Effective Date: February 2, 2023

Privacy Policy

We are committed to protecting your privacy. This statement (the “Privacy Statement”) describes our policies and practices for collecting, using, sharing and otherwise processing information in connection with your use of the offerings of Standard Cognition, Corp. and, as relevant to your jurisdiction, our affiliate Checkout Technologies S.r.l. (collectively, “Standard”), including Standard mobile and other software applications (collectively, “Application(s)”), and visits to stores and other locations utilizing our Standard machine learning vision platform to provide autonomous checkout solutions and other services (collectively, “the Services”).

Standard is the controller of your personal information as described herein, except in situations in which we are processing personal information for our business customers or their affiliates or clients (collectively, “Customers”), such as when our Customers act as the merchants of record to sell you retail products or otherwise collect, use, share and process personal information via our platform Services. We do not control the privacy and security policies and practices of our Customers, which may be different from those described in our Privacy Statement.

1. Collection of Information

We collect the following types of information when you use the Services:

Information you provide to us directly. For certain activities, including when you register for an account on an Application, visit or shop at locations using our Services, or contact us directly, you may provide some or all of the following types of information to us (“Interaction Data”):

Contact information, such as full name, email address, mobile phone number and address

Registration information, such as username and password

Consistent with your mobile device or Application permissions, geolocation information

Payment information, such as credit card number, expiration date and credit card security code

Demographic information, such as date of birth and gender

Voluntary information, such as survey responses or feedback

Correspondence you send to us, including for customer support

You may access our Services through your relationship with one of our Customers. In that situation, your Customers’ authorized users may control your access and use of your personal information from our Services pursuant to their own policies and practices.

Information we collect through your use of the Services. When you use the Services or visit or shop at locations using the Services, we collect some or all of the following types of information (“Proximity Based Data”):

Device type, device and advertising identifiers

The date and time of your visit and your precise geolocation using your device’s GPS, UWB or similar functionalities

Information about your activity within an Application and the relevant store or other location, such as shopping transactions

Information generated from your activity, such as standard log data

Information about your movements and trajectory through stores and other locations and the items you select, pick up, put down and take, which facilitates your shopping and checkout experience via the Services, as explained more in the Disclosure of Information section

Error-reporting or security information, including the device type and version, device identifiers, the time an error occurred, the feature being used, the state of the Services when an error occurred and any communications or content provided at the time an error occurred

We may use local or cloud storage and other technologies, such as edge compute, to automatically collect this information. By using an Application, you consent to our use of local and cloud storage and other technologies.

We use cameras as part of our machine vision platform, which means we receive video footage of you for our use as described in this Privacy Statement.

Analytics. The Services use Google Analytics, a web analysis service of Google Inc. (Google). Google Analytics uses cookies, i.e. text files stored on your computer to enable analysis of Services usage by you. Information generated by the cookie about your use of the Services is usually transmitted to a Google server in the United States and stored there. On behalf of Standard, Google will use this information to evaluate your use of the Services, compile reports about Services activities and provide Standard with further services related to website and Internet usage. The IP address sent from your device as part of Google Analytics is not merged with other data by Google. To prevent Google Analytics from using your information for analytics, you may install theGoogle Analytics Opt-Out Browser Add-on.

Information we obtain from other sources. We may receive information about you from other sources, including through our affiliates and third-party services or providers. For example, if you access third-party services, such as Facebook, Google or Twitter, to login to an Application or to share information about your experience with the Services with others, we may collect information from these third-party services. Customers and other service providers may also provide information to us about shoppers in their stores or other locations.

We also may access payment information that is stored on your phone through Google Wallet, Apple Pay or similar services if you choose to use these services to complete your transactions.

2. Use of Information

We may use the information we collect to:

Provide the Services to you and our Customers (including the stores and other locations you visit that use our Services), connect you to your shopping activity or account and complete your transactions

Operate our platform, including training our machine learning models, and conduct research

Manage your experiences, including communicating with you, providing customer service and resolving billing and other disputes

Analyze and improve the Services and user experience, derive data and insights and develop new features, products, offerings and services

Debug and maintain the security of Standard, the Services or the rights of others

Market our Services and personalize your experiences, including profiling your shopping activity

To administer surveys, sweepstakes, promotions, or contests;

Prevent potentially fraudulent, prohibited or illegal activities and otherwise in accordance with our Terms of Use
To comply with our legal obligations or as permitted by law

To protect the safety and/or integrity of our users, employees, third parties, members of the public and/or our Services

Respond to legal or governmental agency requests and protect our rights in legal or administrative proceedings, including the enforcement of our Terms of Use

For any other purposes disclosed to you at the time we collect your information

We may combine information that we collect from you through the Services with information that we obtain from affiliated and nonaffiliated third parties, and information derived from any other products or services we provide.

We may aggregate and/or de-identify information collected through the Services. We may use de-identified or aggregated data for any purpose, including to operate our platform and provide Customers with Services, for research, academic or policy purposes, marketing or investor materials or other legal purposes, and may also share such data with any third parties, including without limitation, advertisers, promotional partners, and/or others.

3. Legal Bases for Use of Your Information

The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your “personal data” (as defined in such applicable laws). To the extent those laws apply, our legal grounds are as follows:

Performance of a contract: Much of our processing of personal data is to meet our contractual obligations to our users, or to take steps at users’ requests in anticipation of entering into a contract with them. For example, we handle personal data on this basis to allow you to make purchases using our autonomous checkout services

Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals. This includes operating our business and the Services; providing security for our websites, products, software or applications; marketing; receiving payments; preventing fraud; and knowing the customer to whom we are providing the Services

Legal compliance: We need to use and disclose personal data in certain ways to comply with our legal obligations (such as our obligation to share data with tax authorities)

Consent: If required by law, and in some other cases, we handle personal data on the basis of your consent

If you do not wish for us to use your information, your refusal may prevent us from providing you with some or all of the Services.

4. Retention Period

We keep your information for no longer than necessary for the purposes for which it is processed, or as required or permitted under applicable laws, rules or regulations.

5. Disclosure of Information

We may share your information as follows:

Affiliated Standard entities: Standard Cognition, Corp. and Checkout Technologies S.r.l. share infrastructure, systems, technology and data, including personally identifiable information, to operate our platform and provide the Services

Service providers: We share your information with service providers that help us maintain, provide or support the Services, including for business analytics, payments processing, error-reporting, marketing, auditing and data storage and processing

Customers: We provide some Customers with reports of shopping activity and transactions and information so they can better understand their shoppers, improve the shopping experience and reduce fraud, theft and other unlawful activities. We contractually require these Customers to use your information in a manner consistent with applicable law. For some activity, we may be processing information as a service provider to our Customers, in which case, the Customer’s privacy and security policies and practices govern how your information is collected, used, and shared.

Business transfers: We may share your information in connection with a substantial corporate transaction, such as the sale of all or a part of our Services, a merger, consolidation, reorganization, asset sale or in the unlikely event of bankruptcy. We may also disclose your information in the course of due diligence for such an event.

Protection of Standard and Others: We may share or disclose certain information if we believe in good faith that doing so is necessary or appropriate to (i) protect or defend the rights, safety or property of Standard or third parties, including to defend or enforce our Privacy Statement, our Terms of Service, or any other contractual arrangement; (ii) respond to your requests for customer service; and/or (iii) protect the rights, interests, security, property or personal safety of Standard, its agents and affiliates, its employees, users and/or the public

Legal purposes: We may disclose information to respond to subpoenas, court orders, legal process, law enforcement requests, claims or government inquiries

With your consent: We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent

If you access third-party services such as a mobile platform for in-app purchases or social media services (such as Facebook or Google) to login to the Application or to share information about your experience with the Services with others, then these third-party services may be able to collect information about you and they may notify your connections on the third-party services about your use of the Services, in accordance with their own privacy policies. We do not control the privacy or security policies or practices of these third parties, and you should review their privacy policies carefully.

6. Security

We implement technical, administrative, and physical safeguards to help protect information from loss, theft or misuse and unauthorized access, disclosure, alteration or destruction. No matter what measures we take, however, no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be completely secure. Therefore, we do not promise and cannot guarantee, and thus you should not expect, that your personal information or communications will not be collected, disclosed and/or used by others. You should take steps to protect against unauthorized access to your password, phone and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, keeping your log-in and password private, and not recycling passwords from other websites or accounts. We are not responsible for the unauthorized use of your information nor for any lost, stolen or compromised passwords, or for any activity on your account via unauthorized password activity.

Please note that information collected or received by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information.

7. Your Choices

Through your mobile device or app settings, you can:

Update certain of your account information

Control our collection and use of your information, including your location information, advertising identifiers

Control your privacy settings (including certain privacy consents provided to us, which you can withdraw at any time)

You also may stop further data collection through an Application by uninstalling the Application from your mobile device and ceasing use of the Services.

You can unsubscribe from marketing emails by following the directions in those emails. If you unsubscribe from marketing emails, please be advised you will continue to receive certain email communications related to your account including information regarding transactions and your relationship with Standard.

To opt out of marketing text messages, you must reply STOP to the text message. You agree that texting “STOP” in response to our text message is the only reasonable method of opting out. You also understand and agree that any other method of opting out, including, but not limited to, texting words other than “STOP” or verbally requesting one of our employees to remove you from our list, is not a reasonable means of opting out.

8. Children

We do not offer the Services to children under the age of 16 and do not intentionally or knowingly collect personal information about children under 16. If you believe that we have the personal information of your child, please contact us and we will take actions to address the issue.

9. Third-Party Advertising and Do-Not-Track

We may allow third parties, including business partners, advertising networks, and other advertising service providers, to collect your geolocation information and other information through local storage, software development kits, application programming interfaces and other technologies. These third parties may use this information to deliver advertisements in an Application and elsewhere tailored to your interests, preferences and characteristics. If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored marketing, you may visit the Network Advertising Initiative’s (“NAI”) Consumer Opt-Out Link and/or the Digital Advertising Alliance’s (“DAA”) Consumer Opt-Out Link to opt-out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for Display Advertising or customize Google Display Network ads, you can visit the Google Ads Settings page. Please note that to the extent advertising technology is integrated into the Services, you may still receive advertising content even if you opt out of tailored advertising. In that case, the advertising content will just not be tailored to your interests. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms. If your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different computer or change web browsers, your NAI or DAA opt-out may no longer be effective. Additional information is available on NAI’s and DAA’s websites, accessible by the above links.

Each operating system – iOS for Apple devices, Android for Android devices, and Windows for Microsoft devices–provides its own instructions on how to prevent the delivery of tailored in-application marketing content. Please review the support materials and/or the privacy settings for the respective operating systems in order to opt-out of tailored in-application advertising. For any other devices and/or operating systems, please visit the privacy settings for the applicable device or contact the applicable platform operator.

Some mobile web browsers transmit “do-not-track” signals. We currently do not take action in response to these signals.

10. Links to external sites and services

The Services may contain links to third-party websites or services. We are not responsible for the content or practices of those websites or services. The collection use, and disclosure of your information will be subject to the privacy policies of the third-party websites or services, and not this Privacy Statement. We urge you to read the privacy and security policies of these third parties.

11. International data transfers

Standard is a multinational organization. As a consequence, your information may be transferred outside your country of residence, in particular to the United States, or to other countries where the level of data protection may be less stringent than that ensured by your local laws. By using the Services, you are agreeing to such transfers.

Where required, we will use appropriate safeguards for transferring data outside of your country of residence. For transfers of data outside of the EEA, these safeguards include the standard contractual clauses approved by the EU Commission in Decision No. 2021/914/EC.

12. Your Rights

The data protection laws of your local jurisdiction may provide you with certain data subject rights. Where such rights apply, we will comply with requests to exercise these rights in accordance with applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. If these rights apply to you, they may permit you to:

Obtain confirmation of whether we hold personal information about you, and receive information about how it is used and disclosed

Obtain a copy of the personal information, and in some cases, receive it in a structured, commonly used and machine-readable format, or have it be transmitted to a third party in such form

Update, correct or delete the information

Object to the use or disclosure of the information

Withdraw consent previously provided for the handling of the information (without affecting the lawfulness of prior use and disclosure of the information)

Obtain a restriction on the use of the information

If permitted under applicable law, you can exercise your rights or submit requests regarding our data practices by writing to the data controller using these contact details:

Standard Cognition, Corp.

548 Market St. #96346

San Francisco, CA 94104

Attention: Data Protection Officer (“DPO”)

We may require you to verify your identity with us before we action your requests to exercise your data rights.

If you live in the EU, any complaint can be lodged with a relevant supervisory authority. We encourage you to contact us first, however, and we will do our very best to resolve your concern. For Italy:

Garante per la Protezione dei Dati Personali (Authority for the Protection of Personal Data)

Piazza Venezia, 11

00186 Rome Italy

Fax: +39 06-69677-3785

Telephone: +39 06-696-771

Certified email:protocollo@pec.gpdp.it
13. California Residents: Shine the Light

Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain from us, once per calendar year, information about the Individual personal information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of Individual personal information and the names and addresses of those businesses with which we shared Individual personal information for the immediately prior calendar year (e.g. requests made in 2020 will receive information regarding 2019 sharing activities). To obtain this information from us, please contact us at the following email address: privacy@standard.ai and write “Request for California Privacy Information” for the subject of your message. We will send you a reply email within 30 days containing the requested information once we confirm your request. Not all information sharing is covered by the “Shine the Light” requirements and only that information which is covered will be included in our response.

14. Changes to the Privacy Statement

We may update this Privacy Statement from time to time. When we update the Privacy Statement, we will revise the “Effective Date” date above and post the new Privacy Statement. We recommend that you review the Privacy Statement each time you use the Services to stay informed of our privacy practices. If we make a material change to the Privacy Statement, we may provide you with appropriate notice in accordance with legal requirements. By continuing to use the Services, you are confirming that you have read and understood the latest version of this Privacy Statement.

15. Still Have Questions?

If you have any questions about this Privacy Statement or our practices, or if you believe that our Application is not following this Privacy Statement, please contact our DPO at privacy@standard.ai.