ConnectMachine Privacy Policy

ConnectMachine values the privacy of individuals who use our websites and related services.

In this Policy, "ConnectMachine", "Connect Machine", "we" or "us" refers to Connect Machine Inc., a company established at 2261 Market Street STE 85698, San Francisco, CA 94114. We take privacy seriously and have adopted technical and organizational measures designed to protect your data. This privacy policy explains how we collect, use, and share information from users of our Services.

For the purpose of this Policy, "Personal Information" means any information relating to an identified or identifiable individual. This Policy describes the Personal Information that we gather from you on our Services, how we use and disclose such Personal Information, your rights and choices with respect to your information, and how you can contact us if you have any questions or concerns.

1.1 Personal Information You Provide to Us

Account Information. When you create a Connect Machine account, you provide basic details such as your name and email. You may also add optional profile data for authentication and administrative communication.

Profiles and Virtual Cards. You choose what to include on your Custom Virtual Cards, for example name, role, company, phone number, email, website, and social links. This information is stored for your use and is shared only when you explicitly initiate an exchange.

Contact and Network Data. You may upload or import contacts, labels, notes, or categories for organization. This data is created and controlled by you and is used to power features like intelligent categorization.

Service-Related Inputs. Within the app you can add other details you choose to share, such as social media links or a location field on a card. Providing location is optional and is only included if you add it to your card or profile.

Communications and Support. If you contact us, we collect your name, email address, message content, and any attachments so we can respond. If you subscribe to our newsletter, we collect your email address. We may track email delivery and opens to improve deliverability and content relevance.

Purchases and Billing. If you buy a product or subscription, you may provide your name, phone number, billing address, and delivery information. Payment card data is collected and processed by our third-party payment processors and is not stored on Connect Machine servers.

Reviews and Testimonials. If you review our Services or submit a testimonial, you may provide your name, the product or feature used, your rating, and your comments. With your permission, we may display this content.

Programs and Partnerships. If you apply to an ambassador, affiliate, or partner program, you may provide additional details such as social profiles, preferred contact information, and mailing address.

1.2 Personal Information We Collect When You Use Our Services

Device Information. We collect basic technical details from your device, such as device type, operating system and version, app version, language, timezone, IP address, network type, and mobile SDK identifiers generated by the app. We also record permission status for features you opt into, for example Bluetooth or location.

Usage Analytics and Diagnostics. We collect metrics such as feature usage, session patterns, success or failure states, crash logs, error reports, and performance metrics to operate and improve the Services. Where possible, analytics are aggregated or de-identified.

Advertising Identifiers and Tracking. Our app displays third-party advertisements. To serve and measure these ads, our advertising partners may access your device's advertising identifier (IDFA on iOS) and collect information about ads shown, ad interactions, and related device and usage data. On iOS, we will request your permission through Apple's App Tracking Transparency prompt before enabling tracking. You may decline tracking at any time, in which case ads will be less personalized but the app will continue to function.

Proximity and Silent Signal. To enable Private Network Visibility and Silent Signal, the app may use location services to detect nearby Connect Machine signals. Proximity detection uses on-device processing or ephemeral server-side relays designed not to reveal identities or create location history. We do not show you who is nearby. You may send a silent message to your private circle or proximate users. Recipients can choose to acknowledge or ignore the message. Signals are ephemeral and are used only to enable a potential connection.

Location Information. We may infer a coarse location from your IP address or from OS location services if you grant permission. Location is used only to support proximity features, security, and regional settings. We do not build or retain a location history.

Cookies and Similar Technologies. On the website, we use cookies and local storage for essential functions such as authentication and session continuity. In the mobile app, we use comparable technologies and SDKs for performance, diagnostics, reliability, and advertising.

Security and Abuse Prevention. We process technical signals such as IP address, device characteristics, and limited event metadata to detect fraud, prevent misuse, enforce rate limits, and protect the Service.

Push Notifications. If you enable notifications, we generate and store a device push token with our notification provider to deliver permitted alerts. You can revoke notifications at any time in system settings.

1.3 Personal Information We Receive from Third Parties

Information from third-party services. We may receive Personal Information about you from third parties when you choose to connect or interact with them. These sources include the categories below.

Identity providers and single sign-on. If you sign in with a third-party identity provider, for example Apple or Google, we receive the basic account details the provider shares with us, typically your name and email. You control what is shared in the provider's settings. You can disconnect at any time in either the provider or Connect Machine settings.

Social platforms and embedded features. When you link your accounts or interact with third-party buttons or embeds on our Website, such as Like or Share buttons or embedded media, we may receive limited information the platform makes available to us, for example your public profile name or a confirmation of the interaction. Those platforms may also collect information about your activity, which is subject to their own privacy policies.

App stores and payment processors. For purchases and subscriptions we receive limited transaction metadata from Apple App Store or Google Play, for example a transaction ID, receipt, or entitlement status, so we can activate your subscription. Payment card details are collected and processed by the app store or our payment processor and are not stored by Connect Machine.

Analytics, diagnostics, and communications providers. We may receive de-identified or aggregated device and event data from analytics, crash reporting, and email delivery providers to measure performance and reliability and to confirm message delivery. We do not receive advertising identifiers for cross-app tracking.

Contacts provided by others. Another user may share your information with us when they import contacts, exchange a virtual card with you, or otherwise upload your details. The party providing this information is responsible for having a lawful basis to do so.

Enterprise or organizational customers. If your employer or organization provisions an account for you, we may receive your work email, role, or other directory information from that organization so we can set up and manage your access.

Publicly available and business data sources. Where permitted by law or with your consent, we may enrich your profile using publicly available business information to keep professional details accurate and up to date.

Combination. If we combine or associate information from these sources with Personal Information we collect through the Services, we will treat the combined information as Personal Information under this Policy.

Your choices. You can control what third-party information is shared with us through your settings with those providers and by disconnecting linked accounts. For embedded content, review the third party's privacy policy for choices they provide.

2.1 We use the information we collect for the following purposes -

Communicating with you for administrative purposes, customer support, and service information.

Providing the Services and personalizing your experience, including facilitating transactions and enabling third-party connections.

Understanding usage and improving the Services through analytics and statistics.

Marketing communications related to our Services (you can opt-out as described below).

Promotional and advertising materials that may be relevant to you.

Legal obligation and compliance including fraud prevention, enforcing Terms of Service, and complying with applicable laws.

Other purposes for which we provide specific notice at the time of collection.

2.2 Cookies and How We Use Them

We use cookies, web beacons, pixel tags, and similar technologies to collect information about your browsing activities. This aids your experience and allows us to improve functionality.

Types of Cookies:

- Strictly necessary cookies make our Services available to you.

- Functional cookies recognize you when you return and remember your preferences.

- Analytical or Performance cookies help us operate, maintain, and improve our Services.

We may use third-party analytics providers such as Google Tag Manager. You can opt out at google.com or via Google's Ads settings.

2.3 Data for Processing for EEA Users

If you are located in the European Economic Area, we only process your Personal Information when we have a valid legal basis:

You have consented to the use

- Contractual necessity to provide Services

- Compliance with legal obligations

- Legitimate interests for product development, analytics, and improving safety and performance

ConnectMachine Data Processing - When customers use Connect Machine's digital business card services, Connect Machine acts as a Data Processor and customers act as Data Controllers. Customers are responsible for ensuring lawful basis for collecting and processing personal data.

3.1 We will not disclose your information to third parties without your consent, except in the following circumstances:

Vendors and Service Providers - We share information with vendors and service providers retained in connection with providing our Services, such as hosting providers, analytics services, email delivery services, and customer support platforms.

Analytics Partners. We use analytics services such as Google Analytics to collect and process certain analytics data. These services may also collect information about your use of other websites, apps, and online resources.

Advertising Partners. We share device identifiers (such as IDFA), ad interaction data, and limited usage data with third-party advertising networks to display and measure advertisements within the app. These partners may combine this information with data from other sources they have access to. Their use of your information is governed by their own privacy policies.

As Required By Law. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our, or others' rights, property, or safety.

With Your Consent. We may also disclose your information with your permission.

Aggregate or De-identified Information. We may share aggregate or de-identified information that cannot reasonably be used to identify you.

Our Services are hosted in the United States. If you use our Services from regions outside the United States, you are transferring your Personal Information to the United States for storage and processing. We take steps to comply with applicable data protection laws when transferring data internationally.

For EEA and UK Users. If you are located in the European Economic Area or United Kingdom, we comply with applicable data protection law when transferring your Personal Information outside of the EEA or UK. We may transfer your Personal Information to countries which have been found to provide adequate protection, use Standard Contractual Clauses approved by the European Commission, or rely on other appropriate legal mechanisms. For more information about how we transfer data or to obtain a copy of the contractual safeguards we use, contact us using the details below.

We implement appropriate and reasonable technical and organizational measures to protect it against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

Encryption: We use industry-standard encryption protocols to protect data in transit (TLS/SSL) and encrypt sensitive data at rest

Access Controls: We implement role-based access controls and limit access to Personal Information to authorized personnel who need it to perform their job functions

Authentication: We use strong authentication mechanisms, including multi-factor authentication where appropriate

Network Security: We employ firewalls, intrusion detection systems, and other network security measures

Regular Audits: We conduct regular security assessments and audits to identify and address vulnerabilities

Incident Response: We maintain an incident response plan to address security breaches promptly

Vendor Management: We carefully vet third-party service providers and require them to implement appropriate security measures

Employee Training: We provide regular security awareness training to our employees

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

We retain your Personal Information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, whether we can achieve those purposes through other means, and applicable legal requirements.

When we no longer need your Personal Information, we will securely delete or anonymize it. If deletion is not possible (for example, because data has been stored in backup archives), we will securely store your Personal Information and isolate it from further processing until deletion is possible.

ConnectMachine's use of information received from all sources will adhere to respective source’s policies, including the Limited Use requirements.

When you connect your Google or Apple account to our Services, we may access certain user data as permitted by you through the service's OAuth consent screen. This may include access to:

- Contacts (if you grant permission)

- Calendar (if you grant permission)

- Basic profile information (name, email address, profile picture)

We use this information solely to:

- Provide the Services you have requested

- Improve and develop our Services

- Maintain security and prevent fraud

We do not:

- Transfer this data to others except as necessary to provide or improve our Services, comply with applicable law, or as part of a merger, acquisition, or sale of assets with your consent

- Use or transfer this data for serving advertising

- Use or transfer this data to determine creditworthiness or for lending purposes

- Allow humans to read this data unless we have your affirmative agreement, it is necessary for security purposes, to comply with applicable law, or the data has been aggregated and anonymized.

You can revoke our access to your data at any time through your service’s Account Management settings or within the ConnectMachine app settings.

You have certain rights and choices regarding your Personal Information:

Access and Portability. You may request access to your Personal Information and receive a copy of it in a structured, commonly used, and machine-readable format.

Correction. You may request that we correct inaccurate or incomplete Personal Information about you.

Deletion. You may request that we delete your Personal Information, subject to certain exceptions.

Restriction. You may request that we restrict processing of your Personal Information in certain circumstances.

Objection. You may object to our processing of your Personal Information based on legitimate interests.

Marketing Communications. You can unsubscribe from our promotional emails via the link provided in the emails. Even if you opt-out of receiving promotional messages, you may continue to receive administrative messages from us.

Cookie Management. You can block or delete cookies through your browser settings. Note that blocking cookies may affect your ability to access all features of our Services.

Do Not Track. We do not currently respond to "Do Not Track" signals from web browsers.

Account Deletion. You may delete your account at any time through the app settings or by contacting us. Upon deletion, we will remove your Personal Information except as required by law or as necessary to resolve disputes and enforce our agreements.

To exercise any of these rights, please contact us using the information provided in the Contact section below. We may ask you to verify your identity before responding to your request.

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR:

Right of Access. You have the right to obtain confirmation as to whether we process your Personal Information and, where that is the case, to request access to the Personal Information. This includes the right to obtain information about the purposes of processing, categories of data processed, recipients, and retention periods.

Right to Rectification. You have the right to obtain rectification of inaccurate Personal Information and to have incomplete Personal Information completed.

Right to Erasure (Right to be Forgotten). You have the right to obtain erasure of your Personal Information in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, you withdraw consent, or you object to processing.

Right to Restriction of Processing. You have the right to obtain restriction of processing in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability. You have the right to receive your Personal Information in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object. You have the right to object to processing of your Personal Information based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent. Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of an alleged infringement if you believe that the processing of your Personal Information infringes applicable law.

Automated Decision-Making. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not engage in automated decision-making with legal or similarly significant effects.

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within one month, though this period may be extended by two further months where necessary, taking into account the complexity and number of requests.

Data Protection Officer: For questions about our data practices or to exercise your rights, you may contact our Data Protection Officer at hi@connectmachine.ai

EU Representative: If you are located in the EEA, our EU representative can be contacted at hi@connectmachine.ai

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Categories of Personal Information We Collect:

We collect the following categories of Personal Information as defined by the CCPA:

Identifiers: name, email address, IP address, device identifiers

Personal information under California Customer Records statute: name, address, phone number, payment information

Commercial information: purchase history, product interests

Internet or network activity: browsing history, app usage, interactions with our Services

Geolocation data: coarse location from IP address or device location services

Professional or employment information: job title, company (if provided)

Inferences: preferences and characteristics derived from your activity

Your California Privacy Rights:

Right to Know. You have the right to request that we disclose what Personal Information we collect, use, disclose, and sell about you.

Right to Delete. You have the right to request deletion of your Personal Information, subject to certain exceptions.

Right to Correct. You have the right to request correction of inaccurate Personal Information.

Right to Opt-Out of Sale or Sharing. We do not sell your Personal Information in the traditional sense. However, we may share certain information with third-party advertising partners in ways that could be considered a "sale" or "sharing" under California law. You have the right to opt out of such sharing.

Right to Limit Use of Sensitive Personal Information. We do not use or disclose sensitive Personal Information for purposes other than those specified in the CCPA.

Right to Non-Discrimination. You have the right not to receive discriminatory treatment for exercising your CCPA rights.

How to Exercise Your Rights

To exercise your California privacy rights, you may:

Email us at hi@connectmachine.ai

Submit a request through our website at connectmachine.ai

We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.

Response Timing. We will respond to verifiable consumer requests within 45 days of receipt. If we require more time, we will inform you of the reason and extension period in writing.

Do Not Sell or Share My Personal Information

We do not sell Personal Information to third parties for monetary consideration. However, we may share certain information with advertising partners in ways that could constitute a "sale" or "share" under California law. To opt out, click "Do Not Sell or Share My Personal Information" on our website or contact us.

Shine the Light

California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. We do not share Personal Information with third parties for their direct marketing purposes.

Our Services are not directed to children under the age of 13 (or such higher age as required by applicable law in your jurisdiction), and we do not knowingly collect Personal Information from children.

If you are a parent or guardian and believe your child has provided us with Personal Information without your consent, please contact us at hi@connectmachine.ai

If we become aware that we have collected Personal Information from a child without parental consent, we will take steps to delete that information.

For users in the European Economic Area, we do not knowingly process Personal Information of individuals under the age of 16 without parental consent.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and, where required by law, the relevant supervisory authority without undue delay.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Effective Date" at the top of this Policy.

Material Changes. If we make material changes to this Privacy Policy, we will notify you by:

- Posting a prominent notice on our website

- Sending you an email notification (if you have provided your email address)

- Providing an in-app notification

- Other appropriate means depending on the circumstances

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

Continued Use. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree to the changes, you should discontinue use of our Services and contact us to delete your account.

If you have questions, comments, or concerns about this Privacy Policy or our privacy practices, or if you wish to exercise your rights, please contact us:

Email: hi@connectmachine.ai

We will respond to your inquiry within a reasonable timeframe.