information we collect (so that it does not identify you). We may use anonymized information for purposes that include testing our IT systems, internal research and data analysis, improving the Conforma Services, and developing new products and features.

2.10 Retention of your Information

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the Business Purposes, satisfying any legal or reporting requirements, and any other required retention policies. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and the applicable legal and contractual requirements. When the purpose of the data processing has been fulfilled, your personal information will be deleted in accordance with our data retention policy and the Conforma Terms, unless we are legally required to retain it. In some circumstances we may anonymize your personal data (so that it can no longer be associated with a user) for purposes that include testing our IT systems, internal research and data analysis, improving the Conforma Services, and developing new products and features. Please note that in the course of providing the Services, aggregated, anonymized, or de-personalized information may be retained indefinitely.

2.11 Sharing of Personal Information

We will not share your personal information with any third parties except as described in this Privacy Policy or in connection with the Conforma Services, and in all cases, nothing in this Privacy Policy will affect the confidentiality obligations and disclosure restrictions in the Conforma Terms. Conforma may share certain personal information with vendors, suppliers, subcontractors, and partners who perform services on our behalf (these companies are authorized to use your personal information only as necessary to provide these services to us and subject to similar confidentiality restrictions), analytics and search engine providers that assist us in the improvement and optimization of the Conforma Websites, and payment processors (via encrypted connection) and invoicing services that fulfill payment transactions for us. We may share personal information with website plugins, [social media platforms] or similar third-party services to improve your experience, at your direction, or when you intentionally interact with the plug-in. For example, when you use a third-party service to create or log in to your account, we may share your personal information with that third party service.

2.12 Disclosure

In accordance with the provisions of Section 3.3 of the Conforma Terms, we may be required to disclose personal information in response to lawful requests by government authorities and legal orders.  Conforma may also disclose such information at your own request, when it’s necessary to enforce the Conforma Terms, to detect, prevent, or address fraud, technical, or security issues, and to protect our property or legal rights, or those of other parties.

2.13 Business Transactions

We may disclose personal information to third parties in connection with a business transaction. Personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business. If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on the Conforma Websites of any change in ownership that impacts the use of your personal information, as well as any choices you may have regarding your personal information.

2.14 Use of Information Received via our Referral Program

If you participate in our referral programs, you must obtain the prior consent of the individuals whose names and email addresses you share and provide them with enough information for them to know how we handle their personal information or direct them to this Privacy Policy. If you provide us with the personal information of potential prospects of the Conforma Services, we will store the contact details to track the success of our referral programs. The referred individual may request that their contact details be removed from our database by contacting privacy@conforma.ai to make the request.

3. Storing and Transferring your Personal Information

3.1 Security

We use industry standard techniques to protect against unauthorized access of your personally identifiable information. We use Secure Socket Layer technology (SSL) in sending your private information. We also ensure that our employees only use the information they need to help you and take measures to protect against unauthorized access to their computers.

3.2 Appropriate Safeguards

Conforma, its agents, sub-contractors or employees, Conforma will implement, and ensure that its agents, sub-contractors and employees implement, appropriate technical and organizational security measures to ensure a level of security commensurate with the risks associated with the processing, such measures to be appropriate in particular to protect against accidental or unlawful destruction, loss, alteration or unauthorized disclosure of or access to your personal information. Notwithstanding the foregoing measures, because the internet is not a completely secure environment, we cannot guarantee the security of any personal information transmitted to the Conforma Services or guarantee that information on the Services may not be accessed, disclosed, altered, and/or destroyed by breach of any of our physical, technical and/or managerial safeguards.

You are responsible for maintaining the secrecy of its unique password and account information, and for controlling access to emails between a user and us, at all times. You should limit access to its computer and/or mobile device and/or browser and sign off after you have finished accessing your account. We are not responsible for the functionality, privacy and/or security measures of any other organization and are not responsible for the practices employed by any websites and/or services linked to and/or from the Services, including the information and/or content contained therein.

3.3 Storage of Information

Any data that we collect from you will be stored initially within the United States at a secure location. In order to keep your data secure, we will take all reasonably necessary steps in accordance with this Privacy Policy and the Conforma Terms. All information you provide to us is stored on secure servers in a controlled environment with limited access. If you provide us with any payment information, that information will be encrypted using SSL technology. If you have created a password to access secure sections of our site or software, you are responsible for keeping this password confidential and not sharing the password with anyone.

3.4 International Data Transfers

If you are in the European Economic Area (“EEA”) the personal data which we collect from you may be transferred to, and stored at, a destination outside the EEA, including the United States of America. You acknowledge the transfer to, and storing, or processing outside of the EEA, of your personal data as set out in this Privacy Policy.

If you are located in the EEA, the UK or Switzerland, we comply with applicable laws to provide an adequate level of data protection for the transfer of your data to the US. Where applicable law requires a data transfer legal mechanism, we use one or more of the following: EU Standard Contractual Clauses with a data recipient outside the EEA or the UK, verification that the recipient has implemented Binding Corporate Rules, or other legal method available to us under applicable law.

Your personal data may also be processed by staff operating outside the EEA and Switzerland who work for us, or one of our third-party service providers. Such staff may be engaged in, among other things, the fulfillment of your transaction, the processing of your payment details, improving our Websites and Services, technical support, fraud review, and the provision of other support services. We will take all reasonably necessary steps to ensure that where your personal data is transferred, it is treated securely and in accordance with this Privacy Policy.

4. Use of Cookies and Similar Technologies

4.1 Types and Purpose of Cookies

The Conforma Services uses cookies and similar technologies (collectively referred to as cookies) to distinguish you from other users of the Conforma Services and provide you with the best possible service and experience. The information we may collect is described in detail in Exhibit B.

• Strictly necessary cookies. These cookies are required for the essential operation of our Service such as to authenticate you and prevent fraudulent use.
• Analytical/performance cookies. These cookies allow us to recognize and count the number of visitors and to see how visitors move around our Service when they are using it. This helps us to improve the way our Service works, for example, by ensuring that you can find information easily.
• Functionality cookies. These cookies are used to recognize you when you return to our Service. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
• Targeting cookies. These cookies record your visit to our Service, the pages you have visited and the links you have followed. We will use this information to make our Service and the advertising displayed on it more relevant to your interests. We may also share this information with third parties (listed in Exhibit B) for this purpose.

4.2 Opting Out and Blocking Cookies

If you do not wish to have information about you from your use of the Conforma Websites and other websites used for such purposes, you can opt-out of certain advertising platforms using the following consumer choice mechanisms:

• Digital Advertising Alliance (DAA)’s self-regulatory opt-out page
• European Interactive Digital Advertising Alliance (EDAA)’s consumer opt-out page
• Network Advertising Initiative (NAI)’s self-regulatory opt-out page

This does not opt you out of generic and other such served ads. You can also block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. If, however, you use your browser settings to block all cookies (including those that are necessary cookies for the use of the Conforma Services) you may not be able to access all or parts of the Conforma Services.

You may also be entitled to make additional choices regarding your personal information. These can include accessing your personal information, making changes to your personal information, requesting the deletion of your personal information, or objection to certain processing of your personal information, or changing how you receive promotional emails from us. Although you will not be discriminated against for exercising these rights, in certain situations, we may no longer be able to provide the Conforma Services without sufficient personal information. In either case, you can contact us as set forth in section 5.4 of our Privacy Policy if you wish to make additional choices regarding your personal information.

5. Miscellaneous

5.1 Third-Party Links

We sometimes offer you access to third party websites, services, and applications through our Website. This Privacy Policy does not cover how these third parties that we do not own or control would use your data. These third parties may have their own privacy policies. We encourage you to carefully review them. We have disclosed the information we collect through these providers and how this information is utilized below.

5.2 Changes to this Policy

Periodically we may make changes to this Privacy Policy. If we make any changes in the way we collect or use your information, we will let you know by posting an announcement on our Website and emailing you. If you are subject to the GDPR, you will be prompted to consent to the changes of our Privacy Policy. If you use our Websites or the Conforma Services after any changes have been made, you agree to the revised Privacy Policy.

5.3 Notices

If we need to provide you with information about something, whether for legal, marketing or other business related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our Website. The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this Privacy Policy.

5.4 Contact us

Regardless of your location, any questions, comments, and requests regarding this Privacy Policy are welcome and communication should be sent to privacy@conforma.ai.

Communication can also be addressed to: Attn: Privacy Team, Conforma, Inc., 24 Veterans Sq., Media, PA 19063.

5.5 Other Items

• Children Should Not Use Conforma. The Conforma Services are directed and marketed to business and professionals and is not directed at persons under 16 years of age. We do not intend to collect personal information from children under 16 years of age. If you become aware that a child under 16 years of age has provided us with personal information without appropriate consent, then please contact us using the details below so that we can take the appropriate steps in accordance with our legal obligations and this Privacy Policy.
• Third Party Applications/Websites. We have no control over the privacy practices of websites or applications that we do not own.
• Notices. If we need to provide you with information about something, whether for legal, marketing or other business-related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our Website. The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this Privacy Policy.
• Conflict Between This Privacy Policy and the Conforma Terms or Other Terms. Where there is a conflict between this Privacy Policy and an explicit provision of the Conforma Terms, this Privacy Policy will prevail over those other Terms.
• Accessibility. If you are visually impaired, you may access this notice through your browser’s audio reader.
• Other. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us according to the methods above.

Addendums

Addendum 1: International Jurisdictions

Personal information that you submit through the Services may be transferred to countries other than where you live. We also store personal information locally on the devices you use to access the Services. Your personal information may be transferred to countries that do not have the same data protection laws as the country in which you initially provided the information. The following provisions may apply to you depending on where you are located.

Australia

If you are an Australian resident, and you are dissatisfied with our handling of any complaint you raise under this Privacy Policy, you may wish to contact the Office of the Australian Information Commissioner.

Brazil

Conforma processes the personal data of people in Brazil in accordance with the Lei Geral de Proteção de Dados Pessoais (“LGPD”). This Privacy Policy and our Cookie Policy disclose the categories and specific pieces of personal data collected about you, the categories of sources from which that personal data is collected, the business purposes for collecting the personal data, and the categories of third parties with which the information is shared. LGPD gives you certain rights to request information about our processing of your personal data and the right to ask that we delete your personal data. To exercise your rights, please contact us as set forth in section 5.4 Contact Us of our Privacy Policy.

Any personal data provided to Conforma may be transferred to, stored by or disclosed to an overseas recipient, as set forth section 3.4 International Data Transfers of this Privacy Policy. Conforma will take reasonable steps, in the circumstances, before your personal data is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach privacy laws in relation to your personal data. In the event of a data breach, we will act in accordance with our data breach response plan and notify the affected data subjects. You may contact us or request a copy of our policies by contacting us as set forth in section 5.4 Contact Us of our Privacy Policy.]

Canada

Personal information maintained and processed by our affiliates and third-party service providers in the U.S. and other foreign jurisdictions may be subject to disclosure pursuant to a lawful access request by U.S. or foreign courts or government authorities. We will not provide your information to third parties for marketing purposes without your prior consent.

For more information about our privacy practices; to access, update or correct inaccuracies in your personal information; or if you have a question or complaint about the manner in which we or our service providers treat your personal information, please contact us as set forth in section 5.4 Contact Us of our Privacy Policy.

European Economic Area (EEA) and the United Kingdom (UK)

If you are located in the European Economic Area (“EEA”), the following provisions apply to you, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “EEA Applicable Law”). As set forth in section 3.4 International Data Transfers of this Privacy Policy, to the extent personal information is collected and subsequently transferred out of the EEA, the transfer will take place consistent with the Standard Contractual Clauses. We transfer, in accordance with Article 46 of the GDPR, personal information to recipients that have entered into the European Commission approved contract for the transfer of personal data outside the European Economic Area. We may, in accordance with Articles 45 and 46 of the GDPR, transfer personal information to recipients that are in a country the European Commission or a European data protection supervisory authority has confirmed, by decision, offers an adequate level of data protection, pursuant to an approved certification mechanism or code of conduct, together with binding, enforceable commitments from the recipient to apply the appropriate safeguards, including as regards data subjects’ rights, or to processors which have committed to comply with binding corporate rules.

If you are a resident of the EEA, and believe we process your information in scope of the General Data Protection Regulation (GDPR), you may direct your questions or complaints to the Office of the Data Protection Commissioner. If you are a resident of the UK, you may direct your questions or concerns to the UK Information Commissioner’s Office. To exercise your privacy rights set forth in this Privacy Policy, you may contact us as set forth in section 5.4 Contact Us of our Privacy Policy.

Additionally, Conforma is committed to upholding the principles of the EU-U.S. Data Privacy Framework (DPF). Further information about the goals and guidelines of the framework can be found here.

Mexico

Mexican residents may exercise data protection rights to access, correction, deletion, opposition or revocation under applicable law. You may be provided with further information about the steps to exercise your privacy rights, including identity verification, timing, the way to get in touch with the organization responding to your request for further communications about your request, and how your request may be honored. If you are a Mexican resident, please direct your requests directly to the Customer with whom you shared your personal information.

Philippines

Conforma processes the personal data of people in the Philippines in accordance with the Philippine Data Privacy Act of 2012 (R.A. No. 10173), its implementing rules and regulations and related issuances of the National Privacy Commission. For such Filipino users, these provisions supersede any other possibly divergent or conflicting provisions contained in the Privacy Policy.

This Privacy Policy and our Cookie Policy disclose the categories and specific pieces of personal data collected about you, the categories of sources from which that personal data is collected, the business purposes for collecting the personal data, and the categories of third parties with which the information is shared. Philippine Data Privacy Act of 2012 gives you certain rights to request information about our processing of your personal data and the right to ask that we delete your personal data. To exercise your rights, please contact us as set forth in section 5.4 Contact Us of our Privacy Policy.

Any personal data provided to Conforma may be transferred to, stored by or disclosed to an overseas recipient. For example, Conforma may use a server hosted overseas to store data, which may include your personal data. Your personal data may also be processed by employees or by other third parties operating outside of the Philippines in countries like the United States of America, Brazil or in the European Union, who work for Conforma., as set forth section 3.4 International Data Transfers of this Privacy Policy. Conforma will take reasonable steps, in the circumstances, before your personal data is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach privacy laws in relation to your personal data. In the event of a data breach, we will act in accordance with our data breach response plan and notify the affected data subjects. You may contact us or request a copy of our policies by contacting us as set forth in section 5.4 Contact Us of our Privacy Policy.

Thailand

Thailand residents may have additional rights under applicable laws. If we process your personal data due to a legal obligation or contractual right, and you do not provide us with personal Information, we may not be able to lawfully provide you services.

 Addendum 2: GDPR Rights

If you are located in the European Economic Area (“EEA”), the following provisions apply to you, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “EEA Applicable Law”)

Where Conforma is provided personal information in its capacity of providing the Conforma Services to its customers or prospective customers, Conforma will act as the Processor. The provider will be the Controller of the personal information. Where Conforma collects personal information for any of the Business Purposes, which constitute the legitimate interests of Conforma, it will be the Controller for purposes of the EEA Applicable Law. Conforma will never collect or process any of the special categories of personal information outlined in the EEA Applicable Law.

2. Duties of the Processor

Conforma, when acting as a Processor (as defined in the EEA Applicable Law) agrees to process personal information only on instruction of the Controller (defined in the EEA Applicable Law). Engagement with the Conforma Services will constitute approval of processing. Conforma agrees that it will delete all personal information upon the termination of services or return the data to the controller upon request.

3. Sub-processors of Personal Information

Conforma, when acting as a Processor, may use sub-processors to manage and store your personal information. The Controller affirmatively consents to any sub-processing necessary for normal business operations by their continued use of the Conforma Services. The Processor will remain fully liable to the Controller for any failure by a sub-processor to fulfill its obligations in relation to the processing of any personal information.

4. Confidentiality of Personal Information

In cases in which Conforma acts as a Processor as defined in the EEA Applicable Law, and generally, Conforma will ensure that its employees, agents, and sub-contractors take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to the personal information, ensuring in each case that access is strictly limited to those individuals who need to access the relevant personal information, as strictly necessary to the Conforma Services in the context of that individual’s duties to Conforma.

5. International Transfers of your Personal Information

The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the EEA, your personal information may be processed outside of the EEA including in the United States; these international transfers of your personal information are made pursuant to appropriate safeguards, and, we will take suitable steps to ensure that your personal information is treated just as safely and securely as it would be within the EEA and under the Applicable Law. Such measures will include having Data Processing Agreements with applicable sub-processors and ensuring that such sub-processors have adequate security and data protection procedures in place aligned with the applicable law. If you have questions about these safeguards, please contact us using the details set out in section 6.4.

6. Rights of the Data Subject

As a data subject, you have the following rights in respect of your personal information that we hold, including in our partner services:

• Right of Access and Portability. To obtain access to your personal information along with certain information, and to receive that personal information in a commonly used format and to have it ported to another data controller.
• Right to Rectification. To obtain rectification of your personal information without undue delay where that personal information is inaccurate or incomplete.
• Right to Erasure. To obtain the erasure of your personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.
• Right to Restriction. To obtain the restriction of the processing undertaken by us on your personal information in certain circumstances, such as where the accuracy of the personal information is contested by you or the sale of your personal information for a period enabling us to verify the accuracy of that personal information.
• Right to Object. To object, on grounds relating to your particular situation, to the processing of your personal information, and to object to the processing of your personal information for direct marketing purposes, to the extent it is related to such direct marketing.
• Right to Non-Discrimination. To non-discrimination for exercising your rights as outlined in this policy. This includes denying you goods or services, charging you different prices for similar services, or providing a different level or quality of service.

7. Exercise of Rights

If you wish to exercise one of these rights, please contact us using the contact details at the end of this Privacy Policy. Upon request, we will provide you with information about whether we hold any of your personal information. You may access, correct or request deletion of your personal information by logging into your account, or by contacting us at privacy@conforma.ai. We will respond to your request within 30 days.

Addendum 3: United States

California. If you are a California resident, the following provisions apply to you, in accordance with the provisions of the California Consumer Privacy Act (“CCPA”) and other applicable provisions of the California Civil Code (namely, section 1798) (together, the “California Applicable Law”), California residents are entitled to certain additional rights as identified in this section.

We collect personal information as outlined in Exhibits A and B. We process, retain, use, and disclose only as necessary to provide the services under the Conforma Terms and for the Business Purposes. We do not sell your personal information; and will not sell your personal information without providing you the ability to opt out. Please note that we do use third-party cookies for our advertising purposes as further described above.

A California resident (as defined in the California Applicable Law) has the right to request a list of the categories of personal information collected, a copy of the specific personal information compiled about them, and the deletion of said information. Such a request may be made twice in a given 12-month period. To make such a request, please contact Conforma at privacy@conforma.ai, or by mail at Conforma, Inc., 24 Veterans Sq., Media, PA 19063. Additional information may be required for identity verification purposes. Conforma will not discriminate against California residents who make such a request.

Other California Privacy Rights. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, see Contact Information above.

During the past 12 months we have collected the categories of information listed in Exhibit A about California residents from the listed sources, used it for the listed business purposes and shared it with the listed categories of third parties. This includes information about Website visitors, registered users, employees, vendors, suppliers and any other person interacting with us either online or offline. Not all information is collected about individuals. For instance, we may collect different information from applicants for employment than from customers.

Nevada. This notice is provided to you pursuant to state law. Nevada state privacy laws permit us to make marketing calls to existing customers, but if you prefer not to receive marketing calls, you may be placed on our internal opt-out list by emailing us at optout@conforma.ai or you may also contact the Nevada Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Ste 3900, Las Vegas, NV 89101; telephone 702-486-3132; email: AGCinfo@ag.nv.gov.

Texas. If you have a complaint, first contact us by visiting our Website at conforma.ai. If you still have an unresolved complaint regarding the company’s money transmission or currency exchange activity, please direct your complaint to the Texas Department of Banking: 2601 North Lamar Boulevard, Austin, TX 78705-4294; 1-877-276-5554 (toll free); www.dob.texas.gov.

Vermont. In accordance with Vermont law, we will not share information we collect about you with companies outside of Conforma except as required or permitted by law. For example, we may share information to service your accounts, complete requested transactions, or to provide rewards or benefits to which you are entitled.

Exhibit A

Information Collected and its Primary Purpose for Collection and Use

Exhibit B

AZURE

Conforma uses Microsoft Azure as our cloud-based data storage and hosting provider. Azure’s current data processing and data protection is viewable here: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA

GOOGLE ADSENSE

Conforma uses Google AdSense, a Google product, to advertise and track advertising data. CCPA categories of information collected include: Identifiers, Internet/electronic activity, Geolocation. The responsible entity is: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA, 94043, USA. Google AdSense uses cookies and clear gifs to display the ads and measure their effectiveness. The information collected from these cookies/clear gifs is stored on Google servers in the USA, and the data is shared with us in the form of reports. Google may give this information to further parties where legally required to do so, or these parties are contracted to by Google. You may opt-out of targeted advertising through Google AdSense by following these instructions: https://support.google.com/adsense/answer/142293 

You can find further information about Google’s data processing and data protection at: https://policies.google.com/]

GOOGLE ANALYTICS

Conforma’s website uses Google Analytics, a Google product, for website analysis, to help improve our website. CCPA categories of information collected include: Identifiers, Internet/electronic activity, Geolocation. The responsible entity is: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA, 94043, USA. The analysis of your use of our website is made possible through the use of cookies, and this information is stored on Google servers in the USA.The data is shared with us in the form of reports. Google may give this information to further parties where legally required to do so, or these parties are contracted to by Google. You may opt-out of targeted advertising through Google AdSense by visiting: tools.google.com/dlpage/gaoptout .You can find further information a]bout Google’s data processing and data protection at: https://policies.google.com/]

HUBSPOT

Conforma uses Hubspot for our marketing and sales activities to communicate with our prospects and customers. Personally identifiable information, including name, email address, phone number and location & country is submitted to Hubspot’s servers and saved there when a user engages with the Conforma Services. CCPA categories of information collected include: Identifiers, Internet/electronic activity, Geolocation. The responsible entity is: Hubspot, 1 Harbour Pl, Suite 175. Portsmouth, NH 03801, USA. You can find further information about Intercom’s data processing and data protection at: https://legal.hubspot.com/dpa

LINKEDIN

Conforma uses LinkedIn to share content on social media. CCPA categories of information collected include: Identifiers, Internet/electronic activity, Geolocation, and potentially, Inferences about personal preferences and attributes drawn from profiling, Internet activity. The responsible entity for LinkedIn is: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If the user is logged into a LinkedIn account (even if it is not their own account) at the same time that they access the Conforma website, LinkedIn will additionally receive a notification that they have visited Conforma’s website. LinkedIn collects this information, so it is possible that it could associate it with the LinkedIn account. To prevent this, log out of LinkedIn accounts prior to visiting the Conforma website. You may find further information about LinkedIn’s data processing and data protection here: https://www.linkedin.com/legal/privacy-policy]

LINKEDIN SALES NAVIGATOR.

Conforma uses LinkedIn Sales Navigator, a service provided by LinkedIn, for our sales and marketing activities. No personal identifiable information is collected. The responsible entity for LinkedIn is: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For further information relating to data protection and LinkedIn, please see: https://www.linkedin.com/legal/privacy-policy]

STRIPE

Conforma uses Stripe to process payments for customers and provide billing information to these customers. The responsible entity is: Stripe, Inc, 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. If you sign up for a Conforma subscription, the following data will be sent to Stripe, and saved by them: your name and email address, details of your payment method (credit card number, expiry date, CVC), your IP address, and the time and date of your transaction. If you wish to avoid sending your data to Stripe, you can do so by not signing up for a Conforma subscription. You may find further information about Stripe’s data processing and data protection here: https://stripe.com/us/privacy