Privacy Policy

Permission.io, Inc. (“Permission”, “we”, “us” or “our”) enables advertisers and other marketplace participants to incentivize users with cryptocurrency rewards to grant permission and engage in various data sharing activities.

Permission respects the privacy of our users (“user”, “you”, or “your”). Our belief is that any personal information provided to us by you is just that: personal and private. This Privacy Policy (“Privacy Policy”, “Policy”) explains how we collect, use, disclose, and safeguard your information when you use our Services, and describes certain of your rights under applicable law. Please read this Privacy Policy carefully.

This Policy applies to information Permission collects when you use Permission’s platform, various mobile and web applications, websites (including https://permission.io and all subdomains of https://permission.io), blogs, forums, and any other media channels or products, such as the Permission Browser Extension and the Permission Ads’ digital properties, including, but not limited to, a landing page hosted by Permission that contains an advertisement served by or on behalf of Permission, a page on the Permission domain, or in the Permission mobile app, or any other Permission products, including those that may be introduced from time to time in the future (collectively referred to herein as the “Services”).

This Privacy Policy does not apply to any of the personal information that Permission Ads’ advertising customers (“Customers”) may collect and process using our Services (“Customer Data”). Our Customers’ respective privacy policies govern their collection and use of Customer Data. Our processing of Customer Data is governed by the contracts that we have in place with our Customers, not this Privacy Policy. Any questions or requests relating to the processing of Customer Data should be directed to our Customers.

1. Definitions

We believe that our policies should be legible and easy to understand for the general public, as well as our Customers and business partners. All terms used below have the definitions provided under applicable laws, such as the EU General Data Protection Regulation (GDPR).

2. Personal Data We Collect

Our goal is to make it possible for you to be rewarded for your engagement and data-sharing activities. We collect and use your information in order to provide and improve our Services and your experience, protect the security and integrity of our platform, and meet our legal obligations. If you do not wish for your personal information to be collected, used, or disclosed as described in this Privacy Policy, or you are under 13 years of age, you should stop accessing our Services.

The following section describes the personal data we collect. For residents of certain states, more information on what we collect is available in our supplemental disclosure below.

Your Permission Account

When you access or register with the Services, you may be required to provide an email address and password. You may also choose to provide additional information to us, including but not limited to:

your first and last name,
your postal address,
email address, phone number, and other similar contact data,
your age,
your gender,
your nationality,
your occupation,
your annual household income,
your marital status,
your number of children,
your hometown, place of employment, and interests

Wallet Information

Once you have created an account, you have the option to create a Permission.io cryptocurrency wallet address or to submit a third-party cryptocurrency wallet address. In order to set up your Permission.io wallet, you will need to provide a photo of yourself, as well as a photo of your government-issued identification, and any other information required under applicable law to verify your identity. When you create or connect to Permission.io or a third-party wallet, you may be entitled to receive certain rewards (as defined in our Terms of Use). Note that your use of any third-party wallet services is subject to each wallet’s respective privacy policy, not this Privacy Policy.

Permission Ads Users and ASK Rewards-Related Information

As you use the Services, we may also collect personal information and details associated with your wallet transfers, such as the earned rewards deposited in your Permission wallet or in any third-party cryptocurrency wallet you choose to link to your Permission account.

You are free to change or completely remove any information shared with us at any time. However, refusing to provide requested personal data might prevent you from using certain features of the Services. If you use our Services to withdraw and/or transfer your ASK tokens to another ASK-compatible wallet, we or our service providers may collect additional information to verify your identity in accordance with our legal obligations.

We may provide you with the option to register for Permission using your existing social media account, like Facebook, LinkedIn, Twitter or other social media providers. Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends’ list, profile picture as well as other information you choose to share with us. We will use the information we receive only for the purposes that are described in this privacy policy or that are otherwise made clear to you via the Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review each social media provider’s privacy policy to understand how they collect, use and share your personal information, and how you can set your privacy preferences on their sites and apps.

If you consent to our collection of biometric information, you agree that we may collect your facial geometry from your photograph in order to verify that it matches your government-issued ID. We use a third-party verification service to verify your identity, which includes use of your facial geometry. After verification, your facial geometry is deleted.

Financial Data

When you purchase, order, return, exchange or request information about our services from the Services, you may be asked to share financial data with us related to your payment method. This information may include your valid credit card number, card brand, expiration date, as well as other details necessary to process your payment information. This financial information is processed and stored by our various payment processors. We encourage you to review their privacy policies and contact them directly for responses to your questions.

Our Browser Extension

If you use our browser extension, we will collect time-stamped information about what websites you visit (including the URLs, page titles, and metadata descriptions of each page). This information may also include search history and queries, as contained within site URLs. We use the data we have collected about you associated with your Permission account to show you personalized offers and advertisements within the browser extension. We use the information above to measure your interactions with these ads (for example, whether you click on the ad to visit the marketer’s website) in order to reward you with ASK tokens.

Permission Ads Opt-in Campaigns

If you click on a Permission Ads advertisement and visit any Permission.io digital property, you may voluntarily provide us with certain personal information in response to a Permission Ads Customer questionnaire. In instances where you have interacted with a Permission Ads advertisement, but have not yet created a Permission account, Permission will retain your email address so that you may be rewarded with ASK tokens in accordance with the Terms of Use. In instances where a Permission Customer has collected your information, that collection is governed by such Customer’s privacy policy; however, once you create a Permission account, we will process any additional account data that we collect in accordance with this Privacy Policy.

As part of Permission Ads Opt-in campaigns, Permission may collect behavioral data and preference data as you engage with the campaign. For example, Permission may be able to identify how you interface with the site, such as how long you stay on each page.

Your Personal Data and the Blockchain

Blockchain technology may be used as part of the Services. Blockchains are decentralized and made up of digitally recorded data in a chain of packages called “blocks.” The manner in which these blocks are linked is chronological, meaning that the data is very difficult to alter once recorded. Since the ledger may be distributed all over the world, this means there is no single person making decisions or otherwise administering the system (such as an operator of a cloud computing system), and that there is no centralized place where it is located either.

Accordingly, by design, a blockchain’s data cannot be changed or deleted and is said to be “immutable.” This may affect your ability to exercise your rights such as your right to erase (“right to be forgotten”), or your rights to object or restrict processing of your Personal Data. Data on the blockchain cannot be erased and cannot be changed. Although smart contracts may be used to revoke certain access rights, and some content may be made invisible to others, it is not deleted.

In certain circumstances, in order to effect delivery of digital assets or provision of other services, it will be necessary to collect certain Personal Data, such as your wallet address, onto the blockchain; this is done through a smart contract and requires you to execute such transactions using your wallet’s private key.

The ultimate decision to (a) transact on the blockchain using your wallet address, as well as (b) share the public key relating to your wallet address with anyone (including us) rests with you. IF YOU WANT TO ENSURE YOUR PRIVACY RIGHTS ARE NOT AFFECTED IN ANY WAY, YOU SHOULD NOT TRANSACT ON BLOCKCHAINS AS CERTAIN RIGHTS MAY NOT BE FULLY AVAILABLE OR EXERCISABLE BY YOU OR US DUE TO THE TECHNOLOGICAL INFRASTRUCTURE OF THE BLOCKCHAIN. IN PARTICULAR, THE BLOCKCHAIN IS AVAILABLE TO THE PUBLIC AND ANY PERSONAL DATA SHARED ON THE BLOCKCHAIN WILL BECOME PUBLICLY AVAILABLE.

By using any of our Services that involve blockchain technology, you give us your consent to process the given data in order to perform the requested activity.

Your Communications With Us

You may choose to contact us by email or through our Services for a variety of purposes such as product or company inquiries, customer support inquiries and sales requests. When you do this, we collect any information you voluntarily submit to us, such as your first and last name, email address, phone number, job title and company name. We may also provide the opportunity to register for events, order or request whitepapers, or participate in online surveys. It is completely up to you to choose whether or not you want to provide it.

General Device Data

Whenever you access or interact with our Services, we collect some general data and information about the request and store the relevant details in server or system log files. This data includes location data and details like your IP address, your browser type and version used, mobile identifiers, MAC address, your device type and operating system, the time and date you accessed the Services, and the pages you viewed directly before and after accessing our Services. Additional detail may be collected or derived from this information for use in the event of an attack on our information technology systems.

To support these efforts, we analyze de-identified or aggregated collected data and information statistically, with the aim of increasing the data protection and security of our company, and to maintain an optimal level of protection for the personal data we process.

Automated Website Tracking and Cookies

We partner with selected third-party vendors, described below, which may allow tracking technologies and remarketing services on our Services through the use of cookies, web beacons, tracking pixels, and other tracking technologies (“Technologies”). Our use of Technologies fall into the following categories:

Strictly Necessary. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Functional. These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these services may not function properly.
Targeting. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third-party websites.

You are encouraged to review each cookie vendor’s privacy policies and contact them directly for responses to your questions.

Permission’s use of cookies may change at our sole discretion. For example, Permission may use the following “cookies” to track your visit:

Google Analytics. For more information about how Google uses your personal information (including for its own purposes, e.g., for profiling or linking it to other data), please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your information, please click here.
LinkedIn Analytics. For more information about how LinkedIn uses your personal information, please visit LinkedIn Analytics’ Privacy Policy. To learn more about how to opt-out of LinkedIn’s use of your information, please click here.
We may also use other third-party cookies for personalized advertising: see “Cookies and Personalized Advertising” in the section “What Are My Rights with Respect To My Personal Data?” below for more information on how to opt out of some of this collection.
Note: You should be aware that getting a new computer, installing a new Internet browser, upgrading an existing browser, or erasing or otherwise altering your Internet browser’s cookies may also clear certain opt-out cookies, plugins or settings.

Tracking Pixels

Our newsletter and emails sent from or on behalf of Permission may contain tracking pixels, or a transparent image embedded in emails to enable log file recording and analysis. We use information collected in this manner to perform statistical analysis of the success or failure of online marketing and customer outreach efforts. Based on the embedded tracking pixel, we may be able to determine if and when an email was opened, and which links in the email were accessed.

Personal data collected using tracking pixels is stored and analyzed by us to optimize the delivery of our newsletters and emails, and to improve the relevance of the distributed content. Many email clients and web browsers support functionality to opt out or prevent the use of these tracking mechanisms. You may also revoke your consent to receiving our newsletter at any time.

3. How Long do we Keep Your Data?

We only process and keep personal data that you share with us for as long as needed to achieve the purpose of storage, as long as consent is maintained, or as long as is granted by laws or regulations we are subject to. The exact length of time we keep personal data depends on the respective statutory retention period for that type of information. While retention requirements vary by country, we maintain internal retention policies on the basis of how information needs to be used. This includes considerations such as when the information was collected or created, whether it is necessary in order to continue offering you our Services, whether we are required to hold the information to comply with our legal obligations, including AML/KYC compliance, or whether it is necessary to protect the safety, security, and integrity of our Services, Customers, and Users.

Upon the expiration of any retention period, or if storage of personal data is not applicable, personal data is routinely blocked, deleted or erased in accordance with our retention schedule and applicable law. Additionally, in line with these considerations, we delete information that is no longer needed for the above purposes when you close your account, or when you request deletion of your information.

Keep in mind that, while our systems are designed to carry out our deletion practices automatically, we cannot promise that deletion will occur within a specific timeframe. There may be legal requirements to store your data, and we may need to suspend those deletion practices if we receive valid legal process asking us to preserve data, if we receive reports of abuse or other Terms of Service violations, or if your account is flagged by our systems for abuse or other Terms of Service violations. Finally, we may also retain certain information in backup for a limited period of time or as required by law.

4. How do we Use Your Information?

Having accurate information about you helps us provide a smooth, efficient, and customized experience. Generally speaking, we use any information we collect to provide services to you, keep our Services running smoothly, and protect us legally. More specifically, we may use information collected about you, including but not limited to, in the following instances:

Create and manage your account
Provide our Services to you
Contact you about your account or orders
Send you a newsletter once you successfully subscribe
Respond to your comments, questions, and requests and provide customer service
Send you technical notices, updates, security alerts, and support and administrative messages
Compile aggregated or de-identified statistical data for use internally or with third parties
Maintain and improve the efficiency and operation of our Services and products
Assist with the development of our products and other purposes related to Permission’s business
Monitor and analyze usage and trends to improve your experience with our Services and products
Pursuing our legitimate interests such as direct marketing
Process and deliver contest entries and rewards
Process information about your wallet to facilitate ASK reward transfers via the Services
To maintain legal and regulatory compliance: For services related to cryptocurrency rewards, we are required to collect, use, and store your personal information such as verifying your identity in order to comply with anti-money laundering laws across jurisdictions
Assist law enforcement and respond to subpoenas, and to resolve disputes and troubleshoot problems
To prevent account fraud and for security purposes

In accordance with applicable law, information covered by this Policy may be transferred to, and processed in, the United States or any other country in which Permission or its affiliates, subsidiaries or service providers maintain facilities, even if the level of data privacy required in that country is less than that required by the European Union or other jurisdictions. We endeavor to protect your data in compliance with all applicable laws. We may engage in automated decision making, including profiling. Our processing of your personal information will not result in a decision based solely on automated processing that significantly affects you unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are permitted by law to engage in such automated decision making. If you have questions about our automated decision making, you may contact us as set forth below.

5. When do we Share Your Information?

To Obey the Law or Protect Rights
If we believe the release of information about you is necessary under any applicable law, rule or regulation to respond to legal process, to investigate or remedy potential violations of our policies or fraudulent activities, or when we believe in good faith that disclosure is necessary to protect our rights, property, and safety, we may share your information, including exchanging information with other entities for fraud protection and credit risk reduction.

With Service Providers to Support Necessary Business Activities
We may share your personal information with third parties necessary to provide you with services you have requested, such as our hosting services, identity verification services (including Know Your Consumer (KYC) verification information), email service, analytics, customer service, parcel delivery service, event or campaign management providers. These parties are authorized to use your personal data only as necessary to provide these services to us or on our behalf.

With our Advertising Partners
We may also share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.”

We may also partner with other companies that offer products or services related to ours or that host or sponsor related events. In such instances, we may share your information with these business partners if you provide your personal information to event sponsors at their booths or presentations.

With Third Party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf. We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.

Our appointed data processors include:

(i) Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.”

If you Choose to Share it With Other Users

Our Services offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at dpo@permission.io.

We also provide certain social media features on our Services, such as the Facebook Like button and widgets, such as the “Share This” button or other interactive mini-programs that run on our Services. These features may collect your IP address, which page you are visiting on our websites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing the feature.

Additionally, for certain features on our websites, specifically those for applying to a job opening at Permission, you may use sign-in services such as LinkedIn or other OpenID providers.

Services like LinkedIn may give you the option to post information about your activities on our Services to your profile page to share with others within your network.

Note: Permission does not endorse or make any representations about third-party websites. We encourage you to carefully read the privacy policy of any website you visit.

In the Event of a Merger or Acquisition

If Permission is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be shared with the successor entity or third party. Where required by law, you will be notified by email and/or a prominent notice on our Services of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.

6. Third Party Sites

Our Services may contain links to third-party websites and applications of interest, including advertisements, affiliate links and external services, that may or may not be connected with us. Additionally, some of our Services may use framing techniques to serve content to or from our partners while preserving the look and feel of our Services. Once you have used these links, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, we encourage you to inform yourself of the privacy policies and practices (if any) of the third party responsible for that website. You should take those steps necessary to protect the privacy of your information as you see fit. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services or applications that may be linked to or from the Services.

7. What are My Rights with Respect To My Personal Data?

We recognize that you have certain rights related to your personal data. We feel that your privacy and ability to preserve and exercise your rights is very important. You are encouraged to review and understand these rights as they pertain to you and your personal data.

Exercising Your Rights

Depending on where you live and the law of your jurisdiction, you may be able to exercise certain of the following privacy rights related to your personal information. You can make privacy rights requests relating to your personal information by logging into your account and going to the Privacy section or by contacting us as provided in “How Can You Contact Us About This Policy.”

Right to Access and Portability: You may request personal information about you, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information; and (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company;
Right to Rectification: You may request correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;
Right to Deletion/Erasure: You may request to erase your personal information, subject to applicable law. If you close your account, we will retain or delete information associated with your account as described in the section, “How Long Do We Keep Your Data”;
Right to Restrict or Object to Processing of your Personal Information: You may have the right to restrict or object to us using or transferring your personal information based on our legitimate interests, in the public interest, or for direct marketing, including the processing (a) of your sensitive personal information for certain purposes; (a) for cross-contextual or targeted advertising in some circumstances, and (c) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. We may continue to process your personal information where permitted or required by applicable law. You can opt-out of receiving marketing communications from through your account settings or by submitting a request by contacting us at support@permission.io;
Right to Withdraw your Consent to our processing of your personal information;
Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights provided to you under law;
Right to Lodge a Complaint:

If you reside in the EEA, Switzerland, or the UK, you have the right to lodge a complaint about our practices with respect to your personal information with the supervisory authority of your country or state. In the UK, the relevant data protection authority is the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, +44 (0303) 123 1113, email: casework@ico.org.uk. In Ireland, the relevant data protection authority is the Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, +353 017650100 / + 353 1800437737, email: info@dataprotection.ie or by using the following online form: Forms for Data Protection.

If you reside in Australia or the Philippines, you may lodge a complaint about our practices with respect to your personal information with the supervisory authority of your country. In Australia, the relevant data protection authority is the Office of the Australian Information Commissioner, and complaints may be made through their website at www.oaic.gov.au. In the Philippines, the relevant data protection authority is the National Privacy Commission, email: complaints@privacy.gov.ph.
In support of these rights, upon request and subject to applicable law, Permission will provide you with information about whether we hold any of your personal data if you contact us as provided below in “How Can You Contact Us About This Policy.” You may update, correct, or delete information about you at any time by logging into your account and updating your preferences. By updating your preferences, you may opt-out of Permission’s collection of your personal data. To opt-out of the sharing of your personal information with LiveRamp, please click here.

Note that to protect your privacy and security, we may take steps to verify your identity before complying with your request and we may decline your request if we are unable to verify your identity.

Limit Marketing

If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us at any time as set forth in “Contact Us” below.

Cookies and Personalized Advertising

You may stop or restrict the placement of cookies on your device or remove them by adjusting your preferences as your browser or device permits, click Manage Settings to manage your preferences. However, if you adjust your preferences, our Services may not work properly. You may manage your cookie preferences for our Services by visiting the Cookie Preference Manager here. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS, and others.

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.

Please note you must separately opt out in each browser and on each device.

Changing Your Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can do so by logging into your account settings and updating your user account. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, comply with legal requirements and/or enforce our Terms of Use. Note: We will retain and use your information, including cached or archived copies, as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you have become aware that an account has been created about you without your knowledge or consent, you may contact us at dpo@permission.io to request deletion of that account.

For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request, such as by asking you to provide information you used to create your account, or by asking you questions about your use of our Services. We will process all requests in accordance with applicable law.

Opting out of Emails

To opt out of newsletters and/or email marketing from us, you may indicate your preference by following the unsubscribe instructions provided in the newsletter, or by changing your preferences within your account settings. Please note that we may still send you notices of any updates to our Terms of Use or Privacy Policy where permitted by law.

Do-Not Track Signals
Many web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. We do not currently respond to DNT browser signals.

8. How does Permission Protect my Information?

Permission takes reasonable administrative, technical and physical security measures to help protect your personal data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received, taking into account the nature of such data and the risks involved in processing, and comply with applicable laws and regulations.

While we have taken reasonable steps to secure the personal data you provide to us, please be aware that no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal data via our Services.

If you have any questions about security or any reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us at security@permission.io.

9. Policy for Minors

We do not knowingly solicit information from or market to children under the age of thirteen (13). By using the Services, you represent that you are at least 13 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 13 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records, except where we are required to retain it under applicable law. If you are a parent or guardian and believe we have collected from your child under age 13, please contact us with the information below.

Our Services and products are not intended for, nor designed to attract individuals under the age of thirteen (13). Permission does not knowingly collect personally identifiable information from any person under the age of thirteen (13).

10. Supplemental State Privacy Notice

This Supplemental State Privacy Notice only applies to our processing of personal information under applicable laws in certain states. The following table describes what categories of personal information Permission has collected and whether Permission disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months.

Category of Personal Information Collected for a Business Purpose

Identifiers

A real name, alias, postal address, unique personal identifier, age, marital status, sex (including gender), national origin, online identifier, device model, device type, device vendor, OS Version, browser, browser version, Internet Protocol address, email address, account name, or other similar identifiers.

Sensitive Personal Information

Driver’s license numbers, state identification card numbers, passport numbers, account access credentials such as usernames, account numbers, or card numbers combined with the access/security code or password, precise geolocation, racial or ethnic origin, religious or philosophical belief, mail, email, or text message contents, unique identifying biometric information, health, sex life, or sexual orientation information.

Personal Information Categories Listed in the California Customer Records Statute

A name, signature, physical characteristics or description, address, telephone number, driver’s license or state identification card number, credit card number, debit card number, or any other financial information.

Protected Classification Characteristics Under Applicable State or Federal Law

Age, national origin, marital status, sex (including gender).

Commercial Information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Biometric Information

Physiological or biological characteristics that can be used to establish individual identity, such as the user’s face, from which an identifier template such as a faceprint, can be extracted.

Internet or Other Electronic Network Activity

Browsing history, search history, information on a consumer’s interaction with an internet website, application, or advertisement.

Inferences Drawn from Other Personal Information to Create a Profile About a Consumer

Profile reflecting a consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Category of Third Parties that Personal Information is Disclosed to for a Business Purpose

• Advertising networks
• Data analytics providers
• Consumer data resellers
• Third-party websites or applications (e.g., wallet providers; third-party identity verification services)
• Service providers

• Third-party websites or applications (e.g., wallet providers; third-party identity verification services)

• Advertising networks
• Data analytics providers
• Consumer data resellers (not including SSN)
• Third-party websites or applications (e.g., wallet providers; third-party identity verification services)
• Service providers

• Advertising networks
• Data analytics providers
• Consumer data resellers
• Service providers

Third-party websites or applications (e.g., wallet providers; third-party identity verification services)
Internet or other electronic network activity

• Advertising networks
• Data analytics providers
• Consumer data resellers
• Service providers

The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth in “Personal Data We Collect” and “How do we use your Information?” above, respectively.

Although we may allow other third-party advertising partners to use cookies and similar Technologies to collect your information for interest-based advertising purposes (as described above in “When do we share your information?”), Permission only shares the personal information you provide to us for valuable consideration when you affirmatively authorize us to do so by opting into the Services, in order to obtain ASK tokens. Therefore, Permission does not “sell” personal information for purposes of state law, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age. To the extent that such sharing is considered a “sale” or “sharing” under California law or “targeted advertising” under state laws that provide the right to opt-out of such sharing, you may limit such sharing by following the instructions found above in the section titled “What are My Rights with Respect To My Personal Data?” or by contacting us as set forth in “Contact Us” below.

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

California Notice of Financial Incentive: Our program provides you with ASK tokens when you agree to use our Services in a way that allows us to directly identify you and use information about your preferences to provide advertising and other Services to you. The personal information we collect is as described above in the section titled, “Personal Data We Collect.” We have established the financial incentive amount, in part, based on the value to a Permission Ads Customer when initiating an ad campaign. You can determine the number of ASK tokens earned for a specific activity by reviewing the offer associated with an activity or by reviewing the transaction history in your wallet. The number of ASK tokens, and therefore the value of the incentive for certain activities, including sharing personal information, varies based on the type of activity and a variety of factors. These factors include token velocity, the specific ASK-rewarded campaign you interact with, and advertiser participation. These factors are subject to change at Permission’s sole discretion.

You will have the opportunity to “opt in” to the program and will always be provided an opportunity to revoke consent or to “opt out” of further collection, use, or dissemination of personal information. You may opt-out of the program or update, correct, or delete information about you at any time by logging into your account and updating your preferences or by contacting us as set forth in “How Can You Contact Us About This Policy” below.

Supplemental Notice for Nevada Residents

If you are a resident of Nevada, you can exercise your right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information by contacting us at dpo@permission.io with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A. To the extent that you receive monetary consideration for disclosing your data, it is only in the context in which you provide the information to the operator for the purpose of receiving ASK token rewards. If you have any questions, please contact us as set forth below.

Residents of certain states have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by applicable law. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us as set forth in “How Can You Contact Us About This Policy” below and provide written authorization signed by you and your designated agent. To protect your privacy, we will take commercially reasonable steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include asking you to answer questions regarding your account and use of our Services. We are not obligated to effectuate a consumer request if we cannot verify that the consumer making the request is the consumer about whom Permission has collected information or is a person authorized by the consumer to act on such consumer’s behalf.

This Privacy Policy uses industry-standard technologies and was developed in line with the World Wide Web Consortium’s Web Content Accessibility Guidelines, version 2.1. If you wish to print this policy, please do so from your web browser or by saving the page as a PDF.

11. Notice to All Non-US Residents

Our servers are located in the US. If you are located outside of the US, please be aware that any information provided to us, including personal information, may be transferred from your country of origin to the US. We endeavor to protect all personal information consistent with the requirements of applicable laws.

12. Changes to This Policy

If we make material changes, we will notify you by revising the date at the top of the Policy, and where required by law, we may provide you with more prominent notice (such as adding a statement to our homepage or sending you an email notification).

We encourage you to review the Policy whenever you access the Services to stay informed about our information practices and the ways you can help protect your privacy.

13. How Can You Contact us About This Policy

If you have questions or comments about this policy, you may contact our Data Protection Officer (DPO) at dpo@permission.io or via mail at 888 Prospect Street, Suite 200, La Jolla, CA 92037.