Privacy Policy
Last Updated: September 25, 2025
Introduction
Welcome to Earnify ("we," "us," "our," or "Company"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, share, and protect your personal information. This Privacy Policy ("Policy") describes our privacy practices in relation to our income tracking and financial management application and associated services ("Service," "App," or "Platform").
This Policy applies to all users of Earnify, regardless of location or method of access. By using our Service, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy.
Key Points:
We collect only the data necessary to provide our Service
We do not sell your personal information to third parties
You have control over your data and can delete it at any time
We implement industry-standard security measures to protect your information
We comply with GDPR, CCPA, and other applicable privacy regulations
1. Data Collection
1.1 Information You Provide to Us
Account and Profile Information: We collect information you provide when creating and maintaining your account:
Full name and email address
Account credentials (encrypted passwords or third-party authentication tokens)
Profile picture or avatar (if uploaded)
Account preferences and settings
Time zone and regional settings
Communication preferences
Financial and Income Data: We collect financial information you manually enter into the Service:
Income amounts, dates, and sources
Tax rates and contribution rates you configure
Transaction categories, tags, and descriptions
Payment methods and frequencies
Notes, comments, and custom fields you add
Historical income records and trends
Tax withholding and estimated payment information
Support and Communication Data: We collect information when you interact with our support team:
Customer service inquiries and correspondence
Feedback, suggestions, and feature requests
Survey responses and user research participation
Bug reports and technical issues
Review and rating submissions
Premium Subscription Data: For Premium users, we collect additional information:
Subscription plan and billing preferences
Payment history and transaction records (processed by third-party payment providers)
Feature usage and advanced analytics preferences
Export and data sharing preferences
1.2 Information We Collect Automatically
Device and Technical Information: We automatically collect technical data about your device and usage:
Device type, model, and operating system version
Browser type, version, and language settings
Screen resolution and device capabilities
Internet Protocol (IP) address and general geographic location (country/city level)
Network connection type and internet service provider
Unique device identifiers and mobile advertising IDs (where applicable)
Usage and Analytics Data: We collect information about how you use our Service:
Pages or screens viewed and time spent on each
Features used and frequency of usage
Navigation paths and user flow patterns
Session duration and frequency of app launches
Search queries and filter usage within the app
Button clicks, form interactions, and user interface engagement
Performance metrics including load times and response rates
Error logs, crash reports, and diagnostic information
Location Information: We collect limited location data:
Country and region information from IP address
Time zone information for accurate financial reporting
General location data for compliance with regional regulations
We do not collect precise GPS location unless explicitly requested and consented to
1.3 Information from Third-Party Sources
Authentication Services: When you sign up using third-party authentication:
Google Sign-In: Email address, name, profile picture, and basic profile information
Apple Sign-In: Email address (which may be masked), name, and basic authentication data
We only request the minimum information necessary for account creation
Payment and Billing Information: From our payment processors (Stripe, PayPal, Apple App Store, Google Play Store):
Payment confirmation and transaction status
Subscription status and billing cycle information
Refund and chargeback notifications
We do not store complete payment card details on our servers
Integration Partners: If you choose to connect third-party financial services:
Account balance and transaction data (only with your explicit consent)
Financial institution names and account types
Synchronized transaction information
Authentication tokens for ongoing data access
Public and Commercial Databases: In limited cases, we may supplement your information with:
Email validation and verification data
Fraud prevention and security screening information
Business information for commercial accounts
Regulatory compliance and sanctions screening data
2. How We Use Your Personal Information
2.1 Primary Service Functions
Core Service Delivery:
Providing income tracking and financial management capabilities
Performing tax calculations based on your input and configured rates
Generating financial reports, analytics, and insights
Maintaining your account and user profile
Synchronizing data across your devices
Enabling data export and backup functionality
Personalization and Optimization:
Customizing the user interface and experience based on your preferences
Providing relevant financial insights and recommendations
Optimizing app performance for your device and usage patterns
Tailoring feature suggestions and educational content
Data Processing and Analysis:
Processing and organizing your financial data for reporting
Calculating tax estimates and financial projections
Generating trend analysis and historical comparisons
Creating data visualizations and dashboard displays
2.2 Communication and Support
Customer Service and Support:
Responding to your inquiries and support requests
Providing technical assistance and troubleshooting
Resolving billing issues and subscription management
Delivering onboarding guidance and feature education
Service-Related Communications:
Sending account notifications and security alerts
Providing service updates and maintenance notices
Communicating policy changes and terms updates
Delivering subscription and billing notifications
Marketing and Promotional Communications (with consent):
Sharing product updates and new feature announcements
Providing educational content and financial tips
Sending promotional offers and subscription upgrades
Conducting user surveys and feedback collection
2.3 Security and Fraud Prevention
Account Security:
Monitoring for suspicious login attempts and unauthorized access
Implementing multi-factor authentication and security protocols
Detecting and preventing fraudulent activities
Maintaining audit logs for security purposes
System Security:
Protecting against malware, viruses, and cyber attacks
Monitoring system performance and identifying vulnerabilities
Implementing access controls and data protection measures
Conducting security assessments and penetration testing
2.4 Legal Compliance and Business Operations
Regulatory Compliance:
Complying with financial services regulations and reporting requirements
Meeting data protection and privacy law obligations (GDPR, CCPA, etc.)
Responding to legal requests and court orders
Conducting know-your-customer (KYC) and anti-money laundering (AML) procedures where required
Business Intelligence and Analytics:
Analyzing usage patterns to improve our Service
Conducting market research and competitive analysis
Measuring feature adoption and user engagement
Planning product development and business strategy
Internal Operations:
Managing customer relationships and account administration
Processing subscription payments and billing operations
Conducting financial reporting and accounting procedures
Maintaining business records and documentation
2.5 Research and Development
Product Improvement:
Analyzing user behavior to enhance existing features
Identifying pain points and areas for improvement
Testing new functionality and user interface changes
Optimizing performance and user experience
Innovation and New Features:
Researching market trends and user needs
Developing new financial tools and capabilities
Creating educational resources and content
Expanding integration opportunities with third-party services
Quality Assurance:
Testing software updates and new releases
Monitoring system stability and performance
Identifying and fixing bugs and technical issues
Ensuring cross-platform compatibility and functionality
3. Legal Basis for Data Processing (GDPR Compliance)
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following lawful bases under the General Data Protection Regulation (GDPR):
3.1 Contractual Necessity (Article 6(1)(b) GDPR)
We process your data to:
Provide the Earnify Service as described in our Terms of Service
Create and manage your user account
Process Premium subscription payments and billing
Deliver customer support and technical assistance
Enable core functionality including income tracking and tax calculations
3.2 Legitimate Interests (Article 6(1)(f) GDPR)
We process your data based on our legitimate business interests to:
Improve and optimize our Service through usage analytics
Ensure the security and integrity of our systems and data
Prevent fraud, abuse, and security threats
Conduct business development and strategic planning
Communicate with you about service-related matters
Comply with legal obligations and protect our legal rights
We have conducted legitimate interest assessments and implement appropriate safeguards to ensure our interests do not override your fundamental rights and freedoms.
3.3 Consent (Article 6(1)(a) GDPR)
We process your data based on your explicit consent for:
Marketing communications and promotional messages
Optional features and enhanced functionality
Third-party integrations and data sharing
Non-essential cookies and tracking technologies
Participation in surveys, research, and beta testing programs
You may withdraw your consent at any time through your account settings or by contacting us directly.
3.4 Legal Obligation (Article 6(1)(c) GDPR)
We process your data to comply with legal requirements:
Responding to lawful requests from government authorities
Meeting financial services regulations and reporting obligations
Retaining records as required by applicable laws
Implementing sanctions screening and compliance procedures
3.5 Vital Interests (Article 6(1)(d) GDPR)
In exceptional circumstances, we may process data to protect vital interests:
Preventing harm to individuals or public safety
Responding to emergency situations and security threats
Protecting against illegal activities that could cause harm
4. Data Sharing and Disclosure
4.1 Our Commitment to Data Privacy
We do not sell, rent, lease, or trade your personal information to third parties for their marketing purposes. We only share your information in the specific, limited circumstances described in this section, and we require all recipients to maintain appropriate privacy and security protections.
4.2 Service Providers and Business Partners
We engage trusted third-party service providers to help us operate and improve our Service. These providers have access to your information only to perform specific functions on our behalf and are contractually obligated to protect your data.
Infrastructure and Technology Providers:
Cloud Computing Services: Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform or similar services for secure data hosting and storage
Content Delivery Networks: CloudFlare or similar services for performance optimization
Database Services: Managed database providers for secure data storage and backup
Monitoring and Analytics: Application performance monitoring and error tracking services
Payment and Financial Services:
Payment Processors: Stripe, PayPal, Apple App Store, Google Play Store for subscription billing and payment processing
Banking Partners: Financial institutions for payment settlement and transaction processing
Fraud Prevention: Anti-fraud services for transaction monitoring and risk assessment
Communication and Support:
Email Services: Transactional email providers for account notifications and communications
Customer Support: Help desk platforms and customer relationship management systems
Push Notifications: Mobile notification services for app alerts and updates
Business Intelligence and Analytics:
Usage Analytics: Privacy-focused analytics services that provide insights without compromising user privacy
Performance Monitoring: Application monitoring tools for system health and performance optimization
Security Services: Cybersecurity providers for threat detection and incident response
4.3 Legal Requirements and Protection of Rights
We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:
Legal Process and Government Requests:
Comply with valid legal process, including subpoenas, court orders, and search warrants
Respond to lawful requests from government agencies and regulatory authorities
Meet legal obligations under applicable financial services regulations
Cooperate with law enforcement investigations and proceedings
Protection of Rights and Safety:
Protect our rights, property, and legitimate business interests
Safeguard the rights, property, and safety of our users and the general public
Investigate and prevent fraud, abuse, and violations of our Terms of Service
Respond to claims of illegal activity or infringement of third-party rights
Defend against legal claims and potential litigation
Emergency Situations:
Protect against imminent threats to physical safety or security
Prevent harm to minors or vulnerable individuals
Respond to medical emergencies or safety threats
4.4 Business Transactions
In the event of a corporate transaction, your information may be disclosed or transferred:
Mergers and Acquisitions:
During due diligence processes for potential business combinations
Upon completion of mergers, acquisitions, or similar transactions
To successor entities that assume our obligations under this Privacy Policy
Asset Sales and Transfers:
Sale or transfer of business assets, including user databases
Bankruptcy proceedings or business reorganization
Spin-offs or divestiture of business units
Safeguards in Business Transactions:
Buyers must agree to honor the commitments made in this Privacy Policy
Users will be notified of material changes to data handling practices
Reasonable efforts will be made to ensure continued protection of personal information
4.5 Aggregated and De-Identified Information
We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you:
Research and Analytics:
Industry trends and market research reports
Academic research and economic analysis
Product development and feature planning
Performance benchmarking and competitive analysis
Business Intelligence:
Aggregate usage statistics and feature adoption rates
General demographic and geographic trends
System performance and reliability metrics
Security threat intelligence and fraud patterns
4.6 With Your Explicit Consent
We may share your information for additional purposes with your explicit, informed consent:
Third-Party Integrations:
Financial services and banking applications you choose to connect
Tax preparation software and accounting platforms
Budgeting tools and personal finance management applications
Business expense and invoicing platforms
Partner Programs:
Referral programs and affiliate partnerships (with opt-in participation)
Co-marketing initiatives and joint promotional campaigns
Educational content and financial wellness programs
Industry associations and professional networks
Data Portability:
Sharing data with new service providers when you request data portability
Exporting data to third-party platforms for analysis or backup
Transferring data as part of switching to alternative financial management tools
5. Data Security and Protection Measures
5.1 Comprehensive Security Framework
We implement a multi-layered security approach to protect your personal information against unauthorized access, use, disclosure, alteration, and destruction.
Security Governance:
Chief Information Security Officer (CISO) oversight of security programs
Regular security policy reviews and updates
Employee security training and awareness programs
Third-party security assessments and penetration testing
Incident response and business continuity planning
Risk Management:
Comprehensive risk assessments and threat modeling
Vulnerability management and patch deployment procedures
Security metrics monitoring and reporting
Regular security audits and compliance assessments
Continuous improvement of security controls and processes
5.2 Technical Security Measures
Encryption and Cryptography:
Data in Transit: All data transmissions use TLS 1.3 or higher encryption protocols
Data at Rest: Sensitive data is encrypted using AES-256 encryption standards
Database Encryption: Full database encryption with key management systems
Backup Encryption: All backup data is encrypted using industry-standard algorithms
Key Management: Secure key generation, storage, and rotation procedures
Network and Infrastructure Security:
Firewalls and Intrusion Detection: Multi-layer firewall protection with real-time threat monitoring
DDoS Protection: Distributed denial-of-service attack mitigation and response
Network Segmentation: Isolated network environments for different system components
VPN Access: Secure remote access for authorized personnel only
Security Monitoring: 24/7 network monitoring and automated threat response
Application Security:
Secure Development: Security-by-design principles and secure coding practices
Code Reviews: Regular security code reviews and static analysis testing
Dependency Management: Automated vulnerability scanning of third-party libraries
Web Application Firewall: Protection against common web application attacks
API Security: Secure API design with authentication and rate limiting
Data Center Security:
Physical Security: Biometric access controls and 24/7 security monitoring
Environmental Controls: Climate control and power backup systems
Asset Management: Secure hardware disposal and data destruction procedures
Redundancy: Geographically distributed data centers for business continuity
5.3 Access Control and Authentication
Identity and Access Management:
Multi-Factor Authentication: Required for all administrative access and available for user accounts
Role-Based Access Control: Granular permissions based on job responsibilities and need-to-know basis
Privileged Access Management: Enhanced controls for accounts with administrative privileges
Single Sign-On: Centralized authentication systems for internal applications
Access Reviews: Regular reviews and recertification of user access rights
User Authentication:
Strong Password Requirements: Minimum complexity standards and password strength validation
Session Management: Secure session handling with automatic timeout and invalidation
Device Recognition: Trusted device registration and anomaly detection
Login Monitoring: Real-time monitoring for suspicious login activities
Account Lockout: Automated account lockout for failed authentication attempts
5.4 Data Protection and Privacy Controls
Data Minimization and Purpose Limitation:
Collection of only necessary data for specified purposes
Regular data audits to identify and remove unnecessary information
Automated data retention and deletion procedures
Privacy-by-design principles in system development and data processing
Data Loss Prevention:
Content Inspection: Automated scanning for sensitive data in files and communications
Endpoint Protection: Data loss prevention software on all devices with data access
Email Security: Encrypted email systems and content filtering for sensitive information
Removable Media Controls: Restrictions on use of USB drives and external storage devices
Print and Copy Controls: Monitoring and restrictions on printing and copying sensitive data
5.5 Incident Response and Business Continuity
Security Incident Response:
Incident Response Team: Dedicated team with defined roles and responsibilities
Response Procedures: Documented procedures for incident identification, containment, and recovery
Communication Plans: Internal and external communication protocols for security incidents
Forensic Capabilities: Digital forensics tools and expertise for incident investigation
Lessons Learned: Post-incident analysis and security improvement implementation
Business Continuity and Disaster Recovery:
Backup Systems: Regular, automated backups with offsite storage and encryption
Recovery Procedures: Documented procedures for system restoration and data recovery
Failover Systems: Redundant systems and infrastructure for business continuity
Testing and Validation: Regular testing of backup and recovery procedures
Recovery Time Objectives: Defined targets for system restoration and service availability
5.6 Third-Party Security Management
Vendor Risk Management:
Security Assessments: Comprehensive security evaluations of all third-party providers
Contractual Requirements: Security and privacy obligations in all vendor contracts
Ongoing Monitoring: Regular security reviews and performance monitoring of vendors
Incident Coordination: Coordinated incident response procedures with third-party providers
Data Processing Agreements: Formal agreements governing data processing by third parties
Supply Chain Security:
Vendor Due Diligence: Security assessments and background checks for critical suppliers
Software Supply Chain: Security validation of third-party software and components
Hardware Security: Secure procurement and configuration of hardware systems
Service Provider Audits: Regular audits and assessments of key service providers
Risk Assessment: Ongoing evaluation of third-party security risks and mitigation measures
6. Data Retention and Deletion
6.1 Data Retention Principles
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention practices are based on the following principles:
Purpose Limitation:
Data is retained only for the specific purposes for which it was originally collected
When the original purpose no longer applies, data is reviewed for deletion or anonymization
Retention periods are regularly reviewed and updated based on business needs and legal requirements
Data Minimization:
We regularly review stored data to identify and delete information that is no longer necessary
Automated processes help identify data that has exceeded its retention period
We maintain only the minimum amount of data necessary for each specific purpose
Legal and Regulatory Compliance:
Retention periods comply with applicable laws and regulations in relevant jurisdictions
Financial records may be retained longer to meet tax and regulatory requirements
Legal hold procedures preserve data when required for litigation or investigations
6.2 Specific Retention Periods
Account and Profile Information:
Active Accounts: Retained while your account remains active and for up to 12 months after account closure
Inactive Accounts: Accounts inactive for more than 2 years may be automatically deleted after notice
Profile Data: Basic profile information retained for customer service purposes for up to 3 years after account deletion
Authentication Data: Login credentials and security information deleted within 30 days of account closure
Financial and Transaction Data:
Income Records: Retained for up to 7 years to comply with tax record-keeping requirements
Tax Calculations: Historical tax estimates and calculations retained for 7 years
Premium Subscription Data: Billing and payment history retained for up to 7 years for accounting and tax purposes
Export Data: Downloaded data exports are not retained on our servers beyond the download session
Communication and Support Data:
Customer Support: Support tickets and communications retained for 3 years for quality assurance and training
Email Communications: Service-related emails retained for 2 years; marketing emails for 1 year after opt-out
Feedback and Surveys: User feedback and survey responses retained for 2 years for product improvement
Bug Reports: Technical issue reports retained for 1 year or until resolution, whichever is longer
Usage and Analytics Data:
Application Logs: Detailed usage logs retained for 12 months for security and performance analysis
Analytics Data: Aggregated usage statistics retained for 24 months for trend analysis and product development
Error Logs: Technical error logs and crash reports retained for 18 months for debugging and improvement
Security Logs: Security-related logs retained for 24 months for compliance and incident response
Device and Technical Information:
Device Data: Device identifiers and technical specifications retained for 18 months
IP Address Logs: IP addresses retained for 12 months for security and fraud prevention
Session Data: User session information retained for 90 days for security monitoring
Location Data: General location information retained for 6 months for regulatory compliance
6.3 Data Deletion Procedures
User-Initiated Deletion: Users can request deletion of their data through multiple channels:
Account Settings:
Self-service data deletion options in account management interface
Selective deletion of specific data categories or time periods
Bulk export options before deletion for personal backup purposes
Confirmation procedures to prevent accidental deletion
Customer Support:
Data deletion requests through customer support channels
Identity verification procedures for deletion requests
Guidance on data export options before deletion
Confirmation of deletion completion within specified timeframes
Automated Deletion Processes:
Scheduled Deletion: Automated deletion of data that has exceeded retention periods
Account Closure: Systematic deletion of account data following closure procedures
Data Aging: Progressive deletion of older data based on defined schedules
Legal Hold Management: Automated systems to prevent deletion of data under legal hold
6.4 Data Deletion Standards and Verification
Secure Deletion Methods:
Database Records: Secure deletion with overwriting to prevent data recovery
Backup Systems: Removal from all backup systems and archives
Log Files: Secure deletion from system logs and audit trails
Third-Party Systems: Coordination with service providers to ensure complete deletion
Physical Media: Secure destruction of physical storage devices when necessary
Deletion Verification:
Completion Confirmation: Written confirmation provided to users upon request
Audit Trails: Detailed logs of deletion activities for compliance and verification
Quality Assurance: Regular audits to ensure deletion procedures are followed correctly
Exception Handling: Documentation and management of any data that cannot be deleted due to legal requirements
6.5 Legal and Regulatory Retention Requirements
Financial Services Regulations:
Tax Records: Income and tax-related data retained for periods required by tax authorities (typically 5-7 years)
Anti-Money Laundering: Customer identification and transaction records retained as required by AML regulations
Financial Reporting: Data supporting financial statements retained for regulatory audit purposes
Consumer Protection: Records supporting consumer transactions and complaints retained as required by consumer protection laws
Data Protection Laws:
GDPR Compliance: Retention periods aligned with European data protection requirements
CCPA Compliance: California privacy law requirements for data retention and deletion
Other Regional Laws: Compliance with data protection laws in jurisdictions where we operate
Cross-Border Considerations: Management of conflicting retention requirements across jurisdictions
Legal Proceedings and Investigations:
Litigation Hold: Preservation of relevant data when legal proceedings are anticipated or ongoing
Regulatory Investigations: Retention of data requested by regulatory authorities during investigations
Criminal Investigations: Cooperation with law enforcement while respecting user privacy rights
Dispute Resolution: Preservation of data relevant to customer disputes and complaints
Business and Contractual Requirements:
Vendor Contracts: Data retention requirements specified in third-party service agreements
Insurance Requirements: Data retention periods required by business insurance policies
Audit Requirements: Retention of data necessary for financial and operational audits
Business Continuity: Retention of critical business data for operational continuity and disaster recovery
7. Your Privacy Rights and Choices
7.1 Universal Privacy Rights
Regardless of your location, you have certain fundamental rights regarding your personal information:
Right to Information:
Receive clear, understandable information about how we process your personal data
Access our Privacy Policy and any updates or changes
Understand the legal basis for processing your information
Know how long we retain different types of personal data
Right to Access:
Request access to the personal information we hold about you
Receive information about how your data is being processed
Obtain details about third parties who may have received your information
Access your data in a structured, commonly used, and machine-readable format
Right to Correction:
Update and correct inaccurate or incomplete personal information
Add supplementary information where necessary for accuracy
Request correction of outdated information
Ensure your profile and account information remains current
Right to Deletion:
Request deletion of your personal information in certain circumstances
Have your data erased when it's no longer necessary for the original purpose
Delete your account and associated data at any time
Request removal of information that was unlawfully processed
7.2 Rights for European Union Users (GDPR)
Under the General Data Protection Regulation (GDPR), EU residents have enhanced privacy rights:
Enhanced Access Rights (Article 15):
Detailed information about processing purposes and legal basis
Categories of personal data being processed
Recipients or categories of recipients of your data
Retention periods or criteria for determining retention periods
Information about automated decision-making, including profiling
Rectification Rights (Article 16):
Right to have inaccurate personal data corrected without undue delay
Right to have incomplete personal data completed through supplementary statement
Notification of corrections to third parties where feasible
Erasure Rights - "Right to be Forgotten" (Article 17):
Data no longer necessary for the original purposes
Withdrawal of consent where processing was based on consent
Objection to processing and no overriding legitimate grounds
Data has been unlawfully processed
Erasure required for compliance with legal obligations
Right to Restrict Processing (Article 18):
Contest the accuracy of personal data during verification
Processing is unlawful but you prefer restriction over erasure
We no longer need the data but you need it for legal claims
You've objected to processing pending verification of grounds
Data Portability Rights (Article 20):
Receive personal data in structured, commonly used, machine-readable format
Transmit data directly to another controller where technically feasible
Applies to data processed based on consent or contract
Available for automated processing only
Right to Object (Article 21):
Object to processing based on legitimate interests or public interest
Object to direct marketing, including profiling for marketing purposes
Object to processing for scientific, historical research, or statistical purposes
Absolute right to stop direct marketing communications
Rights Related to Automated Decision-Making (Article 22):
Not subject to decisions based solely on automated processing with legal effects
Right to human intervention in automated decision-making processes
Right to express views and contest automated decisions
Right to explanation of automated decision-making logic
Supervisory Authority Rights:
Lodge complaints with your local Data Protection Authority
Seek judicial remedies for privacy violations
Receive compensation for material or non-material damages
7.3 Rights for United States Users
California Residents (CCPA/CPRA Rights):
Right to Know (Transparency):
Categories of personal information collected, used, and disclosed
Specific pieces of personal information collected about you
Business or commercial purposes for collecting or selling personal information
Categories of third parties with whom we share personal information
Categories of sources from which personal information is collected
Right to Delete:
Request deletion of personal information collected from you
Direct service providers to delete your personal information
Exceptions for certain legal, contractual, or operational requirements
Confirmation of deletion within specified timeframes
Right to Opt-Out:
Opt out of the sale of personal information (we don't sell personal information)
Opt out of sharing for cross-context behavioral advertising
Limit use and disclosure of sensitive personal information
Global privacy controls and browser signals recognition
Right to Correct:
Request correction of inaccurate personal information
Provide accurate information to replace incorrect data
Verification of identity before implementing corrections
Right to Non-Discrimination:
Equal service and pricing regardless of privacy rights exercised
No denial of goods or services for exercising privacy rights
No different prices or quality of services based on privacy choices
Incentive programs must be reasonably related to data value
Additional CPRA Rights:
Right to limit use of sensitive personal information
Enhanced notice requirements for data processing
Right to know about retention periods for personal information
Expanded definition of personal information and sensitive data
Other U.S. State Rights:
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA):
Similar rights to CCPA including access, deletion, correction, and opt-out
Right to appeal decisions regarding rights requests
Additional protections for sensitive data processing
Enhanced consent requirements for certain data processing activities
7.4 Rights for Users in Other Jurisdictions
We respect privacy rights under local laws worldwide:
Canada (PIPEDA):
Right to access personal information and request corrections
Right to withdraw consent for optional processing
Right to file complaints with Privacy Commissioner
Enhanced protection for sensitive personal information
Australia (Privacy Act):
Right to access and correct personal information
Right to complain to Office of the Australian Information Commissioner
Notifiable data breach protections
Credit reporting protections for financial information
Brazil (LGPD):
Confirmation of data processing and access to data
Correction of incomplete, inaccurate, or outdated data
Anonymization, blocking, or elimination of unnecessary data
Data portability and information about public and private entities
Other International Rights:
We strive to honor similar privacy rights under other applicable laws
Local data protection requirements are incorporated into our practices
Cultural and legal considerations for different regions
Cooperation with local privacy authorities and regulators
7.5 How to Exercise Your Rights
Online Account Management: Access many privacy controls directly through your account:
Account Settings:
Update profile information and contact preferences
Modify privacy settings and data sharing preferences
Download your personal data in portable formats
Delete specific data categories or entire account
Manage marketing communication preferences
Privacy Dashboard:
View summary of personal information we hold
Track data sharing and third-party access
Review and update consent preferences
Monitor privacy rights request status
Access privacy policy updates and notifications
Request Processing:
Identity Verification: We may request additional information to verify your identity
Response Timeframes: Most requests processed within 30 days (45 days for complex requests)
No Fees: Rights requests are processed free of charge (excessive requests may incur reasonable fees)
Status Updates: Regular updates provided for complex or delayed requests
Appeals Process: Options to appeal decisions regarding rights requests
7.6 Limitations on Rights
Certain limitations may apply to privacy rights:
Legal Limitations:
Compliance with legal obligations and court orders
Protection of others' rights and freedoms
National security and public safety considerations
Law enforcement and regulatory requirements
Technical Limitations:
Aggregated or anonymized data that cannot be linked to individuals
Backup systems with extended deletion timeframes
Third-party system limitations and processing delays
Legacy system constraints and data format issues
Business Limitations:
Protection of trade secrets and confidential business information
Contractual obligations to third parties
Operational requirements for service provision
Financial and tax record retention requirements
8. International Data Transfers
8.1 Global Nature of Our Service
Earnify is a global service that may involve the transfer of your personal information across international borders. We recognize that different countries have varying levels of data protection, and we are committed to ensuring that your personal information receives adequate protection regardless.
