January 28, 2023

Privacy Policy Update

An Introduction from our founder and CEO

Pierre Valade

This policy was last updated on January 28, 2023.

As the CEO of Jumbo, I made a commitment to ensure that each decision we make for the product and our company fundamentally respects your security and privacy. As we enter our fourth year of operations, our commitment remains as strong as ever.

The following two principles guide how we think about privacy and security in our day-to-day decisions.

Thank you for trusting us with your privacy and security. If you have any questions or comments, you can always reach out to us at [email protected].

- Pierre Valade

How We Secure Your Data

For the Jumbo App to function properly, it needs access to some of your data. However, most of this data does not ever need to leave your device’s local memory. The less data that leaves your device, the less chances it has to be hacked.

Based on the principle of minimizing data collection, the team here at Jumbo has designed the Jumbo App to keep any data it needs to function locally on your device as a default. The Jumbo App only ever sends a piece of data to the company’s server if truly necessary to provide a feature. See below for a list of data that we might transfer to and from your device.

This approach has several benefits beyond reducing the risk of a breach. There is no account for you to login to and thus no credentials that can be leaked. There is no need to externally verify your personal information. Also, 2FA is not needed since your device would have to be stolen and breached first before your Jumbo App is affected. In the event that any data does leave your device, it is always encrypted. Finally, you have complete control over the data stored locally on your device since it can be cleared forever if you delete the Jumbo app.

Jumbo does not provide features that allow for interactions between users beyond the functionality in our family feature.

If you have any questions about our approach, please reach out to [email protected]. We’re always happy to talk about it because we believe this is the way personal data should always be treated.

Information Collected by Jumbo TL;DR

At a high level, here is a list of what Jumbo does, and does not store. Check the full privacy policy below for specifics.

Jumbo never collects or stores the following because it has nothing to do with the service we provide:

Jumbo stores the following locally on your device (You can clear this forever anytime by deleting the app):

Jumbo stores the following on our server in order to provide specific services:

*Jumbo may ask for access to your approximate location to provide a localized user experience. This data is only processed temporarily, and does not get transmitted to Jumbo servers nor is it stored locally on your device.

Privacy Policy - Full

Thank you for using Jumbo! This privacy policy describes how 2121 Atelier, Inc. d.b.a. Jumbo Privacy (“Jumbo” or “we”) and our product (“Jumbo App”) collects and processes your personal data, in compliance with applicable laws protecting your privacy, when you use Jumbo’s privacy and security services.

Definitions

Personally Identifiable Information (“PII” OR “personal data”): Personal Identifiable Information is any data that can be used to clearly identify an individual such as a person’s name, email, device ID, etc..

Store: To keep on company servers or similar data storage facilities for future use.

Process or Handle: Any operation performed on personal data. Where we note that we process or handle data, we mean that such operations are built to be run without storing data as described above.

Jumbo App (or “the App”): The Jumbo App that is available for download on iOS or Android devices from the Apple App Store or Google Play Store.

The Company (“We” or “Us” or “Jumbo Privacy”): The team that builds the Jumbo App including its engineers, customer support agents, etc.

Title 1 – Jumbo Features You May Use

Section 1. Privacy & Security Services in the Jumbo App

Jumbo App is a mobile application available on iOS and Android that helps you protect your online privacy and security by giving you control over privacy settings, notifying you of data breaches, checking the security of your Wi-Fi, blocking trackers and much more.

The App is not intended for use by children under the age of 13. It is not specifically intended for student or educational purposes, though our hope is that using the App will teach you about best privacy and security practices. If Jumbo Privacy learns that it has inadvertently collected Personal Information from children under the age of 13 without prior parental consent, Jumbo Privacy will take appropriate steps to delete this information. If you are a parent or legal guardian, you can ask us to delete inadvertently collected Personal Information or Persistent Identifiers. We will also delete the data of any user if requested. To make such a request, please email us at [email protected]. Before processing your request, we may need a log from the device whose data you are requesting the deletion for.

Before using the Jumbo App, please ensure that you have read and understood how we collect, store, use and disclose your personal information as described in the parts of this Privacy Policy that is relevant to you.

A. Functionalities

The Jumbo App will never change anything in your accounts without your prior authorization. Consequently, we only process your data because you have consented to it and/or because we are performing a service you have requested from us.

(i) Change of the privacy settings of your online accounts

The Jumbo App offers you the ability to scan the privacy settings on some of your online accounts and suggests changes to maximize your privacy. You can choose which of your online accounts you want the App to scan.

To provide this service, you are asked to log into your account(s) through the Jumbo App. Your account authentication details, i.e., username and password, remain stored locally in your device during the whole process. We do not copy or store any of this personal data in Jumbo Privacy’s servers.

In no event will your password be transmitted to Jumbo Privacy’s servers. If you do not wish for your password to be stored locally within the Jumbo App in your device, please do not use this feature. To delete your passwords, simply disconnect your account from the Jumbo App.

(ii) Transfer and storage of your personal content

If you decide to transfer some of your personal content (e.g. when archiving posts from Facebook) in the App, this transfer is made directly from your account to the storage space you have selected, which may be the App or a third-party storage space that you select.

If you decide to store your personal content in the Jumbo App, your personal content will remain stored locally in your device and it is not copied or stored in Jumbo Privacy’s servers. In no event will this personal content that you choose to transfer be transmitted to Jumbo Privacy’s servers.

If you want to delete your personal content, you can do so by deleting the Jumbo App.

If you decide to transfer your personal content directly to a third-party storage service, please note that we do not own, operate, or control them, and they have their own controlling privacy policies that you should review and that you will be subject to. This means that we are not responsible for how your data is stored or subsequently processed with them.

(iii) Contact information and address book for email-based functions

The Jumbo App offers you the ability to perform certain functions on email addresses and accounts, such as a data breach dark web scan. To perform these functions, you may be asked to give the Jumbo App access to your address book or provide an email address. The App will transmit these email addresses to Jumbo Privacy’s servers in order to allow us to execute the scan. You are solely responsible for any email addresses that you provide to us and obtaining consent for transmitting this data as appropriate.

We do not store any information from your address book for the purpose of referrals.

B. Your rights

How to access, rectify, or delete your personal data

You can access, rectify, or delete the accounts you have managed through the Jumbo App and/or the data you have stored within the Jumbo App at any time directly in the Jumbo App.

To delete any data stored in the Jumbo App, simply delete the Jumbo App from your phone. To delete data stored by Jumbo Privacy on our servers, please send an email to [email protected].

If you have any questions or require assistance, please reach out to us at [email protected]. For more information about your use of the Jumbo App, please consult our TOS.

Section 2. Jumbo App Analytics

The Jumbo App collects anonymous analytics information to allow us to ensure that our product works correctly on different devices and operating systems, and to improve the quality of our product and make your experience better. We use aggregate, non-personal data like device-type, the operating system version and any error logs. These analytics are only used to improve the Jumbo App and are never shared with third-parties for marketing purposes.

You can opt-out from these anonymous Jumbo App analytics at any time, directly from the Jumbo App via settings by toggling OFF the ‘Crash Reporting & Analytics’ setting. If you do this, we will no longer collect analytic data from your device.

The Jumbo App sends your anonymous analytics data to our analytics provider: Amplitude. To the extent that you do not opt-out of this collection as detailed above, you consent to this transfer of data by us to Amplitude. For more information about Amplitude’s privacy practices, please see here. If you would like to delete your anonymous analytics history at any time, please contact us at [email protected].

Section 3. Push Notifications

If you have given us your prior approval to do so, we may send you updates about the Jumbo App and/or the company by sending you push notifications through the Jumbo App.

To send you push notifications, we store and use a token generated by Apple or Google which is unique to your use of the Jumbo App on your phone. At no point could this token be used by the company or its sub-processors to identify a user or reveal their personal data such as their location. These tokens are stored with our database provider, MongoDB.

You may opt-out of receiving these notifications at any time by toggling Jumbo’s notification permissions in your phone’s operating system settings. For more information about MongoDB’s privacy practices, please see here.

Section 4. Support

Jumbo Privacy is by your side to help you control your security and privacy. If you have any questions or concerns regarding the Jumbo App, this Privacy Policy or your privacy rights, you can contact our support team directly in the Jumbo App, or by sending an email to: [email protected].

Jumbo’s Support team uses Help Scout as a service provider to receive and reply to your email queries, and service provider Front when you chat with us directly in the Jumbo App. When you contact us through email or chat, the privacy policies of these third-party services will apply to you and your data. For more information about Help Scout, please see here. For more information about Front, please see here.

Conversations with Jumbo’s Support team are automatically purged from Help Scout and Front after 180 days.

Section 5. Surveys

We sometimes conduct surveys within the Jumbo App to gather feedback on our products and services. When conducting such surveys, we might collect anonymous information such as country or age range to understand demographics of our user base, and you consent to this collection when you choose to participate in a user survey. We use service provider Typeform for conducting these surveys and their privacy policies will apply when you use their platform. For more information about Typeform’s privacy practices, see here).

We do not ever sell or transfer this survey data to any third party as it is purely used to get feedback and insights on how Jumbo can better serve our users.

You can opt-out from any further communication about user surveys, and rectify or erase your email address used in any received communication about these surveys by sending us an email to [email protected].

Section 6. Newsletter

The company has previously provided a periodic newsletter to its users and may provide one in the future. If available, you will be able to subscribe by giving us your email address in the Jumbo App or on our dedicated websites. We only send the newsletter to you for the informational purposes you have chosen when you subscribed.

You can opt-out whenever you want by clicking the opt-out link directly in the newsletter or by sending us an email to: [email protected]. We will then stop sending you our newsletter, and will delete your email address from our emailing list. We use service provider Mailchimp to send you our newsletter and your use will be subject to their privacy policies if you choose to subscribe. For more information, please see here.

Section 7. Functioning cookies on our websites

We use cookies on our websites available at the following URL addresses: https://blog.withjumbo.com and withjumbo.com strictly for necessary purposes to enable our websites to work properly. These cookies include:

  1. Cookie Name: jumbo-invite
    • Purpose: Fraud protection for invite links
    • Lifetime: 60 minutes
    • Domain: withjumbo.com
  2. Cookie Name: device_id
    • Purpose: Telemetry and analytics
    • Lifetime: Session
    • Domain: withjumbo.com

We use service provider Cloudflare to secure our websites. Cloudflare may use cookies. For more information about Cloudflare’s privacy practices and the nature of these cookies, please see here.

We do not have any other cookies on our websites (such as tracking or advertising cookies).

You can refuse the use of cookies at any time by adjusting the settings of your browser (Internet Explorer, Safari, Firefox, Chrome) by selecting the “cookies” option in the “Help” function to obtain information about the location of the cookie folder. Please note that disabling cookies may limit access to certain features or pages of the Jumbo Privacy websites.

TITLE 2: Sub-Processors

Sub-processors are third-party data processors that are engaged by Jumbo Privacy to enable the functionality of the App and who may have access to your data. We only share your personal data with sub-processors we rely on if strictly necessary to provide you with our privacy and security services.

Where we need to share your personal data with sub-processors, we have chosen them with a lot of care to make sure they take privacy as seriously as we do and that they only use your personal data for the purposes we have instructed them to do. Where applicable, we also execute data processing agreements with sub-processors to regulate how such service providers use your personal data. You should be aware that these sub-processors maintain their own privacy policies and practices, and that these will apply to the data that we provide to them.

In some instances, for example in the cases of Amplitude and Typeform, the data we share with sub-processors can be used for research or product improvement. In the case of Amplitude, an analytics platform, we use anonymous analytic data – such as whether a given user’s phone is iOS or Android, what version of iOS/Android is on the phone, the device’s language settings, as well as which Jumbo features are activated, if a feature has crashed, etc. – to improve Jumbo’s service and reliability. In the case of Typeform, a survey tool, we send voluntary surveys to Jumbo users to help us understand their needs better – such as why a survey participant likes a feature, what they want Jumbo to build for them next, etc.. Please see the respective paragraphs below for specifics on each sub-processor.

##

Section 1. Help Scout

Helpdesk

We have decided to use Help Scout as our helpdesk service provider. Therefore, if you email [email protected], Help Scout will receive and keep a copy of your IP address, and your name if it is sent as part of the headers of the email protocol. We have set up Help Scout to automatically delete all emails from their servers 180 days after they are received.

For more information about how Help Scout processes your data, please visit https://www.helpscout.com/company/legal/privacy/.

You can also consult the data processing agreement signed with Help Scout, available here: https://www.helpscout.com/company/legal/dpa/

Section 2. Microsoft

Our email servers (that we are using for [email protected] for example) are powered by Microsoft Cloud. If you email [email protected], Microsoft servers will receive and keep a copy of your IP address, and your name if your name is sent as part of the headers of the email protocol. Contrary to what we have set up for Help Scout, we will keep your emails for as long as it is necessary for replying to your request and then for as long as necessary, if required to, for documentation purposes (generally from two to five years, depending on your jurisdiction and the type of emails you have sent to Jumbo Privacy).

For example, emails containing details of your Privacy Requests and your signed mandate will be kept for two years for proof purposes. For more information about how Microsoft processes your data, please visit https://privacy.microsoft.com/. You can also find more information about the data processing agreement signed with Microsoft here: https://docs.microsoft.com/en-us/legal/gdpr

Section 3. Apple

Apple hosts our Jumbo iOS app. This section applies to you if you use our iOS version of the Jumbo App.

Subscription information (applicable only if previously subscribed to a Jumbo App plan)

Apple collects your account information and payment details when you subscribe to a Jumbo Plan. Your personal data is stored by Apple until you delete it, except for your payment data which is kept by Apple for duration imposed by tax regulations in your country. For more information, please visit https://support.apple.com/en-us/HT207233.

Face ID and Touch ID

You can use Face ID or Touch ID to unlock the Jumbo App if you use a version of the Jumbo App that supports this feature. Jumbo Privacy does not have access to the facial scan information collected to facilitate this feature, which is only managed by Apple. To learn more about this technology, please visit https://support.apple.com/en-us/HT208108 and https://support.apple.com/en-us/HT204587. You can disable this feature directly in the Jumbo App.

App Analytics

Apple provides Jumbo Privacy with analytics: this feature is called App Analytics. Apple does not provide Jumbo Privacy with information that would personally identify you. You can turn off this feature completely within your iPhone settings, also. For more information about how Apple processes and manages the transfer of your data, please visit https://www.apple.com/legal/privacy/ and https://www.apple.com/legal/enterprise/data-transfer-agreements/datatransfer-eu-en.pdf.

Section 4. Google

Android hosts our Android app. This section applies to you if you use our Android version of the Jumbo App.

Subscription information (applicable only if previously subscribed to a Jumbo App plan)

Google collects your account information and payment details when you take an in-app subscription. Jumbo Privacy does not have access to this information, which is only managed by Google.

Your personal data is stored by Google until you delete it, except your payment details information that might be kept by Google for duration imposed by tax regulations in your country.

App analytics

Google provides Jumbo Privacy with anonymous analytics with regards to your use of our app (country, device): this feature is called Google Play Console. Google does not provide Jumbo Privacy with information that would personally identify you. You can turn off this feature completely, also. For more information about how Google processes and manages the transfer of your data, please visit https://policies.google.com/privacy.

Section 5. Cloudflare

We use Cloudflare as our DNS provider for our app and our websites. Cloudflare will log your IP address for less than 24 hours as per their privacy policy. These IP logs are managed by Cloudflare to provide their service and are unavailable to Jumbo Privacy. For more information about how Cloudflare processes your data, please visit: www.cloudflare.com/privacypolicy/.

Section 6. Github Pages

The websites www.withjumbo.com and blog.withjumbo.com are hosted by Github, via their feature Github Pages. Jumbo has configured Cloudflare as a proxy between you and the Github servers, in order to avoid your IP address being sent to Github. Github never receives any personal data. On our websites we use cookies to prevent fraudulent or malicious behavior. You can find more information about the data processing agreement with Github here: https://github.com/customer-terms/github-data-protection-agreement

Section 7. SpyCloud

To verify if your email address was involved in a data breach, we transmit a hash of your email to a third-party provider: Spycloud. SpyCloud never has direct access to your email address, only the hash of it, which means that your identity is obfuscated to SpyCloud when you make a request to do a data breach scan.

SpyCloud uses this unique hash to verify, without knowing who you are, if your email address (i.e. the hash email) has been compromised in a data breach.

We have signed a specific data protection agreement with SpyCloud to supervise their use of your hashed email. Please contact us for more information.

Section 8. Mailchimp

We may send you our newsletter if you have provided us with your email and agreed to receive it.

To send you our newsletter, we use Mailchimp as our newsletter service provider. Mailchimp provides that it will only process your personal data to provide us with their emailing tools. Your email address will be automatically deleted from Mailchimp if you decide to opt-out from any communication. We do not keep email addresses for marketing purposes for more than a year following the last sent communication. For more information about how Mailchimp processes your data, please visit: https://mailchimp.com/legal/privacy/. You can consult the data processing agreement signed with Mailchimp here https://mailchimp.com/legal/data-processing-addendum/.

Section 9. Typeform

We conduct surveys using Typeform. They provide that they will only process your personal data to provide us with their survey tools. To send you this survey, we will ask you for your email address or provide you access to our survey directly in the Jumbo App.

We transfer the answers of the survey to our cloud services and delete them from Typeform within a week following the end of such survey. For more information about how Typeform processes your data, please visit https://admin.typeform.com/to/dwk6gt, You can also find more information about the data processing agreement signed with Typeform here: https://admin.typeform.com/to/dwk6gt

Section 10. Freelancers

From time to time, we may use freelancers based in the USA or Europe to help us for specific tasks, notably on our support team. These freelancers might process personal data belonging to you under our strict instructions. All freelancers sign a data protection agreement containing security requirements to ensure the safety of your personal data before starting to work for Jumbo Privacy.

For more information, please contact us at [email protected].

Section 11. Amplitude

We use Amplitude to analyze analytic data of our users’ usage of the Jumbo App. Amplitude collects the Jumbo App analytics about your use of the Jumbo App with your DeviceID.

Amplitude only uses analytics of our users anonymously, and in accordance with our instructions. For more information about how Amplitude processes your data, please visit https://amplitude.com/privacy. We have signed a specific data protection agreement with Amplitude, including the processing of your data. Please contact us for more information.

Section 12. Front

We use front as our in-app chat provider. Front collects the content you send to Jumbo Privacy in your messages, your DeviceID, and your email if you indicate it. Your information is stored by Front for 45 days.

Front only collects such information to enable us to reply to your queries directly in the Jumbo App, for statistical purposes to build our customer care team, and under our instructions. For more information about how Front processes your data, please visit: https://frontapp.com/privacy-policy. We have signed a specific data protection agreement with Front, including the processing of your data. Please contact us for more information.

Section 13. TaxJar

In order to comply with regional and local tax obligations, we share transaction information from Stripe with our tax compliance provider TaxJar. This includes invoice information including the purchase date, plan, price and purchase location.

Your personal data included in invoices shared from Stripe will be secured and stored in TaxJar as required by applicable regulations and laws. TaxJar will process relevant personal data only as necessary to deliver the services Jumbo has entrusted them with, pursuant Jumbo’s service agreement with TaxJar. Note that regulations may require TaxJar to retain transaction records for a prescribed period of time.

For information on TaxJar’s security and privacy practices, please visit: https://www.taxjar.com/security/

Section 14. Mailgun

We use Mailgun to deliver emails. Specifically, referral, Jumbo FAMILY, and marketing emails to our users.

To send these emails, Mailgun will have access to the contents of the emails as well as your email address.

Mailgun will process relevant personal data only as necessary to deliver the services Jumbo has entrusted them with, pursuant Jumbo’s service agreement with Mailgun.

For information on Mailgun’s security and privacy practices, please visit: https://www.mailgun.com/privacy-policy/

Section 15. Customer.io

Jumbo uses Customer.io to do outreach to existing customers through either email or in-app communication channels.

Customer.io will have access to an anonymous identifier to associate a user’s activity and events.

Customer.io will process relevant personal data only as necessary to deliver the services Jumbo has entrusted them with, pursuant Jumbo’s service agreement with Customer.io. Note that regulations may require Customer.io to retain transaction records for a prescribed period of time.

For information on Customer.io’s security and privacy practices, please visit: https://customer.io/legal/privacy-policy/

Section 16. MongoDB

To send you push notifications, we use a unique token which is stored by our service provider, MongoDB. MongoDB only stores your token on our behalf, and is not authorized to use it for any other purposes than sending you push notifications in the Jumbo App.

You may opt out of receiving these notifications at any time by changing the appropriate settings in the Jumbo app or on your smartphone.

For more information about how MongoDB processes your data, please visit : https://www.mongodb.com/legal/privacy-policy. You can consult the data processing agreement signed with MongoDB here : https://www.mongodb.com/cloud-terms-and-conditions.

Section 17. Stripe

Note: subscriptions are being deprecated; this is only applicable only in Jumbo App versions older than 4.0.

If applicable, your subscription and payment may be handled by Stripe, depending on factors such as your phone’s make or model, the plan you choose, the country in which you are located, and the features made available to you.

Your personal data, such as your payment method and information required to complete your purchase (such as your billing address), will be secured and stored in Stripe as required by applicable regulations and laws, and payment network requirements (e.g. visa, mastercard, etc.). Note that regulations may require Stripe to retain transaction records for a prescribed period of time.

For Stripe’s data retention policy, please visit: https://support.stripe.com/questions/data-retention-policy. For information about how Stripe processes your date, please visit: https://stripe.com/privacy

Section 18. ChartMogul

Note: subscriptions are being deprecated; this is only applicable only in Jumbo App versions older than 4.0.

We use ChartMogul to track our subscription and revenue analytics.

ChartMogul pulls data from our payment processors. For users who pay through the in-app purchase system for Apple Appstore and Google Playstore, no personal identifiable information is shared with ChartMogul. For those users who pay directly through Stripe, this includes all of the same information that Stripe has access to.

ChartMogul will process relevant personal data only as necessary to deliver the services Jumbo has entrusted them with, pursuant Jumbo’s service agreement with ChartMogul. Note that regulations may require ChartMogul to retain transaction records for a prescribed period of time.

For information on ChartMogul’s security and privacy practices, please visit: https://chartmogul.com/privacy/

Section 18. Identity Force, a Sontiq brand (soon Transunion)

To enroll you in Identity Theft Insurance, we transmit the details of your insurance certificate including your first name, last name and an encrypted version of your email to our third-party partner, Identity Force, a Sontiq (soon Transunion) brand. Identity Force uses your information to verify that you were actively enrolled in Identity Theft Insurance in order to provide ID restoration and insurance claims services.

Our agreement with Identity Force does not allow Jumbo App users’ data to be used for any reason other than to provide the aforementioned services to Jumbo App users.

TITLE 3 - Other information about your data

Section 1. Personal Data transfers EU/UK/Swiss-USA

Until then, please note that as provided under article 49 of the GDPR, we have the obligation to inform you of the possible risks of the transfer of your personal data to the USA due to the absence of an adequacy decision or other appropriate safeguards since such invalidation. By using the Jumbo App, you guarantee having been informed of such risks and understanding them.

Since 2121 Atelier Inc is located in the USA, we might transfer some of your personal information from the European Union, the United Kingdom or Switzerland, to the USA. We comply and have self-certified with the EU/UK-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the European Economic Area, the United Kingdom and Switzerland to the United States. You can check our certification here: Privacy Shield Certification.

If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles will take precedence. You can also learn more about Privacy Shield at www.privacyshield.gov.

As described in the Privacy Shield Principles, Jumbo Privacy is responsible for personal data that it receives and subsequently transfers to third parties. If third parties that process personal data for us do so in a manner that does not comply with the Privacy Shield Principles, we are responsible for such failure, unless we prove that we are not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, Jumbo Privacy commits to resolve complaints about our collection or use of your personal information. EU, British and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should contact Mary J. Hildebrand, CIPP/US, CIPP/E by email at [email protected].

Jumbo Privacy has further committed to refer unresolved Privacy Shield complaints to ICRD-AAA, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://go.adr.org/privacyshield.html for more information or to file a complaint. The services of ICRD-AAA are provided at no cost to you.

As further explained in the Privacy Shield Principles, binding arbitration before a Privacy Shield Panel will also be made available to you in order to address residual complaints not resolved by any other means. Jumbo Privacy is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission

Section 2. Extraordinary disclosures

We may be obligated to disclose your personal data if we determine that such disclosure is reasonably necessary and required:

(a) to comply with applicable laws or judicial orders;

(b) to protect the rights or property of Jumbo Privacy or other users of our services, including in investigating any violation or potential violation of the law, this Privacy Policy, or our TOS.

We will always keep in mind that your data should be protected therefore we will always fight unjustified requests and be transparent about them.

In the event that the Jumbo App or 2121 Atelier is acquired by, or combined or merged with, another entity, we may transfer or assign the personal data that we have collected as part of such merger, acquisition, sale, or other change of control. If the acquiring organization decides to change this Privacy Policy, it will notify you as described in Title 4, Section 4 below.

Section 3. Security of data

We take security very seriously and therefore have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk linked to our processing of all data as described hereabove. To implement such measures, we have taken into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for your rights and freedoms as natural persons.

Section 4. CCPA/CPRA

Even though the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) does not apply to Jumbo’s activity, we have provided you with information relevant to the privacy framework as established by these laws:

TITLE 4 – Your Rights

Section 1. Access/Rectification/Deletion/Portability of your personal data

On a general basis, you can access, rectify, or delete your personal data directly through the Jumbo App, or through the service providers we are relying on as described above or by contacting the support team directly through the Jumbo App.

If you are unable to complete your requests through the Jumbo App or such services, you can send a detailed message explaining your request to us at : [email protected].

Jumbo Privacy will inform you if it can act on your request or if you need to do it directly in the Jumbo App, with our support.

Jumbo Privacy would also like to inform that the request you send for the exercise of your rights might be kept for follow-up purposes.

You may also ask us to delete your personal data where one of the following grounds applies:

Please note that the exercise of this right may not be possible when the retention of your personal data is necessary for compliance with statutory or regulatory provisions and in particular for example for the establishment, exercise or defense of legal claims.

Section 2. Restriction of processing

You may request restriction of processing of your personal data in the cases provided for by laws and regulations. You can exercise this right directly through the Jumbo App or by contacting the support team directly through the Jumbo App.

If you are unable to complete your requests through the Jumbo App or such services, you can send a detailed message explaining your request to us at: [email protected].

Section 3. Post-mortem Guidelines

You have the possibility to give guidelines in relation to the storage, deletion and communication of your personal data after your death to a certified trusted third party in charge of ensuring that the wishes of the deceased are respected in compliance with the conditions laid down in the applicable legislation.

You can exercise this right directly through the Jumbo App or by contacting the support team directly through the Jumbo App.

If you are unable to complete your requests through the Jumbo App or such services, you can send a detailed message explaining your request to us at: [email protected].

Section 4. Changes to the privacy policy

Jumbo Privacy reserves the right to amend this privacy policy to reflect product changes, changes in privacy law, and as necessary to reflect our privacy commitments to users. Any changes we make to the Privacy Policy in the future will be posted on this page and, when mandatory, notified to you directly in the Jumbo App. These modifications will govern your continued use of Jumbo Privacy’s products and services, and you are responsible for reading and understanding them.

Section 5. Liability and Disclaimers

Limits on liability and disclaimers applicable to our privacy policy are provided under our TOS.

Section 6. Information for European users

Pursuant to Article 27 of the General Data Protection Regulation of the European Union, we have appointed ePrivacy GmbH, as our European Representative, which office is located at:

ePrivacy GmbH

Große Bleichen 21

20354 Hamburg

Germany

https://www.eprivacy.eu

We also want to inform you that you are entitled to lodge any complaint with regards to privacy matters in relation to our activity to your local data supervisory authority.

Section 7. Contact Us

If you have any questions or concerns regarding this Privacy Policy, please send a detailed message to: [email protected].

Thanks for reading!

Pierre Valade

Pierre Valade

Chief Executive Officer