Privacy Policy

Updated and Effective: March 31, 2025

Please read this Privacy Policy carefully. This Privacy Policy describes the data collection, use, protection, and privacy practices of DittoLive Incorporated ("Ditto", "we", "us" or "our") with respect to information and data we may collect in connection with our products, services, and business. If you have any questions, comments, or concerns regarding this Privacy Policy and/or our data practices, please contact us as described in Section 3.

If you are visiting us from the European Economic Area ("EEA"), Switzerland, or United Kingdom ("UK"), you should read the applicable sections below for specific rights applicable to the EEA, Switzerland and UK.

By accessing or using any of our SERVICES (as defined below), or submitting information in connection with your use of any of our services, you acknowledge and agree that you have read this Privacy Policy.

Table of Contents

1. Introduction
2. Changes to this Privacy Policy
3. Data Protection Officer
4. Information Controlled by our Customers
5. Information We Collect
6. Sensitive Data
7. Children's Privacy
8. Cookies & Similar Technologies
9. Payment Processing
10. Our Purposes for Collecting and Using Your Personal Information and Legal Basis
11. Sharing Your Personal Information
12. Direct Marketing Communications
13. Your Choices
14. Additional Rights for EEA, Switzerland and UK
15. Data Retention and Security
16. External Websites
17. Social Media Buttons
18. Transfers of Personal Information Outside the European Union
19. Data Portability Rights

1. INTRODUCTION

Ditto's Services

Ditto owns, operates, and provides:

• our business and corporate "Websites" located at www.ditto.com, including, its subdomains, and any other websites that include an authorized link to this Privacy Policy; and
• our software programs, software development kits, and APIs (collectively, our "Software") our and cloud-hosted software platform applications (the "Cloud Service"), that enable the ability to deliver collaborative and real-time experiences in online, offline, and peer to peer modes in enterprise mobile, web, and IoT applications and data synchronization across applications (all of the foregoing, collectively, the "Ditto Service").

When we refer to the "Services" throughout this Privacy Policy, we mean, collectively, the Websites, the Ditto Service, and any other products, websites, services, and/or applications provided by us and that include a link and/or reference to this Privacy Policy, and any related services and/or new features and/or functionality provided by us through or in connection with any of the foregoing.

The term "Personal Information" means any data or information about an individual from which that person may be identified. For example, it may include a person's name, telephone number, email address, IP Address, or other unique identifiers. It does not include data from which the identity of an individual has been definitively removed along with any identifiers connected to such individual (also known as anonymous or anonymized data).

Please note, our Services are designed for businesses and their representatives, and we do not offer products or services directly to or for use by individuals for their personal, family or household purposes.

Scope of this Privacy Policy

This Privacy Policy applies to Personal Information that may be collected, received, and processed in connection with the use of our Services by:

• Individual "Visitors" browsing or using our Websites or who interact with us through any pages or feeds of our accounts on any social media sites or platforms, such as through LinkedIn, Twitter, and/or any Meta platforms ("Social Media Platforms").
• Ditto's "Customers" who purchased access to the Ditto Service pursuant to Ditto's terms of use, terms of service, or other agreement entered into by Ditto and the Customer for use of the Ditto Service (the "Customer Agreement").

The employees, contractors, or agents of a Customer who have been authorized to access or use the Services on behalf of the Customer (hereinafter, "Authorized Users"). If you do not agree to this Privacy Policy, you should cease all use of the Services. Continued use of the Services by you, or any of your Authorized Users if you are a Customer, demonstrates that you acknowledge and agree to be bound by the Privacy Policy.

2. CHANGES TO THIS PRIVACY POLICY

Ditto reserves the right to update or modify this Privacy Policy at any time. Except for material changes as described below in this Section, all updates and modifications to this Privacy Policy will be effective from the day they are posted online at https://www.ditto.com/legal/privacy-policy. If we make any material changes to this Privacy Policy that impact your data processing rights, and you have provided an email address by which we can contact you, we will provide you with reasonable notice prior to such change taking effect by sending a notification to the email address we have on file for you. In the event of any changes to our Privacy Policy, we will update our Websites with any such changes. Material changes to this Privacy Policy will become effective on the date set forth in the notice, and all other changes will become effective from the day they are posted on our Websites. It is your responsibility to regularly visit and review this Privacy Policy.

If you do not agree to any updates or modifications to the Privacy Policy, you should cease all use of the Services. Continued use of the Services by you, or any of your Authorized Users if you are a Customer, after the applicable effective date of the revised Privacy Policy, signifies to us that you acknowledge and agree to be bound by the revised Privacy Policy.

3. PRIVACY OFFICER

Ditto has appointed a Privacy Officer (known as the Data Protection Officer in the EEA) Privacy Officer who is responsible for overseeing Ditto’s Privacy Team. Ditto’s Privacy Team can answer questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights or your rights granted by this policy, please contact our Privacy Team via one of the following methods:

By email: privacy@ditto.live

By Mail:

DittoLive Incorporated

548 Market Street PMB 20272

San Francisco, CA 94104

United States

Attn: Privacy Team

If you are an Authorized User, please see the following Section 4 for an explanation of how your request or inquiry will be handled.

4. INFORMATION CONTROLLED BY OUR CUSTOMERS

If you are an Authorized User of a Customer, please be aware that certain Personal Information and other information you provide, submit, or upload in connection with your use of the Services or through any Customer application utilizing the Services (the "Customer Application"), is collected and processed by Ditto on behalf of the applicable Customer pursuant to the applicable Customer Agreement as the "data processor" or "service provider" for such Customer who is the "data controller" or "business."

Each Customer determines its own policies for handling Personal Information, and if you are an Authorized User, you are responsible for reviewing such policies, including any privacy policies, of the applicable Customer. If you have inquiries regarding how a Customer processes your Personal Information or if you wish to submit a data rights request, as applicable under relevant data protection law, please contact the applicable Customer. Please note that if you submit any such request to us, we will forward it to the applicable Customer.

5. INFORMATION WE COLLECT

The Personal Information we collect in connection with the use of the Services depends on how and why you use the Services. For instance, the information that we may process about Visitors is more limited than the information we may process if you are a Customer or Authorized User.

Information Provided Directly to Ditto by Users of the Services

• Contact Information: We may collect contact information, such as, your first and last name, phone number, email address and/or mailing address, when you register an account to use the Services (an "Account"), or sign up to receive our marketing communications and/or newsletters.
• Account Registration: When you register an Account for the Services, we will collect the contact information as described above, and may collect other information such as the name of the Customer and your position with the Customer (if you are using the Services as an Authorized User).
• Login Credentials: When you login to your Account as a registered user, we collect your username, password and/or other login credentials.
• Commercial & Transaction Information: If you purchase access to or use of any of our Services, we may collect certain commercial and transactional information regarding such purchase, and our third-party PCI-compliant payment processors will collect certain payment and transaction information, such as your credit card, bank account information as described in Section 9 below.
• User Content. If you use the Cloud Service or a Customer Application, we may also collect and process on behalf of the applicable Customer, any messages, photos, videos, audio, images, data, information, text and/or any other content or materials submitted by you through the Cloud Service or the Customer Application ("User Content").
• Surveys, Feedback, Communications & Support: We collect the information, data, content, documents and/or materials you provide to us when you fill out forms, answer surveys, or contact us (such as your feedback, requests for support, or other communications with us). When requesting support services from us, you should not provide us with any Personal Information, especially any sensitive data (described in Section 6 below), in a support ticket or other request for support.
• Usage Information: We collect Usage Information as described below in the Section below titled Information Collected Automatically.

Please be advised that we may ask you to update your information from time to time in order to keep it accurate. Additionally, if you provide Personal Information to us about someone else, you must ensure that you are entitled to disclose that information to us and, without us having to take any further steps required by data protection laws, that we may collect, use and disclose such information for the purposes described in this Privacy Policy. For example, you should ensure the individual concerned is aware of the terms detailed in this Privacy Policy and that they have not objected or do not object to you sharing their information with us

Information Collected Automatically

We and/or our authorized third-party Service Providers or agents automatically collect technical and/or analytics information, using the cookies and similar technologies as described in Section 8 below, about how users use and/or interact with the Services (collectively, "Usage Information"), which may include (but is not necessarily limited to) identifiers, commercial information, and internet activity information such as IP address (or proxy server), information about the device and/or platform (e.g., iOS or Android) used by you to interact with and/or access the Services, mobile device number, device and application information, device event information, crash data, and log files and data, identification numbers and features, your approximate location (as determined through your IP address), browser type, plug-ins, integrations, Internet service provider or mobile carrier, the pages and files viewed, website and webpage interactions including searches and other actions you take, websites, apps and/or ads that referred you to the website, advertising and language preferences, operating system type and version, system configuration information, date and time stamps associated with your usage, and frequency of visits to the websites, and details of which of our products and product versions you are using.

Information Collected from Third Parties or Sources

In some instances, we process Personal Information from third parties, which consists of:

• Our Customers: If you are an Authorized User, we may receive Personal Information about you from our Customers.
• Service Providers: We receive information from third parties that provide services to us that help us in the operation, provision, administration and management of the Services ("Service Providers"), such as our cloud or hosting service providers, customer support providers, and our analytics providers.
• Marketing and Advertising Providers We may receive information from entities who perform advertising and/or marketing functions for Ditto, which may include, but is not necessarily limited to, business contact information included in potential customer and/or lead lists we may receive.
• Other Third Parties & Sources We may receive data and information from third party partners or providers that we have a relationship with, and/or information collected from publicly available sources, such as online business profiles, social media accounts, and/or webpages, which may include your name, or a publicly available business address, and related activity on such profiles, social media accounts, and/or webpages.
• Social Media Interactions: If you interact with us through any Social Media Platforms, we may collect information provided via those platforms, such as your name, username, demographic information, contact information such as email address, location, interests, and publicly posted data such as your social media activity.

Aggregated Data

In connection with your access and use of the Services, we process "Aggregated Data", such as de-identified statistical or demographic data. Aggregated Data may be derived from Personal Information, but is not considered Personal Information under the law if it does not directly or indirectly reveal your identity. For example, we may aggregate usage data to calculate the percentage of users accessing a specific feature of the Website. However, if we combine or connect Aggregated Data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as Personal Information, which will be processed in accordance with this Privacy Policy.

6. SENSITIVE DATA

Ditto does not require you to provide any sensitive data, for instance, state or federal identification information, financial account credentials, data about your race, ethnicity, or national origin, citizenship or immigration status, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, crime victim status, information about your health and genetic, and biometric, biological, and neural data to use any of the Services.

7. CHILDREN'S PRIVACY

Use of the Services is not intended for individuals under the age of 18. Without limiting the foregoing, Ditto does not target the Services to persons under the age of 18 and does not knowingly collect Personal Information from minors. Therefore, we ask you not to provide us with Personal Information of persons under the age of 18. If we learn that Personal Information of persons under 18 years of age has been collected on or through the Services, then we may terminate access to the Services, and/or make the content inaccessible.

8. COOKIES AND SIMILAR TECHNOLOGIES

We or our authorized third parties may collect certain information by automated means using cookies and/or similar technologies such as, web beacons, embedded scripts, pixels, and browser analysis tools (collectively, "Cookies"). Cookies collect information such as Usage Information.  For more information on our use of these technologies, and your rights to restrict or opt out of certain Cookies, see our Cookie Policy.

9. PAYMENT PROCESSING

Ditto does not directly collect or store any payment information. Payment transaction information is processed and stored exclusively by our third-party PCI-compliant payment processors, in accordance with their terms of service and privacy policies and statements, on our behalf in order to collect fees payable by you in connection with your use of the Services. The information provided to Ditto only includes partial payment or credit card information, and limited transaction information.

10. OUR PURPOSES FOR COLLECTING AND USING YOUR PERSONAL INFORMATION AND LEGAL BASIS

Generally, we process your Personal Information for one or more of the following legal bases:

• Performance of a Contract: In order to perform the Services and fulfill our obligations under the contract we are about to enter into or have entered into with you, or if you an Authorized User, the Customer Agreement we have entered into with the relevant Customer. This may also include disclosure to the third parties who help us perform our obligations to you in connection with your use of the Services, such as hosting providers, and payment processors.
• Legitimate Interests: When it is reasonably necessary to achieve our legitimate business interests (or those of a third party), and your interests and fundamental rights do not override those interests. For example, for security purposes and protection against fraud.
• Legal Obligations: Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.
• Vital Interests: Where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
• Consent: Where you have given us specific consent to use your Personal Information in a specific purpose, including the purposes described in this Privacy Policy. Please note that for this specific legal basis, you have the right to withdraw your consent at any time.

More specifically, and depending on whether you are a Visitor, Customer, or Authorized User and how you use the Services, we and/or our Service Providers process Personal Information for the purposes and on the legal bases (in italics) as follows:

• To host the Websites and the online aspects of the Services (performance of a contract);
• To perform and provide the Services to our Visitors, and to our Customers and their Authorized Users, including, performing our obligations under our Customer Agreements (performance of a contract);
• To maintain, enable, upgrade, update, improve, and/or enhance the Services, and develop new features, functionality, and/or other products and services (performance of a contract or sometimes necessary for our legitimate interests);
• To conduct analytics related to the Services, such as to understand how they are being used and where improvements may be needed (necessary for our legitimate interests);
• To personalize our Services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you visit the Services (necessary for our legitimate interests);
• Deliver direct marketing communications to you regarding our products and services that we may think are of interest to you as described in Direct Marketing Communications below (for our legitimate business purposes and subject to your opt-out rights described in this Privacy Policy and with your prior consent where required by law when you are not an existing customer);
• Respond to your queries and requests, or otherwise communicate directly with you (performance of a contract or sometimes necessary for our legitimate interests);
• Detect any fraudulent or illegal activity against Ditto, you, and our other users, including, Visitors, Customers, and Authorized Users (necessary for our legitimate interests);
• For our business transfers (necessary for our legitimate interests);
• To keep you updated about changes to policies related to the Services (including this Privacy Policy) (performance of a contract or sometimes necessary for our legitimate interests);
• To comply with a legal or regulatory obligation (for example, keeping records of our sales for tax compliance) (necessary for compliance with a legal obligation); and
• Provide information to regulatory bodies when legally required, and only as outlined below in Legal Disclosures (necessary for compliance with a legal obligation).

11. SHARING YOUR PERSONAL INFORMATION

Aside from disclosing your information to those of our personnel who are authorized to process the information in order to provide the Services and who are committed to confidentiality, we disclose your Personal Information only to the third parties as described below.

Third Party Service Providers

We share Personal Information with third parties that provide services to help us provide the Services and operate our business. Depending on how you use the Services, the following categories of third parties collect data on our behalf or receive Personal Information:

• Hosting services providers.
• Analytics providers.
• Advertising and marketing partners (that assist us for our direct marketing purposes only).
• Payment processors.
• Other third-party service providers that help us provide features and functions for the Services.
• Professional service providers, such as auditors, lawyers, consultants, accountants and insurers.

For a list of all third-party service providers we use, please contact us as described in Section 3. We require all third parties to respect the privacy and security of your Personal Information and to treat it in accordance with the law.

For clarity, Ditto does not use any User Content for purposes of its own marketing or advertising, and we do not sell or disclose your Personal Information or User Content that we control with third parties for their marketing or advertising purposes. If you are an Authorized User, please check with the applicable Customer regarding their use of your Personal Information or User Content by such Customer for their marketing or advertising purposes.

Disclosures Directed by our Customers

We will share and disclose Personal Information of Authorized Users with the applicable Customer and otherwise in accordance with the Customer's instructions, including any applicable terms in the Customer Agreement.

If you are an Authorized User of a Customer, please contact the relevant Customer to learn more about how your information may be used, shared and/or disclosed by us on their behalf.

Business Transfers

If Ditto enters into a merger, acquisition or sale of all or a portion of its assets or business, your Personal Information may be one of the transferred assets. Should such a sale or transfer occur, Ditto will require the buyer to treat your Personal Information in a manner that is consistent with this Privacy Policy.

Affiliates and Subsidiaries

Personal information may be shared with the employees, contractors, and agents of Ditto and our affiliated and subsidiary entities ("Affiliates") who are involved in providing or improving the Services that we offer to you. We obligate the employees, contractors and agents of Ditto and our Affiliates to ensure the security and confidentiality of your Personal Information and to act on that Personal Information only in a manner consistent with this Privacy Policy.

Legal Disclosures

Regulatory and Government Bodies -- Compliance with Law

We may disclose your information to regulatory agencies and official government bodies, as required to comply with or satisfy any laws, rules, or regulations applicable to Ditto.

Required Disclosures -- Responding to Legal Orders

If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States. Under such circumstances, unless prohibited by applicable law, we will attempt to provide you with prior notice that a request for your Personal Information has been made in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by email, if you have given us an email address. However, in some instances, government requests may prohibit us from giving notice to the affected individual. In those cases, we will notify you when it has expired or once we are authorized to do so. If you are an Authorized User, the relevant Customer may influence the disclosure of your Personal Information; please consult with the relevant Customer to learn more about how they respond to requests for information pursuant to legal orders.

Exigent Circumstances & Enforcement/Protection of Our Rights

Your information, including the contents of all of your online communications in our Services and between you and Ditto may be accessed and monitored as needed to provide our Service and may be disclosed to law enforcement, regulatory agencies, official government bodies, and other third parties, as we, in our sole discretion, believe necessary or appropriate:

• To enforce our rights under our terms of use, terms of service, customer agreements and/or any other terms and conditions applicable to the use of the Services;
• In connection with an investigation of fraud, intellectual property infringement, piracy or other unlawful activity or activity that may expose us or our affiliates, partners and/or agents to legal liability; and/or
• If we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person.

With your Consent

There may be situations where you are asked to consent to share Personal Information with third parties for additional reasons not included in this Privacy Policy. In such event, we will only share such Personal Information if we have received your prior consent and only for the purposes as listed in the request to share such information.

Except where otherwise required by applicable law, your consent for the use and/or disclosure of your Personal Information in specific situations will continue in full force and effect until you revoke that consent, which you may do by contacting our Privacy Team as described in Section 3 above.

For the avoidance of doubt, the revocation of consent shall only apply to the use of the information after our receipt and processing of such request (which we shall process promptly and in accordance with applicable law), and not to any use or disclosure prior to such revocation in compliance with your consent.

12. DIRECT MARKETING COMMUNICATIONS

If you are a registered user and have not otherwise opted out (or you have provided your consent where required by applicable law), or if you have opted in to receive direct marketing emails from us, we may use your Personal Information to send you marketing information about the Services and our products that we think may be of interest to you. For instance, when you request additional information regarding the Services and/or our products and services or sign up for our newsletter, we may ask if you wish to opt in to receive marketing communications from us. This is what we call direct marketing. We carry out direct marketing by email and phone. We obtain consent to send you such communications where required under applicable local laws.

For clarity, Ditto does not use any User Content for purposes of its own marketing or advertising, and we do not sell or disclose your Personal Information or User Content that we control with third parties for their marketing or advertising purposes. If you are an Authorized User, please check with the applicable Customer regarding their use of your Personal Information or User Content by such Customer for their marketing or advertising purposes.

If you no longer wish to receive these marketing communications, you have the right at any time to opt out. The easiest way to opt out is to use the unsubscribe link that you will find at the bottom of each communication. You may also manage your direct marketing preferences as further explained in Your Choices.

13. YOUR CHOICES

Updating, Correcting and Deleting Personal information

If you would like to correct, update, or delete your Personal Information (such as your contact information) please contact us at privacy@ditto.live and we will use reasonable efforts to correct and/or update such information, in compliance with applicable law.

Please note that if you are an Authorized User, any request to correct, access, update or delete your Personal Information will need to be directed to the applicable Customer.

14. ADDITIONAL RIGHTS FOR EEA, SWITZERLAND, AND UK

The European Union's General Data Protection Regulation and certain other countries' data protection laws provide certain rights for data subjects. If you are a resident of the EEA, Switzerland, the UK, or another country with data protection laws that provide for certain data subject rights, you may submit a request to exercise your rights.

We respond to all requests we receive from individuals wishing to exercise their data rights in accordance with applicable data protection laws.

Depending on your country of residence, your rights may include:

• Request information about how we collect, process, use and share your Personal Information (commonly known as a "right to know request").
• Request access to your Personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it.
• Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your Personal Information (commonly known as a "request to be forgotten"). This enables you to ask us to delete or remove Personal Information. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply in full with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• Request restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of your Personal Information in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
• File a complaint with a supervisory authority about our collection and processing of your Personal Information.

Exercising Your Rights

These rights are subject to certain rules around when you can exercise them. If you are located in the EEA, Switzerland or UK and wish to exercise any of the rights set out above, please contact us by using the methods described in Section 3 of this Privacy Policy. You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights listed above), and Ditto does not discriminate based on whether you choose to exercise your choice and rights. We will not, based on your exercise of rights, deny our Services to you, charge you different rates, provide a different level or quality of Services to you, or suggest that you may receive such different treatment.

However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights).This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please first contact our Privacy Team as described in Section 3.

Please note that if you are an Authorized User, we may forward your request to exercise your rights to the relevant Customer with respect to the information controlled by such Customer.

15. DATA RETENTION AND SECURITY

Data Retention

Your Personal Information is processed for the period necessary to fulfill the purposes for which it is collected, to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights.

In order to determine the most appropriate retention periods for your Personal Information, we consider the amount, nature and sensitivity of your information, the reasons for which we collect and process your Personal Information, and applicable legal requirements.

In some instances, we may choose to anonymize your Personal Information instead of deleting it, for statistical use, for instance. When we choose to anonymize, we make sure that there is no way that the Personal Information can be linked back to you or any specific user.

Data Security

We have put in place reasonable and appropriate security measures designed to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. For example, we use encryption, secure socket layer, firewalls, and password protection. In addition, we limit access to Personal Information to those employees, agents, contractors and the third parties who have a business need-to-know. Please do not disclose your account password to unauthorized people.

We also have procedures in place to deal with any suspected data security breach, and we will notify you and any applicable regulator of a breach where required to do so. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and while we take reasonable steps to provide secure services, by using the Internet and the Services, you understand and assume the risks associated with your activities.

16. EXTERNAL WEBSITES

The Services may contain links to other websites that are not controlled by Ditto ("External Websites"). By clicking on links to External Websites, the operators of the External Websites may collect your Personal Information. We are not responsible for the content or privacy practices employed by the operators of any External Websites, and your use of External Websites is subject to their respective terms of use and privacy policies.

17. SOCIAL MEDIA BUTTONS

On or through the Services we may provide third-party "share" buttons which enable you to share certain content via social media sites (e.g., Facebook, Twitter, Instagram, YouTube, and LinkedIn). These "share" buttons may function as web beacons when you interact with the button. Please note that when you "share" using the buttons, you may send to the third party provider of the "share" button the information that you are viewing. If you are not logged into your account with the third party provider, then the third party may not know your identity. If you are logged in to your account with the third party, then the third party may be able to link information or actions about your interactions with the Services to your account with the applicable third party provider. Please refer to each third party's privacy policies to learn more about its data practices.

18. TRANSFERS OF PERSONAL INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA AND OTHER NON-U.S. COUNTRIES

Ditto is based in the United States, and the Personal Information that we process is stored, hosted and processed on servers located in the United States. However, Ditto operates globally and may transfer the Personal Information that we process to our other offices and to the third parties described above. These recipients may be situated outside of your country or regional area of residence and may process Personal Information outside of your country or regional area. In particular, information provided to us or collected by us will likely be transferred to and processed in the United States by us or our Affiliates and our respective agents and contractors. The data protection laws of the United States or other countries may not be as comprehensive or equivalent to those in your country of residence.

We rely on legally-provided mechanisms to transfer Personal Information across borders where and as required under applicable law.

‍

19.  DATA PORTABILITY RIGHTS

If you are a resident of certain U.S. state or other geographic area, the law may also permit you to request details of Personal Information processed by us, and we will comply with such laws.

To make a request described in this Section 19, please contact us using the methods described in Section 3 above.