Runtime Privacy Policy

Runtime Labs provides infrastructure and tools for a private, user-controlled timeline of scheduled events and model conversations. The system organizes natural-language interactions and contextual information by time and location to support scheduling, event creation, and personal organization.

We design Runtime around a few core principles:

• User ownership and control
  You own the User Content you store in Runtime—your events, notes, uploads, and model conversations—as described in our Terms of Service. You can create, edit, and delete your content and manage connected services and settings, and we use your data only as described in this Privacy Policy to operate and improve the Service.
• Opt-in integrations only
  Connections to third-party services are always optional and require your explicit action. We only access the minimum data needed to provide the integration, and you can disconnect at any time.
• No advertising or resale of personal data
  We do not sell your personal data or use it for third-party advertising or marketing.
• Model training only with explicit consent
  We do not use your User Content to train or fine-tune models for ourselves or others unless you give explicit, informed opt-in consent under a separate setting or agreement.
• Security and minimization by design
  We aim to collect and retain only what is needed to operate and improve the Service, protect the platform, and meet legal obligations, and we apply strong technical and organizational safeguards to the data we do process.

This philosophy should be read together with the rest of this Privacy Policy and our Terms of Service, which describe in more detail how we handle User Content, Output, Service Data, and De-identified Data.

This includes information you enter or upload when using the Service, such as:

• Account information (email, display name, authentication data)
• Event data (titles, descriptions, times, locations, attendees)
• Notes and documents
• Uploaded files (images, attachments, other media)
• Prompts and conversations

When you use Runtime, we automatically collect certain technical and usage information, including:

• Device and log information (IP address, browser type, operating system, timestamps)
• Usage data (features you interact with, views, clicks, performance metrics, errors)
• Basic configuration data (timezone, language, display preferences)

We use this information to operate, secure, and improve the Service.

If you choose to connect third-party services, we may receive limited information from those services as needed to provide the integration. We will always explain:

• what we access,
• how we use it, and
• how you can disconnect.

We do not connect to any third-party services without your action and consent.

We use cookies and similar technologies to:

• keep you signed in,
• remember preferences (such as timezone or view settings), and
• understand how the Service is used, including aggregate usage and performance.

More detail on the types of technologies we use and your choices (including browser controls and opt-outs) will be provided in a dedicated cookies section or in a separate cookie notice where required by law.

For privacy purposes, we treat the following as model interaction data:

• the prompts and messages you send when using 's AI features
• any Output you receive from those features (model-generated text, suggestions, summaries, etc.); and
• the event, note, or document context that you choose to include or that is attached to a particular interaction (for example, when you ask a model to rewrite a note or suggest times for an event).

Prompts, context, and Output may be "personal data" when they relate to you or can reasonably identify you.

When you create notes, documents, or events in Runtime:

• the underlying content (titles, descriptions, note text, attachments, etc.) is stored on infrastructure controlled by Runtime Labs as part of your User Content;
• we store this content so that you can revisit it later, attach it to events, and use it as context for language model interactions if you choose; and
• notes and documents that you create and save are not automatically shared with third-party model providers. They are stored and managed within Runtime Labs' systems, subject to the protections described in this Privacy Policy.

If you insert model Output into a note (for example, by accepting a suggested summary), that text originated from a third-party model provider but is stored going forward as part of your User Content in Runtime.

When you use AI-Assisted Features, we may send certain data to third-party model providers solely to generate the Output you requested. This may include:

• the prompt or question you type;
• limited context from the relevant event, note, or conversation (for example, the text you highlight, a description of the event, or recent messages in that thread); and
• technical metadata necessary to provide the feature (such as language, formatting options, or system-level instructions).

We do not send your entire account history or your full notes database by default. We only transmit the portion of content reasonably needed to fulfill the specific request.

We contractually require third-party model providers:

• to use this data only to perform the services we request on your behalf;
• not to use your User Content or prompts to train or improve their models unless you have explicitly opted in; and
• to apply appropriate security and confidentiality protections.

Details about specific providers and their roles (processor vs. controller) will be provided in our integrations or subprocessor documentation where required.

is designed to offer a time-grounded memory of your work, so we persist model interactions and related context in order to:

• show you past prompts and Output linked to a particular event or note;
• allow you to continue or refine previous conversations with AI-Assisted Features; and
• let you reuse structured context (for example, an event's date, time, or location) in future prompts.

This means that:

• prompts and Output may be stored alongside the associated event, note, or conversation;
• recent interactions may be used as context for new AI requests in the same event or note; and
• your data can make future interactions more relevant within your own account.

Where available, we provide controls that let you:

• clear or delete specific conversations or responses;
• delete notes or events (which will also remove attached model interactions, subject to backup and legal retention limits); and
• disconnect integrations that were providing additional context (such as a calendar or financial data source).

Additional details on retention and backups are provided in Section 9 (Data Retention).

To reinforce expectations:

• User-authored documents are preserved within Runtime Labs' systems and are not shared with third-party model providers unless you explicitly use a feature that operates on that content (for example, "summarize this note" or "rewrite this paragraph").
• When such a feature is used, we send only the relevant portion of the note or document as context to the model provider to generate the requested Output.
• We do not repurpose your notes or conversations for advertising, resale, or unrelated profiling.

We treat prompts, notes, and model conversations as sensitive inputs and protect them using the security measures described in Section 7 (Security Practices) (for example, encryption in transit and at rest, strict access controls, and monitoring for misuse).

Depending on your account and region, you may have additional controls over:

• whether your data may be used to improve models or features (opt-in only where applicable);
• whether certain interactions are stored in history; and
• how long particular categories of data are retained.

You can also exercise privacy rights available under applicable law (for example, access, deletion, restriction, or objection) as described in Section 8 (Your Rights and Choices) and Section 9 (Data Retention).

Wherever practical, we design Runtime so that:

• we minimize what we send to third parties;
• we store links or references (for example, a Google Maps URL) instead of copying external content into our systems when that is sufficient for the feature; and
• any deeper integrations (such as calendar sync) are opt-in only and clearly explained before you connect them.

This approach reduces the amount of personal data we hold, limits our attack surface, and gives you more control over what lives with Runtime Labs versus what remains with other providers.

If you sign in with a third-party identity provider (such as Google Sign-In):

• the provider may share with us:
  • your email address,
  • a unique identifier, and
  • basic profile information (such as display name or avatar),
  as permitted by their service and your settings.

We use this information to:

• create and maintain your account,
• authenticate you when you log in, and
• help secure your account (for example, detecting suspicious login activity).

Your use of any identity provider is also governed by its own terms and privacy policy.

As described in Section 3 (AI-Assisted Features and Output), Runtime uses third-party AI model providers to power language model interactions.

When you use these features, we may send to the model provider:

• the prompt or question you type;
• limited context from the relevant event, note, or conversation (for example, selected text or recent messages in the same thread); and
• technical metadata needed to generate a response (such as language, formatting options, or system instructions).

We do not send your entire account history or full notes database by default. We transmit only the portion of content reasonably necessary to fulfill your specific request.

We seek to ensure, through contracts and/or provider settings, that model providers:

• use this data only to perform the requested inference on our behalf;
• do not use your User Content or prompts to train or improve their models for other customers unless you have explicitly opted in; and
• apply appropriate security and confidentiality protections.

If you choose to connect a calendar, productivity tool, or other data source (for example, a future Google Calendar integration):

• we will clearly explain, at the time of connection:
  • what data we access (for example, event titles, times, attendee lists),
  • how we use that data (for example, to display your external calendar in Runtime or to create events on your behalf), and
  • how you can disconnect the integration.

Typical uses of such integrations may include:

• reading existing events from your connected calendar to display or align them with events in Runtime;
• writing new events or updates to your external calendar when you explicitly request it; and
• using limited event context as input to AI-Assisted Features, consistent with your choices.

These integrations are optional and opt-in. You can disconnect them at any time through Runtime or via the third-party provider's settings. When you disconnect, we stop accessing new data from that integration; previously synced data may remain in Runtime subject to your deletion choices and our retention practices.

Runtime may help you work with locations by:

• generating links to mapping services (for example, Google Maps),
• using location APIs to autocomplete or validate addresses, or
• displaying embedded map views within the interface.

There are two primary patterns:

1. API-based lookups (Runtime-initiated requests)
   When we call a maps or location API to autocomplete or validate an address, we may send:
   • the partial address or search query, and
   • relevant metadata (such as approximate region or language).
   We do this only as needed to provide the specific feature (for example, suggesting place names or constructing a directions link).
2. External links you open (browser-initiated requests)
   When you click an external link (such as "Open in Google Maps"):
   • your browser connects directly to that third-party service; and
   • that service may collect information according to its own terms (for example, IP address, device information, search terms).
   We may store the link itself as part of your event or note, but we do not control what those third-party services collect or how they use it.

You can choose whether to follow such links and can remove stored links from your events or notes at any time.

We use third-party providers to:

• host and operate servers and databases,
• monitor performance and uptime,
• detect abuse or security incidents, and
• understand aggregate usage patterns.

These providers may process:

• Service Data (such as IP addresses, request metadata, and error logs), and
• limited identifiers needed to operate the Service.

We do not allow these providers to use your personal data for their own advertising or for purposes unrelated to providing services to Runtime Labs.

We use your information to operate the core functionality of Runtime, including:

• creating and managing your account and authentication;
• storing and displaying your events, notes, uploads, and model conversations;
• linking conversations and content to specific times, locations, and contexts;
• processing your prompts and generating Output via AI-Assisted Features;
• applying your settings and preferences (such as timezone, language, and view options).

This generally involves processing:

• User Content (events, notes, uploads, prompts),
• Output (model-generated responses), and
• Service Data (logs, device data, configuration).

For users in the EEA/UK/Switzerland, our legal bases typically include performance of a contract (providing the Service you request) and legitimate interests (ensuring the Service functions reliably and securely).

We use certain information to understand how Runtime is used and to make it better over time, for example by:

• measuring performance and reliability;
• debugging issues and improving user experience;
• refining natural-language understanding of time, location, and events;
• designing new features and improving existing ones.

To do this, we primarily rely on:

• Service Data (usage logs, performance metrics, error reports), and
• De-identified Data (aggregated statistics, embeddings, and non-user-readable representations).

We design these processes so that De-identified Data does not expose the substance of your User Content in human-readable form. Where possible, we work with de-identified or aggregated data.

For EEA/UK/Swiss users, the legal basis is typically our legitimate interests in developing and improving the Service, balanced against your privacy rights and expectations. Where required, we will seek consent for specific uses.

We do not use your User Content to train or fine-tune models for general use unless you have explicitly opted in through a clear setting or agreement.

Runtime is built around a timeline of events and conversations. To support this, we may:

• persist prompts and Output linked to specific events, notes, or time ranges;
• surface past context (for example, prior messages or summaries) within the same event or note;
• allow you to re-invoke AI-Assisted Features over the same context (for example, to revise or extend a previous response).

This involves processing:

• User Content (your events, notes, and stored conversations),
• Output (previous model responses), and
• limited Service Data (timestamps and metadata).

We reuse this context only within your own account to make future interactions more relevant. We do not share your personal timeline or conversation history with other users.

Our legal bases here include performance of a contract (providing the continuity and context that are core to Runtime's design) and, where applicable, legitimate interests in delivering a useful, time-grounded memory experience consistent with your expectations.

You can delete events, notes, or specific conversations at any time, and we will remove or de-identify associated context subject to backup and legal retention limits.

We use your contact information and usage data to:

• send service-related messages (for example, security alerts, login notices, or system updates);
• respond to your questions, requests, or support tickets;
• send optional product updates, tips, or announcements (where permitted by law and your email preferences).

This typically uses:

• Account information (email, name),
• Service Data (usage and settings), and
• relevant User Content (if you include it in support communications).

You can manage marketing or non-essential communications via unsubscribe links or settings where available. Service-critical communications (like security notices) may still be sent even if you opt out of marketing.

We process certain data to keep Runtime and its users safe, including:

• detecting and investigating suspicious or malicious activity;
• preventing unauthorized access, spam, or abuse of AI-Assisted Features;
• monitoring for violations of our Terms of Service or Acceptable Use policies;
• protecting the rights, safety, and property of users, Runtime Labs, and the public.

This may involve:

• Service Data (IP addresses, device data, logs),
• limited User Content or Output (for example, content flagged for security review, abuse, or legal reasons), and
• De-identified Data (patterns indicative of misuse).

For EEA/UK/Swiss users, the legal bases include legitimate interests in ensuring security and preventing abuse, and legal obligations where we must comply with applicable law or requests from authorities.

We limit access to such data to authorized personnel and apply strict safeguards and logging.

We may use and retain your information as necessary to:

• comply with applicable laws, regulations, and legal processes;
• respond to valid requests from courts, regulators, or law enforcement;
• maintain business and financial records required by law;
• establish, exercise, or defend legal claims.

This may involve any relevant category of data, but we scope our processing to what is legally required.

For EEA/UK/Swiss users, the legal basis in these cases is compliance with a legal obligation or, where appropriate, legitimate interests in protecting our legal rights.

We may aggregate or de-identify personal data so that it can no longer reasonably be linked to an identifiable individual. We may use such information to:

• analyze usage trends;
• publish high-level statistics (for example, feature adoption);
• improve the design and performance of the Service; and
• conduct internal research and planning.

When we work with de-identified data, we maintain it in that form and do not attempt to re-identify individuals from it, except where required by law or for security testing.

We share personal data with third-party vendors that help us operate the Service, such as cloud hosting providers, authentication services, logging and monitoring tools, email providers, and model providers that process prompts and context on our behalf. These providers are bound by contractual obligations to process data only as instructed and to protect it appropriately.

When you use AI-Assisted Features, we may share prompts and limited context with third-party model providers solely to generate Output at your request. We require these providers not to use your User Content or Output for their own model training or for other customers, unless you have explicitly opted in, and to apply appropriate security and confidentiality safeguards.

If you choose to connect a third-party service (such as an external calendar or mapping provider), we may share or receive limited information as needed to provide that integration. Those third parties' use of your information is governed by their own terms and privacy policies. You can disconnect integrations at any time, and we strive to keep data exchange scoped to the minimum necessary.

If we are involved in a merger, acquisition, financing, reorganization, sale of assets, insolvency, or bankruptcy, personal data may be transferred to the relevant counterparty as part of that transaction, subject to appropriate safeguards and any required notices.

We may disclose information if we believe in good faith that it is reasonably necessary to comply with law, legal process, or government requests; to enforce our Terms of Service; to protect the rights, safety, or property of Runtime Labs, our users, or the public; or to detect, prevent, or address fraud, security, or technical issues.

We may share personal data with our affiliates (entities under common control with Runtime Labs) who process it in accordance with this Privacy Policy.

If you use features that let you share events, notes, or model interactions with other people or third-party apps, we will share that content in accordance with your instructions. Their use of your information will be governed by their own terms and policies.

We may share information for any other purpose disclosed to you and to which you explicitly consent.

We use a combination of application-layer controls, infrastructure safeguards, and internal processes to protect data processed by the Service, including:

• encrypted network connections;
• encrypted storage for databases and file objects;
• strict access controls and logging; and
• monitoring and incident response procedures.

However, no online service can guarantee absolute security. To the fullest extent permitted by law, we cannot and do not promise that unauthorized third parties will never be able to defeat our safeguards. Section 7.7 describes steps you should take to help protect your account and devices.

We apply encryption to data in transit and at rest:

• Encryption in transit
  Data transmitted between your device and our servers is protected using industry-standard encryption protocols (such as HTTPS/TLS), intended to reduce the risk of eavesdropping or tampering in transit.
• Encryption at rest
  Data stored by the Service — including databases and file storage for uploads and attachments — is encrypted at rest using industry-standard mechanisms provided by our infrastructure providers.
• Authentication tokens and session data
  Authentication and session data (for example, tokens used to keep you signed in) are:
  • transmitted over encrypted connections; and
  • stored using secure mechanisms appropriate for the platform (for example, HTTP-only cookies or secure storage) intended to reduce the risk of exposure.

If we introduce features that provide enhanced or end-to-end encryption for specific content types, we will describe their behavior and limitations clearly in the product and related documentation. Using such features may limit our ability to help recover data if you lose keys or credentials.

We limit internal access to personal data and User Content:

• Least-privilege access
  Access to production systems and data is restricted to authorized personnel with a legitimate operational need (for example, to maintain the Service, investigate a security incident, or comply with law). We apply role-based or equivalent access controls and follow the principle of least privilege.
• Segregation of environments
  We segregate development and test environments from production systems and avoid using live personal data in non-production environments unless necessary and appropriately protected.
• Internal policies and confidentiality
  Team members with access to personal data are subject to confidentiality obligations and are expected to follow internal security and privacy policies. We provide guidance and training on appropriate handling of user data and administrative tools.
• Limited internal use of User Content
  As described elsewhere in this Privacy Policy, we do not use your User Content for advertising or resale. Internal access to User Content is limited to purposes such as operating and securing the Service, responding to your support requests, or meeting legal obligations.

We monitor our systems for security and reliability:

• Security and audit logs
  We maintain logs of system events (for example, authentication attempts, API calls, and administrative actions) to support security monitoring, debugging, and compliance.
• Monitoring and alerting
  We use monitoring tools to help detect unusual activity, potential abuse, performance issues, and other anomalies that may indicate security or reliability problems.
• Incident response
  We maintain processes to:
  • investigate suspected security incidents;
  • contain and mitigate potential harm; and
  • take corrective action where appropriate.
  If we become aware of a data breach affecting personal data, we will:
  • investigate promptly;
  • take reasonable steps to mitigate harm; and
  • provide notifications to affected users and/or regulators as required by applicable law.

We implement backups and retention controls to support reliability while respecting privacy:

• Encrypted backups
  We maintain encrypted backups of critical systems and data to help recover from hardware failures, software defects, or other incidents.
• Retention aligned with purpose
  We retain personal data only for as long as reasonably necessary to:
  • provide and maintain the Service;
  • enforce our agreements;
  • resolve disputes;
  • protect the Service and users; and
  • comply with legal obligations,
  as further described in Section 9 (Data Retention).
• Effect of deletion on backups
  When you delete content or close your account, active copies are removed or de-identified within a reasonable period, subject to technical and operational constraints. Residual copies may remain in encrypted backups for a limited retention period, after which they are overwritten according to our backup rotation and retention schedules.

We rely on third-party providers for infrastructure, authentication, model inference, analytics, and other services, as described in Section 4 (Third-Party Services and Integrations) and Section 6 (How We Share Data).

• Vendor due diligence and contracts
  We take steps to evaluate the security practices of key providers and require them, via contract, to:
  • implement appropriate technical and organizational measures to protect personal data;
  • process data only on our documented instructions and for specified purposes; and
  • maintain confidentiality obligations for personnel with access to personal data.
• Cross-border data transfers
  Where personal data is transferred across borders (for example, to service providers in other countries), we rely on appropriate legal mechanisms, such as standard contractual clauses or equivalent safeguards, where required by applicable law.

Even when using subprocessors, Runtime Labs remains responsible for protecting personal data in accordance with this Privacy Policy and applicable data protection laws, to the extent we act as a controller or processor.

Security is a shared responsibility. To help protect your account and data, you should:

• use a strong, unique password for your Runtime account and any linked identity provider;
• enable additional security features (such as multi-factor authentication) where available;
• keep your login credentials and authentication codes confidential and do not share them with others;
• ensure that the devices and browsers you use to access the Service are kept up to date and protected with appropriate security measures (such as operating system and browser updates, and device-level access controls);
• be cautious when viewing or entering data on shared, public, or unmanaged devices; and
• promptly notify us if you suspect any unauthorized access to your account or any security incident related to the Service.

To the fullest extent permitted by law, Runtime Labs is not responsible for loss or damage arising from your failure to follow these responsibilities or to maintain reasonable security on your own devices, networks, and accounts.

"User Content" includes your events, notes, uploads, and model conversations stored in Runtime.

• While your account is active
  We retain User Content for as long as your account remains active, so that you can revisit past events and conversations and use them as context for future interactions.
• When you delete specific items
  If you delete an event, note, upload, or conversation:
  • it is removed from active use in the Service within a reasonable period, subject to technical constraints;
  • associated model interactions linked only to that item are also removed from active use, where technically feasible; and
  • residual copies may remain temporarily in encrypted backups and logs (see Sections 10.3 and 10.4).
• When you close your account
  If you request account deletion:
  • we remove or de-identify User Content associated with your account from active systems within a reasonable period; and
  • residual copies may continue to exist in backups and certain records retained for legal, security, or compliance purposes, as described below.

As defined in our Terms of Service:

• Service Data (for example, logs, device and usage information, security events)
  We retain Service Data for as long as needed to:
  • operate and secure the Service;
  • monitor performance and reliability;
  • detect, investigate, and mitigate abuse or security incidents; and
  • comply with legal and regulatory requirements.
  Where feasible, we aggregate or de-identify Service Data over time so it no longer identifies you.
• De-identified Data (for example, de-identified analytics, embeddings, and aggregate usage patterns)
  We may retain De-identified Data for longer periods to:
  • analyze how the Service is used;
  • improve features and infrastructure; and
  • support research and product development in a way that does not identify you in human-readable form.
  De-identified Data is distinct from your User Content and is not used to reconstruct the substance of your notes or events.

To support reliability and disaster recovery:

• we maintain encrypted backups of key systems and data;
• backups are kept for a limited retention window and are then overwritten as part of normal backup rotation; and
• when you delete content or close your account, active copies are removed or de-identified, but residual copies may remain in backups until those backups expire and are overwritten.

We do not restore deleted items from backups for routine requests, and backups are accessed only for limited purposes such as disaster recovery, security investigations, or legal obligations.

In some situations, we may retain certain data after you request deletion or close your account, where we have a legal or legitimate reason to do so, for example:

• records needed to comply with tax, accounting, or other regulatory requirements;
• data reasonably required to detect, investigate, or prevent fraud, abuse, or security incidents;
• logs and records needed to enforce our Terms of Service or protect the rights, property, or safety of Runtime Labs, our users, or the public; and
• information needed to resolve disputes or respond to legal claims.

Where we retain data for these purposes, we limit access and use it only for the specific reasons described above.

The retention practices described in this section should be read together with Section 8 (Your Rights and Choices):

• when you exercise your rights to delete or restrict data, we apply those requests to active systems;
• residual copies may persist for a limited period in backups and system logs; and
• we may continue to retain certain Service Data and De-identified Data in aggregated or de-identified form that no longer identifies you, consistent with this Privacy Policy.

To create an account and use Runtime, you must be at least 13 years old. If you are under the age of majority in your jurisdiction (typically 18 in the United States), you represent that you have obtained your parent's or guardian's permission to use the Service and that they have reviewed and agreed to these Terms and this Privacy Policy.

We do not knowingly collect, use, or disclose personal information from children under 13, or from children under the applicable minimum age in jurisdictions with higher age requirements (such as 16 years in certain European countries under GDPR).

If we become aware that we have collected personal information from a child under 13 (or under the applicable minimum age in your jurisdiction) without verifiable parental consent, we will:

• promptly delete the account and associated personal information;
• remove or de-identify any User Content, Output, or Service Data associated with that account, subject to legal retention requirements; and
• take reasonable steps to prevent future collection from that individual.

If you are a parent or guardian and believe that your child under 13 (or under the applicable minimum age) has provided us with personal information without your consent, please contact us immediately using the contact information in Section 13 (Contact Us). We will investigate and, if confirmed, delete the information as described above.

AI-Assisted Features in Runtime are designed for adult users and may not be appropriate for children. These features:

• may generate Output that is not suitable for children;
• process and store conversation context that may contain personal information;
• may interact with third-party model providers as described in Section 3 (AI-Assisted Features and Output) and Section 4 (Third-Party Services and Integrations).

Parents and guardians should supervise their children's use of the Service, particularly when using AI-Assisted Features, and should review any Output or content generated through these features.

If you are a parent or guardian of a child who has used the Service, you have the right to:

• review the personal information we have collected from your child (if any);
• request deletion of your child's account and personal information;
• refuse to permit further collection or use of your child's information; and
• revoke any consent you may have previously provided.

To exercise these rights, please contact us using the information provided in Section 13 (Contact Us). We may require verification of your identity and relationship to the child before processing such requests.

Runtime Labs operates the Service primarily from infrastructure located in the United States. We also have support, engineering, and other teams who may support the Service from the United States and other countries.

When you create an account and use Runtime, your personal information (including User Content, Output, and Service Data) may be transferred to, stored, and processed in the United States or other countries where our service providers operate, as described in this Privacy Policy.

By using the Service and acknowledging this Privacy Policy, you consent to the transfer of your personal information to countries outside your jurisdiction, including the United States, for the purposes described in this Privacy Policy.

We process and transfer your personal information to countries outside your jurisdiction:

• to perform our contract with you (to provide you with the Service as described in our Terms of Service);
• based on your consent (by using the Service and acknowledging this Privacy Policy);
• for our legitimate interests in operating and improving the Service; and
• as necessary to comply with legal obligations.

For users in the EEA, UK, and Switzerland, our legal basis for processing personal information is further described in Section 5 (How We Use Data).

When we transfer personal information outside your jurisdiction, we implement appropriate safeguards to protect your data, including:

• Standard Contractual Clauses (SCCs): For transfers from the EEA, UK, and Switzerland, we use the European Commission's standard contractual clauses (also known as "Model Clauses") or equivalent contracts issued by relevant UK authorities, unless the transfer is to a country that has been determined to provide an adequate level of data protection.
• Contractual protections: We require all service providers and third parties to implement appropriate technical and organizational measures to protect personal data, as described in Section 7.6 (Third-Party Security and Data Transfers).
• Technical safeguards: We apply encryption, access controls, and other security measures as described in Section 7 (Security Practices) to protect data during transfer and storage.

If you have questions about the specific safeguards we use for transfers to a particular country, please contact us using the information in Section 13 (Contact Us).

If you are located in the EEA, UK, or Switzerland, you have certain rights regarding international data transfers, including:

• the right to be informed about transfers of your personal data;
• the right to object to certain transfers where we rely on legitimate interests; and
• the right to lodge a complaint with your local data protection authority.

For more information about your privacy rights, please see Section 8 (Your Rights and Choices).