Privacy Policy
Gratsy, LLC is committed to maintaining the accuracy, confidentiality, and security of your personal information. This Privacy Policy describes how your personal information is collected, used, and shared when you use any of our services, our mobile applications, or websites (collectively, the “Services”). By using any of our Services, you agree to our Privacy Policy, which is outlined below. By using any of our Services, you are accepting the practices described in our Privacy Policy and you consent to receive it via electronic form via publication on the world wide web, mobile applications, SMS, email, physical mail, and other forms of marketing communication between you (“you,” “user,” “your”) and Gratsy, LLC (“Gratsy”, the “service,” “us,” we”, “our”, the “company”).
We collect personal information you provide when using the Gratsy app, such as name, email address, and preferences. We also gather non-personal data like device information and app usage statistics to improve our services. Your information is used for the following purposes: (i) providing and personalizing our service; (ii) communicating important updates; (iii) enhancing user experience through analytics; and (iv) sending marketing communications (only if you opt in). We do not share your data externally unless you have specifically opted in to receive marketing emails from a brand partner. In such cases, only the necessary information will be shared. We do not sell or rent user data.
This Privacy Policy does not apply to any products, services, websites, or content that are offered or hosted by third parties (“Third Party Services”, “service providers”), which are governed by their respective privacy policies.
Please read this Privacy Policy carefully to understand our practices regarding your personal information and how we treat it. By using any of our Services, you acknowledge that you have read and understood and consent to this Privacy Policy.
What Personal Information Do We Collect?
You directly provide almost all the personal information that we collect about you. As described below, some information may automatically be collected when you use the Services. The following is a list of items that you provide or input on the Services, including but not limited to:
· Name, address and contact information, including your email address and phone number;
· Login details, including email address, username and password;
· Device IP address;
· Information about your date of birth, interests, preferences, and demographics;
· Information that you provide in correspondence with us, including surveys;
· Information about and contained on your social media accounts;
· Information about how you use our Services; and
· Information discoverable as a result of the information you provide or from how you use our Services. This also includes how you engage with our Services, such as product samples, coupons, or other offers you have received, requested, used, expressed an interest in, or provided feedback on.
At this time, we do not store personal financial information from Users.
We may collect information automatically about users via a variety of methods, such as cookies, web beacons, JavaScript, Google Analytics and log files. This information may include user IP addresses, browser types, domain names, device type, time stamp, referring URL and other log file information; user activities within the Service; aggregate and statistical information regarding overall server/visitor traffic and navigation patterns for the Service. Web and app servers collect this type of basic information automatically as part of log processes.
How Do We Use Your Personal Information?
We may use the personal information you provide to the Service for the following purposes:
· To set up and maintain your account with the Service.
· To communicate with you.
· To provide our Services to you, including:
To notify you about our products, services, and special offers.
To select you to receive samples, offers, coupons, discounts or cash rebates.
To send samples, offers, coupons, or cash rebates.
· To contact you with information that we believe will be of interest to you.
· To tailor our content and information that we may send or display to you, to offer personalized help and instructions, and to otherwise personalize your experience with our Service.
· For the purposes for which you specifically provided it including, without limitation, to enable us to process your registration, provide the Services or other requests.
· To provide features available in the Service.
· To develop, improve, and protect the Service.
· To send you information about your relationship or transactions with us.
· For direct marketing and market research, including for example recommendations and targeted marketing, in accordance with applicable law.
· To use user content as part of our Service as well as advertising and marketing campaigns to promote the services.
· To allow other select companies to send you promotional materials about their products and services.
· To comply with applicable legal obligations, including responding to a subpoena or court order.
· To enforce our terms, conditions and policies.
· To prevent and investigate fraud and other misuses.
· To protect our rights and/or our property.
How Is Data Collected Automatically Used?
We may use the data collected automatically for the following purposes:
· To manage the Service;
· To provide features available in the Service;
· To personalize the Service. In particular, cookies may be used for providing us information on the content you’ve shared in social media after or before registering to the Service. We may use this information to provide you with advertiser content recommendations;
· To develop, improve, and protect the Service;
· For market research and data analysis, including for example reading recommendations and behavioral targeting and targeted marketing, in accordance with applicable law;
· To audit and analyze the Service; and
· To ensure the technical functionality and security of the Service.
Do We Ever Share Your Personal Information with Third Parties?
We may share the information we collect as follows:
Legal Disclosures. We may disclose a Service user’s information (including personal information) where we believe that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a warrant or administrative request, a court or regulatory order, or other valid legal processes. We may also disclose personal information where we believe it is necessary to identify, contact or bring legal action against someone who may be violating the Terms of Service for our Service, to detect fraud, for assistance with a delinquent account, as evidence in litigation in which we are involved, or to protect the safety and/or security of our users, the Service or the general public.
Affiliates and Business Partners. We may share your information with affiliated companies and business partners. When you engage in promotions or Services, we may partner with another company to fulfill that sample or promotional offer. When you accept a particular business partner’s offer, you authorize us to provide your information to that business partner.
Service Providers. We may contract with independent contractors, vendors and suppliers to provide specific services related to the Service, such as third party couriers, hosting and maintaining the Service, providing payment processing and fraud screening, data analysis, and developing applications for the Service, email services and marketing enrichment services. We may disclose a Service user’s information, or the information of the user’s customers, to these service providers as necessary for those service providers to provide their service.
Business Transfers. We reserve the right to transfer information (including personal information) to a third party in the event of a sale, merger or other transfer of all or substantially all of the assets of the company or any of its affiliates (including as part of a bankruptcy proceeding). We may disclose personal information about Service users to our affiliated companies. Our affiliates’ use of your personal information will be in accordance with the terms of this Privacy Policy.
Third Parties. While not our common practice, we reserve the right to transfer information (including personal information) to third parties for monetary consideration.
Aggregate and De-Identified Information. We may also provide aggregate, anonymous or de-identified information about users and the Service for marketing and research purposes. For example, we might inform third parties regarding the number of unique users who visit the Service, the aggregate demographic breakdown of our registered users of the Service, and the aggregate feedback of users on products tried through the Service.
What Privacy Protections are there for Third Party Links Used on the Services?
Content and information posted by the company or our Users may contain links to other websites, including those of our business partners or affiliates. While we seek to link only to websites that share our high standards and respect for privacy and security, Gratsy is not responsible for the privacy practices used by other websites.
Does the Company use Cookies?
The Services, like most mobile apps and internet-based companies, utilize cookie technology to enhance functionality and improve your user experience. Your browser or device may allow you to block or delete cookies from our Services; however, doing so may interfere with the proper functioning of our Services. Cookies collect information automatically, even when you are not logged into your account. The data collected may include details about the platform and operating system you are using, your browser type and version, computer and connection information, and the time and date you accessed the Services. You may manage your cookie preferences through your browser settings or other available tools. However, opting out may impact certain features or functionalities of the Services, limiting your overall user experience. This information will be collected any time you access the Services unless you opt out. , with the exception of Essential Cookies which may not be turned off.
What are Cookies?
Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when websites are loaded in a browser. They are widely used to “remember” you and your preferences, either for a single visit (through a “session cookie”) or for multiple repeat visits (using a “persistent cookie”). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as “first party cookies”), or by third parties, such as those who serve content or provide advertising or analytics services on the website (“third party cookies”).
Both websites and HTML emails may also contain other tracking technologies such as “web beacons” or “pixels.” These are typically small transparent images that provide us with statistics, for similar purposes as cookies. They are often used in conjunction with cookies, though they are not stored on your computer in the same way. As a result, if you disable cookies, web beacons may still load, but their functionality will be restricted.
Which Cookies does the Company Use?
Anytime you visit and use a Gratsy website, Gratsy’s mobile applications, or a third party may place cookies in your browser. Certain cookies are specific to features or specific preferences, and certain cookies will be used all the time. Four different types of cookies may be used the company.
Essential Cookies. These are cookies are placed in your browser by the company and are also known as “strictly necessary” cookies. These are necessary to allow you to move around the site and use its features. These may not be able to be turned off.
Analytics Cookies. Also known as “performance cookies,” analytics cookies collect information about visits to our websites and applications and how the Services we offer are being used. We use this data to make improvements and report our performance. For example, these cookies collect information about how visitors use our websites, which site the visitor came from, the number of each user’s visits and how long a user stays on the site. We might also use analytics cookies to test new ads, pages, or features to see how users react to them. Analytics cookies are primarily third party cookies.
Functionality Cookies. Sometimes called “preference cookies,” these first-party cookies allow us to remember information you have entered or choices you have made (such as your username, language, region, and marketing preferences) on our websites, so the next time you visit the site you will not have to set them again. These cookies also allow us to provide a better user experience on our website.
Targeting Cookies. The company and our advertising partners or other third party partners may use these types of cookies, also known as “advertising cookies,” to deliver advertising and track ad performance, and enable advertising networks to deliver ads that may be relevant to you based upon your activities (this is sometimes called “behavioral” or “targeted” advertising) on our websites.
How can You Manage and Delete Cookies?
Almost all browsers use cookies to track your internet use automatically. However, these browsers also allow you to change the settings in your browser to manage your cookie settings to delete any previously sent cookies and to not accept new cookies. Again, please keep in mind that disabling cookies will negatively impact your user experience with our websites. Please review your browser’s settings and preferences for more information on how to manage and delete cookies. Browsers on mobile devices may have different ways to manage cookie settings.
Does the Company Use Any Other User Tracking Technologies?
Technology used on the Internet is constantly changing. The company uses technology standard to the Internet, such as pixel tags, web beacons, and other similar technologies, to track visitors.
How do We Respond to “Do Not Track” Signals?
We do not currently recognize automated web browser signals regarding tracking mechanisms, which may include “Do Not Track” (DNT) instructions. You can change your privacy preferences regarding the use of cookies and similar technologies through your browser. For more information on Do Not Track please visit http://www.allaboutdnt.org/.
While our systems do not currently respond to browser-based DNT signals, we record whether a user has opted in or out of tracking within the mobile app environment when accessing our Services. However, at this time, we do not share or use that tracking preference information for any purpose.
Are There Any Age Restrictions for Use of the Company’s Services?
You must be at least 18 years old or older to gain access to our Services. These Services are not intended for those who are under 18 years old. The company does not knowingly collect any information from anyone who is under 18 years of age and does so in compliance with the Children’s Online Privacy Protection Act. Services provided by Gratsy are directed solely to individuals who verify that they are at least 18 years old.
If we learn we have collected personal information from a child under 18 without parental consent, we will delete that information, unless we are legally obligated to retain such data. If you have any reason to believe we may have unknowingly collected data from a minor, please immediately contact us at hello@gratsy.com or by mail at P.O. Box 1124, Bentonville, AR 72712.
What Rights Do You Have?
You have the following rights with respect to the personal information we hold about you:
· The right to know what data we hold about you: You can contact us at hello@gratsy.com or by mail at P.O. Box 1124, Bentonville, AR 72712 to review the personal information you have provided to the Service. We seek to swiftly respond to your inquiry. We may charge a small processing fee at our sole discretion if less than twelve (12) months has passed since your last inquiry relating to personal information we hold about you.
· The right to have incomplete, incorrect, outdated, or unnecessary personal information corrected, deleted, or updated. The easiest way to correct, delete, or update the personal information you have provided to the Service is to access your profile settings in the Gratsy mobile app and enter the necessary changes there. If you have additional questions regarding the correction, deletion, or updating of the personal information we hold about you, please contact us at hello@gratsy.comor by mail at P.O. Box 1124, Bentonville, AR 72712.
· The right to opt out of receiving electronic direct marketing communications from us: All electronic direct marketing communications that you may receive from us, such as e-mail or SMS messages, give you an option of not receiving such communications from us in the future. If you have any additional questions about electronic direct marketing received from us, please contact us at hello@gratsy.com or by mail at P.O. Box 1124, Bentonville, AR 72712.
· If you do not want us to share your personal information with unaffiliated or non-agent third parties for advertising and marketing purposes, you can opt-out by contacting us at hello@gratsy.com or by mail at P.O. Box 1124, Bentonville, AR 72712 stating your request.
· You may in most cases opt out of receiving push notifications by going to your device “Settings” and clicking on “Notifications,” and then changing those settings for some or all of the apps on your device.
Categories of Information We Collect
This describes our practices currently and during the preceding 12 months. We collect the following categories of Personal Information:
| Category (information collected may correspond to more than one category) |
Example | Source | Potential Third-Party Recipients |
|---|---|---|---|
| Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifier | Directly from you, your browser or device when you interact with our Services | Service Providers,Advertising Companies, Social Media Sites, Brand Partners, and other third parties |
| Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | A real name, address, phone number | Directly from you, your browser or device when you interact with our Services | Service Providers,Advertising Companies, Social Media Sites, Brand Partners, and other third parties |
| Protected classification characteristics under California or federal law | Age, race, marital status, gender identity, or gender expression | Directly from you, your browser or device when you interact with our Services | Advertising Companies, Social Media Sites, Brand Partners, and other third parties |
| Demographic information | Household size, household income, education level, employment industry | Directly from you, your browser or device when you interact with our Services | Advertising Companies, Social Media Sites, Brand Partners, and other third parties |
| Interest information | Social platforms used, topics of interest, preferred retailers, retail memberships, preferred shopping methods | Directly from you, your browser or device when you interact with our Services | Advertising Companies, Social Media Sites, Brand Partners, and other third parties |
| Internet or similar network activity | Browsing, viewing, or engagement history with our Services or advertisements | Directly from you, your browser or device when you interact with our Services | Advertising Companies, Social Media Sites, Brand Partners, and other third parties |
| Geolocation data | Precise geolocation of your device when you grant us access to it | Directly from you, your browser or device when you interact with our Services | Advertising Companies, Social Media Sites, Brand Partners, and other third parties |
| Inferences drawn from other Personal Information | Information generated from your use of the Services reflecting your preferences | Directly from you, your browser or device when you interact with our Services | Advertising Companies, Social Media Sites, Brand Partners, and other third parties |
What Additional Rights Do Nevada Users Have?
Under the Nevada Privacy Law (SB220), certain Nevada residents may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.
If you are a Nevada resident who has utilized our Services, you may submit a request to opt out of any potential future sales under Nevada law by contacting us at hello@gratsy.com or by mail at P.O. Box 1124, Bentonville, AR 72712.
What Additional Rights Do California Users Have?
The California Consumer Privacy Act provides some California residents with the additional rights listed below.
Right to Know. You have the right to know and see what data we have collected about you over the past twelve (12) months, including:
· The categories of personal information we have collected about you;
· The categories of sources from which the personal information is collected;
· The business or commercial purpose for collecting your personal information;
· The categories of third parties with whom we have shared your personal information; and
· The specific pieces of personal information we have collected about you.
Right to Delete. You have the right to request that we delete the personal information we have collected from you (and direct our service providers to do the same). There are a number of exceptions, however, that include, but are not limited to, when the information is necessary for us or a third party to do any of the following:
· Provide you with a good or service, or otherwise perform a contract between us and you;
· Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
· Fix our system in the case of a bug;
· Protect the free speech rights of you or other users;
· Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.);
· Comply with a legal obligation; or
· Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
Other Rights. You have the right to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclose to third parties for their own direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. You also have the right not to be discriminated against for exercising any of the rights listed above.
Exercising Your California Privacy Rights. To request access to or deletion of your personal information, or to exercise any other data rights under California law, you may contact us at hello@gratsy.com or by mail at P.O. Box 1124, Bentonville, AR 72712. Please include your full name and email address associated with your use of our services, along with why you are writing, so that we can process your request in an efficient manner.
Response Timing and Format. We aim to respond to a consumer request for access or deletion within ten (10) business days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.
What Additional Rights do EEA Residents Have?
We currently do not offer our Services outside of the continental United States, Alaska, Hawaii, Puerto Rico and other American territories or jurisdictions. If you are located outside of the United States, please note that technology resources that power the Services are located on servers in the United States and as a result your personal information may be stored and processed in the United States. Because of this, United States federal and state governments, courts, or law enforcement or regulatory agencies may be able to obtain disclosure of your information through laws applicable in the United States. Your use of the Services will constitute your consent to the transfer of your personal information to the United States, which may have for different data protection rules than your location.
However, if we were to expand and provide our services outside of the United States, the following would apply. If you are resident outside the United States, including in the EEA; European Economic Area (“EEA”), which includes the member states of the European Union (“EU”), we transfer personal information provided by you for processing in the United States, including personal information sent via e-mails or when you create an account. Under the GDPR, we are considered a “controller” and a “co-processor” of the personal information of EEA Residents. By providing personal information to us for the purpose of using the Services, websites or mobile application, you consent to the processing of such data in the United States. The transfer of your personal information to the United States is necessary for the performance of a contract between you and us for your use of the websites or mobile application.
Please note that the United States does not have data protection laws equivalent to those in the EEA and other jurisdictions.
Rights of EEA Residents
This section of this Privacy Policy is applicable to residents of the EEA, which consists of the member states of the European Union. This section also applies to residents of Switzerland and residents of the United Kingdom. Residents of the EEA, UK and Switzerland are referred to here as “EEA Residents.”
All processing of personal information of EEA Residents is performed by us in accordance with the General Data Protection Regulation (2016/679) of the European Parliament and of the Council on the protection of natural persons regarding the processing of personal information and on the free movement of such data (“GDPR”).
Under the GDPR, we are both the controller and a co-processor of the personal information of EEA Residents. Our purpose for collecting and processing personal information from EEA Residents is to provide them with the features and functionalities of our websites and mobile application and information regarding our services. The legal basis for collecting personal information is because it is necessary for performance of a contract between us to provide you with the websites and mobile application and its related features and functionality. We also rely on your consent to receive information about our services. You may withdraw consent from receiving marketing and promotional communications by clicking the “Update Email Preferences” link on the communication. If EEA Residents do not provide personal information to us or withdraw consent for processing such personal information, we may not be able to provide such residents with certain features or functionalities of the websites or mobile application or information regarding the services, including processing payments.
If you are an EEA resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us at hello@gratsy.com or by mail at P.O. Box 1124, Bentonville, AR 72712.
Additionally, if you are an EEA resident, we are hereby notifying you that we are processing your information in order to fulfill contracts we might have with you, or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to the United States.
Security of Transmission of Personal Information and Internet Risks
Our Services have security measures in place to help protect against the loss, theft, misuse and unauthorized access, disclosure, alteration and destruction of the information under the company’s control. The Services use no encryption (data scrambling) on certain portions of the websites or mobile application but do use encryption on portions where you are transmitting personal information. When you are on any platform that asks you for confidential information, you should check to see if the information being transmitted is encrypted in order to increase the security of your information. Although every effort is made to ensure no one else will view, seize or obtain your information, complete confidentiality and security is not yet possible over the Internet. Any unencrypted email communication over the Internet is not secure or confidential, and is subject to possible interception, loss and alteration. The company, its agents, administrators, employees and affiliates may not be held liable for any damages you or anyone else may suffer or incur as a result of the transmission of confidential or sensitive information over the Internet, and all such communications will be made at your own risk.
We seek to use reasonable organizational, technical and administrative measures to protect personal information under our control. For example, we seek to use Secure Sockets Layer (“SSL”) technology.
Unfortunately, no data storage system or data transmission over the Internet can be guaranteed to be 100% secure. Please also be aware that we may use third party cloud service providers that provide hosting, data storage and other services pursuant to standard terms and conditions that may be non-negotiable; these service providers have informed us or the general public that they apply security measures they consider adequate for the protection of information within their system, or they have a general reputation for applying such measures.
How Are Users Notified of Any Changes to this Policy?
We may amend this Privacy Policy from time to time. Users will be required to review and accept any updates within the Gratsy app before continuing to use the services. Continued use of the app after acceptance constitutes agreement to the updated terms.
Contact Information
If you have any questions regarding this Privacy Policy, please reach out to our support team via the Gratsy app or at privacy@gratsy.com.
How Can I Contact the Company Regarding this Policy?
If you have any questions about this Privacy Policy or our security measures at Gratsy, please contact us at hello@gratsy.com or by mail at P.O. Box 1124, Bentonville, AR 72712. Your continued use of the Service following any changes to this Privacy Policy constitutes your acceptance of any such changes made.
Thank you for being part of the Gratsy community!