Privacy Policy

Druvance ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, platform, and services (collectively, the "Services").

We take your privacy seriously and have implemented measures to ensure your personal information is handled securely and in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

We collect several types of information from and about users of our Services:

**Personal Information:** - Name, email address, phone number, and company information - Billing and payment information - Account credentials and preferences - Communications with our support team

**Usage Information:** - Log data, including IP address, browser type, and access times - Device information and operating system - Pages visited and features used - Performance and error data

**Content Information:** - Website content and files uploaded to our platform - Configuration settings and customizations - User-generated content and comments

We use the information we collect for various purposes:

**To Provide and Maintain Services:** - Creating and managing your account - Processing payments and billing - Providing customer support - Sending service-related notifications

**To Improve Our Services:** - Analyzing usage patterns and trends - Developing new features and functionality - Personalizing your experience - Conducting research and analytics

**For Security and Compliance:** - Detecting and preventing fraud - Ensuring platform security - Complying with legal obligations - Enforcing our terms of service

We do not sell your personal information. We may share your information in the following circumstances:

**Service Providers:** We work with third-party vendors who provide services on our behalf, such as payment processing, data analytics, and customer support. These providers are contractually obligated to protect your information.

**Legal Requirements:** We may disclose your information if required by law, regulation, legal process, or governmental request.

**Business Transfers:** In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

**With Your Consent:** We may share your information with third parties when you have given us explicit permission to do so.

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but continuously work to enhance our protections.

Depending on your location, you may have certain rights regarding your personal information:

**Access and Portability:** You can request a copy of the personal information we hold about you.

**Correction:** You can request that we correct inaccurate or incomplete information.

**Deletion:** You can request that we delete your personal information, subject to certain legal exceptions.

**Restriction:** You can request that we limit how we use your information.

**Objection:** You can object to certain types of processing, such as direct marketing.

**Withdraw Consent:** Where we rely on consent, you can withdraw it at any time.

To exercise these rights, please contact us at privacy@druvance.com.

We use cookies and similar technologies to enhance your experience:

**Essential Cookies:** Required for the platform to function properly, such as authentication and security.

**Functional Cookies:** Enable personalized features and remember your preferences.

**Analytics Cookies:** Help us understand how users interact with our platform to improve our services.

**Marketing Cookies:** Used to deliver relevant advertisements and measure their effectiveness.

You can manage your cookie preferences through your browser settings or our cookie consent tool.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

The criteria used to determine retention periods include: - The duration of your relationship with us - Legal and regulatory requirements - Ongoing or potential legal proceedings - Security and fraud prevention needs

When we no longer need your information, we will securely delete or anonymize it.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer personal information outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as: - Standard Contractual Clauses approved by the European Commission - Adequacy decisions for certain countries - Binding Corporate Rules for intra-group transfers

Our Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification
• Displaying a notice in your account dashboard

The "Last Updated" date at the top of this policy indicates when it was last revised. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

**Email:** privacy@druvance.com

**Postal Address:** Druvance Privacy Team 123 Market Street, Suite 400 San Francisco, CA 94105 USA

**Data Protection Officer:** For EU residents, you can contact our Data Protection Officer at dpo@druvance.com

We will respond to your inquiry within 30 days.