Privacy Notice

This Privacy Notice (the "Privacy Notice") describes the privacy and data protection practices of Abstracted Systems, LLC ("Abstracted Systems," "we," "us," or "our"). This Privacy Notice is intended to provide details regarding the information we collect and/or process through our website located at https://abstractedsystems.com/ or any successor website (the "Site"), and all other applications, products, services, features, tools, application programming interfaces and software that we own or control and which post or link to this Privacy Notice (collectively, the "Services"), or through other communication methods such as email or phone. This Privacy Notice is governed by our Terms of Service. Defined terms used herein and not otherwise defined have the meanings set forth in the Terms of Service.

By accessing or using the Site or other Services, you agree to this Privacy Notice. This Privacy Notice may change from time to time (see Changes to Our Privacy Notice below). Your continued use of the Site or the Services after we make changes is deemed to be acceptance of those changes, so please check the Privacy Notice periodically for updates.

1. Scope of our Privacy Notice

The amount and type of information we collect about you will depend upon the Services you use and the information you choose to provide. Please note that we need certain types of information so that you can access our Services or so we can provide the Services you request. If you do not provide us with the required information or ask us to delete it, you may no longer be able to access or use our Services. For purposes of this Privacy Notice, personal information means information relating directly or indirectly to an identifiable individual, except as may be set forth in applicable law.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information. You may not provide us information that is obscene, defamatory, infringing, malicious, or that violates any law. If you provide personal information of a third party, you are responsible for providing any notices and obtaining any consents necessary for us to collect and use such personal information as described in this Privacy Notice.

The Services are intended for use by educational support organizations ("Organization Customers") and the schools, school districts, teachers and administrators they support ("Customer Users"). Abstracted Systems respects the privacy of the student educational records and personal information provided to us by our Organization Customers to process on their behalf ("Customer Data") when they, their staff or other Customer Users access and use the Services. Customer Data is the data received by Abstracted Systems from its Organization Customers and their Customer Users and may include student names, assessment data, conduct or behavior data and other student information provided in recorded interviews. Customer Data is processed by Abstracted Systems on behalf of each Organization Customer in our capacity as a "data processor".

Abstracted Systems complies with privacy laws of the United States with respect to personal information and student educational records. We do not use Customer Data for any purpose other than to provide the Services, in accordance with our contractual agreements with our Organization Customers, our Terms of Service, and this Privacy Notice.

Abstracted Systems does not own or control Customer Data, which belongs to the student and/or the Organization Customer that contracts with Abstracted Systems to provide access to the Services. The makeup of Customer Data processed by Abstracted Systems can vary depending on the Services used by the Organization Customer, and may include student data and employee data. Abstracted Systems processes the Customer Data under strict contractual obligations and privacy agreements signed with the Organization Customer. Abstracted Systems does not use or disclose Customer Data except as authorized and required by our Organization Customers and as provided for in our agreements with our Organization Customers. Abstracted Systems obtains consent from our Organization Customers for the use of third-party subprocessors who support the functionality of our Services. Because Abstracted Systems does not own or control Customer Data, any request for access, review, correction, or deletion of Customer Data must come directly from our Organization Customers. Abstracted Systems is not responsible for the privacy practices of its Organization Customers.

2. Information We Collect

We may also collect information about you for our own use when you visit the Site and as more fully described below. In these situations, Abstracted Systems is a "data controller" because Abstracted Systems determines the purposes for which and the way the personal information is processed.

Information You Provide to Us

It's probably no surprise that we collect information that you provide to us. For example, we collect information from you when:

• you request information from us or otherwise communicate with us;
• an account is created by you or on your behalf;
• you carry out transactions through our Site and Services;
• you request customer support or technical assistance with the Services; and
• you complete any forms or respond to a survey that we might ask you to complete for research purposes.

This information may include:

• name, phone number and email address;
• postal address;
• employment-related information, including, but not limited to, job title and employer; and
• financial and payment information.

Information We Collect Through Our Services

We may collect personal information provided by you, your employer or other users of the Services that may be required to use the Services. We expect all users to follow their organization's privacy policy and any applicable regulatory requirements when providing personal information for use of the Services.

Information We Collect Automatically

When you use the Services, we collect and analyze some information via a variety of technologies that automatically collect information about the Services. This information includes, but is not limited to, certain details of your access to and use, including traffic data, location data, logs, and other communication data and the resources that you access and use on or through the Services. We use this information to track the use of the Site and other Services and to assist us in maintaining, evaluating, and improving the Services.

Information We Collect from Other Sources

We may receive personal information about you from third-party sources such as your employer and publicly available sources. This Privacy Notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Site links. The inclusion of a link on the Site does not imply endorsement of the linked site or service by us or by our affiliates.

Recruiting and Candidate Information

If you choose to apply to work with or for us through our Site or by otherwise contacting us regarding opportunities to become an employee, agent, or contractor for us, we may collect the following:

• Identification data, such as your name, date of birth, social security number, and other government identifiers.
• Contact information, such as your first and last name, email and mailing addresses, phone number, emergency contact information, professional title or profession, and company name, if applicable.
• Application information regarding qualifications, skills, employment or education history, or other related information provided voluntarily in response to questions asked during any interviews.
• Reference information, such as name and contact details of your references.
• Social media information, such as if you provide us a link to or other access to a social media account, we may collect or access any information you permit to be shared through or from your social media account and other information depending on the social media platform.
• Background check information, subject to applicable law.
• Compensation information, such as financial account information, and any other compensation information that you voluntarily provide, which may depend on your region and applicable laws and regulations.

You are responsible for the accuracy of the personal information you provide or make available to us. Some information is provided directly to us for internal use, while other information may be shared directly with a service provider who handles specific aspects of our operations. Some information is mandatory to provide because it enables us to perform mandatory employee-hiring processes, like issuing your paycheck or verifying your eligibility for employment. All personal information you provide, particularly in connection with our recruiting activities, must be truthful, accurate and not misleading in any way.

3. Cookies and Similar Technologies

Cookies are small text files that are placed on your computer or mobile device by websites and mobile applications that you visit or use. Pixel tags (also called web beacons) are small blocks of code placed on websites and in emails represented as small, clear images. To collect information automatically as described in this section, we may use cookies, and other technologies like pixel tags and web beacons, on our Site and Services to help us identify visitors and understand usage and access preferences for our Site and Services. Some examples of the data we collect from cookies include your account preferences, pages accessed, language preferences, and previous visits to our Site and Services. We may link the anonymous visitor ID from your cookie to a user ID in our database to help us analyze web traffic and statistics.

First Party Cookies

First party cookies are cookies we set. We use first party cookies to:

• Make our Site and Services work (essential cookies), such as to facilitate the operation and functionality of our Site and Services; and
• Help us measure and improve the performance of our Site and Services (analytics cookies), such as to (i) track how our Site and Services are being used, and how we can improve them; (ii) improve your experience while using our Site and Services and make navigating around them quicker and easier; and (iii) allow us to make a bespoke user experience for you and for us to understand what is useful or of interest to you.

Third Party Cookies

Some cookies on our Site or Services are set by third-party service providers or partners. For example, we may use third-party analytics and advertising partners' automated tools, such as Google Analytics, which collect certain of your personal information when visiting our Site and mobile applications to help us evaluate usage of our Site and Services for improvement purposes. These third parties also may use personal information they collect from you to provide and improve their services and for other purposes. Such uses of your personal information by such third parties are governed by the privacy policies of those third parties. Information about how Google Analytics collects and processes data can be found here: www.google.com/policies/privacy/partners/. See below under Opt-Out Options for information on how to prevent your data from being used by Google Analytics. You also may also download the Google Analytics Opt-Out Browser Add-on to prevent your data from being used by Google Analytics.

Opt-Out Options

• You may disable cookies on your browser. Please review your browser's instructions for doing so. Note that certain features of the Site may not be available if you delete or reject cookies.
• You can manage how we use cookies on your browser by clicking the "Cookies Settings" link on the banner at the bottom of our home page. Clicking on the "Cookies Settings" link will take you to a popup where you can manage your cookie preferences.
• Some web browsers may allow you to enable a do-not-track feature that alerts the websites you visit that you do not want your online activities to be tracked. Our Site and Services may not recognize or react in response to do-not-track signals. At present, no generally accepted standards exist on how companies must respond to do-not-track signals. In the event a final standard is established, we will assess and provide an appropriate response to these signals.

4. How We Use Your Personal Information

We, or our service providers working on our behalf, may use your personal information for various purposes depending on the types of information we have collected from you in order to:

• Provide you with the Services. We may also use such information you provide in aggregated or deidentified form, to refine and improve the Services.
• Fulfill any other purpose for which you provide it.
• Process transactions.
• Give you notices about your account and renewals.
• Notify you when updates to the Services are available, and of enhancements or changes to any products or services we offer.
• Respond to your requests for information and provide you with more effective and efficient customer service.
• Market, promote, and conduct advertising for the Services. For example, we use your information to send you marketing communications via email or other contact methods where permitted by applicable law.
• Maintain, secure, and improve current and future Services. For example, our Services may collect your information through forms that you submit and may collect information automatically about your use of the Services to inform us about Services performance, areas of improvement, and Services updates and changes we may decide to evaluate.
• Comply with any procedures, laws, and regulations which apply to us or our processing. For example, we comply with subpoenas and other court orders to process data where we have determined there is a legal requirement for us to do so.
• Establish, exercise, or defend our legal rights. We may process your personal information in connection with establishing, exercising, or defending our legal rights where it is necessary for our legitimate interests or the legitimate interests of others or for fraud prevention. For example, we may process information you provide to identify any fraudulent, harmful, unauthorized, unethical, or illegal activity, such as use of another individual's identity, and we may use your information as necessary to defend ourselves in litigation or enforce our rights or agreements with others.
• Conduct outreach, recruiting and hiring activities for opportunities with us. If you apply to work with or for us, we will review the information you submit to determine if your interest, qualifications and experience match any available opportunities with us, to verify the information you provide, communicate with you regarding any opportunities, improve our recruiting processes, process your onboarding if hired, and comply with applicable labor and employment laws.
• Other legitimate purposes as required or permitted by applicable law. We may process your information for other purposes consistent with those in this Privacy Notice and as may be permitted or required by applicable law.

5. Aggregate/Deidentified Data

We may aggregate and/or deidentify any information collected through the Services so that the information can no longer be linked to you or your device. We may use the aggregated and/or deidentified information for any purpose, including without limitation for research purposes and to promote the Services, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors.

6. How We Share and Disclose Your Personal Information

We do not sell your personal information to third parties or share your personal information with third parties for cross-context behavioral advertising purposes.

We may share your personal information in the following ways:

• Third-Party Service Providers: We may provide access to or share your information with select third parties who perform services on our behalf as a service provider. They provide a variety of services to us, including data storage and/or processing, generative AI analysis and processing, website and app hosting and operation, surveys, security and fraud prevention. Third-party service providers may have access to your personal information to perform these services but are prohibited from using your information for other purposes. We will enter into data protection agreements with service providers that have access to your personal information, which will prohibit them from using or disclosing your personal information except for the purpose of providing the Services.
• Protection of Abstracted Systems and Others: We may disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process (e.g., a subpoena or court order); (b) enforce this Privacy Notice; (c) respond to claims that any content violates the rights of third parties such as rights of privacy or intellectual property; (d) respond to your requests for customer service; and/or (e) protect the rights, property or personal safety of Abstracted Systems, its agents and affiliates, its users and/or the public. This includes exchanging information with other companies and organizations for fraud protection, spam/malware prevention, and similar purposes.
• Your Employer and Users: We may share your information with your employer and your employer's other users of the Services.
• Consent: We may share your information when we have your consent.
• For the Purpose for Which You Provide It: We may share information you provide for the purpose for which you provide it.
• Intracompany: We may share your information with any affiliates and subsidiaries to operate our business.
• Enforcement: To enforce our rights arising from any contracts entered into between you and us, including the Terms of Service and for billing and collection.

7. Retention of Your Personal Information

We may retain your personal information both during and after the time you use our Services, but we keep your personal information for no longer than needed pursuant to a legitimate business purpose. For example, we may retain contact information after you register an account with us to maintain our internal financial or transactional records, to communicate with you about our relationship, or to deliver marketing communications to you in accordance with applicable law.

The length of time for which we retain information depends on the purposes for which we collected and used it, contractual terms, requirements of applicable laws, the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the resolution of any pending or threatened disputes, and enforcement of our agreements.

We keep information collected on behalf of our Organization Customers for as long as necessary to fulfill the purpose for which it was collected, pursuant to contractual terms or as otherwise required by applicable law. When we no longer require the personal information, we will either delete or deidentify it, or if this is not possible, securely store it in accordance with this Privacy Notice and cease use of the personal information until deletion is possible. If we deidentify your personal information (so that it can no longer be associated with you and thus is no longer considered personal information under relevant laws), we may retain this information for longer periods.

8. How We Protect Your Personal Information

We use physical, administrative, and technical security measures to protect the confidentiality, integrity, and availability of your information. Our security measures consider the type and sensitivity of the data being collected, used, and stored, and the current state of technology and threats to data. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. Do not share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we use measures to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Services.

9. Rights and Choices

Customer Data

In response to a proper request from you regarding Customer Data received by Abstracted Systems, we will direct you to contact the Organization Customer who provided the Customer Data to us. A proper request must include the name of the applicable Organization Customer, information we may require to verify your identity, and the specific right to be exercised. If the Organization Customer is not responsive, and you notify us that the Organization Customer was not responsive and properly identify the Organization Customer, we will then notify the Organization Customer of your request and await guidance from the Organization Customer. We will follow applicable law with respect to proper requests. We will also reasonably cooperate and assist our Organization Customers in connection with access requests, inquiries, and complaints from data subjects to whom the Customer Data relates or from data protection authorities. We will not directly respond to a request for Customer Data except on documented instructions of our Organization Customer. Abstracted Systems acknowledges that applicable law regarding data subject rights may be further promulgated, modified, or interpreted by supervisory authorities, and enforced by stakeholders such as state attorney generals. Abstracted Systems will reasonably cooperate and assist Organization Customers in responding to data subject requests.

If you do not receive a response to your data request within the applicable legal time frame, or if you are not satisfied with the response provided by the Organization Customer, you have the right to lodge a complaint with the relevant data protection or supervisory authority in your jurisdiction.

Regional Terms for Certain U.S. States

Our Site and Services are hosted in and provided from the United States, and your use of our Site and Services is governed by United States law. If you are using the Site or Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our systems and facilities, and those of our third-party providers and recipients of information, are located. By using the Site and Services, you consent to your information being transferred to our systems and facilities, and to the systems and facilities of those third parties to whom we disclose information as described in this Privacy Notice.

Additional information is provided below for individuals who are residents of certain U.S. states ("Relevant Regions"), as required under applicable data protection laws in those regions ("Relevant Laws").

If you are located in a Relevant Region requiring such disclosure, the legal bases for using your personal information are as follows:

• Where use of your information is necessary in order to fulfill our commitments to you under our Terms of Service and/or other agreements with you;
• Where use of your information is necessary for compliance with a legal obligation;
• Where use of your information is necessary in order to protect your vital interests or those of another person;
• Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to secure, update, and improve our Site and Services; to communicate with you and respond to your requests and inquiries; to monitor and prevent any problems with our Services; to personalize your experience; for fraud prevention; and to establish, exercise, or defend legal claims); or
• Where we have your consent, in accordance with applicable law (for example before we place certain cookies on your device and access and analyze them later on).

Certain Relevant Laws provide individuals in Relevant Regions certain rights regarding their personal information. If a Relevant Law applies to you, you may use the instructions for Submitting Requests below to exercise the following rights:

• Right to Know What Personal Information is Being Collected (Right to Access): The right to request the following information:
  • Categories of personal information collected about you.
  • Categories of sources from which the personal information is collected.
  • The business or commercial purpose for collecting, selling, or sharing your personal information.
  • Categories of third parties to whom we disclose your personal information.
  • The specific pieces of personal information we have collected about you.
• Right to Delete Personal Information: The right to request that we delete any personal information about you that we have collected from you.
• Right to Correct Inaccurate Personal Information: The right to request that we correct your inaccurate personal information if we maintain inaccurate personal information about you.
• Right to Know What Personal Information is Sold or Shared and to Whom: If we sell or share your information, the right to request that we disclose to you the following:
  • The categories of personal information that we collected from you.
  • The categories of personal information that we sold or shared about you and the categories of personal information for each category of third parties to whom the personal information was sold or shared.
  • The categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.
• Right to Opt Out of Sale or Sharing of Personal Information: The right to direct us, if we sell or share your personal information to third parties, not to sell or share your personal information. To exercise your opt-out right, please contact us at privacy@abstractedsystems.com.
• Right to Limit Use and Disclosure of Sensitive Personal Information: The right to direct us to limit the use of your sensitive personal information to the use which is necessary to perform the Services.
• Right of No Retaliation Following Opt Out or Exercise of Other Rights: We may not discriminate against you if you exercise any of your rights as described above.
• Right to Data Portability: The right to obtain your personal information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

Submitting Requests

If you wish to exercise any of the rights described above, please submit a request. In your request, please specify which right you are seeking to exercise and the scope of the request. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request. You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent's permission to do so and verify your identity directly. Requests should be directed to privacy@abstractedsystems.com.

When you submit a request, do not send us, directly or indirectly, any sensitive or special categories of personal information (e.g., social security numbers or other national or state identifiers, health information, biometric data, and so on).

We will evaluate and respond to your request to the extent required by law (or in our discretion if not required by law) in the time required by law and as permitted by our contracts, confidentiality obligations, and applicable laws and regulations. We may not be able to provide all of the information requested or fulfill your request due to certain exceptions enumerated under applicable law. In such a case, we will inform you of the reasons we cannot fulfill all or part of your request. If the request submission methods above do not enable you to submit your request, please contact us as set forth below and specify which right you wish to exercise.

10. Children's Privacy

The Services are intended for general audiences and not for children under the age of 18. Under the Family Educational Rights and Privacy Act (FERPA), Abstracted Systems acts as a "school official" with "legitimate educational interests" and contractually relies on Organization Customers and Customer Users to obtain parental consent, if required. Children under the age of 18 may not use the Services. Where the personal information of children under 18 is shared with us by an Organization Customer, we do not use such information for any purpose other than to provide our Services in accordance with contractual agreements with our Organization Customers and our Terms of Service. If we become aware that we have inadvertently collected or received personal information from children under the age of 18 without valid parental consent, if required, we will take reasonable steps to delete that information from our systems as soon as reasonably practicable.

11. Third-Party Sites and Applications

Our Services may provide links to or make available integrations with third-party website or applications ("Third-Party Site"). Such Third-Party Sites are outside our control and not covered by this Privacy Notice. We are not liable for any information, content, products, services, software, or other materials available on or through Third-Party Sites. The use of a Third-Party Site or any information or other content found on a Third-Party Site is subject to and governed by the terms and conditions of such Third-Party Site. We encourage you to review the privacy notices posted on such Third-Party Site.

12. Business Transfers

As we continue to develop our business, we may buy, merge, or partner with other entities. In such transactions user information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third party, user information (including information processed in accordance with this Privacy Notice) may be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions. Any third party to which we transfer or sell our assets will have the right to continue to use your information in the manner set out in this Privacy Notice.

13. Changes to Our Privacy Notice

We reserve the right to amend this Privacy Notice at any time to reflect changes in the law, our data collection and use practices, our Services, advances in technology, and for other purposes. We will make the revised Privacy Notice accessible through the Services and encourage you to review the Privacy Notice periodically. Any changes will be effective immediately upon the posting of the revised Privacy Notice. The "last updated" date included at the top of this Privacy Notice will indicate when it was last updated. If we make a material change to the Privacy Notice, you will be provided with appropriate notice by email or in accordance with other legal requirements. Your continued use of the Services following the notice of such changes indicates that you have read, understood, and agreed to be bound by the latest version of the new Privacy Notice. This Privacy Notice is not intended to, nor does it, create any contractual or legal right in or on behalf of any party, including you.

14. Contact Information

Please feel free to contact us if you have any questions about this Privacy Notice or our associated information practices.

You may contact us as follows: