Graphy Privacy Policy
LAST UPDATED: 5th May 2022
I. GENERAL PRIVACY TERMS
Graphy respects your privacy and is committed to protecting it. In addition to our Terms of Service, this Privacy Policy (the “Policy”) explains the types of information collected by Graphy when you use the Platform (as defined in Terms of Service that references this Policy), how we collect, use, share and store such information collected and also explains the rationale for collection of such information, the privacy rights and choices you have regarding your information submitted to us when you use the Services.
For ease of reference, use of the terms “Graphy”, “we”, “us”, and/or**“our”** refer to Graphy Labs Private Limited - a company incorporated in India, Graphy INC - a company incorporated in the State of Delaware, USA, and their affiliates. Similarly, use of the terms “you”, “yours” and/or “User(s)” refer to all shall refer to all visitors of the Platform and the Creator(s) (as defined under our Terms of Service).
The Services are governed by this Policy, Terms of Service , and any other rules, policies or guidelines published on the Platform as applicable to you. Please read this Policy carefully prior to accessing our Platform and using the Services. By accessing and using the Platform, providing your Personal Data (defined below), or by otherwise signalling your agreement when the option is presented to you, you consent to the collection, use, disclosure, sharing and storing of information described in this Policy, Terms of Service and any other rules, policies or guidelines published on the Platform as applicable to you (collectively referred to as the**“Platform Terms”**), and Graphy disclaims all the liabilities arising therefrom. If you have inadvertently submitted any Personal Data to Graphy prior to reading this Policy, or you do not agree with the way your Personal Data is collected, stored, or used, then you may access, modify and/or delete your Personal Data in accordance with this Policy (refer to the sections about Your Choices and Your Rights).
If any information you have provided or uploaded on the Platform violates the Platform Terms, Graphy may be required to delete such information upon informing you of the same where possible and revoke your access to the Platform if required.
Capitalized terms used but not defined in this Policy can be found in our Terms of Service.
If you have any questions about this Policy, please contact us at privacy@graphy.com.
A. Applicability:
This Policy applies to all users of the Platform, including without limitation, (i) visitors of the Platform, (ii) the Creators (as defined in the Terms of Service), (iii) the Authorized Users (as defined in the Terms of Service), and (iv) Creator's End-Users (as defined in the Terms of Service).
Acceptance of the Platform Terms and any other specific terms by the Creator in association with their use of the Platform, shall be deemed as acceptance of such terms by all of Creator's Page Users*(as defined in the Terms of Service)*. Creators are solely responsible for publishing any terms and conditions, privacy policies and any other terms and conditions or policies that shall be applicable for their Page Users in accordance with the Platform Terms and applicable laws, including Data Protection Laws (as defined in the 'Personal Data' section below).
B. Access:
You may be allowed to access and view the Platform as a guest/visitor and without creating an account on the Platform or providing any Personal Data; Graphy does not validate or takes no responsibility towards information, if any, provided by you as a guest/visitor, except as otherwise required under any law, regulation, or an order of competent authority. To have access to all the features and benefits on our Platform, you are required to first create an account on our Platform. To create an account, you are required to provide certain Personal Data as may be mandatorily required during the time of registration. All other information requested on the registration page, including the ability to receive promotional offers from Graphy, is optional. Graphy may, in future, include other optional requests for information from you to help Graphy customize the Platform to deliver personalized information to you. Graphy may keep records of telephone calls or emails received from or made by you for making enquiries, feedback, or other purposes for the purpose of rendering Services effectively and efficiently.
C. Processors and Controllers:
Graphy is the 'Controller' (as defined in the Data Processing Addendum ('DPA')) of the information, including Personal Data that it directly collects from you and processes in connection with the use of the Platform and the provision of the Services on the Platform (“User Data”). The kind of information we collect in connection with such use is detailed below. It is hereby clarified that User Data specifically excludes Creator Data (defined below).
When it comes to the Content on Creator's Page (as defined in theTerms of Service), any information, materials, media, applications, data, services, subject-matter, including Personal Data, or solutions created and/or uploaded by a Creator on their Page, Page Users' Data (as defined in 'Personal Data' section below) (“Creator Data”), the respective Creators are the 'Controllers' (as defined in the DPA) of such Creator Data. In this case, Graphy only acts as a 'Processor' (as defined in the DPA) and processes the Creator Data on behalf of the Creator.
We clarify that the Page User(s) Data processed and stored by the Creator outside the purview of the Platform shall be the sole responsibility of the Creator.
You as a Creator acknowledge and agree that you are responsible for complying with all applicable laws and regulations related to the protection of information, including Personal Data for which you are the Controller or the Processor, as applicable. You are also responsible for providing an appropriate privacy notice and cookies policy to your Page Users that detail, among other things, the processing activities and security measures undertaken by you in respect of your Page Users' Data (as defined below) within and beyond the scope of this Platform in accordance with applicable laws.
D. Use of the Platform by Minors/Children:
As stated in our Terms of Service, to register on the Platform you must meet the 'Age Requirements' (as defined in our Terms of Service). If you are a “Minor” or “Child” i.e., an individual who does not meet the Age Requirements, then you may not register on the Platform.
We do not knowingly collect any Personal Data from a Child. If you are a Parent and you are aware that your Child has provided us with any Personal Data without your consent, please contact us atprivacy@graphy.com. If we become aware that we have collected Personal Data from a Child, we will take steps to remove such information from our servers.
Furthermore, as stated above, our Platform is not directed at Minors/Children, and we urge you to follow and apply the same in respect of your Page Users. However, in your use of the Services, if you fail to include the necessary age-related disclosures, or knowingly make available services/content targeted at Minors/Children, then it shall be your sole responsibility to comply with all applicable laws relating to the privacy rights of children, including the Children's Online Privacy Protection Rule (COPPA). Graphy shall not be liable for your non-compliance of the applicable laws, including the Data Protection Laws.
E. Personal Data:
For the purpose of the Platform Terms -
- “Personal Data” shall mean the information which identifies a user, including first and last name, identification number, email address, age, gender, location, photograph and/or phone number and any other information categorized as 'personal data' under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, General Data Protection Regulation (GDPR) and / or the California Consumer Privacy Act (CCPA) or other equivalent / similar legislations (“Data Protection Laws”) and in context of this Policy.
- “Sensitive Personal Data” shall mean and include (i) passwords and financial data (except the truncated last four digits of credit/debit card), (ii) health data, (iii) official identifier (such as biometric data, aadhar number, social security number, driver's licence, passport, etc.,), (iv) information about sexual life, sexual identifier, race, ethnicity, political or religious belief or affiliation, (v) account details and passwords, or (vi) other data/information categorized as 'sensitive personal data' or 'special categories of data' under the applicable Data Protection Laws and in context of this Policy.
- “Page User(s) Data” shall mean and include End-User(s) Data and Authorized User(s) Data.
- “End-User(s) Data” shall mean and include any Personal Data and/or Sensitive Personal Data that a Creator collects from their End-User(s) through the Creator's Page.
- “Authorized User(s) Data” shall mean and include any Personal Data and/or Sensitive Personal Data that a Creator collects from their Authorized User(s) through the Creator's Page.
We request you to not provide Graphy with any Personal Data unless specifically requested by us. In the event you share with Graphy any Personal Data without us having specifically requested for the same, then we bear no liability in respect of such Personal Data provided by you.
Further, we do not collect, process, or store or facilitate storing of any Sensitive Personal Data. Accordingly, you shall not use the Services to collect, process, or store any Sensitive Personal Data, including personal health information, banking, and credit card information; and if you do use the Platform and/or the Services to collect, store or otherwise process any Sensitive Personal Data, then you do so at your own risk and you are responsible for ensuring compliance with all applicable laws.
F. Information we collect:
We only collect information about you if we have a reason to do so — for example, to provide our Services on the Platform, to communicate with you, or to make our Services better.
It is hereby clarified that we do not directly collect any information, including any Personal Data, from your Authorized Users and End-Users. We only process the End-Users' Personal Data as collected by you through your Page, in accordance with your instructions under the DPA. Further, we do not contact or solicit your Authorized Users and/or End-Users directly and any correspondence with the End-Users will strictly be through you and in relation to the Platform, its access or any technical issue they may want resolved in connection with the Platform.
We collect this information from the following sources:
Information we collect from You:
Basic account information: In order to access certain features of the Platform, you will need to create an account and register with us. We ask for basic information which may include your name, an email address, state of residence country, and password, along with a username and phone/mobile number.
Public profile information: If you create an account with us, we also collect the information that you provide for your public profile on the Platform viz., your username is part of that public profile, along with any other information you may put into your public profile, like an 'About Me' description; we may also give you an option to upload your photo and include links of your social media & YouTube channels, websites, blogs, etc. your public profile information is, as the word suggests, 'public', so please keep that in mind when deciding what information you would like to include.
The above information is collected so you can personalize your new account, provide you access to the Platform, and we can send you notifications, updates, or other essential information.Information when you communicate with us: When you write to us with a question or to ask for help either for yourself or for your Page Users, we will keep that correspondence, and the email address, for future reference; this may also include any phone/ mobile numbers or any of your Page Users' Personal Data, if you have provided us the same as part of your communication either in writing (emails included), over a phone call or otherwise. When you browse pages on our Platform, we will track that for statistical purposes which may be to improve the Platform and/or the Services. You may also provide us your Personal Data or other information when you respond to surveys, enter any form of events, webinars, etc., hosted by Graphy, either on the Platform or otherwise, or when you otherwise communicate with us via form, e-form, email, phone, or otherwise, we store a copy of our communications (including any call recordings or emails, if any, as permitted by applicable law).
Information we collect automatically:
Device and Log information: When you access our Platform, we collect information that web browsers, mobile devices, and servers typically make available, including the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. We collect log information when you use our Platform — for example, when you create or make changes to your profile page or account on the Platform.
Usage information: We collect information about your usage of our Platform. We also collect information about what happens when you use our Platform (e.g., page views, support document searches, features enabled for your account, interactions with other parts of our Services) along with information about your Supported Device (e.g., screen size, name of cellular network, and mobile device manufacturer). We use this information to provide our Platform to you, get insights on how people use our Platform so that we can make our Platform better, and understand and make predictions about User retention.
Location information: We may determine the approximate location of your Supported Device from your Internet Protocol (IP) address. We may collect and use this information to calculate how many people visit from certain geographic regions or to improve our Platform Services.
Information from cookies & other technologies: We may collect information about you through the use of cookies and other similar technologies. A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. For more information on our use of cookies and similar technologies, please refer to our Cookie Policy.
Further, we may also collect information about your End-Users through the use of cookies and other similar technologies, however, we will not collect any Personal Data through such cookies and other similar technologies.
Information we collect from other sources:
We might receive and collect information about you from other sources in the course of their services to us, such as information received from Third-Party Platforms (as defined in our Terms of Service), information relating your purchase of the Subscription on our Platform through Third-Party Service Providers (as defined in our Terms of Service) or we may receive information about you from a social media site or a Google service if you connect to the Services through that site or if you use the Google sign-in.
G. Basis for Collection and Processing of your Personal Data:
Basis for collection:
We collect and process your Personal Data based on the following legal parameters depending upon the nature of Personal Data and the purposes for which it is processed:
- Consent: We rely on your consent to process your Personal Data in certain situations. If we require your consent to collect and process certain Personal Data, as per the requirements under the applicable Data Protection Laws, your consent is sought at the time of collection of your Personal Data and such processing will be performed where consent is secured.
- Compliance with a legal obligation: Your Personal Data may be processed by us, to the extent that such processing is necessary to comply with a legal obligation.
Processing of your Personal Data:
We may process your Personal Data in connection with any of the purposes and uses set out in this Policy on one or more of the following legal grounds:
- Because it is necessary to perform the Services you have requested or to comply with your instructions or other contractual obligations between you and us;
- To comply with our legal obligations as well as to keep records of our compliance processes;
- Because our legitimate interests, or those of a third-party recipient of your Personal Data, make the processing necessary, provided those interests are not overridden by your interests or fundamental rights and freedoms;
- Because you have chosen to publish or display your Personal Data on a public area of the Platform, such as a comment area;
- Because it is necessary to protect your vital interests;
- Because it is necessary in the public interest; or
- Because you have expressly given us your consent to process your Personal Data in a particular manner.
We do not use Personal Data for making any automated decisions affecting or creating profiles other than what is described in this Policy.
Where the processing of your Personal Data is based on your consent, you have the right to withdraw your consent at any point in time in accordance with this Policy. Please note that should the withdrawal of consent result in us not being able to continue offering our Services to you, we reserve the right to withdraw or cease from offering our Services to you upon your consent withdrawal. You may withdraw consent by contacting us with a written request to the contact details provided in the 'Grievances' section below. Upon receipt of your request to withdraw your consent, the consequences of withdrawal may be communicated to you. Upon your agreement to the same, your request for withdrawal will be processed.
H. How we Use and Share the Information Collected
We use/process your information in the following manner:
- To provide Services on our Platform: We use your information as collected by us to allow you to access the Platform and the Services offered therein, including without limitation to set-up and maintain your account, provide customer service, fulfil purchases through the Platform, verify User information and to resolve any glitches with our Platform. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Platform, and/or the performance of a contract between you and us.
- To improve our Platform and maintain safety: We use your information to improve and customize the Platform and Services offered by us, including providing automatic updates to newer versions of our Platform and creating new features based on the Platform usage analysis. Further, we also use your information to prevent, detect, investigate, and take measures against criminal activity, fraud, misuse of or damage to our Platform or network, and other threats and violations to Graphy's or a third party's rights and property, or the safety of Graphy, its users, or others. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Platform, and/or the performance of a contract between you and us.
- To market our Platform and communicate with You: We will use your information to develop a more targeted marketing of our Platform, to communicate with you about our offers, new products, services or even receive your feedback on the Platform. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Platform, and/or the performance of a contract between you and us.
- To establish, exercise, or defend legal claims: We may process any Personal Data identified in this Policy when necessary for establishing, exercising, or defending legal claims, whether in court, administrative, or other proceedings. The legal basis for this processing is our legitimate interest in the protection and assertion of our legal rights, your legal rights, and the legal rights of others.
- To manage risk and obtain professional advice: We may process any of the Personal Data identified in this Policy to manage risk or obtain professional advice. The legal basis for this processing is our legitimate interest in the proper protection of our business and Platform.
- Consent: We may otherwise use your information with your consent or at your direction.
- To Better Understand Our Users: We may use information we gather to determine which areas of the Services are most frequently visited to understand how to enhance the Services.
We share the information collected as per terms of this Policy only in the manner specified hereinbelow. We do not sell or otherwise disclose Personal Data we collect about you for monetary or other valuable consideration. Further, only authorized representatives of Graphy and on a need-to-know basis use any information received from you and as consented by you. In the event of any identified unauthorized use or disclosure of information or upon your complaint as stated under the 'Grievances' section below, we will investigate any such complaint and take the appropriate action as per the applicable Data Protection Laws.
You are responsible for protecting your Page Users Data that you collect, and for processing that information in accordance with applicable privacy laws including the Data Protection Laws.
Information shared with Creator's End-Users of the Platform:
When a Creator creates an account and makes available Content on the Platform, the Content on Creator's Page will be viewable by their End-Users.
Please note that all information shared by you, whether as part of your public profile or Content, in Public Forums, or other public portions of the Creator's Page, is deemed as public information. Since the same is publicly available, we cannot control how others treat it; so please keep that in mind when deciding what information, you choose to include, and refrain from sharing your Sensitive Personal Data and those of others.
Other ways we may share Information:
- Affiliates and Subsidiaries: We may disclose information about you to our affiliates, subsidiaries and other businesses under the same control and ownership, and their respective officers, directors, employees, accountants, attorneys, or agents, who need the information to help us provide the Services or process the information on our behalf or as stated in our Terms of Service. We require our affiliate, subsidiaries and other businesses under the same control and ownership to follow this Privacy Policy for any Personal Data that we share with them.
- Third-party vendors/service providers including integrated services on the Platform: We may share information about you with third-party vendors or service providers (including consultants, payment processors, and other service providers and integrated services) who need the information to provide their support services to us or you, or to provide their services to you on our behalf either directly or through the Platform. These services may include providing customer support, performing business and sales analysis, supporting our website functionality, facilitating payment processing, and supporting contests, surveys, and other features offered on our Platform. Such third-party vendors are not allowed to use the information for any purpose other than what it was provided for, and they are required to process and use the information in accordance with this Privacy Policy.
- Legal Disclosures: We may disclose information about you in response to a court order, or other governmental request. Without limitation to the foregoing, we reserve the right to disclose such information where we believe in good faith that such disclosure is necessary to:
- comply with applicable laws, regulations, court orders, government and law enforcement agencies’ requests;
- protect and defend Graphy's or a third party's rights and property, or the safety of Graphy, our users, our employees, or others; or
- prevent, detect, investigate and take measures against criminal activity, fraud and misuse or unauthorized use of our Platform and/or to enforce our Data Processing Addendum or other agreements or policies.To the extent permitted by law, we will attempt to give you prior notice before disclosing your information in response to such a request.
- Business transfers: In the event Graphy undergoes any merger, acquisition, or sale of company assets, in part or in full, by another company, or in the unlikely event that Graphy goes out of business or enters bankruptcy, user information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.
- Advertising and Analytics Partners: We may share usage data with third- party advertisers, advertisement networks, and analytics providers through cookies and other similar technologies.
- With Your Consent: We may share and disclose information with your consent or at your direction.
Your information may be shared for reasons not described in this Policy, however, we will seek your consent before we do the same or share information upon your direction.
I. Cross-Border Data Transfer:
Your information including any Personal Data is stored, processed, and transferred in and to the servers and databases located in Mumbai and Bangalore, India. Graphy may also store, process, and transfer information in and to servers in other countries depending on the location of its affiliates and service providers.
Please note that these countries may have differing (and potentially less stringent) privacy laws and that Personal Data can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies, and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process.
If you use our Platform from outside India, including in the USA, EU, EEA, and UK, your information may be transferred to, stored, and processed in India. By accessing our Platform or otherwise giving us information, you consent to the transfer of information to India and other countries outside your country of residence. If you are located in the EU and applicable law specifies relevant legal grounds for processing personal data, the legal grounds for our processing activities are to perform our contract(s) with you; to meet our legal obligations; and for our legitimate business purposes, including to improve our operation and Services and to detect and prevent fraud.
We rely on legal basis to transfer information outside the USA, EU, EEA and UK, and any Personal Data that we transfer will be protected in accordance with this Policy as well as with adequate protections in place in compliance with applicable Data Protection Laws and regulations.
J. Duration For Which Your Information Is Stored on the Platform
Mostly, when you delete any of the information provided by you or when you delete your account, on the Platform, the same will be deleted from our servers too. When you delete your account (regardless of the reason), all Content on Creator's Page, including Page Users Data, may no longer be available and the same may be irrecoverable. Graphy is not responsible for the loss of such Content on Creator's Page upon deletion. Hence, prior to initiating deletion of your account, please ensure to take necessary back-ups of all Content on Creator's Page, including End-Users' Data. In certain cases, we will retain User Data (defined under 'Controllers and Processors' section above) for as long as it is required for us to retain for the purposes stated hereinabove, including for the purpose of complying with legal obligation or business compliances. It is clarified that Content on Creator's Page and Page Users Data is specifically excluded from any retention stated herein.
Further, please note that we may not be able to delete all communications or photos, files, or other documents publicly made available by you on the Platform (for example: comments, feedback, etc.), however, we shall anonymize your Personal Data in such a way that you can no longer be identified as an individual in association with such information made available by you on the Platform. We will never disclose aggregated or de-identified information in a manner that could identify you as an individual.
Note: If you wish to exercise any of your rights (as specified in 'Your Rights' section below) to access, modify and delete any or all information stored about you, then you may do so by using the options provided within the Platform. You can always write to us at privacy@graphy.com for any clarifications needed.
K. Your Choices:
- Limit the information You provide: You always have an option to choose the information you provide to us, including the option to update or delete your information. However, please note that lack of certain information may not allow you the access to the Platform or any of its features, in part or in full.
- Limit the communications You receive from us: Further, you will also have the option to choose what kind of communication you would like to receive from us and whether you would like to receive such communication at all or not. However, there may be certain communications that are required for legal or security purposes, including changes to various legal agreements, that you may not be able to limit.
- Reject Cookies and other similar technologies: You may reject or remove cookies from your web browser; you will always have the option to change the default settings on your web browser if the same is set to 'accept cookies'. However, please note that some Services offered on the Platform may not function or be available to you, when the cookies are rejected, removed, or disabled.
L. Your Rights:
In general, all Users have the rights specified herein this section. However, depending on where you are situated, you may have certain specific rights in respect of your Personal Data accorded by the laws of the country you are situated in. To understand your rights, please refer to the Country Specific Additional Terms below.
If you are a Creator, you may exercise any of these rights by using the options provided to you within the Platform upon your login. If, however, you are facing any issues or require any clarifications, you can always write to us at the address noted in the 'Grievances' section below, and we will address your concerns to the extent required by the applicable law.
- Right to Confirmation and Access: You have the right to get confirmation and access to your Personal Data that is with us along with other supporting information.
- Right to Correction: You have the right to ask us to rectify your Personal Data that is with us that you think is inaccurate. You also have the right to ask us to update your Personal Data that you think is incomplete or out-of-date.
- Right to be Forgotten: You have the right to restrict or prevent the continuing disclosure of your Personal Data under certain circumstances.
- Right to Erasure: If you wish to withdraw/remove your Personal Data from our Platform, you have the right to request erasure of your Personal Data from our Platform. However, please note that such erasure will remove all your Personal Data from our Platform (except as specifically stated in this Policy) and may result in deletion of your account on the Platform permanently, and the same will not be retrievable.
Remember, you are entitled to exercise your rights as stated above only with respect to your information, including Personal Data, and not that of other Users. Further, when we receive any requests or queries over email or physically to the address specified in the 'Grievances' section below, then, as per the applicable Data Protection Laws, we may need to ask you a few additional information to verify your identity in association with the Platform and the request received.
Further, you shall be responsible to notify the rights and choices your Page Users have in respect of their Personal Data collected by you through the Page, by making available the relevant privacy notices/policies and cookies policy to them.
M. Information Security
- We work to protect the security of your information during transmission by using HTTPS, which encrypts information you input for maintaining security of your information.
- We maintain electronic, and procedural safeguards in connection with the collection, storage, and disclosure of Personal Data (including Sensitive Personal Data). Our security procedures mean that we may occasionally request proof of identity before we disclose Personal Data to you that belongs to you.
- However, no form or method of data storage or transmission system is fully secure, and we cannot guarantee that security provided by such system(s) is absolute and that your information will not be accessed, disclosed, or destroyed in the event of a breach of our security measures.
- It is important for you to protect your account against unauthorized access to or use of your password and to your computer and if you have any reason to believe that your password has become known to anyone else, or if the password is being, or is likely to be, used in an unauthorized manner, you must immediately change your password or inform us, so that we are able to help you stop or prevent such unauthorized access. Be sure to sign off when you finish using a shared computer.
- We try and ensure that the third parties who provide services to us under appropriate contracts take appropriate security measures to protect Personal Data in line with our policies.
N. Promotional Communications
You will always have the option to opt out of receiving some or all of our promotional communications through the settings provided within the Platform upon your login, by using the unsubscribe link in any email communications sent to you or by emailingcare@graphy.com.
If you opt out of promotional communications, we may still send you transactional communications, such as service announcements, administrative and legal notices, and information about your account, without offering you the opportunity to opt out of these communications. If you no longer wish to use our Platform or receive any communications from us (except for those that are legally required), then you may delete your account by using the option enabled within the Platform.
Please note that opting out of promotional email communications only affects future communications from us. If we have already provided your information to a third party (as stated in this Policy) before you changed your preferences or updated your information, you may have to change your preferences directly with that third party.
We do not sell your Personal Data to third parties, and we do not use your name or name of your company in marketing statements without your consent.
O. Interest-Based Ads
On unaffiliated sites, Graphy may display interest-based advertising using information you make available to us when you interact with our Platform and Services. Interest-based ads, also sometimes referred to as personalised or targeted ads, are displayed to you based on information from activities such as registering with our Platform, visiting sites that contain Graphy content or ads. In providing interest-based ads, we follow applicable laws, as well as the Code for Self-Regulation in Advertising by the Advertising Standards Council of India and the Self-Regulatory Principles for Online Behavioural Advertising developed by the Digital Advertising Alliance (a coalition of marketing, online advertising, and consumer advocacy organizations) and other rules and guidelines issued by the Federal Trade Commission in respect of digital advertising.
We do not provide any Personal Data to advertisers or to third party sites that display our interest-based ads. However, advertisers and other third-parties (including the ad networks, ad-serving companies, and other service providers they may use) may assume that users who interact with or click on a personalised ad or content are part of the group that the ad or content is directed towards. Also, some third-parties may provide us information about you (such as the sites where you have been shown ads or demographic information) from offline and online sources that we may use to provide you more relevant and useful advertising.
Advertisers or ad companies working on their behalf sometimes use technology to serve the ads that appear on our sites directly to your browser. They automatically receive your IP address when this happens. They may also use cookies to measure the effectiveness of their ads and to personalise ad content. We do not have access to or control over cookies or other features that advertisers and third-party sites may use, and the information practices of these advertisers and third-party websites are not covered by our Policy. Please contact them directly for more information about their privacy practices.
P. Modification to Privacy Policy
Our business changes constantly and our Policy may change from time to time. We may, at our discretion (unless required by applicable laws to mandatorily do so), email periodic reminders of our notices and conditions, unless you have instructed us not to, but we encourage you to check our Platform frequently to see the recent changes. Unless stated otherwise, our current Policy applies to all information that we have about you and your account. We stand behind the promises we make, however, and will not materially change our policies and practices making them less protective of customer information collected in the past without your consent.
Q. Privacy Grievances
If you have any questions about this Policy, wish to exercise your rights, or have concerns about privacy of your data or any privacy related grievances , please register your complaint with a thorough description via email to privacy@graphy.com addressed to our grievance officer or via a registered post to the below address-
If you are a Creator located in India, you may send the registered post to –
Graphy Labs Private Limited
Registered office: 11/1, 12/1, Maruthi Infotech Centre, 5 th Floor, A-Block, Domlur, Koramangala Inner Ring
Road, Bangalore- 560 071, Karnataka, India.
If you are a Creator located outside India, you may send the registered post to –
Graphy INC
c/o Vistra (Delaware) Ltd, 3500 South Dupont HWY
Dover, Kent, DE 19901
II. COUNTRY SPECIFIC ADDITIONAL PRIVACY TERMS
A. TERMS APPLICABLE IF YOU ARE AN INDIAN RESIDENT
Your Rights: If you are located in India, you may have the following rights under the Digital Personal Data Protection Act, 2023 (DPDPA), once it comes into effect. All requests can be made by using the option provided to you within the Platform upon your login. If you are facing any issues, then you may also write to us as stated in the “Grievances” section above, and we will address you concerns to the extent required by law.
- Right to Confirmation and Access: You have the right to get confirmation and access to your Personal Data that is with us along with other supporting information.
- Right to Correction: You have the right to ask us to rectify your Personal Data that is with us that you think is inaccurate. You also have the right to ask us to update your Personal Data that you think is incomplete or out-of-date.
- Right to Grievance Redressal: You have the right to register your grievance with us concerning the manner in which your Personal Information is being handled by writing to us.
- Right to Nominate: You may nominate another person to act on your behalf, in the event of your death or incapacity, exercise your rights.
- Right to Erasure: If you wish to withdraw/remove your Personal Data from our Platform, you have the right to request erasure of your Personal Data from our Platform. However, please note that such erasure will remove all your Personal Data from our Platform (except as specifically stated in this Policy) and may result in deletion of your account on the Platform permanently, and the same will not be retrievable.
B. TERMS APPLICABLE IF YOU ARE A RESIDENT OF UNITED KINGDOM (UK), A EUROPEAN UNION (EU) COUNTRY OR EUROPEAN ECONOMIC AREA (EEA)
Your Rights: If you are located in the United Kingdom (UK) or European Union (EU) or European Economic Area (EEA), you have the following rights under the UK and EU General Data Protection Regulation (GDPR) respectively. All requests can be made by using the option provided to you within the Platform upon your login. If you are facing any issues, then you may also write to us as stated in the**“Grievances”** section above, and we will address you concerns to the extent required by law.
- Right to access Your Personal Data: You have the right to receive confirmation on whether or not Personal Data concerning you is being processed and, where that is the case, access to the Personal Data can be sought;
- Right to Rectification: Our goal is to keep your Personal Data accurate, current and complete. Please contact us if you believe your information is inaccurate or incomplete;
- Right to Erasure: In some cases, you have a legal right to request that we erase your Personal Data;
- Right to object to Processing: You have the right to object to our processing of your Personal Data under certain conditions;
- Right to restrict Processing: You have the right to request that we restrict the processing of your Personal Data, under certain conditions;
- Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions;
- **Right to make a complaint to a government supervisory authority:**If you believe we have not processed your Personal Data in accordance with applicable provisions of the GDPR, we encourage you to contact us at privacy@graphy.com. You also have the right to make a GDPR complaint to the relevant Supervisory Authority or seek a remedy through the courts. A list of Supervisory Authorities is available at: https://edpb.europa.eu/about-edpb/board/members\_en. If you need further assistance regarding your rights, please contact us using the contact information provided below, and we will consider your request in accordance with applicable law. You can identify the supervising authority of your concern by visiting https://edpb.europa.eu/about-edpb/board/members\_en.
- Right to not be subject to automated decision-making, including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you.
We collect and process Personal Data about you only where we have a legal rationale to do so. Specific legal rationale applied for the same will depend on the type of Personal Data collected and the context in which the same is being processed, including the Services involved.
Representative for data subjects in the EU, EEA, and UK:
We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative in the EU, EEA and UK and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g., requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/q/17449722090.
C. TERMS APPLICABLE IF YOU ARE A CALIFORNIA STATE RESIDENT
If you are a California state resident, then you have the following rights to the extent, and in the manner, set out in the CCPA:
- The right to request for Personal Information that we hold on you;
- The right to opt-out of sales. As we do not sell your information, we have not provided an opt-out;
- The right to opt-out of sharing of your Personal Information with third parties for cross-context behaviour advertising purposes. As we do not share your information for this purpose, we have not provided an opt-out;
- Your right to be notified if we collect new categories of personal information or use them for purposes not purposes not specified to you without first informing you;
- The right to equal services without discrimination;
- The right to correct inaccurate Personal Information; and
- The right to request deletion of Personal Information.
The above rights, the manner in which you can exercise the same and the category of and the manner in which we collect your information, are detailed below.
CCPA NOTICE AT COLLECTION:
For purposes of the CCPA, in collecting the information described above, we collect the categories of Personal Data listed below from you:
- Identifiers: We may collect your name, email address, mobile number, username, unique personal identifier, and Internet Protocol (IP) address. We use Identifiers as set forth in the “How We Use and Share the Information Collected” section of this Policy, like your name, contact information, and device and online identifiers.
- Characteristics of Personal Data described in the California Customer Records statute: We may collect your name, email address, username, unique personal identifier, and gender. We use Categories of Personal Data described in the California Consumer Records statute as set forth in the 'How We Use and Share the Information Collected' section of this Policy.
- Internet or other electronic network activity information: We collect cookies as described in our Cookies Policy, we will automatically receive information from your browser and your device, which includes the date and time of your visit to the Platform as well as your location, Internet Protocol (IP) address, domain server, browser type, access time, and data about which pages you visit on the Platform. We use Internet or other electronic network activity information as set forth in the “How We Use and Share the Information Collected” section of this Policy.
- Geolocation data: We may collect your IP address. We use Geolocation Data as set forth in the “How We Use and Share the Information Collected” section of this Policy. (such as your location based on your IP address);
- Audio, electronic, visual or similar information: We may collect your profile picture or other audio or visual information uploaded as content to the Platform. We use audio, electronic, visual or similar information as set forth in the “How We Use and Share the Information Collected” section of this Policy.
- Inferences: We may make inferences based upon the Personal Data collected (such as likelihood of retention or attrition). We use Inference information as set forth in the “How We Use and Share the Information Collected” section of this Policy.
CCPA DATA PRACTICES DURING THE LAST 12 MONTHS:
Personal Data collected: As described in this Policy, we have collected the categories of Personal Data listed below during the preceding 12 months:
- Identifiers
- Characteristics of Personal Data described in the California Customer Records statute
- Internet or other electronic network activity information
- Geolocation data
- Commercial information
- Audio, electronic, visual, thermal, olfactory, or similar information
- Inferences
Categories of sources: We have collected the Personal Data identified in this Policy from you and our payment processors.
Business and commercial purposes for collecting: We have collected the categories of Personal Data listed above for the following purposes:
- Operate the Platform;
- Provide our Services to you;
- Honor our Terms and Conditions and contracts;
- Ensure the privacy and security of our Platform and Services;
- Manage our relationships with you;
- Communicate with you;
- Analyze use of the Platform and our Services;
- Enhance your experience;
- Track visits to the Platform;
- Provide you with a more personal and interactive experience on the Platform; and
- Usage analytics purposes.
Personal Data sold: We have not sold categories of Personal Data during the preceding 12 months.
Personal Data disclosed for a business purpose: We have disclosed for a business purpose the categories of Personal Data listed below during the preceding 12 months:
- Identifiers
- Characteristics of Personal Data described in the California Customer Records statute
- Internet or other electronic network activity information
- Geolocation data
- Commercial information
- Audio, electronic, visual, thermal, olfactory, or similar information
- Inferences
We have disclosed each category of Personal Data to the following categories of third parties: (1) corporate parents, subsidiaries, and affiliates; (2) advisors (accountants, attorneys); (3) service providers (data analytics, data storage, mailing, marketing, website and platform administration, technical support); and (4) operating systems and platforms.
CONSUMER RIGHTS AND REQUESTS UNDER THE CCPA
The CCPA gives consumers the right to request that we (1) disclose what Personal Data we collect, use, disclose, and sell, and (2) delete certain Personal Data that we have collected or maintained. you may submit these requests to us as described below, and we honor these rights where they apply.
If a request is submitted in a manner that is not one of the designated methods for submission, or if the request is deficient in some manner unrelated to our verification process, we will either (i) treat the request as if it had been submitted in accordance with the designated manner, or (ii) provide you with specific directions on how to submit the request or remedy any deficiencies with the request, as applicable.
Request to Know: As a California resident, you have the right to request: (1) the specific pieces of Personal Data we have collected about you; (2) the categories of Personal Data we have collected about you; (3) the categories of sources from which the Personal Data is collected; (4) the categories of Personal Data about you that we have sold and the categories of third parties to whom the Personal Data was sold; (5) the categories of Personal Data about you that we disclosed for a business purpose and the categories of third parties to whom the Personal Data was disclosed for a business purpose; (6) the business or commercial purpose for collecting, disclosing, or selling Personal Data; and (7) the categories of third parties with whom we share Personal Data. Our response will cover the 12-month period preceding our receipt of a verifiable request.
Request to Delete: As a California resident, you have a right to request the erasure/deletion of certain Personal Data collected or maintained by us. As described herein, we will delete your Personal Data from our records and direct any service providers (as defined under applicable law) to delete your Personal Data from their records. However, we are not required to honor a deletion request if an exemption applies under the law.
Submitting a Request:
Submission of Instructions: You may submit a request to know or to delete by using the options provided to you within the Platform upon your login. If you have any concerns, you may write to us via email to privacy@graphy.com or by submitting a request via mail to Graphy Inc., Vistra (Delaware) Ltd, 3500 South Dupont Hwy, Dover, Kent, DE 19901. Regarding requests to delete, we may present you with the choice to delete select portions of your Personal Data, but a global option to delete all Personal Data will be offered and more prominently presented.
Verification Process: We are required by law to verify the identities of those who submit requests to know or to delete. To determine whether the individual making the request is the consumer about whom we have collected information, we will verify your identity by matching the identifying information provided by you in the request to the Personal Data that we already maintain about you. As a part of this process, you will be required to provide your name and email address, and mobile number (if the same have been voluntarily provided by you at the time of registering on the Platform or otherwise while using the Platform). We will inform you if we cannot verify your identity. Please note-
- If we cannot verify the identity of the person making a request for categories of Personal Data, we may deny the request. If the request is denied in whole or in part for this reason, we will provide a copy of, or direct you to, our Privacy Policy.
- If we cannot verify the identity of the person making the request for specific pieces of Personal Data, we are prohibited from disclosing any specific pieces of Personal Data to the requestor. However, if denied in whole or in part for this reason, we will evaluate the request as if it is seeking the disclosure of categories of Personal Data about the consumer.
- If we cannot verify the identity of the person making a request to delete, we may deny the request. If there is no reasonable method by which we can verify the identity of the requestor to the degree of certainty required, we will state this in our response and explain why we have no reasonable method by which we can verify the identity of the requestor.
Authorized Agents: Authorized agents may submit requests via the methods identified in this Policy. If you use an authorized agent to submit a request to know or a request to delete, we may require you to: (1) provide the authorized agent with signed permission to do so; (2) verify your identity directly with us; and (3) directly confirm with us that you provided the authorized agent permission to submit the request. However, we will not require these actions if you have provided the authorized agent with power of attorney pursuant to the California Probate Code.
Excessive Requests: If requests from a User are manifestly unfounded or excessive, in particular because of their repetitive character, we may either (1) charge a reasonable fee, or (2) refuse to act on the request and notify the User of the reason for refusing the request. If we charge a fee, the amount will be based upon the administrative costs of providing the information or communication or taking the action requested.
CCPA Non-Discrimination: You have the right not to receive discriminatory treatment by us due to your exercise of the rights provided by the CCPA. We do not offer financial incentives and price or service differences, and we do not discriminate against Users/consumers for exercising their rights under the CCPA.