Tesorio, Inc. (“Tesorio”, “we,” “us, “or “our”) respects your privacy and is committed to protecting it through our compliance with this privacy policy (this “Privacy Policy”). This policy describes the types of information we may collect from you or that you may provide when you visit our websites www.tesorio.com, dashboard.tesorio.com and pay.tesorio.com (collectively, the “Websites“) or access or use our proprietary cash flow management platform (the “Platform”), accessible on our Websites through a log-in portal, and, in each case, our practices for collecting, using, maintaining, protecting, and disclosing that information.This Privacy Policy applies to: (a) website visitors (“Visitors”), (b) users who register for Tesorio accounts setup by our Customers (as defined in our Master Subscription Agreement), and (c) individuals or organizations that set up accounts in order to send payments to our Customers (“End-Users” and collectively with Visitors, “you” or “your”). Before using the Websites or Platform, please read the Privacy Policy carefully. By visiting the Websites and/or accessing and using the Platform, you are acknowledging that you have read and understood, and agree to the terms of this Privacy Policy. Where you are an End-User, the Customer is the administrator of the Services and is responsible for managing its users’ accounts. If this is the case, please direct your data privacy questions to the Customer, as your use of the Platform is subject to its policies. We are not responsible for our Customers’ privacy or security practices.

What We Collect and How We Use It

In the course of operating the Websites and Platform, and/or interacting with you, we will collect and use the following types of information.

Categories of Sources of Personal Data

We collect personal data about data subjects from the following categories of sources

• Directly from you, when you provide it to us digitally or physically when you use the Platform, or contact us via email, instant messaging, telephone, or by any other means
• As well as from
  • Our customer, when you are an End user within that Customer’s account or when a Customer uploads content containing personal data;
  • Service providers and third parties who provide it to us (for example marketing partners)

Contact Information

When you (a) create an End-User account, (b) use the Websites to contact us through the “Contact Us” or “Request a Demo” link, or (c) attend a webinar via the Platform you will be asked to provide certain information which may include your name, email address, phone number, and company name (“Contact Information”), and enterprise resource planning provider. Typically, we collect Contact Information from you when you provide us with the Contact Information voluntarily directly or through a third party such as a data broker. We use Contact Information to administer your account, to provide the requested service or information and to contact you for purposes of direct marketing of our current and future services.

Billing Information

In order to purchase a subscription to our Platform, you will be required to provide certain additional information which may include a credit card number, expiration date, billing address and zip code, verification code, and similar information (“Billing Information”). Such Billing Information will be collected and processed by our third-party payment vendor pursuant to the terms and conditions of their privacy policy and terms of use.

If as an End-User you elect to use our services to pay an outstanding invoice to a Customer, you will be directed to our third party payment processor’s website and any information you submit will be received and processed by such payment processor.

Billing Information and payments are processed by our third-party payment processor and we do not obtain access to any Billing Information.

Other Information

In addition to the Contact Information, we may collect additional information (the “Other Information”). Such Other Information may include:

From Your Activity

In an ongoing effort to improve the Websites and Platform, we automatically collect certain information from Visitors to our Websites and End-Users of our Platform. Such information includes, without limitation, your IP address, browser type and language, domain names, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Websites and/or the Platform you visit, and similar information concerning your use of the Websites and/or the Platform. The information we collect automatically may include Contact Information and we may maintain it or associate it with Contact Information we collect in other ways or receive from third parties. Collecting such information helps us to improve our Websites and the Platform and to deliver a better and more personalized service. Additionally, we collect certain internet or electronic activity information when you receive an email for our sales and marketing purposes, such as when you open the email and if you click any links within it. You can unsubscribe from our sales and marketing emails at any time.

From Phone of Video Calls.

We may record calls with your consent for quality assurance purposes. A recording of your voice is considered audio information. If you choose to turn off video capabilities, the recording is also considered visual information.

From Cookies.

Cookies are small packets of data that a website stores on your computer’s hard drive or mobile device to “remember” information and any preferences that you may have set while your browser was visiting our Websites and/or the Platform. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to help us collect information and to enhance your experience using the Websites and the Platform. If you do not want us to place a cookie on your hard drive, you may be able to turn that feature off on your computer or mobile device. Please consult your Internet browser’s documentation for information on how to do this. However, if you decide not to accept cookies from us, some features of the Websites or Platform, respectively, may not function properly.

Third-Party Analytics Providers

We may use one or more third-party analytics services (such as Google Analytics) on the Websites, to evaluate your use of the Websites and the Platform, compile reports on activity (based on their collection of IP addresses, Internet service provider, browser type, operating system and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Websites you visit, number of links clicked, search terms and other similar usage data), and analyze performance metrics. These third parties use cookies and other technologies to help collect, analyze, and provide us with reports and/or data. By accessing and/or using the Websites and/or the Platform, you consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this Privacy Policy. For more information on these third parties, including how to opt out of certain data collection, please visit the site[s] below. Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Websites or the Platform, respectively.

For Google Analytics, please visit: www.google.com/policies/privacy/partners/

For Segment, please visit: https://segment.com/legal/privacy/

For Heap, please visit: https://heap.io/privacy

Information Collected By Or Through Third-Party Advertisers

We may share Other Information about you with third parties, including, but not limited to, advertising and remarketing providers, or other brand partners, for purposes of personalizing or otherwise understanding how you engage with ads or other content. These third parties may use cookies, pixel tags (also called web beacons or clear gifs), or other technologies to collect Other Information in furtherance of such purposes, including to tailor, target (i.e., behavioral, contextual, retargeting, and remarketing), analyze, report on, and/or manage advertising campaigns or other initiatives. For example, when a browser visits a site, pixel tags enable us and these third-parties to recognize certain cookies stored within the browser to learn which ads or other content bring a user to a given site.

In addition, we may receive Other Information from these third parties, including through their service providers, such as advertising identifiers, IP addresses, and post-conversion data.

For Google AdWords, you can set preferences for how Google advertises to you using the Google Ad Preferences page, and if you want to you can opt out of interest-based advertising entirely by cookie settings or permanently using a browser plugin.

In addition, you may opt-out of interest-based advertising by participating providers by clicking the Manage Cookie link at the bottom of the page or visiting http://www.networkadvertising.org, http://www.aboutads.info/choices and http://www.youronlinechoices.eu if located in the European Union.

Information About Others

You may have the opportunity to provide contact information for other people or entities through our Websites. By providing Tesorio with such third party information, you warrant that you have obtained the consent of such third parties to give Tesorio such information.

Google Data Within Our App

Our Platform provides connectivity with Gmail in order for Customers to send emails from their Gmail account via the Platform. Notwithstanding anything else in this Privacy Policy, if a Customer provides our Platform access to Gmail, the Platform’s use of such data within Gmail will be subject to these additional restrictions:

The Platform will only use access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.

The Platform will not use this Gmail data for serving advertisements.

The Platform will not allow humans to read this data unless we have the Subscriber’s affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the Platform’s internal operations and even then only when the data has been aggregated and anonymized.

Categories of Personal Information We Have Collected in Past 12 Months

In the past 12 months we have collected personal information in all the categories described in the sections above titled Contact Information, Billing Information, Other Information, Information About Others, and Google Data Within Our App.

How We Use And Share The Information

You authorize us to use the Contact Information, and the Other Information (collectively, “Information”) to provide the Website, the Platform and our Services and to improve the same; to solicit your feedback; and to inform you about our products and services and those of our promotional partners. You also authorize us to use and/or share Information as described below.

1. We will access, use, and share the Information as required to provide our Services to you and to address your questions or requests regarding the Website, the Platform, Services, and/or support.
2. We may employ other companies and individuals to perform functions on our behalf. Examples may include providing hosting services, technical assistance, database management/back-up services, payment processing services, usage analytics, reporting and visualization tools services, and customer service. These other companies will have access to the Information only as necessary to perform their functions and/or to the extent permitted by law. These companies are considered “service providers” under CCPA. We may also disclose personal information to our affiliates in order to support the marketing, sale, and delivery of any services.
3. In an ongoing effort to better understand our Customers and the Websites, we might analyze your information in aggregate form to operate, maintain, manage, and improve one or all of them. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our Services, the Platform, or the Websites to current and prospective business partners and to other third parties for other lawful purposes.
4. We may share some or all of your Information with any of our parent companies, subsidiaries, affiliates, joint ventures, or other companies under common control with us.
5. As we develop our business, we might sell or buy businesses or assets. In the event of a
   corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the
   Information may be part of the transferred assets.
6. To the extent permitted by law, we may also disclose the Information: (i) when required by law, court order, or other government or law enforcement authority or regulatory agency; or (ii) whenever we believe that disclosing such Information is necessary or advisable, for example, to protect the rights, property, or safety of Tesorio or others.

Do Not Sell My Personal Information

We do not sell any information that identifies you, such as your name or contact information. However, we use ad networks to serve interest-based ads to our website visitors. To do this, we allow Ad Networks to collect information about your electronic activity while on our website (such as what pages you view). They do this through third-party cookies and similar tracking technologies placed on our website. Ad networks use this information to advertise to you after you leave our website. You may opt-out of interest-based advertising by participating providers by clicking the Manage Cookies link at the bottom of the Tesorio homepage or visiting http://www.networkadvertising.org, and http://www.aboutads.info/choices and http://www.youronlinechoices.eu if located in the European Union for details on how to do so.

How Tesorio Protects Your Information

We take commercially reasonable steps to protect your Information from loss, misuse, and
unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that your information will not be intercepted while being transmitted to and from us over the Internet.

Choices About How We Use And Disclose Your Information

If you no longer wish to receive emails, our newsletter and other promotional communications, you may opt-out of receiving them from the Account Settings page on your Dashboard or by emailing us at privacy@tesorio.com .

How You Can Access And Correct Your Information

We take reasonable steps to ensure that the information we collect is relevant for its intended use, accurate, and complete. End-Users can access their contact information by visiting the Account Settings page on the Dashboard once they have logged in or by writing to us at privacy@tesorio.com. Individual End-Users can deactivate their account by contacting us at deactivate@tesorio.com. We will send you an email to confirm your request. Please note that deactivating an End-User account only removes the End-User profile. Please also note that we may retain certain information associated with your account in our archives, including for analytical purposes as well as for record-keeping integrity.

Visiting The Websites From Outside The United States

Our Platform and servers are located in the U.S. Please be aware that your Information may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside of the U.S. and choose to use the Platform or Websites, you do so at your own risk.

External Websites

The Websites and the Platform may contain links to third-party websites (“External Sites”). We have no control over the privacy practices or the content of these External Sites. As such, we are not responsible for the content or the privacy policies of those third-party External Sites. You should check the applicable third-party privacy policy and terms of use when visiting any other websites.

Children Under The Age Of 16

The Websites are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are under 16, please do not use or provide any information to the Websites. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will endeavor to delete that information.

Changes To This Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time. Any such changes will be posted on the Platform and Websites. By accessing the Websites or the Platform after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, our use of Information is governed by the Privacy Policy in current effect. Please refer back to this Privacy Policy on a regular basis.

How To Contact Us

If you have questions about this Privacy Policy, please contact Tesorio via e-mail at:
privacy@tesorio.com

If you are located in a jurisdiction that provides data subject rights, such as the EEA, the UK, Switzerland and certain US states, you may have additional rights in relation to your personal data:

The right to be informed

– our obligation to inform you that we process your personal data (and that’s what we’re doing in this Privacy Policy)

The right of access – your right to request a copy of the personal data we hold about you (also known as a ‘data subject access request’)

The right to rectification

– your right to request that we correct personal data about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings)

The right to erasure (also known as the ‘right to be forgotten’)

– under certain circumstances, you may ask us to delete the personal data we have about you (unless it remains necessary for us to continue processing your personal data for a legitimate business need or to comply with a legal obligation as permitted under the GDPR, in which case we will inform you)

The right to restrict processing

– your right, under certain circumstances, to ask us to suspend our processing of your personal data

The right to object

– your right to object to us processing your personal data (for example, if you object to us processing your data for direct marketing). You may exercise your right to opt out by referring to the section above entitled Do Not Sell My Personal Information

Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making

The right to opt out from the sale or sharing of your personal data

Right to Non-Discrimination

If you exercise your CCPA consumer rights:

We will not deny goods or services to you, We will not charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties. We will not provide a different level or quality of goods or services to you.

Authorized Agent

You may designate someone as an authorized agent to make a request on your behalf. You can do this by providing written permission to authorize an agent to act on your behalf; the agent will need to verify their identity with us. Agents authorized by power of attorney are exempt from having to provide written permission but must show documentation that power of attorney has been granted.

We will deny a request from an agent who does not submit proof that they have been authorized by you to act on your behalf.

Request Verification

Before we can respond to any requests, we will need to verify that you are who you say you are. Verification is important for preventing fraudulent requests and identity theft.

The verification process depends on which type of request you make. For requests to access specific information or requests to delete unique information, we may require a higher level of verification. Typically, identity verification will require you to confirm certain information about yourself based on information we have already collected. For example, we will ask you to verify that you have access to the email address we have on file for you that is associated with your name. If we cannot verify your identity, we cannot fulfill requests to exercise any rights accorded to you.

In some cases, we may have no reasonable method by which we can verify a consumer’s identity. For example:

• If a consumer submits a request but we have not collected information about that consumer, we cannot verify the request.
• If the only data we have collected about a consumer is gathered through website cookies (i.e., the consumer has visited our website and had no other interaction with us), we are unable to associate a requester with the data collected; therefore, we cannot verify the request.