ThirdEar AI Privacy Policy

Effective Date: July 15, 2024

1. Introduction

Welcome to ThirdEar AI, Inc. ("ThirdEar AI," "we," "us," or "our"). We are committed to protecting your privacy and safeguarding your personal information. This Privacy Policy outlines our practices regarding the collection, use, disclosure, and protection of personal information when you use our website (www.thirdear.ai), mobile applications (including our iPhone app), Chrome extension, and any other products or services offered by ThirdEar AI (collectively, the "Services").

ThirdEar AI, Inc. is a Delaware C Corporation with its principal place of business located at 745 Waverley St, Palo Alto, CA 94301, United States.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, you must not use our Services.

2. Key Terms

  • "Personal Information": Any information relating to an identified or identifiable individual.

  • "Processing": Any operation or set of operations performed on Personal Information, whether or not by automated means.

  • "Data Controller": The entity that determines the purposes and means of processing Personal Information.

  • "Data Processor": The entity that processes Personal Information on behalf of the Data Controller.

  • "User," "you," and "your": Individuals who use our Services.

  • "Sensitive Personal Information": Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, data concerning a person's sex life or sexual orientation, or data relating to criminal convictions and offenses.

3. Information We Collect

3.1 Information You Provide to Us

Account Information:

When you create an account, we collect information such as your name, email address, phone number, username, and password. We may also collect optional information such as your date of birth, gender, and profile picture.

Profile Information:

You may choose to provide additional information for your user profile, such as job title, company name, industry, professional background, education, and social media profiles.

Payment Information:

If you make a purchase or subscribe to our paid services, we collect payment card details and billing information. This information is processed by our third-party payment processors and is not stored directly on our servers.

User Content:

We collect and store the content you create, upload, or receive from others when using our Services, including:

  • Audio Recordings: Our app records ambient conversations around you to provide AI-driven summaries and proactive information.

  • Transcripts: Transcriptions of audio recordings.

  • Notes and Annotations: Any notes or comments you add.

  • Documents and Files: Any files you upload to our Services.

  • Messages and Communications: Communications within our Services.

  • Google Calendar Data: With your explicit consent, we access your Google Calendar data, including event titles, descriptions, dates, times, attendees, and other related information, to personalize your experience.

Communication Information:

If you contact us directly, we may receive additional information such as your name, email address, phone number, and the contents of any message or attachments you send.

Survey Responses:

We may collect your responses to surveys for research, product development, or marketing purposes.

Job Application Information:

If you apply for a job with us, we collect information you provide in your application.

Feedback and Reviews:

If you provide feedback or leave a review, we collect that information along with any additional information you provide.

Marketing and Communications Preferences:

We collect your preferences for receiving marketing communications from us and our third-party partners.

3.2 Information We Collect Automatically

When you use our Services, we automatically collect certain information, including:

Device Information:

Information about the devices you use to access our Services.

Log Data:

Our servers automatically record information such as IP address, browser type, operating system, and usage patterns.

Location Information:

We may collect information about your actual or approximate location.

Usage Data:

Information about how you use our Services, including interactions with features and content.

Cookies and Similar Technologies:

We use cookies and similar technologies to collect information about your browsing activities.

Error Reports and Performance Data:

We collect data about errors or crashes that occur while you're using our Services.

3.3 Information We Receive from Third Parties

Third-Party Services:

If you choose to link our Services to a third-party account (such as Google), we may receive information from that service. Specifically, with your explicit consent, we access your Google Calendar data to enhance your experience.

Partners and Affiliates:

We may receive information about you from our business partners and affiliates.

Public Sources:

We may collect information about you from publicly available sources.

Advertisers and Ad Networks:

We may receive information from advertisers and ad networks about your interactions with their advertisements.

Data Providers:

We may acquire additional information about you from third-party data providers.

Referrals:

If someone refers you to our Services, we may receive information about you from that person.

4. How We Use Your Information

4.1 Providing and Improving Our Services

  • Personalization with Google Calendar Data:
    We use your Google Calendar data to personalize your experience by providing AI-driven scheduling suggestions, reminders, and event recommendations that align with your preferences and availability.

  • Audio Analysis and Summarization:
    Our app records ambient conversations (with your consent) to provide summaries and proactive information through our AI assistant.

  • Service Delivery:
    To provide, operate, maintain, improve, and promote our Services.

  • Development of New Features:
    To develop new products, services, features, and functionality.

  • Transaction Processing:
    To process and complete transactions and send you related information.

  • Communication:
    To send transactional messages, respond to your comments, and provide customer support.

  • Analytics:
    To monitor and analyze trends, usage, and activities to better understand how users access and use our Services.

  • Security:
    To investigate and prevent fraudulent transactions, unauthorized access, and other illegal activities.

4.2 Research and Development

  • AI Model Improvement:
    To create de-identified and/or aggregated data sets used to improve our AI models and algorithms.

  • Feature Testing:
    To test, analyze, and research new features and functionality.

  • User Research:
    To conduct surveys and other research activities to better understand our users.

4.3 Marketing and Advertising

  • Communications:
    To send you marketing and promotional communications in accordance with your preferences.

  • Personalized Advertising:
    We do not use your Google Calendar data or recorded audio for advertising purposes.

4.4 Legal and Safety

  • Compliance:
    To comply with legal obligations and respond to lawful requests.

  • Enforcement:
    To enforce our Terms of Service and other legal terms and policies.

  • Protection:
    To protect our rights, privacy, safety, or property, and that of our affiliates, you, or others.

4.5 Other Purposes

  • Consent-Based Uses:
    With your consent or at your direction.

  • Disclosed Purposes:
    For any other purpose disclosed by us when you provide the information.

5. Legal Bases for Processing (for EEA and UK Users)

We process your personal information based on the following legal grounds:

  • Performance of a Contract:
    Processing is necessary to provide you with our Services.

  • Legitimate Interests:
    Processing is based on our legitimate interests, which are not overridden by your rights.

  • Consent:
    We rely on your consent to process certain personal information, such as accessing your Google Calendar data and recording ambient conversations.

  • Legal Obligation:
    Processing is necessary to comply with legal obligations.

6. How We Share Your Information

6.1 With Service Providers and Business Partners

We may share your information with third-party service providers who perform services on our behalf, such as:

  • Cloud Storage Providers

  • Data Analytics Providers

  • Customer Support Services

  • Payment Processors

  • Security and Fraud Prevention Services

Note: We do not share your Google Calendar data or recorded audio with third parties except as necessary to provide our Services, comply with legal obligations, or as outlined in this policy.

6.2 With Affiliates

We may share your information with our affiliates, who are required to honor this Privacy Policy.

6.3 For Business Transfers

In the event of a merger, sale, or transfer of assets, your personal information may be transferred.

6.4 With Your Consent

We may share your personal information when we have your explicit consent.

6.5 For Legal Reasons

We may disclose your information to comply with legal obligations or protect the rights, property, or safety of ThirdEar AI, our users, or others.

6.6 In Aggregated or De-identified Form

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy.

  • Account Information:
    Retained as long as your account is active and for a reasonable period thereafter.

  • User Content (Including Google Calendar Data and Audio Recordings):
    Retained as long as you maintain your account unless you delete such content or request its deletion. After account deletion, we may retain this content for a reasonable period for backup or legal purposes.

  • Usage Data:
    Retained typically no more than 14 months unless necessary for security or legal obligations.

  • Marketing Information:
    Retained until you opt-out or withdraw consent.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption:
    We use industry-standard AES-256 encryption for data at rest and TLS 1.3 for data in transit. Google Calendar data and audio recordings are encrypted both in transit and at rest.

  • Access Controls:
    Access to personal information, including Google Calendar data and audio recordings, is restricted to authorized personnel who require it to provide our Services.

  • Regular Security Audits

  • Employee Training

  • Incident Response Plan

  • Physical Security

  • Third-Party Assessments

9. Your Rights and Choices

9.1 Access and Portability

You have the right to request access to the personal information we hold about you.

9.2 Correction

You have the right to request that we correct any inaccurate personal information.

9.3 Deletion

You have the right to request that we delete your personal information, including Google Calendar data and audio recordings.

9.4 Restriction

You have the right to request that we restrict the processing of your personal information.

9.5 Objection

You have the right to object to our processing of your personal information.

9.6 Withdraw Consent

You can withdraw your consent for us to access your Google Calendar data and record ambient conversations at any time.

9.7 Data Processing Opt-Out

You may opt-out of certain data processing activities.

9.8 Do Not Track

Our Services do not currently respond to "Do Not Track" signals.

9.9 Right to Lodge a Complaint

If you are in the EU, you have the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, please contact us at privacy@thirdear.ai.

10. Data Transfers

We process and store information in the United States and other countries. We implement appropriate safeguards for international data transfers, such as:

  • Standard Contractual Clauses (SCCs)

  • Binding Corporate Rules (BCRs)

  • Data Processing Agreements (DPAs)

  • Technical Measures: Including encryption and pseudonymization.

By using our Services, you consent to the transfer of your personal information to countries outside of your country of residence.

11. Children's Privacy

Our Services are not directed to children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Effective Date" at the top of this Privacy Policy and, where appropriate, provide additional notice.

13. Third-Party Links and Services

Our Services may contain links to third-party websites and services. We are not responsible for their content or privacy practices.

14. California Privacy Rights

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know, delete, correct, opt-out, and limit the use of sensitive personal information.

To exercise your California privacy rights, please contact us at manohar@thirdear.ai or call +1 (341) 204-2230.

15. Automated Decision Making

We may use automated decision-making in operating our Services. When we do so, we implement suitable measures to safeguard your rights, including:

  • Information Provision:
    Explaining the logic involved in the automated decision.

  • User Control:
    Allowing you to express your point of view, request human intervention, or contest the decision.

16. Sensitive Personal Information

We do not intentionally collect or process sensitive personal information without your explicit consent, unless permitted by applicable law.

17. Consent and Age Restrictions

You must be at least 18 years old to use our Services. By using our Services, you represent that you are at least 18 years old.

18. Compliance with Global Privacy Regulations

This Privacy Policy is designed to comply with various global privacy regulations, including:

  • General Data Protection Regulation (GDPR)

  • California Consumer Privacy Act (CCPA)

  • Personal Information Protection and Electronic Documents Act (PIPEDA)

  • Privacy Act 1988 in Australia

  • Protection of Personal Information Act (POPIA) in South Africa

19. Accountability and Governance

We have implemented a comprehensive privacy governance framework, including:

  • Privacy Office Led by Our Data Protection Officer

  • Regular Privacy Impact Assessments (PIAs)

  • Employee Training

  • Internal Audits

  • Data Protection Steering Committee

20. Data Protection Officer

Name: Manohar Devarapalli

Email: manohar@thirdear.ai

Phone: +1 (341) 204-2230

21. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

ThirdEar AI, Inc.

745 Waverley St.

Palo Alto, CA 94301

United States

Email: team@thirdear.ai

Phone: +1 (341) 204-2230

For users in the European Union, you have the right to lodge a complaint with your local data protection authority.

By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms.

Additional Disclosures for Google API Services

To comply with Google's API Services User Data Policy and Google's verification requirements, we provide the following additional disclosures:

Access and Use of Google Calendar Data

  • Scope of Access:
    With your explicit consent, we access your Google Calendar data, including event titles, descriptions, dates, times, attendees, and other related information.

  • Purpose of Access:
    We use your Google Calendar data to:

    • Provide AI-driven scheduling suggestions.

    • Offer reminders and proactive information.

    • Enhance your experience by integrating calendar events with our AI assistant's functionalities.

  • Limited Use:
    In compliance with Google's Limited Use requirements, we use your Google Calendar data solely to provide or improve user-facing features that are prominent in our app's user interface. We do not use this data for any other purposes such as advertising or data resale.

Data Storage and Security Specific to Google Data

  • Encryption and Storage:
    Google Calendar data is encrypted both in transit and at rest using industry-standard encryption protocols. Access to this data is restricted to authorized personnel who require it to provide our Services.

  • Data Sharing:
    We do not share your Google Calendar data with any third parties except as necessary to provide our Services, comply with legal obligations, or as outlined in this policy.

User Consent and Control

  • Consent Mechanism:
    You will be prompted to grant permission for us to access your Google Calendar data during the account setup process via Google's OAuth 2.0 consent screen.

  • Revoking Access:
    You can revoke our access to your Google Calendar data at any time through your Google account settings at myaccount.google.com/permissions.

In-Product Privacy Notifications

  • Transparency:
    Within our app, we provide clear notifications explaining how your Google Calendar data is used to enhance your experience.

  • User Control:
    You can manage your preferences regarding the use of your Google Calendar data within the app settings.

Compliance with Google's Policies

  • Limited Use Compliance:
    We adhere to Google's Limited Use requirements by ensuring that your Google Calendar data is only used to provide or improve user-facing features within our app.

  • No Human Reading:
    Our systems are designed to process your Google Calendar data without human intervention unless necessary for security purposes or as required by law.

  • Data Transfer:
    We do not transfer or sell your Google Calendar data to third parties.

Updates and Notifications

We will notify you of any significant changes to this Privacy Policy through our Services or via email.

By providing this comprehensive Privacy Policy, we aim to be transparent about our data practices and ensure compliance with all applicable laws and third-party requirements, including Google's API Services User Data Policy.