Privacy Policy

CoralTree, Inc.

Privacy Policy – Last Updated October 21, 2021

This Privacy Policy (the “Policy”) describes the privacy practices for CoralTree, Inc.  (“CoralTree”, “us”, “we”) and the ways we collect, store, use and protect your personal  and non-personal information on our websites which link to this Policy including,  without limitation, www.coraltreetech.com, and all of the products and services  contained on those websites (the “Website”). 

CoralTree offers cloud-enabled software solutions like Qbox, CADbox, MSbox, which  are designed to provide real-time collaboration for desktop software like Intuit  QuickBooks, Microsoft Office products, Autodesk CAD products, etc. and cloud-based  software solutions like CTSixty which is a platform for professional consulting  (collectively the “Services”). The Services can be accessed through our Website,  applications on Devices and through third parties. A “Device” is any computer used  to access the Services, including without limitation, a desktop, laptop, mobile phone,  tablet, or other consumer electronic device. 

This Policy governs your access to the Services regardless of how you access them,  and by using our services you consent to the collection, transfer, processing, storage,  disclosure and other uses described in this Policy. 

For questions or feedback on this Policy or our privacy practices, please email us  at support@coraltreetech.com. 

Definitions 

For the purposes of this Privacy Policy: 

Account means a unique account created for you to access our Service or  parts of our Service. 

Business, for the purpose of the CCPA (California Consumer Privacy Act),  refers to the Company as the legal entity that collects Consumers’ personal  information and determines the purposes and means of the processing of  Consumers’ personal information, or on behalf of which such information is 

collected and that alone, or jointly with others, determines the purposes and  means of the processing of consumers’ personal information, that does  business in the State of California. 

Company (referred to as either “the Company”, “We”, “Us” or “Our” in this  Agreement) refers to CoralTree, Inc., 6120 Hellyer Ave. #100, San Jose, CA  95138. 

For the purpose of the GDPR, the Company is the Data Controller. 

Consumer, for the purpose of the CCPA (California Consumer Privacy Act),  means a natural person who is a California resident. A resident, as defined in  the law, includes (1) every individual who is in the USA for other than a  temporary or transitory purpose, and (2) every individual who is domiciled in  the USA who is outside the USA for a temporary or transitory purpose. 

Cookies are small files that are placed on your computer, mobile device or any  other device by a website, containing the details of your browsing history on  that website among its many uses. 

Data Controller, for the purposes of the GDPR (General Data Protection  Regulation), refers to the Company as the legal person which alone or jointly  with others determines the purposes and means of the processing of Personal  Data. 

Device means any device that can access the Service such as a computer, a cell phone or a digital tablet. 

Do Not Track (DNT) is a concept that has been promoted by US regulatory  authorities, in particular the U.S. Federal Trade Commission (FTC), for the  Internet industry to develop and implement a mechanism for allowing internet  users to control the tracking of their online activities across websites. 

Personal Data is any information that relates to an identified or identifiable  individual. 

For the purposes of GDPR, Personal Data means any information relating to  you such as a name, an identification number, location data, online identifier  or to one or more factors specific to the physical, physiological, genetic,  mental, economic, cultural or social identity.

For the purposes of the CCPA, Personal Data means any information that  identifies, relates to, describes or is capable of being associated with, or could  reasonably be linked, directly or indirectly, with you. 

Sale, for the purpose of the CCPA (California Consumer Privacy Act), means  selling, renting, releasing, disclosing, disseminating, making available,  transferring, or otherwise communicating orally, in writing, or by electronic or  other means, a Consumer’s personal information to another business or a  third party for monetary or other valuable consideration. 

Service Provider means any natural or legal person who processes the data  on behalf of the Company. It refers to third-party companies or individuals  employed by the Company to facilitate the Service, to provide the Service on  behalf of the Company, to perform services related to the Service or to assist  the Company in analyzing how the Service is used. For the purpose of the  GDPR, Service Providers are considered Data Processors. 

Usage Data refers to data collected automatically, either generated by the use  of the Service or from the Service infrastructure itself (for example, the  duration of a page visit). 

you means the individual accessing or using the Service, or the company, or  other legal entity on behalf of which such individual is accessing or using the  Service, as applicable. 

Under GDPR (General Data Protection Regulation), you can be referred to as  the Data Subject or as the User as you are the individual using the Service. 

A. INFORMATION WE COLLECT AND CONTROL 

All of the different forms of data, content, and information described below are  collectively referred to as “Information.” We may collect and store the following  Information when you access the Services: 

1. Information you provide: 

Personal information 

When you register for an account, we collect some personal information, including  your name, email address, home or business address, phone number. This  information is stored in databases hosted by Amazon AWS services. We use information to create your account for the Service you register and for the purpose 

of contacting you for providing technical support related to the Services. We also  collect your credit card or bank account details. This information is stored on  BrainTree payment processing service whom we use for processing your payments  for CoralTree services availed. We collect information from individuals who visit the  Website (“Visitors”). You do not need to register for a Service in order to review the  content on the Website as a Visitor. The information described in this paragraph is  referred to collectively as “Personal Information”. 

Non-personal information 

We collect email addresses (optional) of people whom you can assign to pay your  CoralTree bills, and email addresses of people with whom you share your files or  offer consulting services. We collect information related to your business type,  number of employees and revenue of your business, which are optional. We use this  information for gathering market data and deciding future product offerings. This  information is stored in databases hosted by Amazon AWS services. The information  described in this paragraph is referred to collectively as “Non-Personal Information”.  Personal Information and Non-Personal Information are referred to collectively as  “Information”. 

2. Information collected automatically 

We collect information related to your Device and its software when using the  Services automatically, and store it in databases hosted by Amazon AWS. This  information includes Internet Protocol IP address, type of operating system, number  of folders and files that are shared, names of folder and files, upload and download  status, history of versions of files, configuration information of the Services software  installed on your Device, times at which the software accessed server software,  number of messages sent by you or your clients, and times at which these messages  were sent. We use this information for the purpose of diagnostics and  troubleshooting, to be able to provide quality support to our customers. 

As is true of most websites, we gather certain non-personally identifiable information  from your Device and its software when using the Services automatically and store it  in log files. This information includes internet protocol (IP) addresses, browser type,  internet service provider (ISP), referring/exit pages, information you search for on  our Website, your mobile carrier, operating system and system configuration  information, date/time stamp, click stream data and other fields. We use this  information to analyze trends, to administer the site, to track users’ movements  around the site and to gather demographic information about our user base as a  whole.

3. Files

We collect and store the computer files you upload, download, or access with the  Services (“Files”). These files are stored on Amazon AWS S3 storage services. your files  can be downloaded and accessed by the users with whom you share the folders  containing the files, by providing their email address on our Service. 

4. Tracking Technologies and Cookies: 

We use Cookies and similar tracking technologies to track the activity on the Services and store certain information. Tracking technologies used are beacons, tags, and  scripts to collect and track information and to improve and analyze the Services The  technologies We use may include: 

Cookies or Browser Cookies. A cookie is a small file placed on your Device.  You can instruct your browser to refuse all Cookies or to indicate when a  Cookie is being sent. However, if you do not accept Cookies, you may not be  able to use some parts of our Service. Unless you have adjusted your browser  setting so that it will refuse Cookies, our Service may use Cookies. 

Flash Cookies. Certain features of our Service may use local stored objects (or  Flash Cookies) to collect and store information about your preferences or your activity on our Service. Flash Cookies are not managed by the same browser  settings as those used for Browser Cookies. For more information on how you can delete Flash Cookies, please read “Where can I change the settings for  disabling, or deleting local shared objects?” available  at https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects flash.html#main_Where_can_I_change_the_settings_for_disabling__or_deletin g_local_shared_objects_ 

Web Beacons. Certain sections of our Service and our emails may contain  small electronic files known as web beacons (also referred to as clear gifs, pixel  tags, and single-pixel gifs) that permit the Company, for example, to count  users who have visited those pages or opened an email and for other related  website statistics (for example, recording the popularity of a certain section  and verifying system and server integrity). 

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are  deleted as soon as you close your web browser. Learn more about cookies: Use of  Cookies by Free Privacy Policy.

We use both Session and Persistent Cookies for the purposes set out below: • Necessary / Essential Cookies 

Type: Session Cookies 

Administered by: Us 

Purpose: These Cookies are essential to provide you with services available  through the Website and to enable you to use some of its features. They help  to authenticate users and prevent fraudulent use of user accounts. Without  these Cookies, the services that you have asked for cannot be provided, and  We only use these Cookies to provide you with those services. 

Cookies Policy / Notice Acceptance Cookies 

Type: Persistent Cookies 

Administered by: Us 

Purpose: These Cookies identify if users have accepted the use of cookies on  the Website. 

Functionality Cookies 

Type: Persistent Cookies 

Administered by: Us 

Purpose: These Cookies allow us to remember choices you make when you use the Website, such as remembering your login details or language  preference. The purpose of these Cookies is to provide you with a more  personal experience and to avoid you having to re-enter your preferences  every time you use the Website. 

Tracking and Performance Cookies 

Type: Persistent Cookies 

Administered by: Third-Parties 

Purpose: These Cookies are used to track information about traffic to the  Website and how users use the Website. The information gathered via these 

Cookies may directly or indirectly identify you as an individual visitor. This is  because the information collected is typically linked to a pseudonymous  identifier associated with the device you use to access the Website. We may  also use these Cookies to test new pages, features or new functionality of the  Website to see how our users react to them. 

5. Testimonials

We collect testimonials and video clips from our customers who are willing to provide  such information and have given us permission to display them at our Websites.  These are stored on WPengine systems where our Websites are hosted.  

B. HOW WE USE INFORMATION 

In addition to those uses of Information discussed in Section A of this Policy, we also  use Information in the following ways: 

1. Personal Information: 

Personal Information including name, email address, phone number, and address  may be used: (i) to set up your account with the Service you registered (ii) provide  and improve our Services, (iii) to better understand your needs and interests, and (iv)  to personalize and improve your experience while using the Service. 

2. Service-related notifications for Customers: 

We will send you notification related to the Services as necessary to administer your  use of the Services. For example, we will send you email notification when your  account is set up, a password is required to be sent, or when a bill has become due.  We will send you email notification as we add software updates to our Services. These  emails are necessary for the maintenance of your account with us and cannot be  disabled as long as your account is active. If you do not wish to receive such Service related notifications and wish to cancel your service, please follow instructions given  under section H of this Privacy Policy. 

3. Business Information: 

Customers use our Services to upload and share computer files that may contain  business data, financial information, project data, architectural designs, etc., related  to their business (“Business Information”). That Business Information is considered  confidential to our Customers. CoralTree will not review, share, distribute, or 

reference any such Business Information except for the purpose of resolving a  problem, providing customer support or to investigate a suspected violation of our  business agreement. 

4. Billing Information: 

All billing information like credit card and bank details, that we collect is used solely  to bill for our Services. CoralTree uses a third party credit card processor (BrainTree)  to assist us in processing customer payments. This processing partner is not  permitted to store, retain, or use the personally identifiable information provided,  except for the sole purpose of credit card processing or collecting payments. 

5. Special Offers and Updates: 

We will occasionally send Visitors and Customers new information regarding our  Website, webinars, or new product offerings. We will use your Personal Information  to send these communications to you. Out of respect for your privacy, if you would  prefer not to hear from us you can choose not to receive these types of  communications. Please see Section G. below. 

6. Testimonials: 

Testimonials provided to us in text form and video clips by customers are stored on  WPengine and displayed on our websites. These can be viewed by registered users  and visitors to our websites.  

7. Webinars: 

We conduct periodic webinars for users who register by providing their Personal  Information including email address, name, phone number and location. We conduct  these webinars using the service offered by Zoom, and such Personal Information is  stored on Zoom website for sending Webinar related information and reminders. If  you do not wish to receive such Webinar related information, you can opt-out by  following instructions given in each communication or by sending us an email at  support@coraltreetech.com.

8. Email Marketing: 

We may use your Personal Data to contact you with newsletters, marketing or  promotional materials and other information that may be of interest to you. you may  opt-out of receiving any, or all, of these communications from Us by following the  unsubscribe link or instructions provided in any email We send or by contacting Us. 

We may use Email Marketing Service Providers to manage and send emails to you. 

9. Behavioral Remarketing 

The Company uses remarketing services to advertise to you after you accessed or  visited our Service. We and our third-party vendors use cookies and non-cookie  technologies to help us recognize your Device and understand how you use our  Service so that we can improve our Service to reflect your interests and serve you 

advertisements that are likely to be of more interest to you. 

These third-party vendors collect, store, use, process and transfer information about  your activity on our Service in accordance with their Privacy Policies and to enable us  to: 

• Measure and analyze traffic and browsing activity on our Service 

• Show advertisements for our products and/or services to you on third-party websites or apps 

• Measure and analyze the performance of our advertising campaigns 

Some of these third-party vendors may use non-cookie technologies that may not be  impacted by browser settings that block cookies. Your browser may not permit you to block such technologies. you can use the following third-party tools to decline the  collection and use of information for the purpose of serving you interest-based  advertising: 

• The NAI’s opt-out platform: http://www.networkadvertising.org/choices/ 

• The EDAA’s opt-out platform http://www.youronlinechoices.com/ 

• The DAA’s opt-out platform: http://optout.aboutads.info/?c=2&lang=EN

You may opt-out of all personalized advertising by enabling privacy features on your mobile device such as Limit Ad Tracking (iOS) and Opt Out of Ads Personalization  (Android). See your mobile device Help system for more information. 

We may share information, such as hashed email addresses (if available) or other  online identifiers collected on our Service with these third-party vendors. This allows  our third-party vendors to recognize and deliver you ads across devices and  browsers. To read more about the technologies used by these third-party vendors  and their cross-device capabilities please refer to the Privacy Policy of each vendor  listed below. 

The third-party vendors we use are: 

Twitter 

Twitter remarketing service is provided by Twitter Inc. 

You can opt-out from Twitter’s interest-based ads by following their  instructions: https://support.twitter.com/articles/20170405 

You can learn more about the privacy practices and policies of Twitter by  visiting their Privacy Policy page: https://twitter.com/privacy 

Facebook 

Facebook remarketing service is provided by Facebook Inc. 

You can learn more about interest-based advertising from Facebook by visiting  this page: https://www.facebook.com/help/516147308587266 

To opt-out from Facebook’s interest-based ads, follow these instructions from  Facebook: https://www.facebook.com/help/568137493302217 

Facebook adheres to the Self-Regulatory Principles for Online Behavioural  Advertising established by the Digital Advertising Alliance. you can also opt out from Facebook and other participating companies through the Digital  Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the  European Interactive Digital Advertising Alliance in  Europe http://www.youronlinechoices.eu/, or opt-out using your mobile  device settings.

For more information on the privacy practices of Facebook, please visit  Facebook’s Data Policy: https://www.facebook.com/privacy/explanation 

LinkedIn 

Their Privacy Policy can be viewed at https://www.linkedin.com/legal/privacy policy 

C. WHERE IS INFORMATION STORED 

1. Amazon Web Services  

We use Amazon Web Services (AWS) to store and process Personal Information.  Personal information is stored in databases hosted by AWS. Computer files uploaded  and downloaded by customers are stored on AWS S3 services. Amazon Web Services  may store this information in any of their data centers located around the world  and have contractual obligations and privacy policies to protect Personal and  Business Information. Please refer to AWS privacy policies for details on how  information is protected on their data centers. 

2. Braintree 

We use BrainTree to process payments for Services. Personal Information including  credit card details, customer name and address, bank information, etc. are stored on  BrainTree payment gateway for the purpose of processing payments. Please refer to  BrainTree privacy policies for details on how Personal Information is protected on  their payment gateways.  

3. ZOHO 

We use ZOHO for CRM, customer support, chats, email campaigns, promotions,  visitor tracking and analytics. Personal and Non-personal Information including  email addresses, phone numbers, contact information and company information are  stored on Zoho. Please refer to Zoho privacy policies for details on how Personal  Information is protected on Zoho services.

4. Zoom 

We use Zoom for Webinars and customer support. Personal information including  email address, name, phone number and location are stored on Zoom. Please refer  to Zoom privacy policies for details on how Personal Information is protected on  Zoom websites. 

5. WPengine 

We use WPengine for hosting CoralTree, Inc and our Services websites. Personal  Information such as email address, name, phone number, and address, testimonials,  video clips, and other such information are stored on WPengine. Please refer to  WPengine privacy policies for details on how Personal Information is protected on  WPEngine. 

6. HubSpot 

We use HubSpot for CRM, customer support, chats, email campaigns, promotions,  visitor tracking and analytics. Personal and Non-personal Information including  email addresses, phone numbers, contact information and company information are  stored on HubSpot. Please refer to HubSpot privacy policies for details on how Personal  Information is protected on HubSpot services. Their Privacy Policy can be viewed at: 

https://legal.hubspot.com/privacy

policy?_ga=2.100968066.2080414094.1634839884-732287766.163483984 D. WHO HAS ACCESS TO INFORMATION 

CoralTree entities listed in this section have access to Personal Information and Non Personal Information you provide (A1) and information collected automatically (A2).  We do not sell any of your Personal Information or Non-Personal Information.  Entities listed in this section adhere to confidentiality and security measures, have  been made aware of our Privacy policies and have executed non-disclosure  agreements with CoralTree, Inc. 

1. Employees and Independent contractors 

Employees and Independent contractors of CoralTree have access to the information  listed under A1 and A2, on a need to know basis, for the purpose of software  development, testing, diagnostics, bug fixing, customer support, and other such 

purposes. Employees and Independent contractors are covered by and adhere to  this Privacy Policy. 

2. Business partners 

We provide access to some of the Information listed under A1 and A2 for our  business partners who have executed the required confidentiality agreements with  us, for the purpose of testing and support of the CoralTree products. These business  partners are not permitted to retain, share, store or use your Information for any  purpose other than to complete the contracted assignment and under obligations  similar to those in this Policy. 

3. Third Parties: 

We may employ or use trusted third parties to act on our behalf for our Services,  including but not limited to providing marketing support, analysis and public  relations. These third parties may have access to your Information. However, such  third parties are not permitted to retain, share, store or use your Information for any  other purpose other than to complete the contracted assignment and under  obligations similar to those in this Policy. From time to time, we may provide services,  or sell product lines jointly with selected business partners. We DO NOT share  Personal Information with third parties for unknown reasons. 

E. LEGAL DISCLAIMER 

We reserve the right to disclose your Information, when we have a good faith belief  that disclosure is reasonably necessary to: 

1. Protect our rights; 

2. Comply with a law, regulation, judicial proceeding, court order, or legal process  served on us; 

3. Protect the safety of any person from death or serious bodily injury; 4. Prevent fraud or abuse of CoralTree or its Customers. 

F. CHOICE AND OPT-OUT 

If you no longer wish to receive our communications outside those communications  necessary for the administration of your use of the Services, you may opt-out of  receiving such communications by following the instructions included in each 

communication or by emailing us at support@coraltreetech.com.  You may also opt out by phone at 408-448-QBOX (7269) or 855-448-QBOX (7269) Toll Free. 

G. CHANGES TO PERSONAL INFORMATION 

If your Personal Information changes you may correct or update it on our website by  signing into your account and editing such personal information using the edit  controls provided. 

H. DATA RETENTION 

We will retain your Information for as long as your CoralTree Services account is  active or as needed to provide you Services. If you wish to cancel your account or  request that we no longer use your Information to provide you Services, you may  delete your account by signing into your account at the CoralTree Services website  and selecting ‘Close Account’. In most cases we will close your account within 48  hours of your request. In some cases, we may close your account after validating  your request to avoid erroneous closures resulting in the loss of Business  Information. After your account is closed, files uploaded to your account will be  deleted after 30 days, if there are no other users sharing and using these files. 

I. OUR POLICY TOWARD CHILDREN 

Our Services are not directed to persons under 13. We do not knowingly collect  personally identifiable information from children under 13. If a parent or guardian  becomes aware that his or her child has provided us with Personal Information  without their consent, he or she should contact us at support@coraltreetech.com. If  we become aware that a child under 13 has provided us with Personal Information,  we will take steps to delete such information from our files. 

J. CHANGES TO THE POLICY 

We reserve the right to modify this Policy at any time. If we make material changes  to this Policy, we will notify you here and also, as necessary via email. By continuing  to use the Services after those changes become effective, you agree to be bound by  the revised Policy. 

K. SECURITY

The security of your Information is important to us. We utilize robust security  measures to protect customer data from unauthorized access. We follow generally  accepted standards to protect the information submitted to us, both during  transmission and once we receive it. Sensitive data is encrypted and web site  connections are protected using secure socket layer (SSL) technology with a  minimum of 128-bit symmetric encryption and a 1024-bit authenticated key  agreement. Our Websites are hosted in a secure server environment that uses multi layer perimeter security including firewalls and other advanced technology to  prevent interference or access from outside intruders. 

No method of electronic transmission or storage is 100% secure. Therefore, we  cannot guarantee the absolute security of your Information. 

L. EXTERNAL LINKS 

Our Website may contain links to third party websites. These third party websites  maintain their own policies regarding cookies and the collection and use of your  Information. We assume no responsibility or liability for the actions of such third  parties with respect to their collection or use of your Information. We encourage you  to read the privacy statements of every website that you visit through a link on our  Website or otherwise. 

M. BUSINESS TRANSITIONS 

In the event CoralTree goes through a business transition, such as a merger,  acquisition by another company, or sale of all or a portion of our assets, your  Information may be among the assets transferred as part of that transaction. We will  notify you (for example, via email or a prominent notice on our Website) of any  change in use or control of your Information or Files, or if either becomes subject to  a different privacy policy. 

N. GDPR PRIVACY 

Legal Basis for Processing Personal Data under GDPR 

We may process Personal Data under the following conditions: 

Consent: you have given your consent for processing Personal Data for one  or more specific purposes.

Performance of a contract: Provision of Personal Data is necessary for the  performance of an agreement with you and/or for any pre-contractual  obligations thereof. 

Legal obligations: Processing Personal Data is necessary for compliance with  a legal obligation to which the Company is subject. 

Vital interests: Processing Personal Data is necessary in order to protect your vital interests or of another natural person. 

Public interests: Processing Personal Data is related to a task that is carried  out in the public interest or in the exercise of official authority vested in the  Company. 

Legitimate interests: Processing Personal Data is necessary for the purposes  of the legitimate interests pursued by the Company. 

In any case, the Company will gladly help to clarify the specific legal basis that applies  to the processing, and in particular whether the provision of Personal Data is a  statutory or contractual requirement, or a requirement necessary to enter into a  contract. 

Your Rights under the GDPR 

The Company undertakes to respect the confidentiality of your Personal Data and to  guarantee you can exercise your rights. 

You have the right under this Privacy Policy, and by law if you are within the EU, to: 

Request access to your Personal Data. The right to access, update or delete  the information we have on you. Whenever made possible, you can access,  update or request deletion of your Personal Data directly within your account  settings section. If you are unable to perform these actions yourself, please  contact us to assist you. This also enables you to receive a copy of the Personal  Data we hold about you. 

Request correction of the Personal Data that We hold about you. You have the right to have any incomplete or inaccurate information We hold  about you corrected.

Object to processing of your Personal Data. This right exists where We are  relying on a legitimate interest as the legal basis for Our processing and there  is something about your particular situation, which makes you want to object  to our processing of your Personal Data on this ground. you also have the right  to object where we are processing your Personal Data for direct marketing  purposes. 

Request erasure of your Personal Data. You have the right to ask us to  delete or remove Personal Data when there is no good reason for us to  continue processing it. 

Request the transfer of your Personal Data. We will provide to you, or to a  third-party you have chosen, your Personal Data in a structured, commonly  used, machine-readable format. Please note that this right only applies to  automated information which you initially provided consent for us to use or  where We used the information to perform a contract with you. 

Withdraw your consent. You have the right to withdraw your consent on  using your Personal Data. If you withdraw your consent, we may not be able  to provide you with access to certain specific functionalities of the Service. 

Exercising of your GDPR Data Protection Rights 

You may exercise your rights of access, rectification, cancellation and opposition by  contacting us. Please note that we may ask you to verify your identity before  responding to such requests. If you make a request, we will try our best to respond  to you as soon as possible. 

You have the right to complain to a Data Protection Authority about our collection  and use of your Personal Data. For more information, if you are in the European  Economic Area (EEA), please contact your local data protection authority in the EEA. 

O. CCPA PRIVACY 

This privacy notice section for California residents supplements the information  contained in our Privacy Policy and it applies solely to all visitors, users, and others  who reside in the State of California.

Categories of Personal Information Collected 

We collect information that identifies, relates to, describes, references, is capable of  being associated with, or could reasonably be linked, directly or indirectly, with a  particular Consumer or Device. The following is a list of categories of personal  information which we may collect or may have been collected from California  residents within the last twelve (12) months. 

Please note that the categories and examples provided in the list below are those  defined in the CCPA. This does not mean that all examples of that category of  personal information were in fact collected by us, but reflects our good faith belief to  the best of our knowledge that some of that information from the applicable  category may be and may have been collected. For example, certain categories of  personal information would only be collected if you provided such personal  information directly to us. 

Category A: Identifiers. 

Examples: A real name, alias, postal address, unique personal identifier, online  identifier, Internet Protocol address, email address, account name, driver’s  license number, passport number, or other similar identifiers. 

Collected: Yes. 

Category B: Personal information categories listed in the California  Customer Records statute (Cal. Civ. Code § 1798.80(e)). 

Examples: A name, signature, Social Security number, physical characteristics  or description, address, telephone number, passport number, driver’s license  or state identification card number, insurance policy number, education,  employment, employment history, bank account number, credit card number,  debit card number, or any other financial information, medical information, or  health insurance information. Some personal information included in this 

category may overlap with other categories. 

Collected: Yes. 

Category C: Protected classification characteristics under California or  federal law.

Examples: Age (40 years or older), race, color, ancestry, national origin,  citizenship, religion or creed, marital status, medical condition, physical or  mental disability, sex (including gender, gender identity, gender expression,  pregnancy or childbirth and related medical conditions), sexual orientation,  veteran or military status, genetic information (including familial genetic  information). 

Collected: No. 

Category D: Commercial information. 

Examples: Records and history of products or services purchased or  considered. 

Collected: Yes. 

Category E: Biometric information. 

Examples: Genetic, physiological, behavioral, and biological characteristics, or  activity patterns used to extract a template or other identifier or identifying  information, such as, fingerprints, faceprints, and voiceprints, iris or retina  scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise  data. 

Collected: No. 

Category F: Internet or other similar network activity. 

Examples: Interaction with our Service or advertisement. 

Collected: Yes. 

Category G: Geolocation data. 

Examples: Approximate physical location. 

Collected: No. 

Category H: Sensory data. 

Examples: Audio, electronic, visual, thermal, olfactory, or similar information. Collected: No.

Category I: Professional or employment-related information. Examples: Current or past job history or performance evaluations. Collected: No. 

Category J: Non-public education information (per the Family  Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part  99)). 

Examples: Education records directly related to a student maintained by an  educational institution or party acting on its behalf, such as grades, transcripts,  class lists, student schedules, student identification codes, student financial  information, or student disciplinary records. 

Collected: No. 

Category K: Inferences drawn from other personal information. 

Examples: Profile reflecting a person’s preferences, characteristics,  psychological trends, predispositions, behavior, attitudes, intelligence,  abilities, and aptitudes. 

Collected: No. 

Under CCPA, personal information does not include: 

• Publicly available information from government records 

• Deidentified or aggregated consumer information 

• Information excluded from the CCPA’s scope, such as: 

o Health or medical information covered by the Health Insurance  Portability and Accountability Act of 1996 (HIPAA) and the California  Confidentiality of Medical Information Act (CMIA) or clinical trial data 

o Personal Information covered by certain sector-specific privacy laws,  including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley  Act (GLBA) or California Financial Information Privacy Act (FIPA), and the  Driver’s Privacy Protection Act of 1994

Sources of Personal Information 

We obtain the categories of personal information listed above from the following  categories of sources: 

Directly from you. For example, from the forms you complete on our Service,  preferences you express or provide through our Service, or from your purchases on our Service. 

Indirectly from you. For example, from observing your activity on our Service. 

Automatically from you. For example, through cookies we or our Service  Providers set on your Device as you navigate through our Service. 

From Service Providers. For example, third-party vendors to monitor and  analyze the use of our Service, third-party vendors to deliver targeted  advertising to you, third-party vendors for payment processing, or other third party vendors that We use to provide the Service to you. 

Use of Personal Information for Business Purposes or Commercial Purposes 

We may use or disclose personal information We collect for “business purposes” or  “commercial purposes” (as defined under the CCPA), which may include the following  examples: 

• To operate our Service and provide you with our Service. 

• To provide you with support and to respond to your inquiries, including to  investigate and address your concerns and monitor and improve our Service. 

• To fulfill or meet the reason you provided the information. For example, if you share your contact information to ask a question about our Service, we will  use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that  information to process your payment and facilitate delivery. 

• To respond to law enforcement requests and as required by applicable law,  court order, or governmental regulations.

• As described to you when collecting your personal information or as otherwise  set forth in the CCPA. 

• For internal administrative and auditing purposes. 

• To detect security incidents and protect against malicious, deceptive,  fraudulent or illegal activity, including, when necessary, to prosecute those  responsible for such activities. 

Please note that the examples provided above are illustrative and not intended to be  exhaustive.  

If We decide to collect additional categories of personal information or use the  personal information We collected for materially different, unrelated, or  incompatible purposes We will update this Privacy Policy. 

Disclosure of Personal Information for Business Purposes or Commercial  

Purposes 

We may use or disclose and may have used or disclosed in the last twelve (12) months  the following categories of personal information for business or commercial  purposes: 

• Category A: Identifiers 

• Category B: Personal information categories listed in the California Customer  Records statute (Cal. Civ. Code § 1798.80(e)) 

• Category D: Commercial information 

• Category F: Internet or other similar network activity 

Please note that the categories listed above are those defined in the CCPA. This does  not mean that all examples of that category of personal information were in fact  disclosed, but reflects our good faith belief to the best of our knowledge that some  of that information from the applicable category may be and may have been  disclosed. 

When We disclose personal information for a business purpose or a commercial  purpose, we enter a contract that describes the purpose and requires the recipient 

to both keep that personal information confidential and not use it for any purpose  except performing the contract. 

Sale of Personal Information 

As defined in the CCPA, “sell” and “sale” mean selling, renting, releasing, disclosing,  disseminating, making available, transferring, or otherwise communicating orally, in  writing, or by electronic or other means, a consumer’s personal information by the  business to a third party for valuable consideration. This means that we may have  received some kind of benefit in return for sharing personal information, but not  necessarily a monetary benefit. 

Please note that the categories listed below are those defined in the CCPA. This does  not mean that all examples of that category of personal information were in fact sold,  but reflects our good faith belief to the best of our knowledge that some of that  information from the applicable category may be and may have been shared for  value in return. 

We may sell and may have sold in the last twelve (12) months the following categories  of personal information: 

• Category A: Identifiers 

• Category B: Personal information categories listed in the California Customer  Records statute (Cal. Civ. Code § 1798.80(e)) 

• Category D: Commercial information 

• Category F: Internet or other similar network activity 

Share of Personal Information 

We may share your personal information identified in the above categories with the  following categories of third parties: 

• Service Providers 

• Payment processors 

• Our affiliates

• Our business partners 

• Third party vendors to whom you or your agents authorize Us to disclose your personal information in connection with products or services We provide to  you 

Sale of Personal Information of Minors Under 16 Years of Age 

We do not knowingly collect personal information from minors under the age of 16  through our Service, although certain third party websites that we link to may do so.  These third-party websites have their own terms of use and privacy policies and we  encourage parents and legal guardians to monitor their children’s Internet usage and  instruct their children to never provide information on other websites without their  permission. 

We do not sell the personal information of Consumers we actually know are less than  16 years of age, unless we receive affirmative authorization (the “right to opt-in”)  from either the Consumer who is between 13 and 16 years of age, or the parent or  guardian of a Consumer less than 13 years of age. Consumers who opt-in to the sale  of personal information may opt-out of future sales at any time. To exercise the right  to opt-out, you (or your authorized representative) may submit a request to us by  contacting us. 

If you have reason to believe that a child under the age of 13 (or 16) has provided us  with personal information, please contact us with sufficient detail to enable us to  delete that information. 

Your Rights under the CCPA 

The CCPA provides California residents with specific rights regarding their personal  information. If you are a resident of California, you have the following rights: 

The right to notice. you have the right to be notified which categories of  Personal Data are being collected and the purposes for which the Personal  Data is being used. 

The right to request. Under CCPA, you have the right to request that We  disclose information to you about Our collection, use, sale, disclosure for 

business purposes and share of personal information. Once we receive and  confirm your request, we will disclose to you: 

o The categories of personal information we collected about you 

o The categories of sources for the personal information we collected  about you 

o Our business or commercial purpose for collecting or selling that  personal information 

o The categories of third parties with whom we share that personal  information 

o The specific pieces of personal information we collected about you 

o If we sold your personal information or disclosed your personal  information for a business purpose, we will disclose to you: 

▪ The categories of personal information categories sold 

▪ The categories of personal information categories disclosed 

The right to say no to the sale of Personal Data (opt-out). You have the  right to direct Us to not sell your personal information. To submit an opt-out  request please contact us. 

The right to delete Personal Data. You have the right to request the deletion  of your Personal Data, subject to certain exceptions. Once we receive and  confirm your request, we will delete (and direct our Service Providers to delete)  your personal information from our records, unless an exception applies. We  may deny your deletion request if retaining the information is necessary for  us or our Service Providers to: 

o Complete the transaction for which we collected the personal  information, provide a good or service that you requested, take actions  reasonably anticipated within the context of our ongoing business  relationship with you, or otherwise perform our contract with you. 

o Detect security incidents, protect against malicious, deceptive,  fraudulent, or illegal activity, or prosecute those responsible for such  activities.

o Debug products to identify and repair errors that impair existing  intended functionality. 

o Exercise free speech, ensure the right of another consumer to exercise  their free speech rights, or exercise another right provided for by law. 

o Comply with the California Electronic Communications Privacy Act (Cal.  Penal Code § 1546 et. seq.). 

o Engage in public or peer-reviewed scientific, historical, or statistical  research in the public interest that adheres to all other applicable ethics  and privacy laws, when the information’s deletion may likely render  impossible or seriously impair the research’s achievement, if you previously provided informed consent. 

o Enable solely internal uses that are reasonably aligned with consumer  expectations based on your relationship with Us. 

o Comply with a legal obligation. 

o Make other internal and lawful uses of that information that are  compatible with the context in which you provided it. 

The right not to be discriminated against. You have the right not to be  discriminated against for exercising any of your consumer’s rights, including  by: 

o Denying goods or services to you 

o Charging different prices or rates for goods or services, including the  use of discounts or other benefits or imposing penalties 

o Providing a different level or quality of goods or services to you 

o Suggesting that you will receive a different price or rate for goods or  services or a different level or quality of goods or services 

Exercising your CCPA Data Protection Rights 

In order to exercise any of your rights under the CCPA, and if you are a California  resident, you can contact Us:

• By email: support@coraltreetech.com. 

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to your personal information. 

Your request to Us must: 

• Provide sufficient information that allows us to reasonably verify you are the  person about whom We collected personal information or an authorized  representative 

• Describe your request with sufficient detail that allows us to properly  understand, evaluate, and respond to it 

We cannot respond to your request or provide you with the required information if  we cannot: 

• Verify your identity or authority to make the request 

• And confirm that the personal information relates to you 

We will disclose and deliver the required information free of charge within 45 days  of receiving your verifiable request. The time period to provide the required  information may be extended once by an additional 45 days when reasonable  necessary and with prior notice. 

Any disclosures we provide will only cover the 12-month period preceding the  verifiable request’s receipt. 

For data portability requests, we will select a format to provide your personal  information that is readily useable and should allow you to transmit the information  from one entity to another entity without hindrance. 

Do Not Sell My Personal Information 

You have the right to opt-out of the sale of your personal information. Once We  receive and confirm a verifiable consumer request from you, we will stop selling your personal information. To exercise your right to opt-out, please contact us.

The Service Providers we partner with (for example, our analytics or advertising  partners) may use technology on the Service that sells personal information as  defined by the CCPA law. If you wish to opt out of the use of your personal  information for interest-based advertising purposes and these potential sales as  defined under CCPA law, you may do so by following the instructions below. 

Please note that any opt out is specific to the browser you use. you may need to opt  out on every browser that you use. 

Website 

You can opt out of receiving ads that are personalized as served by our Service  Providers by following our instructions presented on the Service: 

• The NAI’s opt-out platform: http://www.networkadvertising.org/choices/ 

• The EDAA’s opt-out platform http://www.youronlinechoices.com/

 • The DAA’s opt-out platform: http://optout.aboutads.info/?c=2&lang=EN 

The opt out will place a cookie on your computer that is unique to the browser you use to opt out. If you change browsers or delete the cookies saved by your browser,  you will need to opt out again. 

Mobile Devices 

Your mobile device may give you the ability to opt out of the use of information about  the apps you use in order to serve you ads that are targeted to your interests: 

• “Opt out of Interest-Based Ads” or “Opt out of Ads Personalization” on Android  devices 

• “Limit Ad Tracking” on iOS devices 

You can also stop the collection of location information from your mobile device by  changing the preferences on your mobile device.

P. “DO NOT TRACK” POLICY AS REQUIRED BY CALIFORNIA ONLINE PRIVACY  

PROTECTION ACT (CALOPPA) 

Our Service does not respond to Do Not Track signals. 

However, some third party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to  inform websites that you do not want to be tracked. you can enable or disable DNT  by visiting the preferences or settings page of your web browser. 

Children’s Privacy 

Our Service does not address anyone under the age of 13. We do not knowingly  collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with  Personal Data, please contact us. If We become aware that we have collected  Personal Data from anyone under the age of 13 without verification of parental  consent, we take steps to remove that information from our servers. 

If we need to rely on consent as a legal basis for processing your information and  your country requires consent from a parent, we may require your parent’s consent  before We collect and use that information. 

Q. Your California Privacy Rights (California’s Shine the Light law) 

Under California Civil Code Section 1798 (California’s Shine the Light law), California  residents with an established business relationship with us can request information  once a year about sharing their Personal Data with third parties for the third parties’  direct marketing purposes. 

If you’d like to request more information under the California Shine the Light law,  and if you are a California resident, you can contact Us using the contact information  provided below.

R. California Privacy Rights for Minor Users (California Business and Professions 

Code Section 22581) 

California Business and Professions Code section 22581 allow California residents  under the age of 18 who are registered users of online sites, services or applications  to request and obtain removal of content or information they have publicly posted. 

To request removal of such data, and if you are a California resident, you can contact  Us using the contact information provided below, and include the email address  associated with your account. 

Be aware that your request does not guarantee complete or comprehensive removal  of content or information posted online and that the law may not permit or require  removal in certain circumstances. 

S. CONTACT US If you have any questions or suggestions regarding our Privacy Policy, please contact  us by email at support@coraltreetech.com. You may also contact us by phone at 408- 448-QBOX (7269) or 855-448-QBOX (7269) Toll Free.