BORROWED, INC. PRIVACY NOTICE

Last Updated: March 2022

BORROWED, INC., a State of Delaware corporation, with a principal place of business located at 113 Cherry Street PMB 21149 Seattle, WA 98104-2205, and its affiliates (hereinafter referred to as, “Company”, “we”, “our” or “us”) wants you to be familiar with how we collect, use, store and disclose personally identifiable information. Federal and State laws give consumers the right to limit some, but not all sharing. Moreover, this Privacy Notice is meant to help you understand our privacy practices, including what personal information we collect, why we collect it, what we do with it, and how we protect it, as well as any individual rights you may have with regards to your personal information.

We are strongly committed to protecting your privacy online when visiting our website or using our platform, as described in our Terms of Service and Acceptable Use Policy located athttp://getborrowed.com/terms(collectively referred to as “Services”). We know that you care how information about you is used, collected and shared, and therefore strongly encourage you to read this Privacy Notice carefully to understand what we do with your personal information.

What Categories of Personal Information is collected?

Please note that this Privacy Notice does not apply to information obtained or disclosed through personal contacts or offline correspondence with Third Parties and their affiliates or representatives. Furthermore, the Company website and platform may contain advertisements and/or links to other entities’ websites that are not operated or controlled by the Company. Please note, this Privacy Notice does not apply to such Third Party websites, and the Company is not responsible for the content of such Third Party websites or the privacy practices of such Third Parties. We strongly encourage you to request and review the privacy policy of any Third Parties upon disclosing your information to such parties or visiting such Third Party websites.

Information You Provide to Us.

We collect information you provide to us, including but not limited to when you register an account, complete a transaction, communicate with other users, contact our support team, link an external account to the Services, sign up to receive our email updates, fill out a form, or when you communicate with us. The only information we obtain about each individual visitor to our Services is that supplied voluntarily by the visitor. This information may include, but is not limited to: the visitors name, company name, title, gender, date of birth, e-mail address, physical address, telephone number, credit card number, credit card verification code, credit card expiration date, username/password associated with Company Services, government-issued identification numbers, government-issued identification cards, services or products requested, relationship history and online activities with Company and its affiliates. In cases when Company may need additional personal information to provide visitors with customized content, or to inform them about new products or services, visitors are explicitly asked for that information.

Information We Collect Automatically from our Services.

The types of information we may collect each time you visit one of our Services begins with our web server automatically recognizing and collecting that domain name. When you use our Services, we automatically collect certain personal information that is kept strictly confidential. Additionally, we may use that information for internal and external purposes, including, but not limited to:

  • Transaction Information.We collect information in connection with each transaction you engage in via the Services, including the transaction time, amount of transaction, counterparties to each transaction (if any), and other transaction details.
  • Log Information.We collect standard server logs in connection with your use of our Services, including the type of browser you use, access times, pages viewed, IP address, and the web page you visited before navigating to, or after navigation away from, the Company website or application (referred to earlier as, Services).
  • Device Information.We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
  • Location Information.With your permission, we collect precise location from your mobile device in connection with your use of our mobile application. We may also derive approximate location from your IP address.
  • Information Collected by Tracking Technologies:
    • Cookies -When you use our Services, we place a text file called a “cookie” in the browser files of your computer or mobile device. “Cookies” are pieces of information that a website or application transfers to an individual’s hard drive for record keeping purposes. We use cookies during your online session to deliver content specific to your related interests. Cookies allow us to avoid showing you the same ad, or other message repeatedly, and allows us to tailor a website/application to better match your interest and preferences. Our cookies enable us to relate to your use of our Services to information that you have specifically and knowingly provided to us. Most browsers enable you to erase cookies from your computer hard drive, block all cookies or receive a warning before a cookie is stored. Please refer to your browser instructions or help screen to learn more about these functions.
    • Mobile Device Identifiers –Mobile Device Identifiers are unique identifiers established by your mobile device operating system that we collect from our mobile applications. These identifiers are used for similar purposes as Cookies.
    • Local Storage –This is information that stores data locally in your browser, including user preferences.
    • Pixel Tags –Pixel Tags are small blocks of code often used in connection with Cookies. Pixel tags (or web beacons) may be placed on our websites and emails, and allow us to track website usage, including to determine when emails have been opened and acted upon.

Information from Other Sources.

We collect information from other companies and associate that information we collect about you. For example, in connection with your creation of an account, we may collect information about you from identity verification services, including your prior addresses and names. Also, if you use your credentials from a third-party social media service to log into your Services account, we may collect information from that service, such as your name and other account information, in accordance with the authorization procedures determined by that service.

What we do with your Personal Information?

Security.

Our Services implement reasonable security practices and procedures designed to help protect against the loss, misuse and alteration of the information under our control. Specifically, we employ security measures designed to protect the confidentiality and integrity of online transactions and personal information.

Our Use of Personal Information.

We may use your personal information to:

  • Provide, maintain, and improve the Services;
  • Process transactions and send notices about your transactions;
  • Resolve disputes, troubleshoot problems, and provide customer service;
  • Prevent and investigate violations of our Terms of Service and Acceptable Use Policy, and protect the rights and property of BORROWED, INC., and others;
  • Measure, analyze, and monitor trends, activities and usage of the Services;
  • Personalize the Services, including by delivering targeted content or advertisements;
  • Send you targeted marketing and promotional offers we think will be of interest to you;
  • Verify your identity; and
  • Carry out any other purpose described to you at the time the information was collected.

In addition to the above, we may use your information to create aggregate reports; however, these aggregate reports do not contain any personally identifiable information, but, when used in light of the totality of circumstances, may create a profile that is similar to you. We believe these uses allow us to improve our Services, and to better tailor them to meet our users’ needs.

Sharing of Personal Information.

In the instances where we share your personal information with Third Parties, such personally identifiable information may be used or shared separately, or on an aggregate basis in combination with pre-existing information, including information received from Third Parties, in order to:

  1. respond to your questions, comments or requests for information;
  2. fulfill requests by service providers that perform services on your behalf, or on our behalf, including identity verification services, fraud prevention services, payment processing services, and email marketing services;
  3. troubleshoot problems or provide quality assurance with our Services, as requested;
  4. provide customization of your experience, content, or our website homepage;
  5. enforce our Privacy Notice and/or Terms of Service andAcceptable Use Policy;
  6. contact you with more information about us, our Services, and/or any relevant updates; or
  7. act as lead generation information that is sold to fulfillment agencies in order to complete and deliver requested products and services from us. The fulfillment agencies and agents work with us to deliver requested products and services.

Third Party Services Provided by Others.

  • Social Sharing Features –The Services may offer social sharing features and other fully integrated tools (e.g. Sign In with Facebook), which let you share actions you take on our Services with other media, and vice versa. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature.
  • Video Teleconferencing Third-Party Services –Based on data you give us, we will facilitate the use of Third Party video teleconferencing services to communicate with a customer and respond to requests for support. The categories of data we obtain are used to deliver our services and provide a better experience for you. We do not fetch or store your personal video teleconferencing meeting information or credentials. We use an access token to communicate with your account. When you deauthorize us from your video teleconferencing account, your token and related data is deleted.
  • External Links –Our Services may contain links to other internet websites/applications. We encourage all of our partners, contributors, and third parties to implement policies and practices that respect the privacy of our users. However, we are not responsible for the privacy practices or the content of such websites/applications. Our policy only addresses the use and disclosure of information we collect from you. To the extent that you disclose your information to other parties, whether they are linked from our Services, different rules may apply to them. Because we do not control the privacy policies of third parties, you are subject to the privacy customs and policies of that third party. We encourage you to ask questions before you disclose your personal information to others.
  • Public Forums -We may provide you with chat rooms, forums, message boards, and/or news groups. Please remember that any information disclosed in these areas becomes public information and you should exercise caution when deciding to disclose your personal information.

Disclosure Required by Law.

Unfortunately, due to the existing regulatory environment, we cannot ensure that all of your private information, and other personal information, will never be disclosed in ways not otherwise described in this Privacy Notice. Additionally, we are a company based in the United States, and the information we collect is governed by U.S. law. By way of example (without limiting the foregoing), we may be forced to disclose information to the government, or third parties, under certain circumstances, or third parties may unlawfully intercept or access transmissions or private communications. Further, we can, and you authorize us to, disclose any information about you to law enforcement, or other government officials, as we, in our sole discretion, believe necessary or appropriate. Therefore, although we use industry standard practices to protect your privacy, we do not promise, and you should not expect, that your personal information, or private communications, will remain private.

EXCEPT AS DISCLOSED IN THIS PRIVACY NOTICE, COMPANY DOES NOT SELL, LEND, RENT OR OTHERWISE DISCLOSE ANY PERSONAL INFORMATION TO ANY THIRD PARTIES. HOWEVER, YOUR PERSONAL INFORMATION MAY BE SHARED WITH AFFILIATES, AGENTS OR CONTRACTORS OF COMPANY.

Know Your Rights to Personal Information

Opt-In/Opt-Out of Personal Information Choice.

Our Services give users the opportunity to opt-in to receive communications from us and our affiliates at the point where we request information about the user. Our Services also give users the following options for removing their information from our database in order to stop receiving communications or our Services.

f there are any corrections and/or updates to your personal information that you would like to provide to us, our Services provide users with the following options for changing and modifying their information previously provided:

Any inquiries related to this Privacy Notice should be sent tous via email at legal@getborrowed.com.

Amendments and Updates to Privacy Notice.

Please note that we review our privacy practices from time to time, and that such practices are subject to change. At our sole discretion, we reserve the right to change this Privacy Notice at any time by posting revisions through our Services. We ask that you periodically review this page to ensure familiarity with the most current version of our Privacy Notice. However, this Privacy Notice is not intended to, and does not, create any contractual or other legal rights in or on behalf of any party.

Business Transfers; Terms of Service and Acceptable Use; and Privacy Notice.

As we continue to develop our business, the Company, or substantially all of its assets, may be acquired. In such a transaction, customer information will of course be one of the transferred business assets. In the unlikely event of an insolvency, bankruptcy or receivership, personal information may also be transferred as a business asset.

If you choose to visithttp://www.getborrowed.com, your visit and any dispute over privacy is subject to this Privacy Notice and our Terms of Service and Acceptable Use Policy, including limitations on damages, arbitration of disputes, and application of the law of the State of Washington. If you have any concern about privacy at BORROWED, INC., please send us a thorough description to legal@getborrowed.com, and we will try to resolve it. Our business changes constantly. This Privacy Notice, and the Terms of Service and Acceptable Use Policy, will change also, and use of information that we gather now is subject to the Privacy Notice in effect at the time of use. We may e-mail periodic reminders of our notices and conditions, unless you have instructed us not to, but you should check the Services you utilize to see recent changes.

SPECIAL NOTICE TO CALIFORNIA RESIDENTS.

The California Consumer Privacy Act of 2018 (“CCPA”) was signed into law on June 28, 2018. The CCPA gives “consumers” (defined as natural persons who are residents of California) four basic rights to their personal information: (1) the right to know, through a general privacy policy and with more specifics available upon request, what personal information a business has collected about them, where it was sourced from, what it is being used for, whether it is being disclosed or sold, and to whom it is being disclosed or sold; (2) the right to “opt out” of allowing a business to sell their personal information to third parties (or, for consumers who are under 16 years old, the right not to have their personal information sold absent their, or their parent’s, opt-in); (3) the right to have a business delete their personal information, with some exceptions; and (4) the right to receive equal service and pricing from a business, even if they exercise their privacy rights under the CCPA.

Furthermore, under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask for notice of Personal Information that we share with our affiliates and/or any third parties for marketing purposes, and providing such contact information for those affiliates and/or third parties. If you are a California resident, as defined within the CCPA, and would like a copy of this notice, please submit a written request to legal@getborrowed.com.

To exercise these rights under the CCPA, a California resident may email us at legal@getborrowed.com. When submitting your request to exercise these rights, please include the following: (1) name associated with your account; (2) email associated with your account; and what action you are requesting (e.g. right to know or deletion).

In order to protect your personal information from unauthorized access or deletion, we may require that you verify login credentials before submitting a request to know or delete personal information from us. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional personal information to authenticate and verify your identity. If we are unable to authenticate or verify your identity, we will not provide or delete your personal information.

You may submit a request to know, or a request to delete, your personal information through an authorized agent. In order to have an authorized agent act on your behalf, the agent must present signed written permission, and in some instances, we may also require you to independently verify your identity.