Effective Date: 17 April 2025

This Privacy Policy (“Policy”) describes how Samesum LLC, a Utah limited liability company, and Samesum Pty. Ltd., a private company limited by shares incorporated in Hong Kong SAR (collectively, “Samesum”, “Company”, “we”, “our”, or “us”) collect, use, store, transfer, and disclose personal information in the course of providing our services, including on our websites, platforms, applications, and in any business dealings.

By accessing our services, submitting information to us, or otherwise interacting with us, you consent to the practices described herein, to the extent permitted by applicable law.

Scope

This Policy applies to all personal information processed by Samesum in the course of its business operations, including through our U.S. and Hong Kong entities. This Policy is intended to comply with applicable privacy laws in the jurisdictions in which we operate, including but not limited to:

• The California Privacy Rights Act (CPRA)

• The Virginia Consumer Data Protection Act (CDPA)

• The General Data Protection Regulation (GDPR)

• The Personal Information Protection and Electronic Documents Act (PIPEDA)

• The Personal Data (Privacy) Ordinance (PDPO) of Hong Kong

Information We Collect

Samesum collects the following categories of personal information:

Information You Provide

• Identity Data: Full name, job title, employer, and other identifiers

• Contact Data: Email address, mailing address, phone number

• Account Data: Login credentials, authentication information

• Payment Data: Billing address, transaction details (processed via third-party providers)

• Communications Data: Information disclosed in service requests, chats, or forms

Information Collected Automatically

• Technical Data: IP address, browser type, operating system, device identifiers

• Usage Data: Clickstream behavior, pages visited, session duration, interaction metrics

• Cookies and Tracking Data: As described in Section 10

Information from Third Parties

We may obtain personal data from authorized partners, integrations, or publicly available sources, consistent with applicable law.

Purposes for Processing

We process personal information for the following lawful purposes:

• To provide and manage access to our services and features

• To fulfill contractual obligations to clients and partners

• To respond to inquiries, support requests, and customer feedback

• To manage billing and invoicing

• To detect, investigate, and prevent fraud or illegal activity

• To comply with regulatory obligations, subpoenas, or court orders

• To conduct analytics, audits, and product improvement

• To send service-related updates, marketing communications (where legally permitted), and operational notices

Legal Bases for Processing (GDPR / UK GDPR)

Where required under GDPR, we rely on the following legal grounds:

• Consent (Art. 6(1)(a))

• Contract performance (Art. 6(1)(b))

• Legal obligation (Art. 6(1)(c))

• Legitimate interests (Art. 6(1)(f)), provided such interests are not overridden by your fundamental rights and freedoms

Data Sharing and Transfers

We may disclose personal information to:

• Affiliates and subsidiaries (including cross-border between U.S. and Hong Kong)

• Cloud service providers, hosting partners, CRM platforms, analytics vendors, and payment processors

• Legal counsel, auditors, and professional advisers

• Law enforcement agencies, regulators, or courts as required by law

Where required, we enter into appropriate data processing agreements (DPAs) and Standard Contractual Clauses (SCCs) to ensure protection of data in cross-border transfers, particularly between the EEA and third countries (including the U.S. and Hong Kong).

Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, including for legal, regulatory, contractual, and operational purposes. Retention periods vary based on the nature of the data and our legal obligations. Upon expiry of the applicable retention period, data will be securely deleted or anonymized.

Data Subject Rights

Subject to local laws, you may have the following rights:

Under GDPR (EU/UK):

• Right to access

• Right to rectification

• Right to erasure (“right to be forgotten”)

• Right to restriction of processing

• Right to data portability

• Right to object

• Right to lodge a complaint with a supervisory authority

Under CPRA (California):

• Right to know the categories and specific pieces of personal data collected

• Right to delete personal information

• Right to correct inaccurate personal information

• Right to opt-out of the sale or sharing of personal information

• Right to limit use of sensitive personal information

• Right to non-discrimination for exercising your rights

To exercise your CPRA rights, email privacy@samesum.com with the subject: “California Privacy Rights Request.”
We do not sell your data as defined by CPRA.

Under CDPA (Virginia):

• Rights to access, correct, delete, and obtain a copy of personal data

• Right to opt-out of targeted advertising or profiling

• Right to appeal denied requests

Under PIPEDA (Canada):

• Right to access your personal information

• Right to challenge accuracy and completeness

• Right to withdraw consent, where applicable

• Right to file a complaint with the Office of the Privacy Commissioner of Canada

You may exercise these rights by submitting a verifiable request to privacy@samesum.com. We may require identity verification before fulfilling such requests.

Data Security

We implement reasonable technical and organizational safeguards to protect personal data, including but not limited to:

• Encryption at rest and in transit

• Access control and authentication procedures

• Routine vulnerability assessments

• Vendor risk management for subprocessors

Despite these measures, no system can guarantee absolute security. Users are encouraged to take individual precautions when transmitting data online.

Children’s Data

Our services are not intended for individuals under the age of 13 (or 16 in jurisdictions where required). We do not knowingly collect data from minors. If you believe a child has submitted personal data, please contact us immediately.

Cookies and Tracking Technologies

We use cookies, pixels, and similar tracking technologies to enhance functionality, perform analytics, and deliver targeted advertisements (where permitted).

Types of Cookies Used

• Strictly Necessary Cookies – Required for platform operation

• Performance Cookies – Used for analytics and reporting

• Functional Cookies – Enable personalization

• Advertising Cookies – Support ad delivery and retargeting

You may control cookies via your browser settings or through our cookie consent banner.

Cookie Consent Banner

Our website uses a compliant cookie banner and consent management platform (“CMP”) to:

• Obtain explicit consent for non-essential cookies

• Allow granular selection by cookie category

• Respect browser-level “Do Not Track” signals and Global Privacy Control (GPC), where supported

• Log user consent in accordance with GDPR, ePrivacy, and CPRA standards

You may update your cookie preferences at any time via the CMP interface.

Changes to This Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in law or business practices. Material changes will be communicated via email or prominent website notice. Continued use of our services constitutes acceptance of any updates.

Contact Us

If you have questions, concerns, or wish to exercise your privacy rights, please contact:

Samesum LLC
250 Broadway, Unit 618
Long Beach, CA 90805
Email: privacy@samesum.com

Samesum Pty. Ltd.
The Center
99 Queen’s Road Central
Hong Kong SAR
Email: privacy@samesum.com