Privacy Policy

We at SnackSafe Inc. ("SnackSafe,""SnackSmart,""we,""our," or "us") respect your privacy.

This policy describes how we collect, use, disclose, and otherwise process personal information when you visit or use our website (located athttps://SnackSmart.ai) (the"Website"), the "SnackSmart" mobile application (the"App", or our services made available through our web-platform (at https://SnackSmart.ai) (the "Web-Platform") (the Website, App, and Web-Platform collectively, the "Services"), or if you otherwise provide us with personal information.

This Privacy Policy also describes your choices and rights, including rights available under certain U.S. state privacy laws (including, where applicable, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA") and, where applicable, the EU/UK General Data Protection Regulation ("GDPR").

We are located at 251 Little Falls Drive, Wilmington, DE, 19808, USA.

Our Web-Platform and App serve as educational, informational and decision-support tools to help users analyze and understand food and beverage ingredients and nutrition information and apply user-selected dietary preferences and restrictions. You can use our Web-Platform and App to manage or access information you upload and all information you choose to associate with it. Please note that while parts of the processes of our Services may be partly automated (including through artificial intelligence-enabled features), our Services are not used for automated decision-making that produces legal or similarly significant effects; rather, they are intended to augment users' and, where applicable, authorized third parties' decision- making processes.

For more information about how the Services generate Outputs and important limitations of automated processing, please review the "Artificial Intelligence" and related sections of our Terms of Service.

Our customers and partners may also include, without limitation, dietary professionals (such as registered dietitians), and other organizations or individuals that make our Services available to you (collectively, "Partners").

This Privacy Policy does not apply to health information that is provided to, collected by, or processed by third parties (including any dietary professionals or health care providers) outside of the Services, or to information that is subject to a separate agreement or notice provided by a Partner. To the extent the Company acts as a "business associate" (as defined byHIPAA) to a HIPAA-regulated covered entity (for example, where the Services are made available through, or on behalf of, a health care provider, health plan, or health care clearinghouse), the Company will process Protected Health Information ("PHI") in accordance with a business associate agreement ("BAA") with the applicable covered entity or business associate, as required by HIPAA. Otherwise, the Company is not a "covered entity" under

HIPAA, and information you provide directly through a consumer account will be handled in accordance with this Privacy Policy and applicable law.

This policy affects your legal rights and obligations so please read it carefully.

If you have any questions, please contact us at privacy@SnackSmart.ai or call us at +1-415-510-9335. You may also submit certain privacy requests through a request form made available in the Services (https://SnackSmart.ai/contact)

The Services are intended for a mixed audience and may be used by minors, including children under 13, only with the involvement, consent, and supervision of a parent or legal guardian (or another responsible adult authorized by the parent or legal guardian). Where we collect personal information from a child under 13, we will do so only with verifiable parental consent (or as otherwise permitted by the U.S. Children's Online Privacy Protection Act ("COPPA")). "Verifiable parental consent" means a parent or legal guardian provides consent using a method reasonably calculated to ensure that the person providing consent is the child's parent or legal guardian, consistent with COPPA and guidance from the U.S. Federal Trade Commission. In connection with seeking verifiable parental consent, we will provide parents or legal guardians with COPPA-required direct notice describing our information practices for children (including the categories of personal information we collect, how we use it, and the categories of third parties with whom we may share it). Parents and legal guardians may review, delete, and/or refuse further collection or use of their child's personal information as described in this Privacy Policy or by contacting us at privacy@SnackSmart.ai. We may require reasonable steps to verify the identity and authority of the requester before acting on a request.

Subject to verifiable parental consent (or another COPPA-permitted exception), we may collect from a child under 13 the same categories of personal information described in this Privacy Policy to provide and operate the Services, such as account identifiers and contact information (for example, a username and parent email address), device and usage information (for example, persistent identifiers and IP address), and information the child (or parent) chooses to provide through the Services (for example, dietary preferences, dietary restrictions, allergies, images, and related metadata). We use this information to provide the Services, maintain the child's account or profile, respond to requests, support security and fraud prevention, and comply with law. We do not require a child to provide more personal information than is reasonably necessary to participate in the features of the Services used by that child.

A parent or legal guardian may review or request deletion of their child's personal information, may withdraw consent, and may request that we stop further collection, use, and/or disclosure of the child's personal information by contacting us at privacy@SnackSmart.ai. To help protect children’s privacy and security, we may require reasonable steps to verify the identity and authority of the requester before acting on a request. In some cases, we may request additional information (for example, information related to the child's account) solely for purposes of verifying the request.

We retain children's personal information only for as long as reasonably necessary to fulfill the purposes for which it was collected (for example, to provide the Services, maintain the child's profile, support safety and security, and comply with legal obligations), unless a longer retention period is required or permitted by law.

We do not require a child to provide more personal information than is reasonably necessary to participate in the features of the Services used by that child.

Sensitive Personal Information (U.S. State Privacy Laws). Certain information we may collect or process may be considered "sensitive" under some U.S. state privacy laws, such as precise geolocation (if collected), account log-in credentials, and information about a consumer's health (which may include dietary preferences, dietary restrictions, and allergy-related information, depending on context and law). We use sensitive personal information only for purposes described in this Privacy Policy, and not for inferring characteristics or for targeted advertising. Where required by law, we provide additional notices and choices, including obtaining consent where required.

When you browse through our website, subscribe to our newsletter, log-in to our Web- Platform or App (with or without a username and password), or otherwise use any of our Services, we may collect, process or store your personal information including, without limitation and where applicable, your name, phone number, mobile number, physical address, email address, company name, IP address, device info, and your browsing history. We may also collect information you choose to provide about dietary preferences, dietary restrictions, allergies, or similar nutrition-related information in connection with your use of the Services. Please do not provide information you consider highly sensitive unless you choose to do so, and note that we use such information only for the purposes described in this Privacy Policy (for example, to provide the Services and generate Outputs) and not for targeted advertising. Where required by applicable law, we will obtain your consent (including, where applicable, verifiable parental consent) to process sensitive information.

While you may be requested to provide your demographic information too, please note that providing such information will always be voluntary and your refusal to provide such information, shall not negatively impact your Services in any way.

Personal information, however, does not include information that has been irreversibly anonymized or aggregated so that it can no longer enable anyone, whether in combination with other information or otherwise, to identify you.

All personal information that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this. Please keep in mind that you do not need to provide us with any personal information to use our Service. However, we may still automatically collect certain information as described below.

When you contact us by email, we may keep a record of the correspondence and we may also record any telephone call we have with you.

When you visit our Website, Web-Platform, WebApp, or Mobile App we, or third parties on our behalf ("Service Providers"), automatically collect and store information about your device and your activities. This information could include (a) your computer or other device's unique ID number; (b) technical information about your device such as type of device, web browser or operating system; (c) your preferences and settings such as time zone and language; and (d) statistical data about your browsing actions and patterns.

Platform Availability; Operating System Changes; No Cross-Platform Data Transfers

The Services are currently available only on Apple’s iOS operating system via the Apple App Store. If and when we make the Services available on other operating systems (including Android), the iOS version and the Android version may be offered as separate versions of the Services and may have different technical features, account structures, and billing flows.

If you start using the Services on iOS and later access the Services on Android (or if you start using the Services on Android and later access the Services on iOS), you may be required to log in again and affirmatively accept the then-current Terms of Service and Privacy Policy applicable to that version of the Services.

No Cross-Platform Data Portability

To the maximum extent permitted by applicable law, personal information and other data associated with one operating system version of the Services will not be transferred, ported, or made available on the other operating system version, including without limitation scans, images, Outputs, profiles, dietary preferences and restrictions, history, saved items, and account or subscription/payment-related information, except to the extent we expressly offer an export, transfer, synchronization, or portability feature in the Services (and then only in accordance with the applicable feature disclosures and your settings).

User Content and Inputs Used to Generate Outputs

When you use certain features of the Services, we may process the content you submit (including images and related metadata), as well as information derived from that content (for example, extracted text, identified ingredients, translations, and classifications), to operate, provide, maintain, and improve the Services, including to develop, train, and fine-tune our models and related systems (including artificial intelligence-enabled features). Where appropriate, we may use measures such as de-identification or pseudonymization and access controls designed to protect personal information used for these purposes. Where required by law, and in all cases for children under 13, we will obtain verifiable parental consent before using a child's personal information or content for model training or improvement purposes beyond providing and operating the Services.

We collect this information by using cookies in accordance with our Cookie Policy described below and we use the information we collect to improve our website, the services we provide, and for analytical and research purposes.

We may use third-party service providers to monitor, analyze, and support the use and performance of our Services (for example, analytics providers, crash reporting providers, communications providers, cloud hosting and infrastructure providers, and security providers). The list of specific vendors we use may change from time to time and will be updated in this Privacy Policy and/or made available to you in the Services, including where required by applicable law.

Analytics/Service Provider Vendor List (subject to change): - Google, Firebase (Firebase Firestore, Firebase Storage, Firebase Authentication, Firebase AI / Gemini, Apple, Google AI (Gemini Tools), OpenAI, Anthropic AI (NOTE: This list will be updated from time to time.)

The Services may use third-party analytics and similar tools to help us understand how users interact with the Services, improve the Services, and support security and fraud prevention. Depending on the vendor and configuration, these tools may collect information such as device identifiers, IP address, browser type, operating system, pages/screens viewed, interactions, and approximate location (derived from IP address). For details on the specific providers in use and how they process data, please review the vendor list referenced above once completed.

Where permitted by applicable law, we may use your personal information to send you marketing communications, which may include newsletters, product updates, surveys, and information about new products and services. Where required by law, we will obtain your consent before sending you marketing communications.

You can choose to no longer receive marketing communications by contacting us at privacy@SnackSmart.ai or clicking unsubscribe or "opt-out" from a marketing email.

If you unsubscribe from marketing communications, it may take up to five (5) business days for your preferences to take effect. We may retain limited information needed to honor your opt- out request and to comply with applicable law.

We will use your personal information in order to comply with our contractual obligations, to supply to you the services that you had purchased, where applicable, including to contact you with any information relating to the delivery of the services in accordance with any requests you make and that we agree to, and to deal with any requests, questions, comments or complaints you have with respect to the same, if any.

If you were directed to our Web-Platform or App by one of our Partners to open an account or receive a service, then we may process your personal information to provide the Services, including to generate informational Outputs related to food and beverage ingredients and nutrition information and user-selected dietary preferences and restrictions. Our Services may use algorithms and other analytical tools (including artificial intelligence-enabled features) to process your personal information and content you provide in order to generate Outputs, which may include potential dietary considerations or restrictions based on the information available. We may also use your content, prompts, inputs, and Outputs to improve the Services, including to develop, train, and fine-tune our models and related systems, unless prohibited by law. Where required by law, and in all cases for children under 13, we will obtain verifiable parental consent before using a child's personal information, content, prompts, inputs, or Outputs for model training or improvement purposes beyond providing and operating the Services.

We may also use your personal information for our legitimate interests, including dealing with any customer services you or our customers require, enforcing the terms of any other agreement between us, for regulatory and legal purposes, for audit purposes and to contact you about changes to this policy, if necessary.

State Privacy Disclosures and Rights (Where Applicable)

Depending on where you live and how you use the Services, you may have certain rights under applicable U.S. state privacy laws. These rights may include the right to (a) confirm whether we process your personal information and access it; (b) request deletion of your personal information; (c) correct inaccurate personal information; (d) obtain a copy of your personal information in a portable format; and (e) opt out of certain processing, such as targeted advertising, the sale of personal information, or certain profiling in furtherance of decisions that produce legal or similarly significant effects (to the extent applicable). You may submit a request by contacting us at privacy@SnackSmart.ai or through any request method made available in the Services. We may need to verify your identity before fulfilling your request. If you are submitting a request on behalf of another person (for example, as an authorized agent, where permitted by law), we may require proof of your authorization and verification of the individual's identity. If we deny your request, you may have the right to appeal our decision by replying to our response or contacting us at privacy@SnackSmart.ai with the subject line "Privacy Appeal." We will respond to appeals within the timeframe required by applicable law and, where required, we will provide information on how to contact the applicable state Attorney General (or other regulator) if you have concerns about the results of an appeal. We will not discriminate against you for exercising your privacy rights.

We do not sell your personal information for money. We also do not share your personal information for purposes of cross-context behavioral advertising (also known as targeted advertising), as those terms may be defined under applicable law. We will share your personal information with third parties only if and as permitted in this Privacy Policy.

CCPA/CPRA Disclosures (California Residents). The CCPA/CPRA requires specific disclosures about certain data practices. For purposes of the CCPA/CPRA, SnackSafe generally acts as a "business" with respect to personal information we collect and process for our own purposes. In some cases, a Partner may process personal information as an independent business for its own purposes, and the Partner's privacy notice applies to that processing.

Categories of Personal Information Collected (CCPA/CPRA). Depending on how you use the Services, we may collect the following categories of personal information (as defined by the CCPA/CPRA): (a) identifiers (such as name, email address, online identifiers, IP address, and account identifiers); (b) personal information described in Cal. Civ. Code 1798.80(e) (such as contact information and, if you make a purchase, billing details); (c) commercial information (such as subscription status and transaction-related information, if applicable); (d) internet or other electronic network activity information (such as usage and interaction data); (e) geolocation data (such as approximate location derived from IP address); (f) audio, electronic, visual, or similar information (such as images you upload and related metadata); (g) inferences drawn from personal information (such as inferences used to help generate Outputs based on preferences you select); and (h) sensitive personal information (which may include certain dietary preference, allergy, or restriction information depending on context).

Disclosures of Personal Information. We disclose personal information to the categories of recipients described in this Privacy Policy, including service providers, Partners (where applicable), and professional advisors, for the purposes described in this Privacy Policy.

Your California Rights (CCPA/CPRA). Subject to certain exceptions, California residents may have the right to know, access, delete, and correct personal information, and the right to opt out of the sale or sharing of personal information (if applicable) and to limit the use and disclosure of sensitive personal information (if applicable). We do not sell personal information for money and we do not share personal information for cross-context behavioral advertising. To submit a request, contact us at privacy@SnackSmart.ai or use the request method made available in the Services. We will verify your request as required by law. If you use an authorized agent, we may require proof of authorization and verification of identity. We will not discriminate against you for exercising your rights.

California “Shine the Light.” California Civil Code Section 1798.83 may allow California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes without providing you with a choice where required by law. To make such a request, contact us at privacy@SnackSmart.ai.

We may share your personal information with our customers and partners (collectively, "Partners") that make the Services available to you or integrate the Services into their own offerings. In those cases, the Partner may determine how and why your personal information is processed in connection with the Partner's services, and the Partner's privacy notice (and any separate agreement you have with the Partner) may apply to such processing.

We may also share personal information with our employees, service providers, sub- contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including marketing services providers (e.g., Google Analytics), email communication providers, IT service providers, accountants, auditors and lawyers. Where required by applicable law, we enter into appropriate contractual terms with service providers that process personal information on our behalf (for example, data processing terms and confidentiality and security obligations).

AI and OCR Service Providers

We may use third-party providers to support OCR, translation, image processing, and AI- enabled features (for example, cloud hosting providers and AI/OCR model or API providers). These providers process information on our behalf and in accordance with our instructions for the purposes described in this Privacy Policy. The specific providers used may change from time to time and, where applicable, will be identified in the vendor list section above and/or made available to you in the Services.

Under certain circumstances we may have to disclose your personal information under applicable laws and/or regulations, for example, as part of anti-money laundering processes or to protect a third party's rights, property or safety.

We may also share your personal information in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.

We may share personal information with our employees, consultants, and third-party service providers located in other countries for purposes described in this Privacy Policy, including to provide and support the Services. Where required by applicable law (including the GDPR), we will implement appropriate safeguards for cross-border transfers, such as entering into standard contractual clauses approved by the European Commission or relying on other lawful transfer mechanisms. You may request information about these safeguards by contacting us at privacy@SnackSmart.ai.

UK GDPR (United Kingdom). If you are located in the United Kingdom, our processing of your personal information is subject to the UK GDPR and the Data Protection Act 2018. Where we transfer personal information from the UK to a country that is not recognized as providing an adequate level of protection, we will implement appropriate safeguards, such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, as applicable.

For additional information on the legal basis for processing of personal information of European Economic Area (EEA) residents and the GDPR please follow this link.

EEA/UK Representative; Data Protection Officer. If required by applicable law, we will designate an EU/UK representative and/or a data protection officer and will provide the relevant contact details in this Privacy Policy or in the Services.

Our Services may send new registered users a welcoming email to verify password and username. After you register with our Services and have provided consent to receiving marketing emails, we may send you on a regular basis via email or push notification information on other services or products that we believe may be of interest to you. We give you the option at all times to unsubscribe or to opt-out from receiving these types of communications.

We may also send you notifications regarding updates to our Services and our services only if you have provided consent to receiving updates about our opportunities, services and products. We may also communicate with you to provide requested services and with respect to issues relating to your account via email or phone.

We shall process your personal information in a manner that ensures appropriate security of the personal information, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

All information you provide to us is stored on our secure servers. Where applicable, any payment transactions are encrypted using SSL technology. Where we have given, or you have chosen a password, you are responsible for keeping this password confidential.

You acknowledge, however, that no system can be completely secure. Therefore, although we take these steps to secure your personal information seriously, we do not and cannot promise that your personal information will always remain completely secure.

For additional security related information, please review our Security Policy.

Our Services may contain links to other sites. Once you have used these links to leave our Services, you should note that we do not have any control over that other site. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this policy. You should exercise caution and look at the privacy policy applicable to the site in question.

If you register with us, we shall retain your personal information until you close your account or until we no longer need it for the purposes described in this Privacy Policy. If you receive marketing communications from us, we shall retain your personal information until you opt- out of receiving such communications. We may retain certain information (including prompts, inputs, and Outputs) for a longer period where reasonably necessary to maintain, improve, and help protect the Services (including to develop, train, and fine-tune our models and related systems), including where such information has been de-identified or aggregated, or where retention is required or permitted by law. Where required by applicable law, we will retain personal information no longer than necessary for the purposes for which it is processed, and we apply criteria such as account status, the nature and sensitivity of the information, the purposes of processing, and our legal obligations.

If you have otherwise used our services or contacted us with a question or comment, we shall retain your personal information for at least six (6) months following completion of such service or contact in order to respond to any further queries you might have. Please keep in mind that you can always request that we suspend or remove your personal information at any time.

If any provision of this Privacy Policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.

Unless specifically stated otherwise herein, this Privacy Policy shall be governed by and construed in accordance with the laws specified in the Terms of Service, and any disputes relating to this Privacy Policy shall be handled in accordance with the dispute resolution, venue, and jurisdiction provisions in the Terms of Service, to the extent permitted by applicable law.

We may change the terms of this Privacy Policy from time to time. You are responsible for regularly reviewing this policy so that you are aware of any changes to it. If you continue to use our Services after the time we state the changes will take effect, you will have accepted the changes.

A cookie is a small text file containing a unique identification number that is transferred (through your browser) from a website to the hard drive of your computer.

The cookie identifies your browser but will not let a website know any personal information about you, such as your name and/or address. These files are then used by websites to identify when users revisit that website.

Our Services may use cookies so that we can recognize you when you return and personalize your settings and preferences. Most browsers are initially set up to accept cookies. You can change your browser settings to either notify you when you have received a cookie, or to refuse to accept cookies. Please note that our Services may not operate efficiently if you refuse to accept cookies.

We might use cookies from third-party partners such as analytics providers (for example, Google Analytics) to help us understand how users interact with the Services, improve the Services, and support security and fraud prevention. These cookies may collect information such as device identifiers, IP address, browser type, operating system, pages/screens viewed, interactions, and approximate location (derived from IP address). We do not use cookies to engage in targeted advertising (also known as cross-context behavioral advertising) based on your activity across non-SnackSafe websites, and we do not sell or share your personal information for such targeted advertising.

Cookie Choices; “Do Not Sell or Share” and Preference Signals. You may be able to control cookies through your browser settings and, where available, in-app controls. Where required by applicable law, we will honor opt-out preference signals (such as a browser-based opt-out preference signal) for the purposes required by law. Because we do not sell personal information for money or share it for cross-context behavioral advertising, we do not currently offer a "Do Not Sell or Share My Personal Information" link. If our practices change, we will update this Privacy Policy and implement required mechanisms.

In some cases, we use cookies or similar technologies for attribution and analytics, such as to understand whether a user came to our Website from a third-party website link or from an email campaign. We use this information to measure and improve our own campaigns and user experience. We do not share personal information or information about individual user activities with these partner entities for their own cross-site advertising purposes.

We may use cookies to limit certain types of cyber-attacks. We also use may cookies during fraud reviews and investigations. Some of our cookie/device tracking happens through third- party vendors, other times we use our own indexes to identify activity related to specific cookies.

Session Cookies are temporary cookies that remain in the cookie file of your browser until you leave our Website. Persistent Cookies, on the other hand, commonly remain in the cookie file of your browser for longer periods depending on the lifetime of the specific cookie. When we use session cookies to track the total number of visitors to our Website, for example, this is done on an anonymous aggregate basis.

We may use Google Analytics or similar analytics tools to monitor how the Services are used. These tools may collect information such as the number of visits, where visitors generally came from, how long they stayed, and which pages they visited, and they may use cookies or similar technologies to do so. You may be able to control cookies through your browser settings and other controls that may be made available in the Services.

If you reside within the European Economic Area (EEA), our processing of your personal information is subject to the General Data Protection Regulation (EU) 2016/679 ("GDPR"), notwithstanding anything to the contrary herein, and therefore will be legitimized as follows:

Right to Lodge a Complaint (EEA/UK). If you are located in the EEA, you have the right to lodge a complaint with your local supervisory authority. If you are located in the UK, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).

Whenever we require your consent for the processing of your personal information such processing will be justified pursuant to Article 6(1) lit. (a) of the GDPR.

If the processing of your personal information is necessary for the performance of a contract between you and us or for taking any pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b).

Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of GDPR Article 6(1) lit. (c), and where the processing is necessary for the purposes of our legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f).

Data Controller; Data Processor; Special Category Data (EEA/UK). For purposes of the GDPR and UK GDPR, SnackSafe generally acts as a "Data Processor" of personal information processed on behalf of our users who are the "Data Controllers" in connection with their consumer accounts and our operation of the Services.

Where we process information that may be considered "special category data" (such as information about allergies or dietary restrictions that may constitute data concerning health), we do so only if and when requested by the Data Controller and as permitted under applicable law and, where required, based on your explicit consent or another lawful basis under Article 9 of the GDPR/UK GDPR.

You have the right to obtain from us a copy of the personal information that we hold, and to require us to correct errors in the personal information if it is inaccurate or incomplete or to limit or object to its processing, partially or entirely. You also have the right at any time to require that we delete your personal information or transfer it to a third-party. You also have the right to withdraw consent at any time (where processing is based on consent). To exercise these rights, or any other rights you may have under applicable laws, please contact us at privacy@SnackSmart.ai.

Please note, however, that we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.

Additionally, such rights of rectification, objection, restriction, access, portability and deletion are subject to certain limitations, as provided for by applicable laws. Individual requests will be completed as soon as possible following their receipt and in any event within the timeframe required by applicable law.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

For more information on the GDPR, please refer to:

• https://eugdpr.org/
• https://gdpr.algolia.com/

At or before the time we collect personal information, California residents have the right to receive notice of: (a) the categories of personal information we collect, (b) the purposes for which we collect and use it, (c) whether we sell or share personal information (as those terms are defined under California law), and (d) how long we retain personal information. We provide these details in this Privacy Policy, including in the sections titled "Personal information that We Collect," "Why We Process Personal information," "Sharing Personal information," and "Retention." We do not sell personal information for money and we do not share personal information for cross-context behavioral advertising.

To the extent CalOPPA applies, we make the following disclosures:

• You may browse certain portions of the Website without creating an account. However, we (and our service providers) may still automatically collect certain information about your device and how you interact with the Services, such as IP address, device identifiers, browser type, operating system, and usage data, as described in this Privacy Policy.
• Our Privacy Policy link includes the word "Privacy" and can be found on the home page of our Website and in the App (where applicable).
• We will post any updates to this Privacy Policy on this page and update the "Last Updated" date at the top of this Privacy Policy. If we make material changes, we will provide additional notice as required by applicable law (for example, via the Services or by email).
• You may request changes, updates, corrections, or deletion of your personal information by contacting us at privacy@SnackSmart.ai. If you have an account, you may also be able to review and update certain information through your account settings within the Services.

Some browsers incorporate a "Do Not Track" ("DNT") feature that signals to websites that "DNT" you do not want to have your online activity tracked. Because there is not yet a common understanding of how to interpret DNT signals, we do not currently respond to DNT browser signals. We may allow third parties to use cookies or other technologies on the Services, as described in this Privacy Policy. We do not allow third parties to use cookies or other technologies on the Services for cross-context behavioral advertising (targeted advertising).

You can enable or disable DNT by visiting the Preferences or Settings page of your web browser. You can also manage cookies and similar technologies through your browser settings and other controls that may be made available in the Services. Where required by applicable law, we will honor applicable opt-out preference signals (such as a browser-based opt-out preference signal) for the purposes required by law (for example, a Global Privacy Control signal).