PRIVACY POLICY

Role of Feather

Feather acts as both a business (controller) and a service provider/processor depending on the context in which personal information is collected and processed.

Feather acts as a business with respect to personal information collected directly from users for account creation, billing, and Service operation. Feather acts as a service provider/processor with respect to personal information that users upload, store, or share through the Service on their own behalf.

Feather processes such information in accordance with user instructions and applicable law.

Nothing in this Policy creates a fiduciary, trustee, escrow, or custodial relationship.

1. Scope of This Policy

This Policy applies to personal information collected by Feather from:

• Visitors to our websites
• Registered users and subscribers
• California residents (“Consumers”) as defined by the CCPA/CPRA

This Policy does not apply to information collected offline or through third-party websites or services not controlled by Feather.

This Policy applies solely to personal information collected in a consumer context and not to employment-related data.

This Policy applies to personal information relating to individuals and, where applicable under California law, households.

2. Categories of Personal Information We Collect

We collect the following categories of personal information, as defined by the CCPA/CPRA:

A. Identifiers

• Name
• Email address
• Account login credentials
• IP address
• Device identifiers

B. Personal Records Information

• Contact details
• Emergency contact information (provided at the user’s direction)
• Family- or legacy-related information voluntarily uploaded or entered by users as part of the Service.”

Users represent that they have the authority to provide personal information relating to third parties, including emergency contacts or designated individuals.

Feather does not independently verify the accuracy, completeness, legality, or appropriateness of personal information uploaded or provided by users. Users are solely responsible for ensuring that they have lawful authority to provide any third-party personal information submitted through the Service.

C. Sensitive Personal Information (CPRA)

• Account authentication information (usernames, passwords, access credentials)
• Contents of files, messages, instructions, or information voluntarily stored by users, which may include personal, familial, or legacy-related information
• Information relating to designated trusted contacts or delegates

Sensitive Personal Information is used solely for purposes reasonably necessary to provide the Service and is not used to infer characteristics about users or for advertising purposes. Users are strongly discouraged from storing highly sensitive personal information such as Social Security numbers, government-issued identification numbers, financial account credentials, or health records unless expressly required for their intended use of the Service.

D. Internet or Network Activity

• Log files
• Device and browser information
• Usage data and interactions with the Service

E. Commercial Information

• Subscription status
• Billing history

Payment information is processed by third-party payment processors and is not stored by Feather.

For each category of personal information collected, Feather retains such information in accordance with the retention practices described in Section 8 of this Policy, based on the nature of the data and the purposes for which it is processed.

3. Sources of Personal Information

We collect personal information from the following sources:

• Directly from users (account creation, subscriptions, uploads, and communications)
• Automatically from user devices (cookies, logs, analytics tools)
• Third-party service providers (such as payment processors and analytics providers)

Feather does not independently verify the accuracy or completeness of information provided by users.

We do not collect personal information from data brokers.

4. How We Use Personal Information

We use personal information for the following business and operational purposes:

• To provide, operate, and maintain the Service
• To create and manage user accounts
• To process subscriptions and payments
• To enable user-directed sharing and access controls
• To communicate regarding accounts, billing, security, or updates
• To improve functionality and user experience
• To detect, prevent, and respond to fraud or security incidents
• To comply with legal and regulatory obligations

Feather does not use personal information for automated decision-making that produces legal or similarly significant effects.

Internal analytics are conducted in an aggregated or de-identified manner where reasonably possible.

Feather does not engage in profiling in furtherance of decisions that produce legal or similarly significant effects.

Feather does not use personal information for purposes that are materially different, unrelated, or incompatible with the purposes disclosed in this Policy without providing additional notice as required by applicable law.

Use of the Service does not create a legal, financial, estate planning, fiduciary, or advisory relationship between Feather and any user.

Where applicable, Feather processes personal information based on one or more of the following legal bases: performance of a contract, compliance with legal obligations, legitimate business interests, and user consent.

Feather processes and discloses personal information in connection with user-directed instructions regarding account access, legacy sharing, or designated contacts, including in the event of a user’s death or incapacity, to the extent permitted by applicable law and the user’s configured settings.

5. How We Disclose Personal Information

We may disclose personal information as follows:

A. Service Providers

We disclose personal information to vendors and service providers that perform services on our behalf, including:

• Payment processing
• Cloud hosting and infrastructure
• Data storage and backup
• Analytics and performance monitoring
• Customer support

These service providers are contractually restricted from using personal information for purposes other than providing services to Feather.

Service providers are required to comply with applicable privacy and security obligations consistent with the CPRA.

B. User-Directed Sharing

Information shared with trusted contacts, delegates, or other third parties is disclosed solely at the direction of the user. Once personal information is disclosed at the direction of a user, Feather does not control and is not responsible for how such third parties use, store, secure, or further disclose that information. Once personal information is disclosed at the direction of a user, Feather has no control over and disclaims all responsibility for the actions of the receiving party, including their use, storage, security, or further disclosure of such information, to the fullest extent permitted by law.

C. Legal and Compliance

We may disclose personal information to comply with applicable law, legal process, governmental requests, or to protect the rights, safety, and security of Feather, users, or others.

Where legally permitted, Feather may provide notice to affected users prior to disclosing personal information in response to legal process.

D. Business Transfers

Personal information may be disclosed in connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of Feather’s assets, subject to applicable law.

In the event of a business transfer, personal information will remain subject to the promises made in this Privacy Policy unless users are notified otherwise as required by law.

Where feasible and legally permitted, Feather may object to or seek to limit requests for personal information that it believes are overly broad, invalid, or unlawful.

6. Automated Decision-Making

Feather does not use automated decision-making technologies that produce legal or similarly significant effects concerning users.

7. Sale or Sharing of Personal Information (California Disclosure)

Feather:

• Does not sell personal information
• Does not share personal information for cross-context behavioral advertising as defined under the CPRA.
• Does not use sensitive personal information for purposes that require a “Limit the Use of My Sensitive Personal Information” opt-out

Accordingly, Feather does not provide a “Do Not Sell or Share My Personal Information” link at this time.

No Data Brokerage

Feather does not operate as a data broker and does not compile, aggregate, or sell personal information obtained from users for resale or licensing to third parties.

●

8. Data Retention

Feather retains personal information for as long as reasonably necessary to:

• Provide the Service
• Fulfill contractual obligations
• Comply with legal requirements
• Resolve disputes and enforce agreements

Retention periods vary based on the nature of the information, account status, and applicable legal requirements. Account information is generally retained for the duration of the account and a reasonable period thereafter unless deletion is requested and permitted by law.

Retention Summary

• Account information: retained while the account is active and up to 24 months after closure
• Logs and analytics: retained for up to 12 months
• Uploaded user content: retained until deleted by the user or account termination
• Billing records: retained as required by tax and financial regulations
• Logs and analytics: retained for up to [X] months

Feather may retain personal information for longer periods where necessary to comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, or protect the security and integrity of the Service.

Feather may create aggregated or de-identified information that cannot reasonably be used to identify an individual. Feather may use such information for lawful business purposes, including analytics, research, and service improvement.

Feather limits the collection of personal information to what is reasonably necessary and proportionate to provide the Service and achieve the purposes described in this Policy.

Feather maintains a written information security program designed to align with industry-standard administrative, technical, and physical safeguards.

Upon receipt of a valid deletion request, Feather will delete personal information within a commercially reasonable timeframe, subject to legal and operational constraints.

9. Data Security

To the fullest extent permitted by applicable law, Feather disclaims liability for security incidents resulting from factors outside its reasonable control, including user actions, compromised credentials, third-party platforms, or force majeure events.

Feather employs encryption and other security measures designed to protect personal information both in transit and at rest, where appropriate.

10. Your California Privacy Rights (CCPA/CPRA)

California residents have the right to:

A. Right to Know

Request disclosure of:

• Categories of personal information collected
• Sources and purposes of collection
• Categories of recipients

B. Right to Delete

Request deletion of personal information, subject to legal exceptions.

C. Right to Correct

Request correction of inaccurate personal information.

D. Right to Limit Use of Sensitive Personal Information

To the extent applicable under the CPRA.

E. Right to Non-Discrimination

Feather will not discriminate against consumers for exercising privacy rights.

Feather will respond to verifiable consumer requests within 45 days, subject to extensions permitted by law.

F. Right to Appeal

If a request is denied, to the extent required under applicable law, California residents may appeal the decision by contacting support@myfeatherapp.com.

Feather may decline to act on requests that are manifestly unfounded, excessive, or repetitive as permitted under applicable law.

11. How to Exercise Your Rights

Consumers may submit privacy requests by:

• Emailing support@myfeatherapp.com
• Using in-app account tools (if available)

Requests may require verification by matching information provided by the consumer with information maintained by Feather. Feather will not require consumers to create an account solely to submit a privacy request. Authorized agents may submit requests on behalf of consumers with proper documentation.

Feather reserves the right to deny requests that cannot be verified in accordance with applicable law or that would require Feather to access, disclose, or delete information in a manner that would create a security risk.

Verification may include confirming control over an email address, account authentication, or other information reasonably necessary to confirm identity.

12. Cookies and Tracking Technologies

Feather uses cookies and similar technologies to:

• Maintain user sessions
• Improve performance and functionality
• Analyze usage trends

Users may manage cookies through browser settings. Disabling cookies may affect Service functionality. Feather does not currently respond to browser “Do Not Track” signals.

Feather may use analytics providers that collect information about user interactions with the Service. Such providers process information on Feather’s behalf and are contractually restricted from using it for independent purposes.

13. Children’s Privacy

The Service is not intended for individuals under 16 years of age. Feather does not knowingly collect personal information from individuals under 16. If such information is identified, Feather will take steps to delete it. Parents or guardians who believe that their child has provided personal information may contact Feather to request deletion.

14. Third-Party Links and Services

The Service may contain links to third-party websites or services. Feather is not responsible for the privacy practices or content of third parties.

15. International Users

The Service is operated from the United States. By using the Service, users consent to the processing and storage of personal information in the United States. Where required by applicable law, Feather implements appropriate safeguards for international data transfers, which may include standard contractual clauses or other approved mechanisms.

16. Changes to This Policy

Feather may update this Privacy Policy from time to time. Material changes will be communicated as required by law. Continued use of the Service after updates constitutes acceptance of the revised Policy. Where required by law, Feather will obtain user consent for material changes.

17. No Private Right of Action Expansion

This Privacy Policy is not intended to create, and shall not be construed as creating, any contractual or legal rights enforceable by any third party beyond those required under applicable law.

18. Contact Information

Tonntowin Investment Group, LLC d/b/a Feather

Email: support@myfeatherapp.com

Address: 43200 Business Park Dr, Temecula, CA 92590