Privacy Policy

Throne Labs (“Throne,” “we,” “our,” and/or “us”) values the privacy of individuals who use our website, app, and related online services (collectively, our “Services”). This privacy policy (the “Privacy Policy”) explains how we collect, use, and share information from users of our Services (“Users”, “you”, and/or “your”). By using our Services, you agree to the collection, use, disclosure, and procedures this Privacy Policy describes. Beyond the Privacy Policy, your use of our Services is also subject to our Terms of Service (https://www.thronelabs.co/terms-of-service). Any terms used and not defined herein are defined in the Terms of Service.

INFORMATION WE COLLECT

We may collect a variety of information from or about you or your devices from various sources, as described below.

Information You Provide to Us

• Registration and Profile Information. When you sign up for an account via the App, we may ask you for information such as your phone number (which will be anonymized). If you access a Throne via the Texting Service, we may collect and anonymize your phone number. When you sign up via a Tap Card, the third-party that registers your account may collect your name and other personally identifiable information. Throne Labs does not request the names or any personally identifiable information from any third-parties who may collect data on our behalf in connection with a Tap Card registration.
• Communications. If you contact us directly, we may receive additional information about you. For example, if you submit requests to us, such as through our website, or contact us for customer support, we may receive your name, email address, phone number, the contents of the message and any attachments you send to us, and any other information you choose to provide. If you subscribe to our newsletter, we will collect certain information from you, such as your email address.
• Ratings and Feedback. If you choose to provide feedback through our Services, we will receive your phone number and any information and content you choose to provide to us.

Information We May Collect When You Use Our Services

If using our Services via Tap Card, no personally identifiable data is shared with us and we will only receive anonymized sensor data listed below. If accessing our Services via the App or Texting Service, you acknowledge that we may collect any of the below information, if applicable to your method of accessing our Services:

• Location Information. With your permission, we receive your precise location information when you use our App. We may also infer your general location information, for example, based on your internet protocol (IP) address. This information may be used for functional purposes, including but not limited to, determining proximity to nearby Thrones, providing navigational directions to a Throne and ensuring individuals are not opening or accessing Thrones without being physically present.
• Device Information. We may receive information about the device and software you use to access our Services, such as your IP address, web browser type, operating system version, phone manufacturer, application installations, device identifiers, and push notification tokens.
• Usage Information. To help us understand how our Services are used and improve them, we may automatically receive information about your interactions with our Services, such as the pages or other content you view, actions you take through the Services (such as opening a Throne door), and the dates and times of your visits.
• Information from Cookies and Similar Technologies. Via our website, we and our third-party partners may collect information using cookies, pixel tags, or similar technologies. Our third-party partners, such as analytics partners, may use these technologies to collect information about your online activities over time and across different services. Cookies are small text files containing a string of alphanumeric characters. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our website. Please review your web browser’s “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Service, you may not be able to utilize the features of the website to their fullest potential. No cookies or similar technologies are used when accessing Thrones via Text Service or Tap Card.
• Sensor Data. When you use a Throne, we automatically receive sensor data such as door status, unit tilt, air quality (i.e., smoke and carbon monoxide detectors), temperature, humidity, water and power use. Sensor data is completely anonymized and not tied to your personal profile or stored in a relational manner to your account.

HOW WE USE THE INFORMATION WE COLLECT

We may use the information we collect:

• To provide, maintain, improve, and enhance our Services (for example, to develop new or improved methods of helping you search for and open a Throne near you);
• To personalize your experience on our Services, such as by providing tailored content and recommendations;
• To understand and analyze use of our Services and develop new products, services, features, and functionality;
• To communicate with you, provide you with updates, and other information relating to our Services, provide information that you request, respond to comments and questions, and otherwise provide customer support;
• For marketing and advertising purposes, such as developing and providing promotional and advertising materials that may be relevant, valuable or otherwise of interest to you;
• To send you push notifications if using the App, or text messages if using the Texting Service, in each case in order to facilitate your use of the Services;
• To send you text messages, and to call or text you if we have reason to believe that your safety is at risk;
• To find and prevent fraud and abuse, and respond to trust and safety issues that may arise;
• For compliance purposes, including enforcing our Terms of Service or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency; and
• For other purposes for which we provide specific notice at the time the information is collected.

HOW WE SHARE THE INFORMATION WE COLLECT

• Vendors and Service Providers. We may share any information we receive with vendors and service providers (including but not limited to Twilio and Zendesk) retained in connection with the provision of our Services.
• Analytics Partners. We use analytics services such as Metabase and Grafana to collect and process certain analytics data.
• As Required By Law and Similar Disclosures. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our, or others’ rights, property, or safety.
• Merger, Sale, or Other Asset Transfers. We may transfer your information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets. The use of your information following any of these events will be governed by the provisions of this Privacy Policy in effect at the time the applicable information was collected.
• Consent. We may also disclose your information with your permission.

YOUR CHOICES/PREFERENCES

• Location Information. Location is collected with App use only. You can limit the sharing of precise location information through your device’s operating system settings. However, location is core to how the App functions and without it, you may not be able to successfully use our Services.
• Marketing Communications. In the event we deliver any promotional or marketing emails, you may unsubscribe from such emails via the link provided therein. Even if you opt out of receiving promotional messages from us, you may continue to receive administrative messages from us.
• Do Not Track. There is no accepted standard on how to respond to Do Not Track signals, and we do not respond to such signals.

THIRD PARTIES

Our Services may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the privacy practices of these third parties. Please be aware that this Privacy Policy does not apply to your activities on these third-party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.

SECURITY

We make reasonable efforts to protect your information by using safeguards designed to improve the security of the information we maintain. However, as no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your information.

CHILDREN

We do not knowingly collect, maintain, or use personal information from children under 13 years of age, and no part of our Services is directed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us at support@thronelabs.co.

ACCESSING/UPDATING YOUR INFORMATION

If using the Services via the App, you may update some of your account and profile information through the App. If you’d like to request other changes to your account or for your account to be closed, please email us at support@thronelabs.co. Notwithstanding the foregoing, if you have violated our Terms of Service in any manner, we reserve the right to prevent you from creating a new user account or accessing the Services. In order to do so, we may retain your non-anonymized phone number, but no other personal, identifiable information regarding your user account. You may request to delete any non-anonymized user information data at any time, but we reserve the right to retain your phone number.

CHANGES TO THIS PRIVACY POLICY

We will post any adjustments to the Privacy Policy on this page, and the revised version will be effective when it is posted. If we materially change the ways in which we use or share personal information previously collected from you through the Services, we will update this Privacy Policy and use reasonable efforts to notify you through the Services, by email, or other communication.

ADDITIONAL INFORMATION FOR CALIFORNIA CONSUMERS

Under the California Consumer Privacy Act (“CCPA”), as amended by the Consumer Privacy Rights Act (“CPRA”), we are required to provide specific disclosures about how we use and disclose personal information (“California Personal Information”) about you (“consumers” in this section).

CALIFORNIA PERSONAL INFORMATION

Depending on your online and offline interactions with us, we may collect and process the following categories of California Personal Information:

• Identifiers: including contact details such as email address, name or telephone number;

• Customer Records: electronic customer records containing California Personal Information, such as telephone number;

• Internet or Other Electronic Network Activity Information: including your interactions with our website or App;

• • Inferences: drawn from the information collected; and

• Geolocators: including general location information with App user consent.

Certain California Personal Information that we collect about you may be considered “Sensitive Personal Information” within the meaning of California Privacy Law. We only use and disclose Sensitive Personal Information as necessary in connection with the performance of Services and the provision of goods, compliance with federal, state, or local laws, and as otherwise permitted by California Privacy Law.

SOURCES

We may collect the categories of California Personal Information identified in the sub-section above directly from you, automatically as you use our website, App or Services, and from third parties such as data analytics providers, social media networks, and distributors and intermediaries.

PURPOSES OF USE

We use California Personal Information for the following business and commercial purposes:

Business PurposesCommercial PurposesNegotiate, conclude, and perform contracts with vendors;Manage our accounts and records;Operate our website or Services, including through the use of analytics software;Communicate with individuals that are, or who represent, customers, vendors, or web users related to transactions;Protect our rights and interests;Ensure the security of our website, App and other assets;Legal and regulatory compliance and internal control evaluations and audits (including where conducted by our internal and external audit service providers);Obtain legal advice, including for legal proceedings and litigation and also in connection with the sale, purchase or merger of a business;To provide the products, information and services you request; For security, credit or fraud prevention purposes; To provide you with effective customer service; To provide you with a personalized experience when you use our Services; To contact you with information and notices related to your use of our Services; To improve the content, functionality and usability of our Services; To improve our products and services; andFor any other purpose identified in an applicable Privacy Policy or other agreement between us and you.Advertising, marketing, and public relations (including direct marketing);Market research and competitor analysis;To display personalized advertising when you visit our website, App or a third party website; To contact you with special offers, such as new products, contests and other information we believe will be of interest to you;To better understand your needs and interests; andTo improve our marketing efforts.

DISCLOSURE OF CALIFORNIA PERSONAL INFORMATION

We may disclose the categories of California Personal Information described above, for the business purposes described above, to:

• Third-party service providers and contractors that perform data processing activities on our behalf, subject to appropriate privacy and security obligations;

• Government and other authorities as required by law;

• Potential purchasers and other parties in connection with the sale, purchase, or merger of a business; and

• Others to the extent necessary to comply with applicable law and as otherwise permitted under California Privacy Law.

We may disclose Identifiers and Internet or Other Electronic Network Activity Information for the commercial purposes described above to:

• Third-party service providers; and

• Social media and advertising networks.

YOUR CALIFORNIA PRIVACY RIGHTS

Subject to certain exceptions detailed in California Privacy Law, as a California resident, you have the right to request: (i) deletion of your California Personal Information (subject to our right to retain your California Personal Information in order to prevent you from creating a new user account or otherwise accessing the Services in the event you violated the Terms of Service); (ii) correction of inaccurate California Personal Information; (iii) the right to know/ access the categories of California Personal Information that we collect about you, including the specific pieces of California Personal Information; (iv) the categories of California Personal Information disclosed for a business purpose; and (v) information about the categories of California Personal Information about you that we have shared (as such term is defined under California Privacy Law) and the categories of third parties to whom the California Personal Information was shared.

In addition, California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.

DO-NOT-SELL OR SHARE MY PERSONAL INFORMATION

In addition to the above-stated rights, California residents have the right to opt-out of the selling or sharing of their California Personal Information, as such terms are defined under California Privacy Law. To exercise this right, please contact us at support@thronelabs.co.

We will not discriminate against you by offering you different products, or by providing you with a different level or quality of products, based solely upon your exercising your rights under applicable law.

Finally, we do not “sell” or “share” California Personal Information about consumers that we know are younger than 16 years old without opt-in consent.

EXERCISING YOUR RIGHTS

If you are a California resident and wish to request the exercise of these rights as detailed above or have questions regarding the California Personal Information collected or shared with third parties, please contact us at support@thronelabs.co. When submitting your request, please include the specific nature of your request, referencing “Your California Privacy Rights,” as well as your first and last name, email address, and zip code or mailing address. We may apply any exceptions or other conditions available under law when responding to access, correction, deletion, or other requests. We will generally fulfill requests for access, correction, and deletion within 45 days of receiving a valid verified request. We may extend the response time by another 45 days by notifying the individual of the time extension.

AUTHORIZED AGENTS

To the extent that you elect to designate an authorized agent to make a request on your behalf, the authorized agent must provide appropriate documentation including written signed permission from you, proof of your identity, and verification of the agent’s identity; a valid, designated power of attorney as defined under the California Probate Code, and certificate of registration as an agent before the California Secretary of State. If you are an agent submitting the request on behalf of a California consumer, please contact us at support@thronelabs.co.

DATA RETENTION

We keep your California Personal Information for as long as needed or permitted according to the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) for as long as we have an ongoing relationship with you; (ii) for the duration of a contract with you; (iii) as required by a legal obligation to which we are subject to; or (iv) as advisable considering our legal position (such as in regard of applicable statutes of limitations, litigation, or regulatory investigations). We may remove California Personal Information for inactive accounts from our database, subject to any applicable legal or regulatory obligations. Furthermore, we may delete California Personal Information from our database at any time and without providing any reason.

SHINE THE LIGHT

Separately, under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who provide us their Personal Information are entitled to request and obtain from us, free of charge, information about the Personal Information (if any) we have shared with third parties for their own direct marketing use; such requests may be made once per calendar year for information about any relevant sharing in the prior calendar year (so, requests submitted in 2023 would be applicable to relevant disclosures (if any) in 2022). If you are a California resident and would like to make such a request, please contact us at support@thronelabs.co, using the subject line “Request for California Privacy Information.” In your request, please attest to the fact that you are a California resident and provide a current California address. We will reply to valid requests by sending a response to the email address from which you submitted your request. Please note that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing and the relevant details required by the Shine the Light law will be included in our response.

ADDITIONAL INFORMATION FOR VIRGINIA CONSUMERS

Under the Virginia Consumer Data Protection Act (“CDPA”), we are required to provide specific disclosures about how we use and disclose personal information (“Virginia Personal Information”) about you (“consumers” in this section).

VIRGINIA PERSONAL INFORMATION

Depending on your online and offline interactions with us, we may collect and process the following categories of Virginia Personal Information:

• Identifiers: including contact details such as email address, name and telephone number;
• Customer Records: electronic customer records containing Virginia Personal Information, such as telephone number;
• Internet or Other Electronic Network Activity Information: including your interactions with our website or App;
• Inferences: drawn from the information collected; and
• Geolocators: including general location information with App user consent.

PURPOSES OF USE

We use Virginia Personal Information for the following business and commercial purposes:

Business PurposesCommercial PurposesNegotiate, conclude, and perform contracts with vendors;Manage our accounts and records;Operate our Services, including through the use of analytics software;Communicate with individuals that are, or who represent, customers, vendors, or web users related to transactions;Protect our rights and interests;Ensure the security of our website, App, Services and other assets;Legal and regulatory compliance and internal control evaluations and audits (including where conducted by our internal and external audit service providers);Obtain legal advice, including for legal proceedings and litigation and also in connection with the sale, purchase or merger of a business;To provide the products, information and services you request; For security, credit or fraud prevention purposes; To provide you with effective customer service; To contact you with information and notices related to your use of our Services; To improve the content, functionality and usability of our Services; To improve our products and services; andFor any other purpose identified in an applicable Privacy Notice or other agreement between us and you.Advertising, marketing, and public relations (including direct marketing);Market research and competitor analysis;To display personalized advertising when you visit our website, App or a third party website; To contact you with special offers, such as new products and contest, and other information we believe will be of interest to you;To invite you to participate in surveys and provide feedback to us; To better understand your needs and interests; andTo improve our marketing and promotional efforts.

YOUR VIRGINIA PRIVACY RIGHTS

As a Virginia resident, you have the right to request: (i) deletion of your Virginia Personal Information; (ii) correction of inaccurate Virginia Personal Information; and (iii) that we confirm whether we have Virginia Personal Information and, if we do, provide access to that Virginia Personal Information that we collect about you (unless an exception applies).

EXERCISING YOUR RIGHTS

If you are a Virginia resident and wish to request the exercise of these rights as detailed above or have questions regarding the Virginia Personal Information collected or shared with third parties, please contact us at support@thronelabs.co. When submitting your request, please include the specific nature of your request, referencing “Your Virginia Privacy Rights,” as well as your first and last name, email address, and zip code or mailing address. We may apply any exceptions or other conditions available under law when responding to access, correction, deletion, or other requests. We will generally fulfill requests for access, correction, and deletion within 45 days of receiving a valid verified request. We may extend the response time by another 45 days by notifying the individual of the time extension.

AUTHORIZED AGENTS

To the extent that you elect to designate an authorized agent to make a request on your behalf, the authorized agent must provide appropriate documentation to verify the agent’s identity. We cannot respond to your request or provide you with personal information if we cannot both verify your identity or authority to make the request and confirm that personal information we have relates to you. If you are an agent submitting the request on behalf of a Virginia consumer, please contact us at support@thronelabs.co.

ADDITIONAL INFORMATION FOR EEA+ USERS

This Supplemental EEA+ Privacy Notice applies if you are located in, or resident of, the European Economic Area, the United Kingdom, or Switzerland.

DATA CONTROLLER AND DATA PROCESSOR

For purposes of the Services, you are the data controller, and we are the data processor.

CATEGORIES OF PERSONAL DATA, PURPOSES OF PROCESSING AND SOURCE

See “Information we collect” and “how we use the information we collect” for categories of personal data that we collect, for the purposes we may process your personal data and, if applicable, the source from which the personal data originated.

SPECIAL CATEGORIES OF DATA

Special categories of personal data include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health, data concerning an individual’s sex life or sexual orientation, genetic data, and biometric data processed for the purpose of identifying an individual. We do not collect any special categories of data.

LAWFUL BASES FOR PROCESSING

We rely on the following legal bases to process personal data of yours that does not fall within special categories, as appropriate:

• According to your consent per Article 6(1)(a) GDPR (“Consent Legal Basis”)
• Necessary for us to perform a contract with you or to take steps at your request prior to entering into a contract per Article 6(1)(b) GDPR (“Contract Performance Legal Basis”)
• Necessary for us to comply with an applicable legal obligation per Article 6(1)(c) GDPR (“Legal Obligations Legal Basis”)
• Necessary in order to protect the vital interests of the data subject or another natural person per Article 6(1)(d) GDPR (“Vital Interests Legal Basis”), or
• Necessary for us to realize a legitimate interest based on an assessment of that interest and your privacy and other fundamental interests per Article 6(1)(f) GDPR (“Legitimate Interest Legal Basis”), where the legitimate interests could be in particular:
  • open, maintain, administer, and manage profiles and accounts for registered users;
  • ensuring internal quality control and safety;
  • improving our Services;
  • managing and conducting our relationships with third parties in a business or professional capacity;
  • managing and administering our business;
  • debugging to identify and repair errors with the Services;
  • enforcing our agreements and policies;
  • detecting security incidents;
  • protecting against malicious, deceptive, fraudulent or illegal activity; and
  • prosecuting those responsible for that activity; ensuring internal quality control and safety; protecting your safety or vital interests, or the safety or vital interests of others.

We rely on the following legal bases to process personal data which falls within special categories:

• Pursuant to your explicit consent
• Necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent

If we rely on your consent, you can withdraw your consent at any time with future effect by contacting us at the contact details listed below. For additional details regarding the lawful bases of processing your personal data specifically, please contact support@thronelabs.co.

CATEGORIES OF RECIPIENTS

See “how we share the information we collect” for information on the categories of recipients that we may share your personal data with.

INTERNATIONAL DATA TRANSFERS

By using the Services, personal data will be stored within the United States, where privacy rules differ and may be less stringent than those of the country in which you reside. We may transfer personal data to recipients located in countries for which the European Commission has not issued an adequacy decision in respect of the level of data protection.

We take measures to ensure that recipients in other jurisdictions provide an adequate level of data protection, for example, including by implementing EU standard contractual clauses and equivalent measures. You can receive more information on the measures we take by contacting us at the contact details listed below.

YOUR CHOICES

There is no law or contract between you and us stating that individuals in the EEA, UK, or Switzerland have to use our Services. We may ask you to provide your phone number and location information to verify your eligibility to receive certain Services from us. In some cases, we cannot provide the Services to you unless you provide such information. You do not have to consent to our use of personal data for advertising purposes. If you do not allow us to collect the data we automatically collect from users of our Services, particularly via the App, some of our Services may not work properly or be as tailored to you as they could otherwise be, but they will still generally be usable via the Texting Service or Tap Card.

To the extent that you have given consent, you can withdraw your consent at any time with future effect by contacting us as described below. Such a withdrawal will not affect the lawfulness of the processing prior to the withdrawal of consent.

YOUR RIGHTS

In the EEA, Switzerland and the UK you have the following rights relating to your personal data, subject to the conditions under the GDPR and/or applicable local data protection law:

1. Right to request access to personal data: You have the right to obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to that personal data and details about how we process your personal data, including the categories of personal data processed, the purpose of the processing and the recipients or categories of recipients, the existence of automated decision-making, including profiling and you have the right to obtain copies of the personal data. However, this is not an absolute right and the interests of other individuals may restrict your right of access.
2. Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. Right to erasure (right to be forgotten): You have the right to ask us to erase your personal data.
4. Right to object: Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time, to the processing of your personal data, including profiling, by us. This includes the right to object to our processing of your personal data where we are pursuing our legitimate interests or those of a third party. If we process your personal data based on our legitimate interests or those of a third party, you can object to this processing, and we will cease processing your personal data, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.

Moreover, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your personal data will no longer be processed for such purposes by us.

1. Right to restriction of processing: In limited circumstances, you have the right to request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
2. Right to data portability: You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us.
3. You also have the right to lodge a complaint with a supervisory authority (only for EEA and UK).
4. In some jurisdictions such as France, if applicable pursuant to local law, you also have the right to provide us with guidelines as to the processing of your personal data after your death.

You can exercise your rights by contacting us at support@thronelabs.co.

You may view a list of supervisory authorities in the EEA, UK and Switzerland and their respective contact information here (however, you have the right to lodge a complaint in the Member State of your habitual residence, place of work or an alleged infringement of the GDPR):

Jurisdiction

Data protection authority’s website

‍EEA: https://edpb.europa.eu/about-edpb/board/members_en

‍United Kingdom: https://ico.org.uk/global/contact-us/

‍Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

CONTACT US

If you have any questions, comments, or concerns about our processing activities, please email us at support@thronelabs.co or write to us at 3415 Windom Rd. Brentwood, MD 20722.

‍