POLYUP INC.

PRIVACY POLICY

Last Revised: August 29, 2024

  1. INTRODUCTION

    Your privacy and security of your personal information are very important to us. This Privacy Policy describes how we, PolyUp, Inc., a corporation governed by the laws of the State of California, USA, doing business as Let'sMOD (" Let'sMOD," "we," "our," or "us"), collect, store, use, and disclose personal information (as defined below) of users of our websites found on polyup.com and polychallenge.org domains and any software associated with it (collectively, "Platform").

    For purposes of this Privacy Policy, Let'sMOD shall be considered a "data processor" and a "data controller". Data controllers determine the purposes for which, and the manner in which, your personal information is processed, while data processors process personal information on behalf of data controllers. We aim to limit our collection of personal information to only such personal information as required for legitimate purposes. We take appropriate security measures to protect your personal information and require this from third parties that process personal information of the Platform users on our behalf. We respect your right to access your personal information or have it corrected or deleted, at your request. If you have any questions, or want to know exactly what personal information we keep about you, please contact us. All capitalized terms not defined herein are defined in our Terms of Service.

    We may amend this Privacy Policy from time to time with a prior notice to you, by posting a revised version of the Privacy Policy on the Platform and sending an email notification. By using or continuing to use the Platform, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and you hereby consent that we will collect, store, use, and disclose your personal information in the following ways. If you do not agree with any practice in this Privacy Policy, please stop using the Platform.

  2. PERSONAL INFORMATION COLLECTED THROUGH PLATFORM

    "Personal information" is any information which is related to an identified or identifiable natural person. We do not collect any personal information about you when you visit our Platform unless you register for an account. When you register for an account, we will collect the following personal information from users of the Platform.

    Information Collected From Users:

    • Email
    • yes, conditions apply1
    • Phone number
    • yes, conditions apply1
    • Name
    • no
    • Address
    • no
    • Country
    • yes, as a part of the phone number, if collected.
    • Age
    • conditions apply2

    1If the user chooses corresponding method of communication as their sign up (as a username) or if they choose to add it to their profile as an alternative method of communication.

    2We may collect the age information upon certain actions to unlock some age-restricted functionality, like comments, if such functionality, if at all, is made available. However, it is not stored in our servers.

  3. NON-PERSONAL OR AGGREGATE INFORMATION WE MAY COLLECT

    We, or any third party that helps us provide the Platform, may collect data which is anonymous and pseudonymous. When you visit the Platform, the following data is automatically collected and stored:

    • The IP address, from which you access the Internet;
    • The date and time when you access the Platform;
    • The pages you visited (recorded by the text and graphics files that compose the page).

  4. INFORMATION USAGE

    We only use information about you to support your experience throughout the Platform or to communicate with you about the Platform or other products or services we may offer in the future. In particular, we collect information about you to:

    • help us identify which services are most or least interesting to you;
    • monitor the Platform performance;
    • recognize you as a registered user of the Platform;
    • verify your identity;
    • respond to your inquiries or requests;
    • conduct market research;
    • allow our partners and third party vendors (including payment processing, marketing and shipping companies) to help us run our business smoothly;
    • comply with all applicable laws or if we are required by law or by a court order to do so;
    • investigate suspected fraud, harassment, danger to persons or property or other violations of any law, rule or regulation, our Terms of Service, or our Privacy Policy;
    • analyze non-personal or aggregate information for Platform improvement;
    • transfer information in connection with the sale or merger or change of control of Let'sMOD. We reserve the right to use and disclose non-personal information and anonymous aggregate statistics for any purpose and to any third party at our sole discretion.

  5. FEEDBACK

    If you leave any feedback or suggestions ("Feedback") via the Platform or in an email to us, you hereby assign to Let'sMOD all rights in the Feedback and agree that Let'sMOD shall have the right to use such Feedback and related information in any manner it deems appropriate. We will treat any Feedback you provide to us as non-confidential and non-proprietary. You agree that you will not submit to us any information or ideas that you consider to be confidential or proprietary.

  6. WHEN WE MAY SHARE YOUR INFORMATION

    We do not sell, rent or lease personal information of Platform users to third parties, however, we may use third-party consultants, tools, or software for conducting statistical analysis of aggregated, non-personal information. Such information does not identify you individually.

    We keep all collected information confidential except where disclosure is enforced or required by law, or as part of the requirement to protect our rights and intellectual properties. Specifically, Let'sMOD may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with a legal process served on Let'sMOD; (b) protect and defend the rights or property of Let'sMOD; and/or (c) act under exigent circumstances to protect the personal safety of users of Let'sMOD, or the public.

  7. BUSINESS TRANSFERS

    We may sell, transfer or otherwise share some or all of our assets, including your personal information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.

  8. USE OF COOKIES

    Let'sMOD may use "cookies" to help you personalize your online experience.

  9. DATA STORAGE

    Data (including personal information) submitted to Let'sMOD is hosted and stored in a secure, multi-tenant environment provided by Amazon Web Services. Servers of Amazon Web Services are located in the United States. By submitting personal information, you agree to its transfer, storage or processing in the United States. Please keep in mind that the data protection and privacy laws of the United States may not be as comprehensive as the laws in your country. For example, personal data transferred to the United States may be subject to lawful access requests by federal and state authorities in the United States. By providing your personal information, you consent to any transfer of your data and processing in accordance with this Privacy Policy.

  10. SECURITY

    The security of your information is very important to us. We apply all reasonable security measures and comply with the industry standards to protect your personal information (including, preventing the loss, misuse, unauthorized access, disclosure, alteration and destruction of your personal information). Notably, on our end, access to the Platform's database with your personal information is held behind administrative logins and managed, controlled and limited to authorized website administrators and support technicians only. Data transmitted between browser and application servers is encrypted using an HTTPS/SSL certificate. We do not collect or store your passwords. We use XSRF against cross-domain attacks. Data is backed up daily. Our server's software is updated regularly to ensure we are running the latest and safest software (where applicable and depending on compatibility). The server's firewall is configured to prevent unauthorized access, and activity is automatically monitored to detect and ban malicious activity.

    Please be aware, however, that despite our efforts, no security measures are impenetrable. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while we strive to protect your personal information, we cannot ensure and do not warrant the security of any information you transmit to us.

    When you use your login credentials on our Platform, you are solely responsible for keeping them confidential. Do not share them with anyone. If you believe your password has been misused, please contact us immediately. You are also responsible for the security of your personal devices and for making sure they are protected against unauthorized access.

    If you believe that your privacy has being compromised during your access to this Platform, log out from your account and close all tabs and windows you are browsing our Platform with.

  11. WE DO NOT RESPOND TO DO NOT TRACK SIGNALS

    Our Platform does not respond to and does not support the Do Not Track (DNT) header request field. If you turn DNT on in your browser, those preferences will not be communicated to us in the HTTP request header, and we will continue tracking your browsing behavior.

  12. MINORS (CHILDREN) POLICY: MINIMUM AGE REQUIREMENT

    We comply with the strictest laws that protect privacy of minors. Therefore, in order to register for an account on the Platform you must meet our minimum age requirements or obtain verifiable consent of your parent or legal guardian.

    The minimum age requirement for:

    • the residents of all countries except the EU and EEA areas is set to 13 ( in compliance with COPPA and LGPD);
    • the residents of the EU and EEA areas is set to 16 (in compliance with GDPR).
      Minors not meeting these age requirements may register for an account on the Platform only with the consent of a parent or a legal guardian (see exemption below). We do not knowingly collect or solicit personal information from anyone under these minimum age thresholds. If you are under these minimum age thresholds, please do not send or share any information about yourself to us, or other users of the Platform, including your name, address, telephone number, or email address. In the event that we learn that we have collected personal information from an individual under the minimum age thresholds without the consent of a parent or legal guardian, we will delete that information as quickly as possible.
      Exemption: Should a school authority obtain Google Accounts for its students, such students will be able to sign in to the Platform using Google Single Sign-On (SSO) service without the consent of their parents or legal guardians. Google provides tokens to Let'sMOD that allow Let'sMOD to sign students in. Every time a student uses such Google SSO to sign in to the Platform, such student is being authenticated by Google.

  13. OPPA; FERPA; CSPC

    Let'sMOD is in strict compliance with Children's Online Privacy Protection Rule (COPPA), Family Educational Rights and Privacy Act (FERPA) and California Student Privacy Certified (CSPC). The Platform went through a certification process administered by iKeepSafe, an organization which assesses providers' compliance with federal and California laws governing student data privacy.

  14. LINKS TO OTHER THIRD PARTY WEBSITES

    The Platform may contain links to third party websites. We have no control over such websites and are not responsible for the content of these websites. This Privacy Policy does not extend to your use of such websites. You are advised to read the privacy policies or statements of other websites prior to using them.

  15. YOUR RIGHTS UNDER GDPR

    The European General Data Protection Regulation ("GDPR") is a regulation in EU law on data protection and privacy for all individuals accessing websites from the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. Our collection, processing and protecting of personal information of those who access the Platform from a European country, is compliant with GDPR.

    If you are accessing and using the Platform from the European Union and the European Economic Area, you have the following rights with regard to your personal information:

    • the right to be informed about what kind of information about you is collected, stored, processed and disclosed by us (that is why we have compiled this Privacy Policy for you);
    • the right of access (you can request us to provide you verbally or in writing the type of information we store about you and we have a month to respond to your request);
    • the right to rectify (amend/correct) any personal information about you that is inaccurate;
    • the right to erasure (some conditions apply, see Data Retention section below);
    • the right to restrict processing your personal information, however, if you restrict us from processing a part of your personal information that is essential to our provision of the Platform, you may be asked to stop using the Platform;
    • the right to data portability (the right to data portability allows users of the Platform to obtain and reuse their personal information for their own purposes across different services; you may request us to transmit your personal information directly from our servers to another company's servers and we will do so if it is technically feasible);
    • the right to object (for example, you have an absolute right to stop us from using your personal information for direct marketing - read our opt-out instructions below; you may express your objection verbally or in writing and we have a month to respond to any such objection; we might still continue processing your personal information if we are able to show that we have a compelling reason for doing so);
    • the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that affects you significantly. If you would like to exercise any of the above rights, please send an email to: support@polyup.com
      We represent and warrant that your personal information is:

      • processed lawfully, fairly and transparently;
      • collected only for specific legitimate purposes;
      • collection of personal data is adequate, relevant and limited to what is necessary;
      • accurate and kept up to date (with your help);
      • stored only as long as is necessary; and
      • is secure and kept in confidence.

    • Data Retention: Generally, your personal information will be erased when (i) it is no longer needed for its original processing purpose, (ii) you withdraw your consent for us to store by deleting your account, (iii) there is no preferential justified reason for the processing of your personal information and you object to our processing of your personal information, or (iv) erasure of your personal information is required in order to fulfil a statutory obligation under the EU law or the right of the EU Member States. Therefore, we will make sure your personal information will be erased under all of the above-mentioned circumstances. You may request us to erase your personal information verbally or in writing and we have one (1) month to respond to any such request.

    • Data Breach Noticiation: Should there be a personal data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we will notify you and appropriate supervisory authority without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it.

  16. YOUR RIGHTS UNDER CCPA

    The California Consumer Privacy Act ("CCPA") is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information of California residents. CCPA provides California residents with five core rights to data privacy and an effective way to control their personal information.

    If you are a California resident, you have the following rights with regard to your personal information:

    • the right to know what personal information is being collected about you.
    • the right to know whether your personal information is sold or disclosed and to whom.
    • the right to say no to the sale of personal information ("the right to opt out") -- Let'sMOD does not sell personal information;
    • the right to access your personal information (under CCPA, a business may provide personal information to a consumer at any time, but shall not be required to provide personal information to a consumer more than twice in a 12-month period).
    • the right to equal service and price, even if you exercise your privacy rights. Additionally, a California consumer has the right to request that a business delete any personal information about the consumer which the business has collected from the consumer. However, a business or a service provider shall not be required to comply with a consumer's request to delete the consumer's personal information if it is necessary for the business or service provider to maintain the consumer's personal information in order to:
    • complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business's ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer;
    • detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
    • debug to identify and repair errors that impair existing intended functionality;
    • exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
    • comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
    • engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses' deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent;
    • enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer's relationship with the business;
    • comply with a legal obligation;
    • otherwise use the consumer's personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information. Conflict resolution under CCPA: Prior to initiating any action against a business for statutory damages on an individual or class-wide basis, a California consumer shall provide a business 30 days' written notice identifying the specific provisions of this title the consumer alleges have been or are being violated. In the event a cure is possible, if within the 30 days the business actually cures the noticed violation and provides the consumer an express written statement that the violations have been cured and that no further violations shall occur, no action for individual statutory damages or class-wide statutory damages may be initiated against the business. Contact us should you need to exercise any of your rights under CCPA.

  17. YOUR RIGHTS UNDER LGPD

    Lei Geral de Proteção de Dados ("LGPD") is the Brazilian general data protection law, which applies to businesses that process the personal data of users located in Brazil. LGPD establishes rules on collecting, handling, storing and sharing of personal data managed by organizations.

    According to the article 18 of LGPD, individuals have the following nine rights over their data processing:

    • The right to receive a confirmation about processing of their personal data;
    • The right to access their personal data;
    • The right to correct incomplete, inaccurate or out-of-date personal data;
    • The right to anonymize, block or delete unnecessary or excessive data or data processed in noncompliance with the provisions of LGPD;
    • The right of portability of the data to another service or product provider, by means of an express request and subject to commercial and industrial secrecy, pursuant to the regulation of the controlling agency;
    • The right to delete their personal data;
    • The right to know who their data is being shared with (e.g., third parties, sub-processors, public, and private entities);
    • The right to know how to deny consent and what would be the consequences of denying consent to collect personal data; and
    • The right to revoke consent.

      If you are located in Brazil, you may exercise any of the above rights by contacting Let'sMOD's DPO, whose contact information you will find at the bottom of this Privacy Policy.

  18. EMAIL MARKETING OPT-OUT OPTION

    You may receive updates, newsletters, surveys, offers, ads and other promotional materials from us or our vendors via your email. You may indicate a preference to stop receiving further communications or notifications from us or any such vendors by following the unsubscribe link provided in the email you receive or by contacting us directly. Despite your indicated preferences, we may send you service related communication, including notices of any updates to our Terms of Service, Privacy Policy, Cookie Policy, or other statements.

  19. CONTACT US

    You have a right to learn what personal information about you we keep by contacting us. Let'sMOD welcomes your questions or comments regarding this Privacy Policy. If you believe that Let'sMOD has not adhered to this Privacy Policy in one way or the other or if you have any requests or questions, please contact Let'sMOD at:

    PolyUp, Inc.
    14575 Horseshoe Dr.,
    Saratoga, CA 95070
    help@letsmod.com