Privacy Policy
1. Scope of this Policy
This Policy describes the policies and procedures when a User’s personal data is collected, used, consulted, or otherwise processed in the context of the Service or when you interact with us on this website or otherwise.
This Privacy Policy details the data we may collect from you, how such data may be used or shared with others, how we safeguard it, and how you may exercise your rights related to your Personal Data (as defined below), among others, and where applicable, as required according to the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 and as amended by the California Privacy Rights Act of 2020 effective January 1, 2023 (“CPRA”) (collectively “CCPA”).
This Policy does not apply to information we obtain (i) offline, (ii) by means other than through the Service, or (iii) from any other source. In such cases, please refer to the adequate applicable privacy policy.
Butterfly (Appynest Inc.) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Butterfly (Appynest Inc.) has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.
To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
This Policy is to be read as consistent with the Terms of Use (“Terms”), End User License Agreement, and any other contract or policy in effect relating to the Service. Any definitions used herein but not defined in the Privacy Policy shall have the meaning ascribed to them in our Terms.
Appynest, Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
2. What are the key notions of this Policy?
In this Policy the following terms are used consistently and shall have the following meaning.
2.1. Key actors
- “You” (including "Your") or “User” means any person, whether an agent, representative, contractor, employee, manager of the customer, providers, or otherwise, to which access has been given to the Service, or who is interacting with us on website or otherwise (e.g., other contact forms, by e-mail) – „Data Subject”. .
- “Your Employer” means the entity that entered into a contractual arrangement with Butterfly, including a Data Processing Agreement, and which proposes the use to the User of the Service for its own purposes.
- “Butterfly” (including "we" or "us") means Appynest Inc., a company incorporated under the laws of Delaware, having its registered seat in New York and its office at 67 West Street, unit 324, Brooklyn, NY 11222, United States of America.
- “Controller” shall have the meaning under the GDPR, i.e. “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”.
- “Processor” shall have the meaning under the GDPR, i.e. “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”.
- “Subprocessors” means a processor engaged by the Processor to carry out certain processing activities on behalf of the Controller.
- “Third Party” shall have the meaning under the GDPR, i.e. “a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data”.
- “Supervisory Authority” shall have the meaning under the GDPR, i.e. “an independent public authority which is established by a Member State pursuant to Article 51” of the GDPR.
2.2. Personal Data categories
- “Personal Data” shall have the meaning under the GDPR, i.e. “any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
- “Basic Data” means the data provided by the User upon subscription to the Service, and in particular the User’s first name, last name, email address, employee ID, slack handle, profile pictures, passwords, Workplace email addresses, and other data provided by the Data Subjects in the contact form available on the website.
- “Clear Gifs Information” means web beacons used to track online usage patterns relating to the use of the Service or to track which emails are opened by recipients through clear gifs in HTML-based emails sent to Users.
- “Content” means the free text and open content posted by the User on the Service.
- “Device Identifiers” means small data files or related structures stored on or associated with a Mobile Device, which identify a User’s specific mobile device and includes data stored in connection with hardware, operating systems, other software, or information sent directly to Butterfly by the device, and which are collected when a User access the Service by or through a Mobile Device.
- “Location Data” includes GPS coordinates, latitude, longitude, or similar information regarding the location, collected through the use of the Service by or through a Mobile Device.
- “Log Files” means data recorded automatically by Butterfly’s servers sent by the User’s web browser when using the Service, which include web request, IP address, browser type, referring/exit pages, URLs, number of clicks, how You interact with links on the Service, domain names, landing pages, pages viewed, mobile carrier, and similar information.
- “Non-Personal Data” means data other than personal data, including non-private and/or aggregated information that does not identify a User, or more generally a data subject (including without limitation anonymous usage data and platform types).
2.3. General notions
- “Service” means the service offered by Butterfly through a website or related means featuring analytics that allow business owners and managers to gauge worker satisfaction, including the provision of information about updates, upgrades and enhancements of the service.
- “Policy” or “Privacy Policy” means this privacy policy.
- “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
- “Processing” shall have the meaning under the GDPR (i.e. “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”).
- “Data Processing Agreement” means a controller-processor agreement in accordance with Article 30 of the GDPR.
- „EU-U.S. Data Privacy Framework (DPF)” means the framework developed by the U.S. Department of Commerce in consultation with the European Commission to facilitate the lawful transfer of personal data from the European Union to the United States in compliance with EU data protection requirements. It provides safeguards and principles that participating organizations must adhere to when processing personal data received from the EU, including transparency, accountability for onward transfers, and mechanisms for dispute resolution.
- “Standard Contractual Clauses” means sets of standard contractual clauses for transfers as adopted by the European Commission for the international transfer of personal data.
- “Mobile Device” includes without limitation mobile telephones, iPhones, tablets, iPad, Android, and any similar technology or item.
- “EEA” means the European Economic Area.
- “SSL” means to secure socket layer technology.
2.4. Cookie-related notions
- “Cookie” or “Cookies” are text files, containing small amounts of information, which are downloaded to Your browsing device (such as a Mobile Device or computer) when You visit a website, and that may convey information about the use of the Service
- “Persistent Cookies” refers to cookies that remain on a hard drive after a web browser is closed to be used by the web browser on subsequent visits to the Service.
- “Session Cookies” refers to cookies that are temporary and disappear after a web browser is closed.
- “Third Party Cookies” refers to cookies that another party places on Your web browser when You use the Service.
3. Who processes what Personal Data about You?
In the context of the Service, Your Personal Data is processed by several organisations, including Your Employer, Butterfly and Third Parties. The following sub-sections provide further details.
3.1. Your Employer processing Your Personal Data as a Controller
Through the Service, Your Employer is processing Your Personal Data as a Controller for its own purposes. Butterfly has no control over these processing activities.

3.2. Butterfly processing Your Personal Data as a Processor on behalf of Your Employer
Through the Service, Butterfly processes Your Personal Data on behalf of Your Employer. This is in order for the latter to provide the Service within its organisation and to provide You access to the Service, and to ultimately achieve Your Employer’s processing purposes described above.

3.3. Butterfly processing Your Personal Data as a Controller for its own purposes
Through the Service, Butterfly processes Your Personal Data for its own purposes, where it determines itself the purposes and means of such processing.

3.4. If you contact us via our website or by e-mail or you have a relationship with Butterfly (e.g., if you are interested about our services, about a job in Butterfly or a partner or prospective partner) we will process Your Personal Data as Controller as follows

3.5. Google Cloud Platform processing Your Personal Data as a (Sub-)processor of Your Employer or Butterfly for the provision of the Service
In order for Butterfly to achieve one or more of its purposes, it relies on Google Cloud Platform], acting as a Subprocessor and processing Your Personal Data on behalf, under the instructions and authority of Butterfly for storage and back-up purposes.

4. Are Cookies placed on Your device when using the Service?
When You use the Service, Butterfly places one or more Cookies on Your device (including Mobile Device) for the purposes described in this Policy.
4.1. Which Cookies are placed on Your device?
The following table and information set out the Cookies which are used for the Service. It also provides details of third parties that set cookies:
4.1.1. Strictly necessary Cookies

4.1.2. Performance Cookies

4.1.3. Functionality Cookies

4.2. How long are Cookies stored on Your device?
The length of time during which a Cookie will be stored on Your browsing device depends on whether it is a “Persistent” or “Session” Cookie. Session Cookies will only be stored on a device until the web browser is closed. Persistent Cookies remain on the device after You have finished browsing until they expire or are deleted.
4.3. How can You disable Cookies placed on Your device?
You can usually use the web browser to enable, disable or delete Cookies. To do this, follow the instructions provided by the web browser (usually located within the “Help”, “Tools” or “Edit” settings). You can also set Your web browser to refuse all Cookies or to indicate when a Cookie is being sent.
Please note that if You set Your web browser to disable Cookies, You may not be able to access secure areas of the website, other parts of the website may also not work properly and some Service features may not function properly.
You can find out more information about how to change Your browser Cookie settings at www.allaboutCookies.org.
5. On what basis is Your Personal Data processed?
Your Personal Data is processed by Butterfly in the context of the Service on the basis of Your consent given in the framework of Your subscription to or use of the Service, as detailed in this Policy.
Please note that You are not in any way obligated to provide any information to Butterfly. Also, You have the right to withdraw Your consent at any time You choose and on Your own initiative as described in section 10 of this Policy. You however understand that in such cases, certain features of the Service may be limited or otherwise impacted.
Please note that Your Employer is Processing Your Personal Data for its own purposes, as described under section 3.1. Such Processing takes places on a legal basis determined by Your Employer. Please contact Your Employer should You have any questions in relation thereto.
6. Is Your Personal Data used for direct marketing communications?
If You have explicitly consented, Butterfly may, from time to time, contact You by email with information about our Service.
If You no longer want to receive email marketing from Butterfly, please let us know by sending an email to us at privacy@butterfly.ai. You can also unsubscribe from our marketing emails by clicking on the unsubscribe link in the emails Butterfly sends to You.
7. How long is Your Personal Data stored?
We retain your Personal Data for as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, taking into account legal retention periods and our legitimate interests in protecting or defending our legal interests, in accordance with our internal policies. You can write to us for more specific details about the retention periods or to exercise any of your rights detailed in section 10 of this Privacy Policy.
Your Personal Data will be stored for the duration of Your relationship with Butterfly and then put beyond use:
- 5 years after Your last use of the Service, if You did not close Your account;
- 2 years after the closing of Your account.
- 1 year after the last contact with you if you contact us via website or you apply for a job and we will not hire you.
- 5 years after the contract with our partners (certain categories of data, such as those relating to any payment made to you, may be kept for a longer period in accordance with applicable law and our internal policy (e.g. 6 years after the end of the financial year in which the documents were created);
- Other data related to your complaints, GDPR requests could be kept for a longer period (e.g., 6 years after the end of the inquiry, request, complaint).
- Other contact details could be kept until you object or withdraw your consent (if applicable) to send you the newsletter you subscribed for.
8. How is Your Personal Data shared with Third Parties?
Butterfly will display Your personal data on the Service only in accordance with Your authorisations and security preferences. The information that You provide for inclusion on the Service should reflect how much You want others users to know about You. Please consider this carefully before disclosing any information and recognise that the more content You provide the less anonymous You may be towards other users. You can review and revise Your user information at any time.
Butterfly may share or disclose information with Your consent and solely as described herein, including with Third Party application providers. In certain situations, Butterfly may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In the event Butterfly shares Your Personal Data in accordance with this Policy, Butterfly is not responsible for any Third Party’s use or disclosure of Your Personal Data. You should only use applications that You trust and that have privacy policies that You consider acceptable.
As described in this Policy, the Service may rely on Third Party tools (such as Google Analytics) in order to study the Service usage and performance. Many of these tools collect the information sent by Your web browser as part of a web page request (including Cookies and Your IP address). These tools receive the information provided to Butterfly and use it as governed by their own privacy policies.
Butterfly offers its Users the possibility to integrate its Service into existing Third Party applications (e.g. Microsoft Teams, Skype for Business etc.). If You choose to make use of this integration, please keep in mind that, in doing so, these Third Party applications will most likely receive some of Your Personal Data either directly by You or provided by Butterfly with Your consent. Therefore, please consider this carefully before disclosing information and only use Third Party applications that have privacy policies that You consider acceptable.
When transferring personal data to third parties, Butterfly (Appynest Inc.) ensures that such transfers are conducted in accordance with the EU-U.S. and UK Extension to the EU-U.S. Butterfly (Appynest Inc.) remains responsible and liable under the EU-U.S. DPF Principles and the UK extension to the EU-U.S. DPF, if a third-party it engages to process personal data on its behalf do so in a manner inconsistent with the Principles unless Butterfly (Appynest Inc.) proves that it is not responsible for the event giving rise to the damage.
9. Is Your Personal Data transferred outside the EEA?
In the context of the provision of the Service and for the purposes described in this policy, Your Personal Data will be transferred outside the EEA and to countries not providing an "adequate" level of data protection, such as the United States.
When such a transfer happens, we ensure that it takes place in accordance with this Policy and that the necessary safeguards are put in place such as, in particular, ensuring that the transfer is regulated by Standard Contractual Clauses approved by the European Commission as ensuring an adequate protection for Users.
Transfers to the United States Such are conducted in compliance with the EU-U.S. Data Privacy Framework (DPF) and the UK Extension to the EU-U.S. DPF, under which Butterfly (Appynest Inc.) is certified.
In compliance with the EU-U.S. Data Privacy Framework (DPF) and the UK Extension to the EU-U.S. DPF, Butterfly (Appynest Inc.) commits to resolve complaints about your privacy and our collection or use of your personal information. EU and UK individuals with inquiries or complaints regarding our DPF compliance should first contact us at privacy@butterfly.ai.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Butterfly (Appinest Inc.) commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
Finally, as a last resort and in limited situations , individuals may also invoke binding arbitration through the DPF Arbitration Panel
We may also transfer your Personal Data based on Standard Contractual Clauses (SCCs) approved by the European Commission or other lawful transfer mechanisms where applicable. In certain circumstances, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have a question or complaint related to the transfer of Your Personal Data outside of the EEA, we encourage you to contact us via privacy@butterfly.ai.
10. What are Your rights?
Once You have provided Your Personal Data, several rights are recognized under the GDPR, which in principle You can exercise free of charge, subject to statutory exceptions. In particular, You have the following rights:
- Right to withdraw consent. You have the right to withdraw Your consent at any time You choose and on Your own initiative. If You have entered into a contractual arrangement with Butterfly, You can do so directly by contacting Butterfly. If You have not done so, for example because You are an employee of an entity that entered into a contractual arrangement with Butterfly, You can contact your Employer. Your Employer will inform Butterfly of Your request to withdraw Your consent. The withdrawal of Your consent will not affect the lawfulness of the collection and processing of Your data based on Your consent up until the moment where You withdraw Your consent or the processing activities performed based on other legal basis (e.g., legitimate interests for those data that we process based on the Master Subscription Agreement we have with your Employer, document the way we answered your request in order to defense our rights etc.). In the case of withdrawal of consent for newsletter purposes, the withdrawal will take effect without the need for justification.
- Right to access, review, and rectify Your data. If You wish to review or rectify any information like Your name, email address, passwords and/or any other preferences, You can do so easily by changing Your settings under the 'My Account' section on our website. You may also request a copy of the Personal Data Butterfly holds about You by sending an email to privacy@butterfly.ai. You can access and review this information and, if necessary, ask to rectify Your information.
- Right to erasure. You have the right to erasure of all the Personal Data processed by Butterfly in case Butterfly no longer needs it for the purposes for which the Personal Data was initially collected or processed, in accordance with the GDPR.
- Right to restriction of processing. Under certain circumstances described in the GDPR, You may ask for a restriction of processing of Your Personal Data, such as when You have contested the accuracy of the Personal Data, for the period we need to verify the accuracy of this data.
- Right to data portability. You have the right to receive the Personal Data processed in a format which is structured, commonly used and machine-readable and to transmit this data to another service provider.
- Right to object to processing. Where Your Personal Data is processed for direct marketing purposes, You may object to such processing without giving any reason. For other processing activities where we rely on our legitimate interests, you may object on personal grounds relating to your specific situation, which must be justified.
- Right to lodge a complaint with a Supervisory Authority. We are always available for any questions or complaints You may have. However, if You were to have any trouble with the way Your Personal Data is being handled in the context of the Service, You may contact the Supervisory Authority to lodge a complaint.
In addition to the rights described above, individuals whose personal data is transferred from the European Union and United Kingdom to the United States under the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF have the opportunity to choose (i.e., opt out) whether their personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. For more information on how to exercise these rights, please contact us at privacy@butterfly.ai.
11. To what extent is Non-Personal Data used by Butterfly?
Butterfly may use Non-Personal Data for purposes that include testing IT systems, research, big data analytics, industry-wide analyses, statistics and reports, improving the Service, developing new products and features. Butterfly may create and publish such analyses and reports, including for commercial gain.
12. What security measures are put in place by Butterfly?
Butterfly implements, and undertakes that its Subprocessors implement, appropriate technical and organisational measures to ensure an appropriate level of security of Your Personal Data, including but without limitation:
- Socket Layer Technology ("SSL"). SSL is used for the encrypted transmission of data where necessary.
- Back Up. Continuous and regular data backups help prevent loss and assist in data recovery.
- Common Web Attacks. Protection against common web attack vectors, firewalls and access restriction are implemented.
- Secured data centres. Data is hosted in secure SAS 70 audited data centres,
In the event personal information is compromised as a result of a security breach and where the breach is likely to result in a high risk to the rights and freedoms, we will promptly notify those Users as required under the GDPR.
13. Does a disclaimer of warranties apply?
No method of electronic transmission or storage is completely secure.
To the largest extent permitted under applicable law, the Service is provided “AS IS” and we make no warranty, express or implied, concerning the security or integrity of any User data. All implied warranties, including without limitation the implied warranties of merchantability or fitness for a particular purpose, are hereby disclaimed.
14. What rules apply to children?
The Services are not intended for use by children ("child" shall mean an individual that is under the age defined by applicable law which with respect to the EEA is under the age of 16 and with respect to the US, under the age of 13)
Butterfly does not knowingly collect or solicit Personal Data from children or knowingly allow such persons to register for the Service.
In the event Butterfly learns that it has collected Personal Data from a child under the age of 13 years without verification of parental consent, steps will be undertaken promptly to remove that information. If You believe that we have or may have information from or about a child under 13 years of age, please contact Butterfly at privacy@butterfly.ai.
15. Does this Privacy Policy Apply to Third Party websites?
Butterfly shall not be responsible or liable for the practices employed by the owners or users of websites linked to or from the Service. Furthermore, we are not responsible or liable for the information or content on such Third Party websites.
This Privacy Policy is only in effect for the Service and not for any Third Party website and You are subject to the terms of use and privacy and other policies of such Third Party website.
16. Are posts in discussion rooms, blogs, etc. confidential?
Any information posted in a discussion room, group room, blog, or the like is considered publicly accessible and the User should not post any information it wishes to keep confidential.
17. What happens if Butterfly makes modifications to this Privacy Policy?
Butterfly reserves the right to change and update this Privacy Policy from time to time, in its sole discretion. In case this Policy is changed, You should review such changes. The modifications will take effect immediately upon posting on the Service website.
18. How can You contact Butterfly?
Questions, comments, remarks, requests or complaints regarding this Privacy Policy are welcome and should be addressed to:
or
240 Kent Avenue, Brooklyn, NY 11249, United States of America
ANNEX A - JURISDICTION SPECIFIC NOTICES
ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS
This section applies only to California residents. Pursuant to the CCPA, please see the CCPA Privacy Notice which discloses the categories of personal information collected, purpose of processing, source, categories of recipients with whom the personal information is shared for a business purpose, whether the personal information is sole or shared, the retention period, and how to exercise your rights as a California resident.
ADDITIONAL NOTICE TO COLORADO RESIDENTS
Under the Colorado Privacy Act (“CPA”) if you are a resident of Colorado, acting only as an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context), your rights with respect to your personal data are described below.
“Personal Data” as defined in the CPA means: “information that is linked or reasonably linkable to an identified or identifiable individual” and does not include any of the following: publicly available information, de-identified or aggregated consumer, and information excluded from the CPA scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.
Sensitive Data includes (i) racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; (ii) Genetic or biometric data that can be processed to uniquely identify an individual; or (iii) child data. We do not process or collect any sensitive data.
Section 5 “Purpose of Processing User’s Data and the Lawful Basis” of the Privacy Policy, we describe our collection and processing of personal data, the categories of personal data that are collected or processed, and the purposes. Additionally, in Section 8 “Sharing Data” details the categories of third-parties the controller shares for business purposes.
Your Rights Under CPA:
Herein below, we will detail how consumers can exercise their rights, and appeal such decision, or if Butterfly sells the personal data, or sells the personal data for advertising and how to opt-out. We do not sell your Personal Data.
Right to Access/ Right to Know – you have the right to confirm whether and know the Personal Data we collected on you. You can exercise your right by reviewing this Privacy Policy, in case you would like to receive the Personal Data please contact us to receive a copy of your data.
Right to Correction – you have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data. You can exercise this right directly through your account or by contacting us.
Right to Deletion – you have the right to delete the Personal Data, this right is not absolute and in certain circumstances we may deny such request. We may deny your deletion request, in full or in part, if retaining the information is necessary for us or our service provider(s) for any of the following reasons: (1) Complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you; (2) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3) Debug products to identify and repair errors that impair existing intended functionality; (4) Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5) Comply with the law or legal obligation; (6) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (7) Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (8) Make other internal and lawful uses of that information that are compatible with the context in which you provided it. We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our processors to take similar action. If you would like to delete your Personal Data please contact Butterfly.
Right to Portability – you have the right to obtain the Personal Data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. If you would like to receive the Personal Data please contact us. To receive a copy of your data we will select a format to provide your Personal Data that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
Right to Opt-Out from Selling Personal Data – you have the right to opt out of the sale of your Personal Data for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer. You may authorize another person acting on your behalf to opt out, including by broad technical tools, such as DAA, NAI, etc. Butterfly does not sell your Personal Data, so we do not offer an opt out. Butterfly may “share” Personal Data with third parties for personalized advertising purposes. You may indicate your choice to opt-out of the sharing of your Personal Data with third parties for personalized advertising on third party sites as detailed in Section 9 "Your Rights". To opt out from the use of cookies on our website, please click the “do not sell or share my personal information” in the footer of the website which will enable you to customize the use of cookies on our website.
Right to Opt-Out from Targeted Advertising – you have the right to opt out of the sale of your Personal Data for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer. You may authorize another person acting on your behalf to opt out, including by broad technical tools, such as DAA, NAI, etc. We do not profile you, thus we do not need to provide an opt-out.
Right to Appeal – if we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. If we deny the appeal, you may contact the Colorado Attorney General using this link: https://coag.gov/office-sections/consumer-protection/ or (720) 508-6000. Not more than 60 days after receipt of an appeal we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decisions.
Duty not to violet the existing laws against discrimination or non-discrimination – such discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices. We do not discriminate our Users.
How to Submit a Request Under CPA?
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Data. If request is submitted by someone other than the consumer about whom information is being requested, proof of authorization (such as power of attorney or probate documents) will be required.
We will respond to your request within 45 days after receipt of a verifiable Consumer Request and for no more than twice in a twelve-month period. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at: privacy@butterfly.ai and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/
If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
ADDITIONAL NOTICE TO VIRGINIA RESIDENTS
Under the Virginia Consumer Data Protection Act, as amended (“VCDPA”) if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your Personal Data.
"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information. Personal Data does not include de-identified data or publicly available data, and information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver's Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.
The categories of personal data processed, purpose of processing, categories of personal data shared with third parties, categories of third parties with whom data is shared, your Rights are detailed above in the sections of this Policy.
How to Submit a Request Under VCDPA?
We shall respond to your request within 45 days of receipt. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at: privacy@butterfly.ai and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform
We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request we will not be able to grant your request.
ADDITIONAL NOTICE TO CONNECTICUT RESIDENTS
Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (the “CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your personal data are described below.
"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable individual. It does not include de-identified data or publicly available information. If further does not include information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver's Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.
The categories of personal data processed, purpose of processing, categories of personal data shared with third parties, categories of third parties with whom data is shared, your Rights are detailed above in the sections of this Policy.
Instructions on how to exercise your rights under CDPA are as stated above under “Your Rights under CPA”.
How to Submit a request under CDPA?
We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 days response period, together with the reason for the extension.
If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.
We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.
ADDITIONAL NOTICE TO UTAH RESIDENTS (effective January 2024)
Under the Utah Consumer Privacy Act (the “UCPA”) if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights with respect to your Personal Data are described below. “Personal Data" refers that is linked or reasonably linkable to an identifiable individual, and does not include de-identified data and publicly available data.
The categories of personal data processed, purpose of processing, categories of personal data shared with third parties, categories of third parties with whom data is shared, your Rights are detailed above in the sections of this Policy.
Further, instructions on how to exercise your rights under UCPA are as stated above under “Your Rights under CPA”.
NOTICE TO NEVADA RESIDENTS
Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to privacy@butterfly.ai.