Interpretation and Definitions

Affiliate: An entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of shares, equity interest, or other securities entitled to vote for directors or other managing authority.

‍
Application: Browser extension provided by Company downloaded on any electronic device, known as the Typewise Browser Extension.

‍
Business (CCPA): Company, as the legal entity that controls the collection, processing, or disclosure of consumers’ personal information, does business in the State of California.

‍
Company (referred to as “we”, “us”, or “our”): Typewise AG, Buckhauserstrasse 36, 8048 Zürich, Switzerland. For GDPR purposes, Company is the Data Controller.

‍
Consumer (CCPA): A natural person who is a California resident, as defined by law.

‍
Country: Switzerland.

‍
Data Controller (GDPR): Company, as the legal person that alone or jointly determines the purposes and means of processing Personal Data.

‍
Device: Any device capable of accessing the Application or Website, such as a computer, cellphone, or digital tablet.

‍
Do Not Track (DNT): A US regulatory concept by the FTC, enabling internet users to control tracking of their online activities across websites.

‍
Employer/Organization: The entity that provides access to the Application for its employees or members, such as a company or other organization, and may specify data processing preferences for the Application.

‍
Personal Data: Information that relates to an identified or identifiable individual. Under GDPR, this includes details such as your name, identification number, location data, or factors specific to your identity. Under CCPA, this refers to information that identifies or could reasonably be linked to you.

‍
Sale (CCPA): Selling, renting, releasing, disclosing, making available, or otherwise communicating a Consumer’s Personal Information to another business or third party for monetary or valuable consideration.

‍
Service: The Application or Website, or both.

‍
Service Provider: A natural or legal person that processes data on behalf of Company, also known as a Data Processor under GDPR. Service Providers may include third-party companies employed by Company to facilitate the Service, perform related functions, or support analysis and improvements of the Application.

‍
Usage Data: Data collected automatically, generated by using the Service or its infrastructure (e.g., feature usage frequency).

‍
You: The individual accessing or using the Service, or the company or other legal entity on behalf of which the Service is accessed. Under GDPR, you may be referred to as the Data Subject.

Collecting and Using Your Personal Data

Types of Data Collected

While using the Application, we collect the following types of data:

1. Login Information: This includes data such as username and email, collected for authentication purposes.
2. Usage Data: Anonymized data automatically generated from using the Application, which may include feature usage frequency or interactions with specific features.

Use of Usage Data

Login Information is used strictly for authentication purposes.

Usage Data is used solely to provide, maintain, and improve our Application by monitoring usage trends and feature performance.

We do not share or disclose Usage Data with any third party except for Service Providers, such as data hosting providers or email delivery services. These companies may use your personal information only as needed to provide their services to us.

Service Providers

To support the Application, we work with the following Service Providers:

1. Amazon Web Services (AWS) and Microsoft Azure: Used for data hosting.
2. Loops: Used to send emails to users of the Application, such as account notifications and updates.

Data Processing Location

Data is processed on servers located in Switzerland, the European Union, or the United States, depending on the data transfer preferences specified by your Employer/Organization.

Retention of Data

We retain Data only for as long as necessary for the purposes outlined in this Privacy Policy. Typically, Data is stored for the duration of the agreement with your Employer/Organization and is erased within 30 days of the agreement’s termination, unless required for security improvements or to fulfill legal obligations.

Transfer of Data

Your information, including Personal Data, may be transferred to and maintained on computers located outside your jurisdiction, depending on the data transfer preferences set by your Employer/Organization, where data protection laws may differ. Transfers to third countries comply with GDPR through Standard Contractual Clauses (SCCs) or similar adequacy mechanisms. For transfers to the United States, we follow the EU-US Data Privacy Framework where applicable.

We ensure reasonable steps are taken to protect your data in accordance with this Privacy Policy.

Disclosure of Data

Legal Requirements

If we are involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. Notice will be provided before any data transfer under a new Privacy Policy.

Law enforcement

We may disclose your Personal Data if required by law, or to:

• Protect and defend our rights or property
• Prevent or investigate wrongdoing
• Protect user or public safety
• Protect against legal liability
• Comply with legal obligations

Security of Data

Personal Data is encrypted in transit and at rest. While we use commercially acceptable means to protect Personal Data, please note that no transmission or storage method is completely secure.

GDPR Privacy

Legal Basis for Processing

We process Personal Data under conditions such as:

• Consent: You consent to specific uses of your Personal Data.
• Performance of a Contract: Processing is necessary for contract performance.
• Legal Obligations: Compliance with legal obligations.
• Vital Interests: Protecting your vital interests or those of another person.
• Legitimate Interests: Necessary for our legitimate interests, such as improving the Application.

Your Rights under the GDPR

We respect your GDPR rights, including:

• Right to access, update, and delete your Personal Data.
• Right to correct incomplete or inaccurate information.
• Right to object to processing based on legitimate interests or for direct marketing.
• Right to erasure of Personal Data where no valid reason for retention exists.
• Right to data portability for transferring your Personal Data to another entity.
• Right to withdraw consent.

CCPA Privacy

Your Rights under the CCPA

If you are a California resident, you have the following rights under the CCPA:

• Notice of Personal Data collected and its purposes.
• Access to your data collected over the past 12 months and the right to request its deletion.
• Opt-Out of Sale: You can request that we do not sell your personal information
• Non-Discrimination for exercising these rights.

Requests may be submitted through our “Do Not Sell My Personal Information” page or by contacting us.

Do Not Sell My Personal Information

We do not sell personal information.

Children’s Privacy

Our Application is not intended for children under 13. We do not knowingly collect data from children under 13, in compliance with the Children’s Online Privacy Protection Act (COPPA) in the US.

Links to Other Websites

Our Application may contain links to other websites not operated by us. We advise reviewing the Privacy Policy of each website you visit, as we do not control their content or practices.

Changes to this Privacy Policy

We may update our Privacy Policy periodically. Changes will be posted on our website, with the updated date at the top. For significant changes, we will notify you via email and/or a prominent notice on the Application.

Contact Us

If you have any questions about this Privacy Policy, You can contact us: info@typewise.app

‍