Effective Date: March 2026

This Privacy Policy applies to our websites, applications, services, and other offerings that link to this policy (collectively, the “Services”). It explains how Ficra Inc. (“Ficra,” “we,” “our,” or “us”) collects, uses, stores, and protects your personal data. Please review it carefully to understand your rights and our commitments regarding your information.

What this Privacy Policy Covers

To offer the Services, Ficra may collect Personal Data, including from its prospects and website visitors. By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you consent that we will collect, use, and share your information as described in this Privacy Policy.

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. “Personal Data” means any information that identifies or relates to a particular individual and includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules or regulations. This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage.

Personal Data

Categories of Personal Data We Collect

The Personal Data we collect depends on how you use the Services — for example, whether you provide third-party account credentials for our AI assistant to act on your behalf, request human assistance for a task, or simply browse our website. The chart below details the categories of Personal Data that we collect and have collected over the past 12 months. Not all categories apply to every user.

Category of Personal Data

Examples of Personal Data We Collect

Categories of Third Parties with Whom We Share this Personal Data

Identity and Profile Information

First and last name
Email address
Phone number
Mailing address
Date of birth (if required)
Other identity verification information reasonably requested

Service Providers
Parties You Authorize

Third-Party Account Credentials

Login credentials (e.g., usernames, passwords, authentication tokens) for third-party services and websites that you provide to enable our AI assistant to act on your behalf
OAuth tokens and session data
Account access permissions and scopes you authorize

Service Providers (infrastructure and security providers)
Third-Party Services (as necessary to perform tasks on your behalf)

Agent Activity Data

Records of actions taken by our AI assistant on your behalf, including websites visited, tasks performed, interactions with third-party services, screenshots and page content captured during task execution, and task instructions and outcomes

Service Providers
Human Review Personnel (when you request human assistance)

Purchase and Transaction Data

Order history
Items purchased
Payment method (last 4 digits only)
Billing and shipping address
Transaction amounts and dates

Service Providers
Payment Processors

Device IP/Data

Device ID
Domain server
Type of device/operating system/browser used to access the Services
Geolocation Data

Service Providers
Parties You Authorize

Web Analytics

Usage Statistics
Performance Metrics
User Behavior

Service Providers (e.g., Analytics Tool Providers)
Parties You Authorize

Cookies

Cookie ID
Cookie Types (e.g., Session, Persistent)

Service Providers
Content Delivery Networks

Customer Support Data

Support inquiries
Customer service communications
Feedback and reviews

Service Providers
Parties You Authorize

Social Media Data (if you connect third-party accounts)

Information from accounts you choose to connect (e.g., Facebook, Google, Apple)
Profile information, photos, or other data you authorize us to access
Authentication tokens and account identifiers

Service Providers
The social media platform (as necessary for the connection)
Parties You Authorize

Marketing Data

Lead Information
Information Related to Personal Campaigns
Engagement Metrics

Service Providers
Marketing Automation Platforms
Third-Party Advertising Partners

Identity Verification Data (if collected)

Government-issued identification documents (e.g., driver’s license, passport)
Verification status and results
Information extracted from ID documents for verification purposes

Service Providers (identity verification partners)
As required by law

Biometric Data (if collected)

Facial geometry data (e.g., for identity verification or photo features)
Voiceprints (if applicable)
Other biometric identifiers used to identify an individual

Service Providers (identity verification partners)
As required by law

Other Identifying Information that You Voluntarily Choose to Provide

Identifying information submitted by you in emails, messages, posts, survey responses or other content you share, post or upload to the Services

Service Providers
Parties You Authorize
Your Employer (If you submit a company email)

Categories of Sources of Personal Data

We collect Personal Data about you from the following categories of sources:

  • You

    • When you sign up for our Services or request more information.

    • When you provide such information directly to us.

    • When you create an account or use our Services.

    • When you make a purchase or complete a transaction.

    • When you participate in promotions, surveys, or contests.

    • When you voluntarily provide information in free-form text boxes through the Services.

    • When you send us an email or otherwise contact us.

    • When you use the Services and such information is collected automatically.

    • Through Cookies (defined in the “Cookies and Tracking Technologies” section below).

  • Agent-Mediated Collection

o   When our AI assistant performs tasks on your behalf, it may collect information from third-party websites and services you direct it to access, including page content, transaction confirmations, and account information visible during task execution.

  • Third Parties

    • Vendors: We may use analytics providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support.

    • Marketing Automation Platforms: We may share your Personal Data with marketing automation platforms that help us manage our marketing campaigns, customer engagement, and outreach.

How We Use Your Data

  • Providing, Customizing and Improving the Services

    • Creating and managing your account.

    • Processing orders; billing.

    • Providing you with the products, services or information you request.

    • Executing tasks on your behalf through our AI assistant, including browsing websites, interacting with third-party services, and completing transactions you authorize.

    • Using your third-party account credentials solely to access services and perform tasks at your direction.

    • Facilitating human-assisted review when you request or approve human involvement for a task.

    • Providing your service and product needs and preferences.

    • Meeting or fulfilling the reason you provided the information to us.

    • Providing support and assistance for the Services.

    • Improving our Services, including through research, analytics, and product development.

    • Personalizing the Services, website content and communications based on your preferences.

    • Doing fraud protection, security and debugging.

    • Carrying out other business purposes stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws.

  • Advertising and Marketing the Services

o   Advertising, marketing and selling the Services.

  • Corresponding with You

    • Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about Ficra or the Services.

    • Sending emails and other communications according to your preferences.

  • Meeting Legal Requirements and Enforcing Legal Terms

    • Fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.

    • Protecting the rights, property or safety of you, Ficra or another party.

    • Enforcing any agreements with you.

    • Responding to claims that any posting or other content violates third-party rights.

    • Resolving disputes.

If we collect additional categories of Personal Data or use your Personal Data for materially different purposes, we will update this Privacy Policy accordingly.

Legal Basis for Processing

If you are located in the European Economic Area (“EEA”), the United Kingdom, or Switzerland, we process your Personal Data based on the following legal grounds under applicable data protection law:

Purpose of Processing

Legal Basis

Categories of Data

Providing and maintaining the Services, including creating your account and enabling core features

Performance of our contract with you

Identity, Profile, Content, Purchase, Credentials, Agent Activity, Usage, Technical

Processing payments and transactions

Performance of our contract with you

Identity, Purchase, Payment

Responding to your inquiries and providing customer support

Performance of our contract with you; Legitimate interests (providing quality service)

Identity, Customer Support, Usage

Personalizing your experience and providing recommendations

Legitimate interests (improving user experience); Consent (where required for sensitive data)

Profile, Usage, Technical, Content

Ensuring safety, security, and fraud prevention

Legitimate interests (protecting our users and Services); Compliance with legal obligations

Identity, Agent Activity, Usage, Technical, Biometric (if applicable), ID Verification (if applicable)

Marketing and advertising our Services

Consent (for electronic marketing); Legitimate interests (promoting our Services)

Identity, Marketing, Usage, Technical

Complying with legal obligations

Compliance with legal obligations

All categories as required

Establishing, exercising, or defending legal claims

Legitimate interests (protecting our legal rights)

All categories as relevant to the claim

Where we rely on legitimate interests as a legal basis, we have balanced our interests against your fundamental rights and freedoms.

Where we rely on consent, you have the right to withdraw your consent at any time by contacting us or adjusting your settings. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

How We Share Your Personal Data

We disclose your Personal Data to the categories of service providers and other parties listed in this section. Depending on state laws that may be applicable to you, some of these disclosures may constitute a “sale” of your Personal Data. For more information, please refer to the state-specific sections below.

  • Service Providers. These parties help us provide the Services or perform business functions on our behalf. They include:

    • Hosting, technology and communication providers.

    • Security and fraud prevention consultants

    • Payment processors

    • Support and customer service vendors

  • Marketing and Advertising Partners. We may share your Personal Data with marketing and advertising partners that assist us in promoting our Services, delivering targeted advertisements, and analyzing campaign effectiveness.

  • AI Infrastructure Providers. We share data with third-party AI model providers and cloud infrastructure partners as necessary to power the AI features of our Services. These providers process your instructions, task data, and related content to generate responses and execute tasks.

  • Human Review Personnel. If you request or approve human assistance for a task, designated personnel may access task-related data, including screen content, instructions, and account information visible during the session.

  • Analytics Partners. These parties provide analytics on web traffic or usage of the Services. They include:

    • Companies that track how users found or were referred to the Services.

    • Companies that track how users interact with the Services.

  • Parties You Authorize, Access or Authenticate

Legal Obligations

We may share any Personal Data that we collect with third parties in conjunction with any of the activities set forth under “Meeting Legal Requirements and Enforcing Legal Terms” in the “How We Use Your Data” section above.

Government and Law Enforcement Requests

We may disclose Personal Data to government authorities or law enforcement officials in response to a valid legal process such as a subpoena, court order, or search warrant.

Business Transfers

All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).

Aggregated and Anonymous Data

We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.

Cookies and Tracking Technologies

The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser, tell us how and when you visit and use our Services, analyze trends, learn about our user base and operate and improve our Services. Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). Please note that the Services do not currently respond to browser-level “Do Not Track” (DNT) signals, as there is no industry-standard protocol for DNT. However, we do honor the Global Privacy Control (GPC) signal, which is a separate, legally recognized opt-out mechanism. For more information on GPC, see the “Opt-Out Preferences” section above.

We use the following types of Cookies:

  • Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.

  • Functional Cookies. Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

  • Performance/Analytical Cookies. Performance/Analytical Cookies allow us to understand how visitors use our Services. They do this by collecting information about the number of visitors to the Services, what pages visitors view on our Services and how long visitors are viewing pages on the Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns to help us improve our campaigns and the Services’ content for those who engage with our advertising.

You can decide whether to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and some of the Services and functionalities may not work.

To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies, please visit http://www.allaboutcookies.org/.

Opt-Out Preferences

You have choices about how we collect and use your data:

Marketing Communications

You can opt out of receiving marketing emails from us by clicking the “unsubscribe” link in any marketing email or by contacting us at support@ficra.ai. Even if you opt out of marketing emails, we may still send you transactional messages about your account or purchases.

Targeted Advertising

You can opt out of targeted advertising by:

·       Adjusting your preferences in your account settings

·       Using browser-based opt-out tools such as the Digital Advertising Alliance’s opt-out page at https://optout.aboutads.info/

·       Enabling the Global Privacy Control (GPC) signal in your browser, which we honor as a valid opt-out request

AI and Machine Learning

Ficra may use artificial intelligence and machine learning technologies to enhance our Services. This section explains how we use AI and how it relates to your data.

How We Use AI in Our Services

We may use AI and machine learning to:

·       Personalize your experience and provide recommendations

·       Improve customer service and support

·       Detect and prevent fraud

·       Analyze usage patterns to improve our Services

Your Data and AI

We may use your interactions with the Services — such as instructions, task outcomes, and feedback — to improve and develop our Services, including enhancing the performance of our AI features. When we use data for these purposes, we apply appropriate safeguards, including de-identification and aggregation where practicable. You may opt out of having your data used for service improvement by contacting us at support@ficra.ai. Please note the following limitations on the opt-out:

·       Non-Retroactive. Opting out applies on a going-forward basis only. Interactions that occurred before your opt-out request may already have been incorporated into training data and cannot be individually removed.

·       Safety Retention. Regardless of your opt-out preference, we retain interaction data for up to 30 days for abuse monitoring, safety investigations, and compliance with our legal obligations.

·       Feedback Override. If you submit feedback on an interaction — such as rating a response, flagging an issue, or providing corrections — that interaction and the associated feedback may be used for service improvement even if you have otherwise opted out of training.

AI Limitations

AI-powered features may produce results that are incomplete or require review. You should not rely solely on AI-generated content for important decisions. For additional limitations, please refer to our Terms of Service.

Automated Decisions

We may use automated processing, including profiling, to provide and improve our Services. We implement appropriate safeguards to protect your rights when using automated decision-making.

This section explains how we use these technologies and your rights regarding them.

Definitions

Profiling” means using your Personal Data to evaluate certain aspects about you, such as your preferences, interests, behavior, or characteristics. “Automated decision-making” means making decisions about you using technology without human involvement.

Our Use of Automated Processing

We use automated processing, including profiling, in the following ways:

  • Task Automation: Our AI assistant takes autonomous actions on your behalf based on your instructions, including browsing websites, sending messages, interacting with third-party platforms, and completing tasks.

  • Content Personalization: We analyze your interactions and preferences to personalize recommendations, suggest tasks, and improve the relevance of the assistant’s responses.

  • Safety and Moderation: We use automated tools to detect potentially harmful, fraudulent, or abusive use of the Services, which may result in account restrictions or suspensions.

Your Rights Regarding Automated Decisions

If you are located in the EEA, UK, or Switzerland, and we make a decision based solely on automated processing (including profiling) that produces legal effects or similarly significantly affects you, you have the right to:

·       Obtain human intervention in the decision

·       Express your point of view

·       Contest the decision

To exercise these rights, contact us at support@ficra.ai.

Data Retention

This section explains how long we retain your Personal Data and the factors that determine retention periods.

General Retention Principles

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements.

Specific Retention Periods

Data Category

Retention Period

Rationale

Active Account and Profile Data

Duration of account + 90 days after closure

To provide Services and allow reasonable account recovery period

User-Generated Content (photos, messages, posts)

Duration of account; deleted within 90 days after account closure

Core service functionality; privacy protection after departure

Purchase and Transaction History

7 years after transaction

Order history, refund eligibility, and legal compliance

Payment Information

Duration of account or as required by payment processor; card details may be retained for 540 days to address chargebacks

To process transactions, refunds, and handle payment disputes

Account & Billing Records

7 years after account closure

Tax, accounting, and legal compliance requirements

Customer Service Records

3 years after resolution

Customer service quality, dispute resolution, and legal claims

Consent Records

the duration of your account plus 3 years after consent given or withdrawn

Demonstrating compliance with consent requirements under applicable law

Communication Logs and Metadata

3 years

Legal data retention obligations; security and fraud investigation

Identity Verification Data

90 days after verification, or as required by law

Verification purposes; regulatory compliance for age or identity verification

Biometric Data

Promptly after fulfilling the purpose for which it was collected, and in any event no later than 3 years from the date of last interaction, unless required for ongoing verification

Minimizing retention of sensitive data; compliance with biometric privacy laws

Security Logs and Audit Trails

1 year

Security monitoring, incident investigation, and fraud prevention

Marketing Preferences

Until you opt out or close your account; suppression lists retained to honor opt-outs

Honoring your communication preferences

Aggregated/De-identified Data

Indefinitely

No longer identifiable; used for analytics, research, and service improvement

Your Deletion Rights

You can delete your account and request deletion of your Personal Data at any time through your account settings or by contacting support@ficra.ai. We will process deletion requests in accordance with applicable law, except where retention is required (such as for tax or accounting purposes).

Inactive Accounts

If your account is inactive for 24 months, we may automatically close it. After automatic closure, your data will be handled as described below.

After You Close Your Account

After you close your account (whether voluntarily or due to inactivity), we delete your data as described in this section, except for data we are required or permitted to retain for legal, safety, or legitimate business purposes.

Safety Retention

To protect the safety and security of our users, we may retain limited data following account closure or termination to investigate unlawful or harmful conduct and to prevent individuals who violate our Terms of Service from creating new accounts.

Data Security

We implement comprehensive security measures to protect your Personal Data from unauthorized access, use, disclosure, alteration, and destruction.

We use industry-standard technical safeguards designed to protect your Personal Data, including encryption of data in transit and at rest, access controls, and network security measures. We also maintain organizational safeguards including employee training, confidentiality obligations, and access controls limiting data access to personnel who need it to perform their job duties.

If you provide us with credentials to access third-party services on your behalf, we take additional measures to protect this information, including:

·       Encrypting credentials at rest and in transit using industry-standard encryption

·       Storing credentials in isolated, access-controlled environments

·       Limiting credential access to the specific tasks and services you authorize

·       Providing you the ability to revoke stored credentials at any time through your account settings

You are responsible for ensuring you have the right to grant us access to your third-party accounts and for complying with the terms of service of those third-party services.

For security incidents or to report vulnerabilities, contact us at support@ficra.ai.

Your Security Responsibilities

You can help protect your data by:

·       Choosing strong, unique passwords and enabling MFA when available

·       Keeping your account credentials confidential

·       Logging out after using shared devices

·       Promptly reporting any suspected unauthorized access to support@ficra.ai

International Data Transfers

We operate globally, which means your Personal Data may be transferred to, stored, and processed in countries other than your country of residence, including the United States and other countries where we, our affiliates, or our service providers operate.

Transfers from the EEA, UK, and Switzerland

When we transfer Personal Data from the European Economic Area (“EEA”), the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection by the European Commission or other competent authority, we implement appropriate safeguards to protect your Personal Data, including:

  • Standard Contractual Clauses: We use standard contractual clauses approved by the European Commission or the UK Information Commissioner’s Office, as applicable, which contractually require the recipient to protect your Personal Data to the same standards required in Europe.

  • Adequacy Decisions: Where available, we transfer data to countries that have been recognized as providing adequate data protection.

  • Other Safeguards: We may rely on other transfer mechanisms permitted under applicable law, such as binding corporate rules or derogations for specific situations.

Data Controller Information

The entity responsible for your Personal Data under this Privacy Policy is Ficra Inc., located at 125 University Ave. Suite 80, Palo Alto, CA 94301, United States.

Children’s Privacy

Our Services are not intended for children under 18 years of age. We do not knowingly collect Personal Data from children under 18. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us at support@ficra.ai so we can delete that information. If we learn that we have collected Personal Data from a child under 18, we will take steps to delete that information promptly.

Your Privacy Rights

Depending on where you live, you may have certain rights regarding your Personal Data. The table below summarizes these rights and how to exercise them:

Your Right

How to Exercise It

Access or Know
Right to confirm whether we process your Personal Data and to receive a copy of it

You can access some data directly by logging into your account. For a complete copy, submit a request at https://ficra.ai/legal/privacy-request or email support@ficra.ai.

Correction or Rectification
Right to correct inaccurate or incomplete Personal Data

You can update most data directly in your account settings. For other corrections, contact us at support@ficra.ai.

Deletion or Erasure
Right to request deletion of your Personal Data

You can delete some data in your account settings. To close your account and request full deletion, visit your account settings or contact support@ficra.ai.

Portability
Right to receive your data in a structured, commonly used format

Submit a request at https://ficra.ai/legal/privacy-request or email support@ficra.ai to receive a portable copy of your data.

Opt-Out
Right to opt out of targeted advertising, “sales,” or “sharing” of your Personal Data

Visit “Your Privacy Choices” in your account settings or the footer of our website. You can also enable Global Privacy Control (GPC) in your browser.

Restrict or Object
Right to object to or restrict certain processing

Contact us at support@ficra.ai to object to specific processing activities described in this Privacy Policy.

Withdraw Consent
Right to withdraw consent previously given

Update your account settings, adjust device permissions, or contact us at support@ficra.ai. Withdrawal does not affect prior lawful processing.

Non-Discrimination
Right not to be discriminated against for exercising your rights

We will not deny you services, charge different prices, or provide different quality for exercising your privacy rights.

For information about rights specific to your state or country, see the sections below.

State Law Privacy Rights

California Resident Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your Personal Data:

  • Right to Know: You have the right to request information about the categories and specific pieces of Personal Data we have collected about you, the sources of that data, the purposes for collecting it, and the third parties with whom we share it.

  • Right to Delete: You have the right to request that we delete your Personal Data, subject to certain exceptions (such as data needed to complete a transaction or comply with legal obligations).

  • Right to Correct: You have the right to request that we correct inaccurate Personal Data we maintain about you.

  • Right to Opt-Out of Sale/Sharing: You have the right to opt out of the “sale” or “sharing” of your Personal Data for cross-context behavioral advertising. We do not sell your Personal Data for monetary consideration. However, certain data sharing activities described in this Privacy Policy — such as sharing information with advertising or analytics partners — may constitute a “sale” or “sharing” of Personal Data under the CCPA or similar state privacy laws. You have the right to opt out of such activities as described in this section.

  • Right to Limit Use of Sensitive Personal Information: If we collect sensitive personal information, you have the right to limit its use to what is necessary to provide the Services.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise these rights, please contact us at support@ficra.ai or visit https://ficra.ai/legal/privacy-request. We will respond to verifiable requests within the timeframes required by applicable law.

Nevada Resident Rights

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell that Personal Data. You can exercise this right by contacting us at support@ficra.ai with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account.

Consumer Health Data

If you are a resident of Washington or Nevada, please review our Consumer Health Data Privacy Policy, which supplements this Privacy Policy and provides information about how we handle data that may be considered “consumer health data” under the Washington My Health My Data Act or Nevada SB 370.

Other U.S. State Privacy Rights

If you are a resident of Colorado, Connecticut, Montana, Oregon, Texas, Utah, or Virginia, you may have additional rights under your state’s privacy laws, including:

  • Right to Access: You have the right to confirm whether we are processing your Personal Data and to access that data.

  • Right to Correction: You have the right to correct inaccuracies in your Personal Data.

  • Right to Deletion: You have the right to delete Personal Data you have provided to us or that we have collected about you.

  • Right to Data Portability: You have the right to obtain a copy of your Personal Data in a portable, readily usable format.

  • Right to Opt-Out: You have the right to opt out of:

o   Targeted advertising

o   The sale of your Personal Data (if applicable)

o   Profiling in furtherance of decisions that produce legal or similarly significant effects

To exercise these rights, please contact us at support@ficra.ai. If we deny your request, you may have the right to appeal our decision by contacting us.

Right to Appeal

If you are a resident of Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, or Virginia, and we deny your privacy request, you have the right to appeal our decision. To appeal, contact us at support@ficra.ai with “Privacy Request Appeal” in the subject line, and include:

·       Your original request and our response

·       The reason you believe we should reconsider

We will respond to your appeal within the timeframe required by applicable law. If you are not satisfied with our response to your appeal, you may contact your state’s attorney general to file a complaint.

EEA, UK, and Switzerland Resident Rights

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent laws, including the rights described above as well as the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

You can find your local data protection authority:

The data protection authority you may contact is typically that of your habitual residence, your place of work, or the location where the alleged infringement occurred.

Brazil Resident Rights (LGPD)

If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including the rights to access, correct, delete, and port your Personal Data, as well as the right to information about sharing of your data and the right to revoke consent.

To exercise your rights under the LGPD or for any privacy-related inquiries specific to Brazil, please contact us at: legal@ficra.ai

You also have the right to file a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) if you believe we have not complied with the LGPD.

How to Exercise Your Rights

To exercise any of your privacy rights, you may:

·       Email us at support@ficra.ai with “Privacy Request” in the subject line

Verification

To protect your privacy, we will verify your identity before fulfilling your request. We may ask you to provide information that matches what we have on file, such as your email address or account information. We will respond to your request within the timeframes required by applicable law.

You may designate an authorized agent to submit requests on your behalf. We may require the agent to provide proof of authorization and may still verify your identity directly.

Changes to this Privacy Policy

We’re constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time, but we will alert you to any such changes by placing a notice on the https://ficra.ai, by sending you an email and/or by other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all the changes. Use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.

Contact Information

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at support@ficra.ai.