Meltdown Monitor Privacy Policy

Privacy Policy

Version update: April 17, 2022

Mettasoft OÜ and/or its affiliates (hereinafter "Mettasoft", the "Company", "we", "us", and "our") respect your privacy and is committed to protecting it through its compliance with its privacy policies. This policy describes:

• the types of information that Mettasoft may collect from you when you access or use its websites, applications and other online services (collectively, referred as "Services"); and

• its practices for collecting, using, maintaining, protecting and disclosing that information.

This policy applies only to the information Mettasoft collects through its Services, in email, text and other electronic communications sent through or in connection with its Services.

This policy DOES NOT apply to information that you provide to, or that is collected by, any third-party, such as social networks that you use in connection with its Services. Mettasoft encourages you to consult directly with such third parties about their privacy practices.

Please read this policy carefully to understand Mettasoft policies and practices regarding your information and how Mettasoft will treat it. By accessing or using its Services and/or registering for an account with Mettasoft, you agree to this privacy policy and you are consenting to Mettasoft's collection, use, disclosure, retention, and protection of your personal information as described here. If you do not provide the information Mettasoft requires, Mettasoft may not be able to provide all its Services to you.

If you reside in a country within the European Union/European Economic Area (EAA), Mettasoft OÜ, company registration number 16270411, located at Sepapaja 6, 15551, Tallinn, Estonia, will be the controller of your personal data provided to, or collected by or for, or processed in connection with our Services;

Your data controller is responsible for the collection, use, disclosure, retention, and protection of your personal information in accordance with its privacy standards as well as any applicable national laws. Your data controller may transfer data to other members of Mettasoft as described in this Privacy Policy. Mettasoft may process and retain your personal information on the servers of its third parties (in or outside Estonia), having contractual relationships with Mettasoft.

This policy may change from time to time, your continued use of Mettasoft's Services after it makes any change is deemed to be acceptance of those changes, so please check the policy periodically for updates.

The information we collect and how we use it

Mettasoft collects several types of information from and about users of our Services, including:

• Your Personal Information("PI") - Personal Information is the information that can be associated with a specific person and could be used to identify that specific person whether from that data, or from the data and other information that we have, or is likely to have access to. We do not consider personal information to include information that has been made anonymous or aggregated so that it can no longer be used to identify a specific person, whether in combination with other information or otherwise.

• Information about your internet connection, the equipment you use to access our Services and your usage details.

We collect this information:

• directly from you when you provide it to us; and/or

• automatically as you navigate through our Services (information collected automatically may include usage details, IP addresses and information collected through cookies, web beacons and other tracking technologies).

Information you provide to us

The information we collect on or through our Services may include:

• Account information: Your email address.

• Your preferences: Your preferences and settings such as language.

• Heartrate data: The bracelet continously monitors heartrate. The heartrate data is stored on our servers, and used to detect and send alerts and show in app time series charts.

• Usage information: How long you used our Services and which features you used.

• We use the information you provide to us to enhance the functionality and improve the quality of our Services, and to personalize your experience while using our Services. We also use this information to provide support to you, communicate with you, and comply with our legal obligations.

Information we collect through automatic data collection technologies

We may automatically collect certain information about the computer or devices (including mobile devices) you use to access the Services, and about your use of the Services, even if you use the Services without registering or logging in.

• Usage information: Details of your use of our Services, including traffic data, location data, logs and other communication data and the resources that you access and use on or through our Services.

• Computer and device information: Information about your computer, Internet connection and mobile device, including your IP address, operating systems, platforms, browser type, other browsing information (connection, speed, connection type etc.), device type, device's unique device identifier, mobile network information and the device's telephone number.

• Last URL visited: The URL of the last web page you visited before visiting our websites.

• Your preferences: Your preferences and settings such as time zone and language.

• Your activity on the Services: Information about your activity on the Services, such as pages viewed and the order of those pages, how long you visited our Services, the date and time you used the Services, error logs, and other similar information.

• Mobile status: For mobile application users, the online or offline status of your application.

Cookies and Other Electronic Tools

We, and third parties with whom we partner, may use cookies, pixel tags, web beacons, mobile device IDs and similar files or technologies to collect and store information in respect to your use of the Services and third-party websites. A cookie is a small text file that is stored on your computer that enables us to recognize you (for example, as a registered user) when you visit our website, store your preferences and settings, enhance your experience by delivering content and advertising specific to your interests, perform research and analytics, track your use of our Services, and assist with security and administrative functions. Cookies may be persistent or stored only during an individual session. To understand more about cookies, click here https://www.aboutcookies.org. A pixel tag (also called a web beacon or clear GIF) is a tiny graphic with a unique identifier, embedded invisibly on a webpage (or an online ad or email), and is used to count or track things like activity on a webpage or ad impressions or clicks, as well as to access cookies stored on users' computers. Mettasoft uses pixel tags to measure the popularity of our various pages, features and services. We also may include web beacons in e-mail messages or newsletters to determine whether the message has been opened and for other analytics.

Most browsers are set to automatically allow cookies. Please note it may be possible to disable some (but not all) cookies through your device or browser settings but doing so may interfere with certain functionality on the Services. Major browsers provide users with various options when it comes to cookies. Users can usually set their browsers to block all third-party cookies (which are those set by third-party companies collecting information on websites operated by other companies), block all cookies (including first-party cookies such as the ones Mettasoft uses to collect search activity information about its users), or block specific cookies. To modify your cookie settings, please visit your browser's help settings. You will need to opt out on each browser and each device you use to access the Services. By using our Services with your browser set to accept cookies you are consenting to our use of cookies in the manner described in this section.

Third parties whose products or services are accessible or advertised through the Services, including social media services, may also use cookies or similar tools, and we advise you to check their privacy policies for information about their cookies and other practices. We do not control the practices of such partners and their privacy policies govern their interactions with you.

Anonymous or De-Identified Data

We may anonymize and/or de-identify information collected from you through the Services or via other means, including via the use of third-party web analytic tools as described below. As a result, our use and disclosure of aggregated and/or de-identified information is not restricted by this Privacy Policy, and it may be used and disclosed to others without limitation.

How we use the information we collect

We use the information we collect from and about you for a variety of purposes, including to:

• Process and respond to your queries.

• Understand our users (what they do on our Services, what features they like, how they use them, etc.) and improve the features of our Services.

• Administer our Services and diagnose technical problems.

• Send you communications that you have requested or that may be of interest to you by way of emails.

• Generate and review reports and data about, and to conduct research on, our user base and Service usage patterns.

• Provide you with customer support.

• Provide you with policies about your account.

• Notify you about changes to our Services.

• In any other way we may describe when you provide the information.

• For any other purpose with your consent.

We may also use your information to contact you about our own and third-party goods and services that may be of interest to you. If you do not want us to use your information in this way, please check the relevant box located on the form on which we collect your data and/or adjust your user preferences in your account profile.

How we share the information we collect

We may disclose personal information that we collect, or you provide, as described in this privacy policy, in the following ways:

General Information Disclosures

• To our subsidiaries and affiliates, which are entities under common ownership or control of our ultimate parent company Mettasoft OÜ.

• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Mettasoft's assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by Mettasoft about the users of our Services are among the assets transferred.

• To fulfil the purpose for which you provide it.

• or any other purpose disclosed by us when you provide the information.

• Service Providers. Some of our products, services and databases are hosted by third party hosting services providers. We may share information about you with these vendors only to enable them to perform their services.

• Legal Purposes. We may share your information when we believe in good faith that such sharing is reasonably necessary in order to investigate, prevent, or act regarding possible illegal activities or to comply with legal process. We may also share your information to investigate and address threats or potential threats to the physical safety of any person, to investigate and address violations of this Privacy Policy or the Terms of Service, or to investigate and address violations of the rights of third parties and/or to protect the rights, property and safety of Mettasoft, our employees, users, or the public. This may involve the sharing of your information with law enforcement, government agencies, courts, and/or other organizations on account of legal request such as subpoena, court order or government demand to comply with the law.

• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Mettasoft, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

• Consent. We may share your information in any other circumstances where we have your consent.

Analytics and tailored advertising

To help us better understand your use of the Services, we may use third-party web analytics on our Services, such as Google Analytics or others. These service providers use the sort of technology described in the "Automatically-Collected Information" Section above. The information collected by this technology will be disclosed to or collected directly by these service providers, who use the information to evaluate our users' use of the Services. We also use Google Analytics as described in the following section. To prevent Google Analytics from collecting or using your information, you may install the Google Analytics Opt-Out Browser add-on.

Use of Google Signals

We have activated Google Signals in our Google Analytics, which provides us with additional information about users that have turned on Ads Personalization. This feature allows Google to collect and provide us with data about our users' cross-device behavior (for example, visits from a smartphone and later from a desktop). Google Signals also provides us with reports about users' interactions with our site based on different demographic groups and interests.

The data collected by Google Signals does not personally identify individual users. It is aggregated and anonymized. However, it's based on Google users who have turned on Ads Personalization. If you have turned this on, Google uses this data to give us insights into users' cross-device behavior and other user metrics.

Opting Out: If you wish to prevent your data from being used by Google Signals, you can turn off Ads Personalization in your Google Account settings. This will not only opt you out of Google Signals but also personalized ad experiences across Google services.

Choices about how we use and disclose your information

We strive to provide you with choices regarding the personal information you provide to us. You can set your browser or mobile device to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of our Services may then be inaccessible or not function properly. We do not share your personal information with any advertising agency.

Communication choices

When you sign up for an account, you are opting in to receive emails or from Mettasoft. You can log in to manage your email preferences and follow the "unsubscribe" instructions in commercial email messages but note that you cannot opt out of receiving certain administrative policy, service policy, or legal policy from Mettasoft.

Reviewing, changing or deleting information

If you would like to review, change or delete personal information we have collected from you, or permanently delete your account, please send an email with your request to Mettasoft Data Protection Officer (DPO) at privacy@mettasoft.org.

Security: How we protect your information

We have implemented appropriate physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access to your information and to maintain data security. These safeguards consider the sensitivity of the information that we collect, process and store and the current state of technology. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. The third-party service providers with respect to payment gateway and payment processing are all validated as compliant with the payment card industry standard (generally referred to as PCI compliant service providers).

We assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third-party access, or other causes beyond our control. You play an important role in keeping your personal information secure. You should not share your password, or other security information for your account with anyone. If we receive instructions using your password, we will consider that you have authorized the instructions.

EU privacy/data protection rights

EU General Data Protection Regulation (GDPR) has provided the below rights to the EU residents:

• Right to information, including contact details to the DPO, the purposes for processing Personal Information and the rights of the individual

• Right to access the Personal Information that are processed

• Right to erasure (”Right to be forgotten”)

• Right to rectification

• Right to restriction of processing

• Right to data portability of the Personal Information supplied to Mettasoft by the EU resident

• Right to object (opt-out) to processing (unless Mettasoft otherwise has compelling legitimate grounds)

EU residents can exercise these rights by raising a request directly at privacy@mettasoft.org .

Changes to this privacy policy

We reserve the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and use practices, the features of our services, or advances in technology. Please check this page periodically for changes. Use of information we collect is subject to the Privacy Policy in effect at the time such information is used. If we make any material changes to this Privacy Policy, we will post the changes here. Please review the changes carefully. Your continued use of the Services following the posting of changes to this Privacy Policy will constitute your consent and acceptance of those changes.

Contact us

If you have any queries relating to the processing/ usage of information provided by you or Mettasoft's Privacy Policy, you may email the Data Protection Officer (DPO) at privacy@mettasoft.org.

Mettasoft OÜ

Sepapaja 6

15551, Tallinn, Estonia