Effective Date: October 4, 2021

Hiro respects and protects the privacy of its users. This Privacy Policy explains how we collect, use, and share information gathered through our websites (www.hiro.so, app.co, stacks.co, and any other site that links to this Privacy Policy), and downloadable software applications (the “Platform”) (collectively, including the website and the Platform, the “Services”). It also describes your rights and choices with respect to your information, and how you can contact us if you have any questions or concerns. The terms “Hiro,” “we,” and “us” include Hiro Systems PBC and its affiliates and subsidiaries.

1. Personal Information We Collect

We may collect Personal Information about you directly from you and automatically through your use of the Services, as well as from third parties. In this Privacy Policy, “Personal Information” means any information relating to an identified or identifiable individual.
‍

A. Personal Information You Provide

Account information. When you register for an account on one of the Services, you may provide us with account information, such as your contact information, username, password, and other information relevant for the particular Services.

‍Communications. When you contact us or if you post on the Services, we may receive your account information, contact information, and the time, date, and content of your message and any attachments.

‍Contact information. When you sign up to receive updates about our products and services you provide us with contact information, such as your name and email address.

‍Contributor information. When you contribute to the Stacks project, you may provide us with contributor information, such as the code, documentation or other information you contribute, the time and date of your contributions, your username and profile information, public repository content, and any related comments and discussions.

‍Developer information. When you submit your app to the App.co platform, you may provide us with developer information such as your contact information, information about your app, and how you learned about app.co.

‍Evangelist information. When you sign up for our Evangelist program, you may provide us with profile information, such as your name, contact information, social media links, profile photo, and survey information.

‍Event information. When you participate in one of our events, you may provide us with contact information, and other information necessary or relevant for the organization of the event.

‍Order information. When you place an order in our online store, we may request information necessary to process your order, such as your contact information, shipping address, as well as credit card, cryptocurrency, or other billing information.

‍Profile information. When you choose to store your Stacks profile on storage nodes managed by Hiro, we receive your profile information such as your profile photo, biographical information, cryptocurrency addresses, social media handles, and PGP and SSH keys, and other information you choose to include in your profile.

‍Applicant information. When you apply for a career with Hiro, you may provide us with applicant information, such as your contact information, information in your resume or CV, information from any website you choose to link to (e.g., LinkedIn or Twitter), and any other information you choose to provide.


Where required by applicable law, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so.

‍

B. Personal Information We Collect Automatically

Device information. We receive information related to randomly-generated identifiers such as information about the device manufacturer and brand, operating system version, session identifier, and version of the Services that users are using.
‍
‍Crash report information. If the Services malfunction, crash, or otherwise experience errors, a third-party provider that we use to track errors and monitor performance of the Services will generate and send us crash reports to help us fix the issue. These crash reports contain information about the device and software you use to access the Services, including device manufacturer and brand, screen orientation and resolution, web browser type and operating system version, as well as usage information about page views, clicks, and the dates and times that the errors, malfunctions, or crashes occurred.
‍‍
Usage information. When you use the Services, to help us understand how the Services are being used and to help improve them, we or third-party providers may automatically receive information related to randomly-generated identifiers, including via cookies, beacons, invisible tags, and similar technologies (collectively “Cookies”) in your browser and on emails sent to you. This usage information may include IP address, web browser, device type, the web pages that you visit just before or just after you use the Services, as well as information about your interactions with the Services, such as if a user installs the Services, installs and enables certain extensions and products within the Services, and the dates and times of your visits, and where you have clicked. You can find more information about how we use Cookies in the section How We Use Cookies below.

‍

C. Personal Information We Collect from Third Parties

Social media information. If you post on Hiro or Stacks social media pages or post about Stacks or Hiro on other publicly available services, we may receive social media information about you, such as your profile information and the time, date and content of your posts.
‍

2. How We Use Personal Information

A. How We Use Personal information

We use Personal Information we collect through the Services as necessary for the following purposes:

‍Providing the Services. We use Personal Information to operate, maintain, and provide features of the Services.

‍Communicating with you. We use Personal Information to contact you for administrative and informational purposes, such as to respond to your inquiries, or to inform you about changes to our terms, conditions, and policies, or invitations to join the Services.

‍Organizing and managing events. We use Personal Information to organize, staff, and manage projects or events.

‍Fulfilling your orders. We use Personal Information to fulfil your orders, including to process your payment and to ship your order.

‍Marketing. We use Personal Information to send marketing communications, including promotional and advertising materials that may be useful, relevant, valuable or otherwise of interest relating to products and services offered by us and by third parties we work with, such as app developers. We also use Personal Information to contact you to answer feedback and surveys, and to improve our marketing and promotional efforts. Generally, you have the ability to opt out of receiving any promotional communications as described below under Your Rights and Choices. Where required under applicable law, we will only send you promotional emails with your opt-in consent.

‍Understanding and improving the Services. We use Personal Information to understand and analyze the usage trends and preferences of our users in order to improve the Services, and to develop new products, services, features, and functionalities.

‍Compliance with financial regulation. We use Personal Information to comply with financial regulation.

‍Other business purposes. We use Personal Information for compliance, risk management, and other business purposes, such as audits, security, compliance with applicable laws and regulations, fraud monitoring, and prevention.
‍

B. Our Use of European Personal Information

If you are located in the European Economic Area, we only process your Personal Information when we have a valid legal basis to do so, including when:
‍
- You have consented to the use of your Personal Information, for example to send you marketing communications.

- We need to use your Personal Information to provide you with the Services, for example to give you access to the Services, to respond to your inquiries, or to register you for an event.

- We need to use your Personal Information to comply with a legal obligation, for example to comply with a court order.

- We or a third party have a legitimate interest in using your Personal Information. In particular, we have a legitimate interest in using your Personal to understand and improve the Services, and to monitor and prevent fraud. We only rely on our or a third party’s legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.

‍

C. How We Use Cookies

We and third-party service providers may use the following cookies to collect Personal Information:

‍Functional cookies. Some cookies are strictly necessary to make the Services available to you. For example, to provide login and mailing list signup functionality. We cannot provide you with the Services without this type of cookie.

‍Analytical cookies. We also use cookies for website analytics purposes in order to operate, maintain, and improve the Services. We may use our own analytics cookies or use third-party analytics providers to collect and process certain analytics data on our behalf. These providers may also collect information about your use of other websites, apps, and online resources.

‍Third-party content. The Services contain links to websites operated by third parties and contain social media features and other content provided by third parties, such as YouTube videos. These third parties may collect information about you if you visit their websites, or if you visit a website that contains social media features or other content provided by them. This Privacy Policy does not address, and we do not control, what Personal Information these third parties collect. We encourage you review these third parties’ privacy policies and related privacy settings before using these features.

You can find more information about your rights and choices, and how to opt out of the use of certain cookies in the section Your Rights and Choices below.

‍

3. How We Share Your Personal Information

Except as described in this Policy, we will not disclose your Personal Information collected on the Services to third parties without your consent. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

Your Stacks ID and profile information will be publicly available via the blockchain.

To our third party service providers who provide services such as website hosting data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing, monitoring, metrics generation, and other services.
‍
To analytics partners, such as Google Analytics, who may collect information about your use of other websites, apps, and online resources. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/ and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

To a potential or actual acquirer, successor, or assignee as part of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in bankruptcy or similar proceedings).

If required to do so by law or in the good faith belief that such action is appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

We may use and disclose aggregated or otherwise de-identified information for any purpose, unless we are prohibited from doing so under applicable law.

4. Third Party Services

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, or any third party operating any site or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates. We encourage you to learn about third-parties’ privacy and security policies before providing them with information.

‍

5. Security

We use certain physical, organizational, and technical safeguards that are designed to maintain the integrity and security of information that we collect. Please be aware that no security measures are perfect or impenetrable and thus we cannot and do not guarantee the security of your data. It is important that you maintain the security and control of your credentials, and not share your passwords or private keys with anyone.

‍

6. Your Rights and Choices

You have several rights and choices with regard to our use of your Personal Information. You may, of course, decline to share certain Personal Information with us, in which case we may not be able to provide to you some of the features and functionality of the Services. If you wish to access, amend, or delete any other Personal Information we hold about you, you may contact us using the contact details at the end of this Policy. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so, as permitted under applicable data protection law. From time to time, we send marketing email messages to our users. If you no longer want to receive such emails from us on a going forward basis, you may opt-out via the “unsubscribe” link provided in each such email or by contacting us using the contact details at the end of this Policy.

‍

A. Your European Privacy Rights

If you are located in the European Economic Area, you have additional rights described below.

- You may request access to and receive information about the Personal Information we maintain about you, update and correct inaccuracies in your Personal Information, restrict or object to the processing of your Personal Information, have the information anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your Personal Information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where an incident took place.

- You may withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time, and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.

You may exercise these rights by contacting us using the contact details at the end of this Policy. Please note that there are exceptions and limitations to each of these rights, and that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain information for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

‍

B. Your Cookie Choices

You have the following choices with regard to the use of cookies and similar technologies:

- Browser settings. Many web browsers allow you to manage your preferences relating to cookies. You can set your browser to refuse cookies or delete certain cookies. You may be able to manage other technologies in the same way that you manage cookies using your browser’s preferences. Please note that if you choose to block cookies, doing so may impair the use of the Services.

- Do Not Track Signals. There is no accepted standard on how to respond to Do Not Track signals, and we do not respond to such signals.

‍

7. Use of Services by Minors

The Services are not directed to individuals under the age of thirteen (13), and we request that they not provide personal information through the Services. If you learn that a child under 13 has provided us with personal information in violation of this Privacy Policy, then you may alert us at legal@hiro.so.

‍

8. International Visitors

Hiro uses servers hosted in the United States and is intended for users in the United States. If you choose to use the Services from regions of the world with laws governing data collection and use that may differ from U.S. law, please note that we may be transferring your information outside of your region for storage and processing in the United States and around the globe. By using the Services you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.

European Visitors
If you are located in the European Economic Area, we will comply with applicable EEA data protection law when transferring your Personal Information outside of the EEA. We may transfer your Personal Information to countries which have been found to provide adequate protection by the EU Commission (e.g., Canada), use contractual protections for the transfer of Personal Information, or transfer to recipients who have certified to the Privacy Shield or adopted Binding Corporate Rules. For more information about how we transfer Personal Information outside of the EEA, or to obtain a copy of the contractual safeguards we use for such transfers, you may contact us as specified below.
‍
‍

9. Retention

We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required or permitted by law to keep this information for a longer period. When determining the specific retention period, we take into account various criteria, such as the type of Services provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law and the relevant statute of limitations.

10. Updates to this Privacy Policy

We may make changes to this Privacy Policy. The “Effective Date” at the top of this page indicates when this Privacy Policy became effective. If we make material changes, we may notify you through the Services or by sending you an email or other communication. We encourage you to read this Privacy Policy periodically to stay up-to-date about our privacy practices. Your use of the Services following these changes means that you accept the revised Privacy Policy.
‍

11. Contact Us

Unless otherwise indicated in this Privacy Policy, Hiro is the entity responsible or “data controller” for the processing of Personal Information described in this Privacy Policy. If you have any questions about this Privacy Policy or our privacy practices in general, please contact via email at legal@hiro.so or via regular mail at:

Hiro Systems PBC
Attn: Legal Department
101 West 23rd Street Ste 224
New York, NY 10011
‍