Privacy Policy

Effective: January 1, 2025

This privacy notice for Norae Inc., also known as “Coverstar” ("we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

• Download and use our mobile application (Coverstar), or any other application of ours that links to this privacy notice
• Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services.

If you still have any questions or concerns, please contact us at dpo@coverstar.app

What is Coverstar's Privacy Policy and what does it cover?

Key Points

• Information Collection and Usage: Coverstar explains what data we collect, how we use it, and how it helps enhance your experience with our products.
• Sharing and Retention: The policy details how information is shared, retained, and transferred, ensuring transparency in data practices.
• User Rights: We outline your rights regarding your personal data, including how you can manage or update it.
• Simplified Language: We use clear language and examples to make our privacy practices easier to understand.
• Privacy Control: We provide guidance on how you can manage your privacy settings within Coverstar Products to personalize your experience.

We at Coverstar want you to understand what information we collect, and how we use and share it. That’s why we encourage you to read our Privacy Policy. This helps you use Coverstar Products in the way that’s right for you.

In the Privacy Policy, we explain how we collect, use, share, retain and transfer information. We also let you know your rights.

Each section of this Policy includes helpful examples and simpler language to make our practices easier to understand. We’ve also added links to resources where you can learn more about the privacy topics that interest you.

It's important to us that you know how to control your privacy, so we also show you where you can manage your information in the settings of the Coverstar Products you use. You can update these settings to shape your experience.

Read the full Policy below.

What information does Coverstar collect?

Key Points

• Information Collection: We collect personal information based on how you use our Services, even if you don’t have an account.
• Sensitive Information: We do not process sensitive personal information (biometric, financial, protected classification).
• Third-Party Data: We do not receive any personal information from third parties.
• Data Processing: Your information is processed to improve our services, communicate with you, ensure security, prevent fraud, and comply with the applicable law. We process data only with a valid legal basis or your consent.
• Information Sharing and Security: We may share personal information with specific third parties in certain situations. While we implement measures to protect your data, we cannot guarantee 100% security due to potential cybersecurity risks.

The information we collect and process about you depends on how you use our Services. When you use our and/or Products, we collect some information about you even if you don't have an account.

What personal information do we process?

When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.

Do we process any sensitive personal information?

We do not process sensitive personal information (financial, genetic, biometric, or health data).

Do we receive any information from third parties?

We do not receive any information from third parties.

How do we process your information?

We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.

In what situations and with which parties do we share personal information?

We may share information in specific situations and with specific third parties. Learn more about when and with whom we share your personal information.

How do we keep your information safe?

We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.

What are your rights?

Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.

How do you exercise your rights?

The easiest way to exercise your rights is by contacting us at dpo@coverstar.app. We will consider and act upon any request in accordance with applicable data protection laws.

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us.

Key Points

• Personal Information You Provide: We collect personal details such as names, email addresses, and usernames when you register, contact us, or interact with our services.
• Social Media Login Data: If you register using social media accounts (e.g., Facebook, Twitter), we collect relevant information from those accounts as per the "How Do We Handle Your Social Logins?" section.
• Application and Device Data: We may collect data from your mobile device or application use, including device details, operating system, browser type, and permissions granted (e.g., camera, contacts).
• Automatically Collected Information: We collect data like IP addresses, browser characteristics, device information, and usage data automatically when you use our services, primarily for security and analytics.
• Personal Data of Children and Users Over 13: We do not collect personal data from children under 13 without parental consent. For users over 13, we may collect additional data such as contact details, social media profiles, and location information.

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You.

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

• Names
• Email addresses
• Usernames

Sensitive Information. We do not process sensitive information (financial, genetic, biometric, or health data).

Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, Twitter, or other social media account. If you choose to register in this way, we will collect the information described in the section called "HOW DO WE HANDLE YOUR SOCIAL LOGINS?" below.

Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

• Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device's camera, contacts, microphone, and other features. If you wish to change our access or permissions, you may do so in your device's settings.
• Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model, Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our application(s), we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of our application(s) you accessed.
• Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings.

This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:

• Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
• Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
• Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

Personal Data of Children (under 13)

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not collect personal information from children under the age of 13 without obtaining verifiable parental consent. Personal data of children may include:

• Name
• Date of Birth
• Email Address (for account creation)
• User-generated content (e.g., posts, photos, videos, comments)
• Device information and IP address

Personal Data of Users over 13

For users aged 13 and over, we may collect additional personal data, including:

• Name and contact details
• Social media profiles
• Content interactions and preferences
• Device and browsing information
• Location data (if applicable)

Face Tracking and TrueDepth Data

Coverstar offers an optional face tracking feature on supported Apple devices that use Apple’s TrueDepth camera. When you enable this feature, Apple’s ARKit framework provides real-time facial movement information, such as blend shape coefficients and head pose, so that your avatar can mirror your expressions.

We do not collect, store, transmit, or create any biometric identifiers, raw depth data, facial geometry, faceprints, or templates. All TrueDepth information is processed only on your device, in temporary memory, and used solely to animate your avatar during your active session. This information is not retained, not used for identification, not shared with third parties, and not used for analytics, advertising, or tracking.

Non-Personal Data

We also collect non-personal data that helps us improve our platform, including:

• Usage data (e.g., login frequency, features used)
• Cookies and tracking technologies (see our Cookie Policy for more information)

2. HOW DO WE PROCESS YOUR INFORMATION?

Key Points

• Account Management: We process your information to create, authenticate, and maintain user accounts, ensuring smooth access and functionality.
• Vital Interests: We process information when necessary to protect vital interests, such as preventing harm or ensuring safety.
• Platform Operation and Maintenance: We process data to provide, operate, and maintain our platform and services, ensuring reliable service and uptime.
• User Support and Parental Consent: We process personal information to manage user accounts, support transparency, and facilitate clear communication with parents and guardians for consent management.
• Personalization and Compliance: We process data to personalize user experiences, comply with legal obligations, ensure platform security, improve services through analytics, and safeguard the privacy and safety of children.

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
• To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
• To provide, operate, and maintain our platform and services. We may process your information to ensure that we provide, operate and maintain our platform services to industry standard up-time.
• To manage and support user accounts. We may process your information to manage and support user accounts with transparency, fairness, and respect for individual rights, ensuring data minimization, purpose limitation, and appropriate security measures to protect user privacy.
• To communicate with parents and guardians for consent management. We may process your information to ensure that communications remain clear, concise, and easily understandable, ensuring transparency, fairness, and respect for parental rights, while adhering to data minimization, purpose limitation, and appropriate security measures.
• To personalize user experiences (e.g., suggesting relevant content). We may process your information to deliver relevant and valuable experiences, ensuring data minimization, purpose limitation, user control, and appropriate security measures.
• To comply with legal obligations and ensure platform security. We may process your information to remain compliant with legal obligations and to maintain platform security through robust data protection measures, maintaining transparency and accountability.
• To improve our services through analytics and performance data. We may process your information to leverage insights and enhance user experience and service quality through responsible data processing practices.
• To protect the safety and privacy of children using our platform. We may process your information by employing age-appropriate data collection, robust parental controls, data minimization, purpose limitation, and child safety principles.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

Key Points

• Consent: We process personal data with explicit consent from parents or guardians for children under 13 and directly from users over 13, with the option to withdraw consent at any time.
• Contractual Necessity: We process personal data as required to fulfill obligations under our user agreements or terms of service.
• Legitimate Interests: We process data for platform security, service improvement, and compliance with legal obligations.
• Legal Obligations: We process personal data when necessary to comply with legal requirements, such as cooperating with law enforcement or defending legal rights.
• Vital Interests: We process personal data when necessary to protect someone's vital interests, such as in cases involving potential threats to safety or well-being.

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law.

In accordance with the GDPR or other applicable privacy laws, our legal basis for processing personal data includes:

• Consent: We collect and process personal data with the explicit consent of parents or guardians for users under 13, and directly from users over the age of 13.
• Contractual Necessity: To fulfill our obligations under the user agreement or terms of service.
• Legitimate Interests: For purposes like platform security, improvement, and compliance with legal obligations.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases:

• Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
• Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations.
• Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:

• If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
• For investigations and fraud detection and prevention
• For business transactions provided certain conditions are met
• If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
• For identifying injured, ill, or deceased persons and communicating with next of kin
• If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
• If it is reasonable to expect collection and use with consent would compromise availability or accuracy of the information
• If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
• If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
• If the collection is solely for journalistic, artistic, or literary purposes
• If the information is publicly available and is specified by the regulations

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

Key Points

• Service Providers: We share personal data with trusted third-party service providers who assist in platform operations, subject to strict data protection obligations.
• Parents or Guardians: We provide parents or guardians access to their children’s personal data upon request, in compliance with applicable laws.
• Legal Compliance: We may disclose personal data to comply with legal obligations, such as law enforcement requests or legal proceedings.
• Business Transfers: We may share personal information in connection with business transactions, such as mergers, acquisitions, or asset sales.
• Business Partners: We may share information with business partners to offer products, services, or promotions.

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We do not sell personal information, especially the data of children, to third parties. However, we may share information in the following scenarios:

• With Service Providers: Trusted third-party service providers (hosting, analytics, payment processing), bound by strict data protection obligations.
• With Parents or Guardians: Access to children’s personal data upon request, as required by law.
• Legal Compliance: Disclosure when required to comply with legal obligations (e.g., law enforcement, legal proceedings).
• Business Transfers: Sharing during negotiations of any merger, sale of company assets, financing, or acquisition of our business.
• Business Partners: We may share your information to offer certain products, services, or promotions.

5. PERSONAL DATA OF CHILDREN

Key Points

• Parental Consent: We obtain verifiable parental consent before collecting personal information from children under 13.
• Limited Data Collection: We collect only the minimum personal information necessary for children to use our services.
• Data Use and Disclosure: We limit the use of children's data to age-appropriate services, avoid targeted advertising, and restrict data sharing unless required by law.
• Data Security: We implement robust security measures and will notify parents in case of a data breach.
• Child's Rights and Compliance: Children (with parental guidance) can access, correct, or delete their data. We regularly audit compliance and maintain transparency.

According to the Children's Online Privacy Protection Act (COPPA), we must obtain verifiable parental consent before collecting personally identifiable information from children under the age of thirteen (13). We strictly adhere to this requirement and do not knowingly collect or solicit personally identifiable information from children without obtaining parental consent. However, we may collect a limited amount of information necessary to obtain such consent.

We utilize approved methods, such as verifying the parent's identity through Knowledge Based Authentication. If you are a child under thirteen (13), please refrain from providing any personal information until we have obtained parental consent.

If you believe that a child under thirteen (13) has provided personal information without parental consent, please contact us at dpo@coverstar.app. Parents or guardians of children under thirteen (13) have the right to request a review, modification, deletion, or cessation of further collection of their child's personal information.

Outlined below are specific data privacy measures we designed to protect personal information of children under the age of 13 (or applicable local age of consent), in compliance with relevant regulations including the EU GDPR, UK GDPR, CCPA, Colorado Privacy Act, Connecticut Data Privacy Act, Florida Digital Bill of Rights (FLDBOR), Montana Consumer Data Privacy Act (MTCDPA), Texas Data Privacy And Security Act, Utah Consumer Privacy Act (UCPA), and Virginia Consumer Data Protection Act (VCDPA).

1. Data Collection and Processing:
   • Age Verification: Robust age-verification mechanisms to ensure no personal data is collected without lawful consent.
   • Limited Data Collection: Only collect the minimum personal information necessary for service usage.
   • Prohibition on Sensitive Data: We do not knowingly collect or process sensitive personal information from children (financial, genetic, biometric, or health data).
   • Parental Consent: We obtain verifiable parental consent before collecting, using, or disclosing children’s personal information.
2. Data Use and Disclosure:
   • Limited Use: Only for age-appropriate services, parent communication, and child safety.
   • Prohibition on Targeted Advertising: We do not engage in targeted advertising to children.
   • Data Sharing Restrictions: We do not share children’s personal information with third parties except as permitted by law.
3. Data Security:
   • Appropriate technical and organizational security measures to protect children's data.
   • Prompt breach notification to parents if children's data is compromised.
4. Child's Rights:
   • Access and correction of personal information.
   • Deletion rights with parental guidance.
5. Compliance and Enforcement:
   • Regular audits to ensure adherence to relevant laws.
   • A designated Data Protection Officer to oversee compliance.
6. Transparency and Communication:
   • Clear and concise privacy policy accessible to parents and children.
   • Open communication channels regarding data privacy practices.

6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

Key Points

• Cookies and Tracking Technologies: We use cookies, web beacons, pixel tags, and similar technologies to enhance user experience, analyze trends, and improve functionality.
• Types of Information Collected: Usage data, device information, and geolocation data (pages visited, time spent, device type, IP address).
• Parental Consent: Parents must manage their child’s use of tracking technologies and comply with consent laws.
• Managing Cookies: You can manage or disable cookies through your browser settings, understanding possible feature limitations.
• Transparency and Contact: More details can be found in our Cookie Policy or by contacting us at dpo@coverstar.app.

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and other tracking technologies (e.g., web beacons, pixel tags) to collect information about how our website and services are accessed and used, helping us improve user experience, analyze trends, administer the website, and enhance the functionality and security of our services.

Cookies: Small text files placed on your device to remember preferences and activities across visits.

Tracking Technologies: Web beacons and pixel tags allow us to measure and analyze traffic and user interactions.

Types of Information Collected

• Usage Data: Pages visited, time spent, clicks, and navigation paths.
• Device Information: Device type, operating system, browser type, and IP address.
• Geolocation Data: General location based on IP address.

Parental Consent for Children’s Personal Data

Parents or guardians are responsible for ensuring compliance with consent laws regarding their child’s use of our site. Cookies may be disabled, but certain features may be impacted.

Managing Cookies and Tracking Preferences

Adjust your browser settings or parental controls to manage or disable cookies, understanding this may affect certain site functionalities. For more details, see our Cookie Policy or contact us at dpo@coverstar.app.

7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

Key Points

• Social Login Options: Log in via Facebook, Twitter, etc. We may receive profile info like name, email, picture.
• Data Use: We use social login info to create/authenticate accounts, personalize experience, and send notifications.
• Information Collected: May include basic profile data, age/birthdate, and friend/contact info, depending on permissions.
• Parental Consent: Required for children using social logins; parents must ensure compliance with age and consent requirements.
• Managing Permissions: Adjust social media privacy settings to control info shared; review regularly to match preferences.

In Short: If you choose to register or log in using a social media account, we may have access to certain information about you.

Our Services allow you to register and log in with third-party social media. The data we receive varies by provider, but may include name, email, friends list, profile picture, and other info you choose to make public.

We do not control how third-party providers use your data; please review their privacy notices for details. If you or your child uses a social login, we may collect age/birthdate, friend lists, and contact information to facilitate login and personalize the experience.

Information Collected via Social Logins

• Basic Profile Information: Name, email, profile picture, social media account ID.
• Age or Birthdate: Verification of eligibility for certain services.
• Friends or Contacts: Potential access to your or your child’s social media friends or contacts.

Use of Social Login Information

• Account Creation and Authentication: Simplify login without additional credentials.
• Personalization: Provide tailored experiences and relevant content.
• Communication: Send account-related or service notifications.

Parental Consent for Children’s Social Logins

If a child uses social login, we require parental consent. Parents must ensure the social media platform permits children under the appropriate age and consent is granted.

Managing Social Login Permissions

Adjust social media privacy settings to manage shared information. Most platforms allow users to revoke or change permissions for third-party apps. Contact us for more details at dpo@coverstar.app.

8. HOW LONG DO WE KEEP YOUR INFORMATION?

Key Points

• Retention Period: We retain personal data only as long as necessary, typically no longer than one month after account termination unless required by law.
• Data Deletion or Anonymization: If data is no longer needed, it’s deleted or anonymized. If immediate deletion isn’t possible, it’s securely stored until it can be removed.
• Retention for Legal and Business Needs: We may retain data to fulfill legal obligations or for business purposes (service improvement, troubleshooting, or legal defense).
• Children’s Data: Retention only as long as necessary to provide services; deleted or anonymized if no longer needed or if parent withdraws consent.
• Access and Deletion Requests: Parents or guardians can request access, correction, or deletion of data.

In Short: We keep your information only as long as necessary to fulfill the outlined purposes unless otherwise required by law.

We handle personal data responsibly, retaining it only as long as needed for our Privacy Policy purposes. No purpose requires retaining personal information more than one (1) month past account termination, unless law permits.

When no ongoing business need exists, we delete or anonymize personal data. If this is not immediately possible, we securely store it and isolate it from further processing until deletion is feasible.

How Long Do We Retain Your Data?

• Parents’ Personal Data: As long as the account remains active or necessary for services.
• Children’s Personal Data: Only as long as necessary to provide services, in accordance with children’s privacy laws.

Criteria for Determining Retention Periods

• Legal Obligations: Retention as required by law (tax, regulatory, compliance).
• Business Necessity: If data is needed for service continuity, troubleshooting, improvements, or legal defense.
• Account Deletion: Upon deletion request, data is removed or anonymized per regulations.

Deleting or Requesting Access to Data

Parents or guardians can request review, correction, or deletion at any time via dpo@coverstar.app. We respond in accordance with data protection laws and ensure data is deleted or anonymized when no longer required.

Data Anonymization and Deletion

When data is no longer needed, we may anonymize it (so it’s no longer traceable to an individual) or securely delete it.

9. HOW DO WE KEEP YOUR INFORMATION SAFE?

Key Points

• Security Measures: We implement encryption, access control, secure data storage, and third-party payment processors to protect data.
• Monitoring and Updates: Systems are regularly monitored for vulnerabilities, and security practices are updated.
• Parental Oversight: Parents should supervise children’s use, ensuring no sharing of sensitive info like passwords.
• Data Breach Response: We promptly notify affected individuals if a data breach occurs, outlining its nature and mitigation steps.
• User Responsibility: Use strong passwords, log out of shared devices, and keep software updated.

In Short: We strive to protect your personal information through organizational and technical measures.

We use technical, administrative, and physical safeguards to protect data from unauthorized access or disclosure. However, no internet or storage technology is 100% secure, so we cannot guarantee absolute protection. Transmission of personal information is at your own risk.

Security Measures

• Encryption: Industry-standard encryption protocols for data in transit.
• Access Control: Restrict access to authorized personnel; confidentiality agreements in place.
• Data Storage: Secure, password-protected systems with firewalls and anti-virus software.
• Secure Payment Processing: Payments handled by compliant third-party processors.

Monitoring and Updates

We monitor systems for vulnerabilities and update security measures to maintain latest protections.

Parental Oversight and Protection

Parents should supervise their child's service use, ensuring safe practices and no sharing of private data (e.g., passwords).

What Happens in the Event of a Data Breach?

We will promptly notify you according to data protection laws, detailing the breach’s nature, potential impact, and our mitigation steps.

No Absolute Security

No system is completely invulnerable. We do our best to protect data and respond promptly to threats.

Your Role in Protecting Your Information

• Use strong, unique passwords and update regularly.
• Log out when using shared devices.
• Keep operating systems and security software current.

10. WHAT ARE YOUR PRIVACY RIGHTS?

Key Points

• Access and Rectification: Request access to and correction of your data.
• Right to Erasure and Restriction: Request deletion or restriction of processing under certain conditions.
• Data Portability and Objection: Request structured data export and object to certain processing activities.
• Withdraw Consent: You can withdraw consent at any time (won’t affect past processing).
• Marketing Opt-out: Unsubscribe from marketing; update or delete account info (some data may be retained for legal purposes).

In Short: In certain regions, you have rights granting greater control over your personal information.

Depending on your jurisdiction (EEA, UK, Switzerland, Canada), you may have rights such as access, rectification, erasure, restricting processing, data portability, or objecting to processing.

Parents or guardians can also request access, correction, or deletion of their child’s personal data.

In some regions, you may have additional rights like requesting a copy of your personal information or objecting to automated decision-making. Contact us if you wish to exercise these rights. We will comply with relevant laws.

If you are in the EEA or UK, you have the right to complain to your local data protection authority if you believe we are processing your data unlawfully. If in Switzerland, contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent

You can withdraw your consent at any time by contacting us. This does not affect the lawfulness of prior processing or processing under other lawful grounds.

Opting out of marketing and promotional communications

Unsubscribe via the link in marketing emails or contact us. We may still send non-marketing communications essential to account administration.

Account Information

• Log in to account settings to update user account info.
• Request account termination, and we will deactivate or delete info in active databases, retaining some data if necessary for fraud prevention, troubleshooting, or compliance.

Cookies and similar technologies: Adjust browser settings to remove/reject cookies, which may affect functionality.

If you have questions, email us at dpo@coverstar.app.

11. CONTROLS FOR DO-NOT-TRACK FEATURES

In short: We do not currently respond to DNT signals, but will update this policy if a standard is adopted.

Some browsers and mobile OS/apps include a "DNT" setting. No standard exists for recognizing DNT signals, so we do not respond to them. If a standard is adopted in the future, we will follow it and update this notice accordingly.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Key Points

• Categories of personal info collected: identifiers (name, contact, IP), geolocation data (device location).
• Data may be collected during support interactions, surveys, etc.
• We may disclose info to service providers, but do not sell/share for business purposes.
• We retain personal info only as needed; we do not sell/share it for commercial purposes.

In Short: If you are a US resident, you have specific rights to access your personal information.

What categories of personal information do we collect?

Over the past 12 months, we have collected these categories:

Retention: Category A and F retained as long as user has an account. Additional personal info may be gathered during support interactions, surveys, or service facilitation.

How do we use and share your personal information?

See "HOW DO WE PROCESS YOUR INFORMATION?" for more details.

Will your information be shared with anyone else?

We may disclose info to service providers under written contracts. See "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?" We do not sell or share personal data for business or commercial purposes.

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance user experience, analyze usage patterns, and provide personalized content. By using our platform, you consent to our use of cookies in accordance with our Cookie Policy.

14. International Data Transfers

Personal data may be transferred to and processed in countries outside your jurisdiction. Where we transfer data outside the EEA or UK, we ensure appropriate safeguards (Standard Contractual Clauses or adequacy decisions) are in place.

15. Compliance with Local Privacy Laws

Key Points

• Compliance with EU GDPR and UK GDPR for strict data protection requirements and user rights.
• Adherence to CCPA and CPRA for California residents, respecting data access, deletion, and opt-out of sale.
• Compliance with California Age-Appropriate Design Code (CAADC) for children under 18.
• Following Colorado Privacy Act, Connecticut Data Privacy Act, Florida Digital Bill of Rights, etc., offering data rights and transparency.
• Compliance with Montana, Texas, Utah, and Virginia privacy laws, ensuring user rights to access, delete, and manage data.

We comply with these regional privacy laws:

• EU GDPR and UK GDPR: Strict data protection for EU/UK residents, including rights to access, rectification, and erasure.
• CCPA and CPRA: California residents can access, delete, and opt-out of the sale of personal info (we do not sell children’s data).
• California Age-Appropriate Design Code (CAADC): Ensures age-appropriate privacy protection for under-18 users.
• Colorado Privacy Act (CPA): Right to opt-out of targeted ads, data sharing, and profiling.
• Connecticut Data Privacy Act: Rights to access, deletion, and correction of personal data.
• Florida Digital Bill of Rights (FLDBOR): Right to access and delete personal data.
• Montana Consumer Data Privacy Act (MTCDPA): Transparency and user rights.
• Texas Data Privacy and Security Act: Rights to access and manage personal data.
• Utah Consumer Privacy Act (UCPA): Options to access, delete, opt-out of data sharing.
• Virginia Consumer Data Protection Act (VCDPA): Control over data (access, correction, deletion, opt-out).

16. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update as necessary to stay compliant with laws.

We may update this notice occasionally. The updated version will have an updated "Revised" date and be effective when accessible. We may post a notice or notify you directly if changes are material.

17. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments, email us at dpo@coverstar.app or write to:

18. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

You have the right to request access to the personal information we collect, change it, or delete it. To make such requests, please email us at: dpo@coverstar.app.