Your Privacy Rights

Privacy Policy

Effective Date: February 26, 2026
Last Updated: February 26, 2026

This privacy policy (“Privacy Policy”) describes how Redo Tech Inc. (“Redo,” “we,” “our,” or “us”) collects, uses, processes, retains and discloses personal information about you and your data privacy rights. Personal information has different meaning depending on applicable privacy laws. However, in its broadest terms, it means any information that directly or indirectly identifies you or is reasonably capable of being associated with you or, in some cases, your household. Personal information does not include information about organizations, or anonymized data that is not capable of identifying you.

We will only collect, use, process, retain, and disclose personal information as described in this Privacy Policy. If required, Redo will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For more information about exercising your privacy rights, see the Your Privacy Rights section below.

This Privacy Policy applies to the Redo website located at https://www.getredo.com/ and Redo application found at https://app.getredo.com/. The use and access of Redo’s website and application, including the features generally made available by Redo from time to time, shall be collectively referred to as the “Services.” This Privacy Policy also applies to personal information we collect from: (1) merchants who install the Redo application on their ecommerce websites, apps or other platforms (“Merchants”); (2) consumers who use Redo’s Services directly or via Merchants’ websites, apps or other platforms (“Consumers”); (3) our business-to-business contacts who provide services to Redo, such as partners, service providers or contractors (“B2B Contacts”); and (4) individuals who otherwise interact with us on the Redo application, website, and/or through third-party websites.

We may provide different or additional notices of our privacy practices with respect to other personal information collection practices not within the scope of this Privacy Policy, in which case this Privacy Policy will not apply. For example, this Privacy Policy does not apply to employees or job applicants. If you are an applicant or employee, please contact us for more information on how your personal information may be handled.

We will comply with applicable privacy laws when using your personal information. The privacy laws affecting your personal information will depend on the country you are a resident in. For example, the General Data Protection Regulation (“EU GDPR”) applies to individuals residing in the European Economic Area (“EEA”), or the “UK GDPR” in the UK.

We may also change this Privacy Policy from time to time to reflect changing legal, regulatory or operational requirements. If we make changes, we will notify you by revising the date at the top of this Privacy Policy. We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you. Depending on applicable law, your continued use of the Services after we make changes constitutes deemed acceptance of these terms.

I. Collection and Use of Your Personal Information

This notice describes how we collect, use, and disclose personal information we collect from or about you.

1. Personal Information You Provide to Us

We collect personal information you provide directly to us. For example, we collect personal information directly from Merchants who register to use our application on their ecommerce websites, B2B Contacts when we conduct business dealings with them, and generally from individuals who respond to our inquiries, surveys, communications, offers, or marketing. The types of personal information that we may collect varies depending on how you interact with us:

Merchants. If you are a Merchant who signs up for a demo or our Services, you may provide us with your name and business contact information (e.g., company name, business email, phone number and address). We use this information to set up your account, verify your identity, contact you and otherwise provide customer service. We may also collect video and/or audio recordings during any recorded business meetings (which are recorded with your consent where required by law). We may also collect feedback you provide to us, in order to help us improve our Services. Redo does not access Merchants’ sensitive financial information, such as financial account, debit card, or credit card information. However, when subscribing to our Services, Merchants may transmit such information to third parties, such as banks, processing gateways, and merchant processors, in order to process transactions and payments.
B2B Contacts. If you are a B2B Contact of Redo, you may provide your name and business contact information (e.g., company name, business email, phone number and address). We use this information to communicate with you in order to facilitate our business relationship.
Other individuals who communicate with us. When you communicate with us, we will collect your messages and relevant contact information in order to respond to your questions or comments.

2. Personal Information We Collect Automatically

We and our third-party providers automatically collect certain personal information about your interactions with us or our Services. We collect this information using cookies and similar tracking technologies (such as web beacons and SDKs). This information includes internet or other electronic network activity information, IP address, unique personal identifiers, and other similar identifiers.

Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons (also known as “pixel tags” or “clear GIFs”) are electronic images that we use on our Services and in our emails to help deliver cookies, count visits, and understand usage and campaign effectiveness.

If you are a Consumer, we and our third-party providers may collect data through cookies and other tracking technologies when you visit a Merchant’s website, app or platform, or interact with Merchant emails or SMS messages with our tracking features enabled.

We use information collected via cookies for various purposes, including:

To personalize and improve your experience on our Services;
To monitor and analyze trends, usage, and activities in connection with our Services; and
To personalize the advertisements you see when you use our Services.

For more information on our use of cookies and other tracking technology, please see our Cookie Policy. For more information on how to disable cookies, see Your Choices About Cookies below.

3. Personal Information We Collect From Other Sources

We obtain personal information from other sources. For example, we may collect information from advertising networks, data analytics providers, operating systems and platforms, mailing list providers, social networks, and other advertising partners. This information includes your contact information (website only) and usage data collected through cookies and other trackers on our website and Redo application described in our Cookie Policy. We may also obtain personal information about you from third-party fraud-detection service providers. This information includes contact information and prior transaction history across other businesses. We use this personal information to inform Merchants regarding the likelihood of a transaction being fraudulent.

4. Personal Information About Consumers We Receive from or Through Merchants

We will also receive personal information from and through Merchants regarding the Consumers whom they offer their products and/or services to, including on their websites and online services. For example, when Merchants use our Email and SMS platform, they may upload Consumer contact information in order to send Consumers messages through our platform. If a Merchant uses our Claims Management product or Order Tracking product, we may receive and process communications from its Consumers related to claims and orders. We also process Consumer information in connection with our AI Sales and Support services.

Merchants are responsible for ensuring that any personal information they provide to us is in compliance with applicable privacy laws, including, but not limited to, ensuring that notice is provided to Consumers about the sharing of their personal information with us and, where applicable, obtaining appropriate consent. For example, with respect to our Cross-Merchant Data Sharing services (discussed in section II. Disclosure of Your Personal Information below), Merchants must ensure that Consumers have received appropriate notice and provided the required consent, where required by applicable privacy laws. In addition, as an independent controller of your personal information, we are providing this Privacy Policy to describe our personal information processing practices and your rights depending on your location, as described in section VIII. Exercising Your Privacy Rights below.

We may use personal information provided by Merchants in the following ways:

To facilitate Merchants’ registration for the Redo application on their e-commerce websites;
To provide order tracking, streamlined returns or exchanges, shipping, instant refund, enhanced shopping experiences, and warranty services;
To process transactions and send you related information, including confirmations, receipts, invoices, customer experience surveys, and recall notices;
To send you technical notices, security alerts, and support and administrative messages;
To respond to your comments and questions and provide customer service;
To streamline and automate sales activities and communications using our AI Sales and Support tool, and to improve the functionality and output of our AI systems for the specific Merchant;
To communicate with you about products, services, and events offered by the Merchant and provide news and information that we think will interest you (with your consent where required by law); and
To carry out any other purpose described to you at the time the information was collected.

We may also process Consumer personal information for our own purposes, including to personalize and improve your experience on the Services; to monitor and analyze trends, usage, and activities in connection with the Services; and to generate customer behavioral profiles for Consumers based on historic shopping data in order to detect potential fraudulent behavior patterns and create tailored shopping recommendations. With your consent (where required by law), we may also share Consumer personal information with other Redo Merchants in connection with our Cross-Merchant Data Sharing services (further discussed in section II. Disclosure of Your Personal Information below).

5. Personal Information We Derive

We may derive personal information or draw inferences about you based on the information we collect or receive about you. For example, we may make inferences about your approximate location based on your IP address or infer your purchasing interests, shopping habits and likelihood of fraudulent transactions based on your browsing behavior and past purchases.

6. Additional Uses of Personal Information

Our Use of Automated Decision Making: We may process Consumer personal information using automated decision making technology and profiling, and artificial intelligence (“AI”) systems, including agentic AI, to provide personalized product recommendations, for advertising and marketing purposes, to help our Merchants evaluate and facilitate returns and exchanges of products, and for fraud detection. Our AI systems operate by integrating with AI models provided by third-party foundation and large language AI model providers. While these models are not trained on your data, we may input your personal information (including shopping activity and interactions with the Merchant) into the prompts we send to our AI models, to improve the quality of output. Because of the probabilistic nature of machine learning and AI, the AI models that our systems rely on may not always be accurate. Please note that we will not use such technology to make decisions that produce legal or similarly significant effects, such as decisions that result in the provision or denial of financial and lending services, housing, insurance, education enrollment or opportunities, criminal justice, essential government services, employment or independent contracting opportunities or compensation, health care services, legal services, or access to essential goods or services or basic necessities.

In addition to the purposes described above, we may use any personal information we collect for the following purposes in accordance with applicable law:

To detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity and protect the rights and property of Redo and others;
To debug to identify and repair errors in our services;
To comply with our legal and financial obligations;
To carry out any other purpose described to you at the time the information was collected; and
For other purposes as permitted or required by law.

In the EEA and UK, the EU GDPR and UK GDPR requires us to identify a “lawful” or “legal” basis for the processing (our use) of your personal information. The lawful bases we have identified are set out in more detail in the Summary of Prior 12-Month Personal Information Processing Activities section below.

II. Disclosure of Your Personal Information

We may disclose your personal information in the following circumstances or as otherwise described in this Privacy Policy:

Personnel. Your personal information may be accessible to personnel within Redo that have a need to process it in order to perform their duties, such as finance, sales, customer service, managers, IT and security personnel.
Vendors. We may disclose or make available your personal information to service providers, contractors, processors, and other parties who provide services to Redo, Merchants and Consumers. These vendors include:
- Customer relations management (“CRM”) software providers, who process Merchant contact information and communications in order to provide our CRM software and related services;
- Fraud prevention providers, who may process any personal information we collect in order to provide fraud detection, suppression and prevention services;
- AI system and/or model providers, who process Consumer information such as name, contact information, shopping history, and records of previous conversations with the same Merchant in order to provide processing for our AI-powered systems and services. These providers do not use this information to train their own models, but they may store logs of the data for service abuse monitoring purposes;
- Customer communication platform providers, who process Merchant communications and contact information in order to facilitate our customer communication platform (where required by applicable law, we will obtain your prior consent); and
- Bug tracking and IT service providers, who may access or process any personal information we collect in the course of providing IT and software troubleshooting services.
Cross-Merchant Data Sharing. Subject to the Merchants receiving the Consumer’s consent (where required by law), we may share a Consumer’s purchase history and behavioral information with other Merchants when the Consumer interacts with any Merchants who have deployed our Services. For example, if a Consumer purchases an item on Merchant A’s website (with Redo data sharing enabled), we may share the Consumer’s purchase history with Merchant B in order to personalize product recommendations and for detecting potential fraudulent transactions. You can opt out of the Cross-Merchant Data Sharing by clicking on the Do Not Sell or Share My Personal Information link in the footer of this website.
Transaction Processing. We may provide you access to banks, processing gateways, and merchant processors for you to provide personal information required to process transactions when using the Services (e.g., financial account, debit card, or credit card information and related billing information). Redo does not access, process or store this sensitive financial information.
Warranty Providers. We may disclose Consumer personal information to third parties who provide warranty services, in connection with our warranty services to Merchants. This information is shared only when warranties are requested by Consumers.
Shipping Providers & Carriers. We may disclose Consumer personal information, including contact information (name, phone, email, address) to third parties who provide shipping services, as needed in order to facilitate shipping products to you. These shipping providers may process this information for their own purposes in accordance with their privacy policies.
Advertising and Analytics. Information collected via cookies and other tracking technologies may be processed by our advertising and analytics partners, as described in our Cookie Policy (where required by applicable law, we will obtain your prior consent).
Legal Disclosures. We may disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by courts or public authorities to meet national security or law enforcement requirements. We may also share personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Redo, our users, the public, or others.
Advisors and Lawyers. We may disclose personal information to our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
Change of Ownership. We may disclose personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
With Your Consent. We may otherwise disclose personal information with your consent or at your direction.
Non-Personal Information. We may also disclose aggregated or de-identified information that cannot reasonably be used to identify you. When doing so, we publicly commit to maintain and use the information in an aggregated or de-identified form and not attempt to re-identify the information, unless permitted or required by law.

If you are in the United States, to learn more about the categories of personal information we may disclose, sell or share and the categories of recipients, please see the Summary of Prior 12-Month Personal Information Processing Activities and Selling or Sharing of Personal Information (United States Only) sections below.

III. Protection and Retention of Your Personal Information

We take steps to protect your personal information with appropriate physical, administrative, organizational, and technical safeguards. However, perfect security does not exist, and therefore we cannot 100% guarantee the security of your personal information.

We store personal information for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations. Specifically, we will keep the personal information of Merchants, Consumers, and B2B Contacts as long as we have a continuing relationship with them to provide or receive Services and for up to 6 years thereafter, unless we need to retain the personal information for an additional length of time under the law.

IV. Sensitive Personal Information

Under some privacy laws, certain types of personal information are considered “sensitive” or “special” personal information or data and require additional data privacy rights and obligations. Redo does not process “special” personal information under the EU GDPR and UK GDPR. However, the financial information described in this Privacy Policy may be considered “sensitive” under US privacy laws or other applicable privacy laws.

Specifically, Redo does not see any information that constitutes “sensitive” personal information or data under these laws, but you may provide to banks, processing gateways, and merchant processors your sensitive financial account, debit card, or credit card information when using our Services. Redo facilitates your provision of this information to these parties in order to provide our Services. This information may also be used to prevent, detect, and investigate security incidents, resist malicious, deceptive, fraudulent, or illegal actions and prosecute those responsible, and ensure physical safety of natural persons. Because this “sensitive” personal information is used for limited and permitted purposes, we do not offer a limit use and disclosure of sensitive personal information right. However, where required by law, we will obtain your consent before such sensitive personal information is collected. You may withdraw your consent by contacting us at privacy@getredo.com.

V. Your Choices About Cookies

Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of our Services.

If you wish to reject the use of non-essential cookies, you can also use the ‘Cookie Preferences’ banner at the bottom of our website.

VI. Children

The Services are not intended for or directed at children under the age of 18. In addition, we do not knowingly collect personal information from children under the age of 18. We also do not knowingly sell, share, use for targeted advertising, or disclose the personal information of children under the age of 18.

VII. Opt-Out Preference Signals and “Do Not Track” Requests

7. We Honor Opt-Out Preference Signals

We honor opt-out preference signals. An opt-out preference signal is a signal that is sent by a platform, technology, or mechanism on your behalf that communicates your choice to opt-out of the sharing for targeted advertisements or sale of your personal information. You can learn more about implementing opt-out preference signals here or by exploring other developing technologies and services that offer this tool. We treat opt-out preference signals as valid requests to opt-out of the sale or sharing of your personal information under privacy laws. Please note that you can also opt-out of the sale or sharing of your personal information for targeted advertising through our other methods described in the Instructions on How to Exercise Your Privacy Rights section below.

8. “Do Not Track” Requests

Some browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference to the websites you visit indicating that you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the do not track signal, we currently do not respond to the browser do not track signals. However, as noted above, we do honor opt-out preference signals.

VIII. Exercising Your Privacy Rights

9. Your Privacy Rights

a. Available to US Residents

Data privacy laws afford consumers residing in the United States certain rights with respect to their personal information, subject to certain exceptions. If you reside in the United States, this section applies to you. Subject to certain limitations, you have the following rights in the United States:

Right to Delete. You have the right to request us to delete the personal information we have collected about you.
Right to Correct. You have the right to request us to correct inaccurate personal information we maintain about you.
Right to Confirm Processing, Know, and Access. You have the right to confirm whether we are processing your personal information and to know and access the personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you. You have the right to receive this information in a format, to the extent technically feasible, that is portable, usable, and allows you to transmit the personal information to a person without impediment or hindrance.
List of Specific Third Parties. You have the right, at our option and based on the circumstances, to receive a list of the specific third parties to which we have disclosed or sold either: (1) your personal information or (2) any personal information.
Right to Opt-Out of Profiling. You have the right to opt out of the processing of your personal information for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. Please note that we do not engage in profiling activities to make decisions that result in the provision or denial of financial and lending services, housing, insurance, education enrollment or opportunities, criminal justice, essential government services, employment or independent contracting opportunities or compensation, health care services, legal services, or access to essential goods or services or basic necessities. As such, you do not need to take any further action.
Rights Related to Sharing for Targeted Advertising or Sale. You have the right to opt out of the sharing of your personal information for targeted advertising or the sale of your personal information.
Rights Related to Sensitive Personal Information or Data. Data privacy laws may provide additional protection for sensitive personal information or data. Please see the Sensitive Personal Information section above for more information.
Right to No Discrimination. You have the right not to be discriminated against for exercising any of your privacy rights. This includes us not: (a) denying you goods or services; (b) charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; (c) providing you a different level or quality of goods or services; (d) suggesting to you that you will receive a different price or rate for goods or services or a different level or quality of goods or services; and (e) retaliating against you for exercising your privacy rights.
Right to Appeal. If we decline to take action in response to your exercise of a privacy right, we will inform you of the reason for denying your request and provide you instructions on how to appeal the decision.

b. Available to UK and EEA Residents

In certain circumstances, under the EU GDPR and UK GDPR you will have the following rights:

Right to request access. This right always applies. However, there are some exemptions which mean you may not always receive all of your personal information that we process.
Right to request rectification. If your personal information is inaccurate or incomplete. This right always applies.
Right to request deletion. This only applies in certain circumstances, such as if there is no legitimate reason for its continued processing.
Right to restrict the processing. In certain circumstances (for example, if you want us to establish its accuracy or the reason for processing your personal information).
Right to object to the processing. This applies where we rely on a legitimate interest as a legal basis for processing your personal information (unless we have compelling other legitimate grounds for the processing).
Right to request a transfer. This applies to personal information which you have given to us, and you want to share it with another party. This right only applies where we rely on your consent to process your personal information as the legal basis.
Right to withdraw your consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. Please note that the withdrawal of your consent will not affect the lawfulness of any processing of personal information based on your consent before its withdrawal.

If you want to access, rectify or request deletion of your personal information, object to the processing of your personal information, request that we transfer a copy of your personal information to another party, or withdraw your consent to processing (if applicable), please contact us using the information set out below.

If you are dissatisfied with the handling of your personal information, you have a right to lodge a complaint with the data protection supervisory authority where you live. In the UK, this would be the Information Commissioner’s Office. In the EU, this would be the Irish Data Protection Commission.

c. Available to Canadian Data Subjects

If you live in Canada, you may have certain rights under Canadian privacy law (as applicable and subject to certain limitations):

Right to request access. You may request access to personal information we hold or control about you. However, there are some exemptions which mean you may not always receive all of your personal information that we process.
Right to request rectification. If your personal information is inaccurate or incomplete, you may request that it be corrected.
Right to request deletion. This only applies in certain circumstances, such as if there is no legitimate reason for its continued processing.
Right to request a portable copy. If you live in Quebec, you may have the right to request a portable copy of your personal information.
Right to withdraw your consent. Where we are processing your personal information based on your consent, you may withdraw consent at any time. Please note that the withdrawal of your consent will not affect the lawfulness of any processing of personal information based on your consent before its withdrawal.
Right to challenge compliance. You may submit a complaint about how your personal information is being handled. We will assess and investigate your complaint and make improvements to our privacy program where necessary and appropriate.

To exercise any of these rights, please contact us using the information set out below.

10. How to Exercise Your Privacy Rights

You may exercise your privacy rights by emailing us at privacy@getredo.com.

Subject to applicable laws, you may also opt-out of the sale of your personal information or sharing of your personal information for targeted advertising by clicking on the Do Not Sell or Share My Personal Information link, which can be found on the footer of this website.

In some instances, we will need to verify your identity before honoring your privacy rights request. We will verify your identity by asking you to provide personal information related to your recent interactions with us. We will honor your privacy rights request within 30 calendar days of receipt, unless a shorter period is required by applicable law, or if we request an extension as permitted by data privacy law. However, we will honor opt-out of sale and sharing requests within 15 business days. We do not need to verify your identity for opt-out of sale or sharing requests, but we may ask for additional information to find you on our services.

11. Appealing a Denial of a Privacy Right Request

You may appeal a denial of your privacy right requests by emailing us at privacy@getredo.com. Where required by applicable law, within 30 days of receipt of an appeal (or shorter period if required by applicable law), we will inform you in writing of any action taken in response to the appeal, including a written explanation of the reasons for the decisions. If we deny your appeal (or your access request where applicable), you may submit a complaint to the Attorney General of your state (US) or applicable privacy commissioner (Canada) and the Commission d’accès à l’information du Québec for Quebec individuals.

12. Authorized Agents

If permitted or required by applicable law, you may exercise your privacy rights through an authorized agent (which may include a guardian, tutor, or conservator). If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf. If you are an authorized agent seeking to make a request, please contact us at privacy@getredo.com.

IX. Additional Disclosures – United States, UK, and EEA

13. Transfers of Information to the United States and Other Countries

Redo is headquartered in the United States, and we have operations and/or service providers in the United States and other countries. Therefore, we and our service providers may transfer your personal information to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of other countries (such as in the EEA or UK). We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it. For more information on the safeguards used, see the Data Privacy Framework Notice below.

14. Summary of Prior 12-Month Personal Information Processing Activities

In the preceding 12 months, we have collected the categories of personal information set forth in the table below. For details about the precise data points we collect and the categories of sources of such collection, please see the Collection and Use of Your Personal Information section above. We collect personal information for the business and commercial purposes described in that section. In the preceding 12 months, we have disclosed the following categories of personal information for business purposes to the following categories of recipients, which we also describe in greater detail in the Disclosure of Personal Information section above:

Category of Personal Information we Collect	Business Purpose (and Lawful Basis) for Disclosure and Processing	Category of Recipients
Identifiers, such as name, email address, phone number, physical address, date of birth, IP address, unique personal identifiers, and other similar identifiers.	For performance of our contracts, or legitimate interests, including: providing our services to Merchants and Consumers; Conducting business with and receiving services from B2B Contacts; Facilitating payment and transaction processing; For warranty services; Analytics, advertising, and marketing. (Where applicable, we do this with your consent); and Legal and other purposes described in greater detail in the Purpose and Use of Personal Information section above.	Service providers, contractors, and processors, who provide services to Redo, such as shipping, CRM software, fraud prevention, AI system and model providers, customer communication, bug tracking, and other related services; Banks, processing gateways, and merchant processors; Warranty providers; and Legal and other purposes described in greater detail in the Disclosure of Personal Information section above.
Sensitive personal information, such as financial account, debit card, or credit card information.* *Please note that Redo does not see such information, but you may make this type of sensitive personal information available to banks, processing gateways, and merchant processors when receiving our services.	For performance of our contracts, or legitimate interests, including: Providing our services to Merchants and Consumers; Facilitating payment and transaction processing; and Legal and other purposes described in greater detail in the Purpose and Use of Personal Information section above.	Banks, processing gateways, and merchant processors; and Legal and other purposes described in greater detail in the Disclosure of Personal Information section above.
Characteristics of protected classifications under California or federal law, such as age.	For legitimate interests, including: Providing our services to Merchants and Consumers; Conducting business with and receiving services from B2B Contacts; Facilitating payment and transaction processing; Analytics, advertising, and marketing. (Where applicable, we do this with your consent); and Legal and other purposes described in greater detail in the Purpose and Use of Personal Information section above.	Service providers, contractors, and processors, who provide services to Redo, such as shipping, CRM software, fraud prevention, AI system and model providers, customer communication, bug tracking, and other related services; Banks, processing gateways and merchant processors; and Legal and other purposes described in greater detail in the Disclosure of Personal Information section above.
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	For performance of our contracts, or legitimate interests, including: Providing our services to Merchants and Consumers; Conducting business with and receiving services from B2B Contacts; For warranty services; Facilitating payment and transaction processing; Analytics, advertising, and marketing. (Where applicable, we do this with your consent); and Legal and other purposes described in greater detail in the Purpose and Use of Personal Information section above.	Service providers, contractors, and processors, who provide services to Redo, such as shipping, CRM software, fraud prevention, AI system and model providers, customer communication, bug tracking, and other related services; Banks, processing gateways, and merchant processors; Warranty providers; and Legal and other purposes described in greater detail in the Disclosure of Personal Information section above.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application or advertisement.	For legitimate interests, including: Providing our services to Merchants and Consumers; Conducting business with and receiving services from B2B Contacts; Facilitating payment and transaction processing; Analytics, advertising, and marketing. (Where applicable, we do this with your consent); and Legal and other purposes described in greater detail in the Purpose and Use of Personal Information section above.	Service providers, contractors, and processors, who provide services to Redo, such as shipping, CRM software, AI system and model providers, customer communication, bug tracking, and other related services; Banks, processing gateways, and merchant processors; and Legal and other purposes described in greater detail in the Disclosure of Personal Information section above.
Geolocation data, such as your physical address and approximate location based on IP address.	For legitimate interests, including: Providing our services to Merchants and Consumers; Conducting business with and receiving services from B2B Contacts; Facilitating payment and transaction processing; Analytics, advertising, and marketing. (Where applicable, we do this with your consent); and Legal and other purposes described in greater detail in the Purpose and Use of Personal Information section above.	Service providers, contractors, and processors, who provide services to Redo, such as shipping, CRM software, fraud prevention, AI system and model providers, customer communication, bug tracking, and other related services; Banks, processing gateways, and merchant processors; and Legal and other purposes described in greater detail in the Disclosure of Personal Information section above.
Audio, electronic, visual, or similar information, such as video/audio recordings of business meetings.	For performance of our contracts, or legitimate interests, including: Providing our services to Merchants; Conducting business with and receiving services from B2B Contacts; and Legal and other purposes described in greater detail in the Purpose and Use of Personal Information section above.	Audio and video communication services providers; and Legal and other purposes described in greater detail in the Disclosure of Personal Information section above.
Professional or employment-related information, such as your title and company you work for.	Conducting business with and receiving services from B2B Contacts; Analytics, advertising, and marketing. (Where applicable, we do this with your consent); and Legal and other purposes described in greater detail in the Purpose and Use of Personal Information section above.	Service providers, contractors, and processors, who provide services to Redo, such as CRM software, customer communication, and bug tracking; and Legal and other purposes described in greater detail in the Disclosure of Personal Information section above.
Inferences from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, predispositions, and behavior, such as interests and purchasing habits.	For legitimate interests, including: Providing our services to Merchants and Consumers; Conducting business with and receiving services from B2B Contacts; Analytics, advertising, and marketing. (Where applicable, we do this with your consent); and Legal and other purposes described in greater detail in the Purpose and Use of Personal Information section above.	Service providers, contractors, and processors, who provide services to Redo, such as shipping, CRM software, AI system and model providers, fraud prevention, customer communication, and bug tracking; and Legal and other purposes described in greater detail in the Disclosure of Personal Information section above.

Below, we describe the categories of personal information we may sell or share for targeted advertising currently and in the preceding 12 months. We also describe the third parties who received or may receive the personal information and the business or commercial purpose for the sale or sharing. We do not knowingly sell or share the personal information of children under the age of 18, and have not done so in the prior 12 months.

Category of Personal Information	Sold or Shared	Category of Third Party	Business or Commercial Purpose for Sale or Sharing
Identifiers, such as name, email address, phone number, physical address, date of birth, IP address, unique personal identifiers, and other similar identifiers.	This category of personal information may be sold or shared.	We may have shared or sold such personal information with third party advertising, marketing, AI system and model, and cookie providers, and with merchants interested in marketing their products and services to you and for fraud detection.	We may have disclosed this category of personal information to provide advertising and marketing services and for fraud detection purposes.
Characteristics of protected classifications under California or federal law, such as age.	This category of personal information may be sold or shared.	We may have shared or sold such personal information with third party advertising, marketing, AI system and model, and cookie providers, and with merchants interested in marketing their products and services to you and for fraud detection.	We may have disclosed this category of personal information to provide advertising and marketing services and for fraud detection purposes.
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	This category of personal information may be sold or shared.	We may have shared or sold such personal information with third party advertising, marketing, AI system and model, and cookie providers, and with merchants interested in marketing their products and services to you and for fraud detection.	We may have disclosed this category of personal information to provide advertising and marketing services and for fraud detection purposes.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application or advertisement.	This category of personal information may be sold or shared.	We may have shared or sold such personal information with third party advertising, marketing, AI system and model, and cookie providers, and with merchants interested in marketing their products and services to you and for fraud detection.	We may have disclosed this category of personal information to provide advertising and marketing services and for fraud detection purposes.
Geolocation data, such as your physical address and approximate location based on IP address.	This category of personal information may be sold or shared.	We may have shared or sold such personal information with third party advertising, marketing, AI system and model, and cookie providers, and with merchants interested in marketing their products and services to you and for fraud detection.	We may have disclosed this category of personal information to provide advertising and marketing services and for fraud detection purposes.
Inferences from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, predispositions, and behavior, such as interests and purchasing habits.	This category of personal information may be sold or shared.	We may have shared or sold such personal information with third party advertising, marketing, AI system and model, and cookie providers, and with merchants interested in marketing their products and services to you and for fraud detection.	We may have disclosed this category of personal information to provide advertising and marketing services and for fraud detection purposes.

16. Shine the Light Disclosure for California Residents (United States Only)

California law permits residents of California to request certain details about how their information is shared with third parties for direct marketing purposes. If you are a California resident and would like to make such a request, please contact us at privacy@getredo.com.

17. Data Privacy Framework Notice

As a supplement to the information provided throughout this Privacy Policy, we provide the following information as a notice in accordance with our obligations as a participating organization under the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF.

Redo complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Redo has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the EU-U.S. DPF Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit the Data Privacy Framework website.

This Privacy Policy describes our privacy practices with respect to personal data received from the European Union and from the United Kingdom (and Gibraltar) in reliance on the DPF, including the types of personal data we collect, our purposes for collecting and using personal data, the types of third parties to whom we disclose personal data, and our purposes for disclosing personal data to third parties.
You have the right to access, correct, amend, or delete your personal data, and the choice to opt out of us disclosing your personal data to a third party or using your personal data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. If you have any questions, concerns, or complaints, you can contact us at privacy@getredo.com.
Redo may transfer personal data for the purposes described in this Privacy Policy to a third party acting as a controller or as an agent. If we intend to disclose personal data to a third party acting as a controller or as an agent, we will comply with the “Accountability for Onward Transfer” principle as detailed on the DPF website. We remain responsible for the processing of personal data received from the European Union and from the United Kingdom (and Gibraltar) in reliance on the DPF and subsequently transferred to a third party acting as a controller or as an agent if the third party processes such personal data in a manner inconsistent with the DPF.
The Federal Trade Commission has jurisdiction over Redo’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. In certain situations, Redo may be required to disclose personal data received under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
This Privacy Policy may be amended consistent with the requirements of the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. When we update this Privacy Policy, we will also revise the “Last Updated” date at the top of this Privacy Policy.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Redo commits to resolve DPF Principles-related complaints about our collection and use of your personal data. EU and UK individuals with inquiries or complaints should first contact Redo at privacy@getredo.com.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Redo commits to refer unresolved complaints to TrustArc, an independent dispute resolution provider based in San Francisco, California. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://feedback-form.trustarc.com/watchdog/request for more information or to file a complaint. The services of TrustArc are provided at no cost to you.
For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in Annex I of the DPF program: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

X. Additional Disclosures – Canada

18. Transfer of Personal Information Outside of Canada

Please note, personal information transferred outside of Canada may be accessible to lawful orders from foreign courts, law enforcement and national security entities. If you are located in Quebec, your personal information may be communicated outside of Quebec. If you are located in Alberta and you have any questions, or wish to receive further written information about our policies and practices with respect to service providers or affiliates outside of Canada, please contact our Privacy and Security Team at privacy@getredo.com.

19. Roles and Responsibilities Within Redo

Our Chief Technology Officer has overall responsibility for our compliance with applicable privacy laws. However, certain functions have been assigned to:

Our Head of Security and Infrastructure, including responsibility for the day-to-day administration and implementation of our privacy program, such as developing and delivering privacy training to relevant personnel, establishing and publishing relevant policies and procedures, investigating and responding to complaints and potential violations of our privacy policies or relevant laws, responding to requests from individuals to exercise their rights under applicable privacy laws, and regularly reviewing and identifying opportunities to improve our privacy program. Our Head of Security and Infrastructure is also responsible for managing our written information security program, assisting with breach prevention, response and containment, and evaluating and implementing information security controls.
In addition, all personnel are responsible for: protecting the confidentiality and security of any personal information they handle in connection with their employment or engagement; following our security measures and policies and procedures for handling personal information; refraining from any unauthorized access, use or disclosure of personal information; facilitating data subject requests; and reporting security or confidentiality incidents.

XI. Google Workplace API and Other Disclosure

Please note that for purposes of Google Workplace API, our application will not retain user data obtained through Workplace API to develop, improve, or train generalized artificial intelligence and/or machine learning models. In addition, Redo does not sell Google’s user data to third parties.

XII. Contact Us

If you have any questions about this Privacy Policy, please contact our Privacy and Security Team at privacy@getredo.com.

Our representative in the UK is GDPRLocal Ltd., 1st Floor Front Suite 27–29 North Street, Brighton England BN1 1EB (Email: contact@gdprlocal.com, Telephone: 441 772 217 800).

Our representative in the EU is Instant EU GDPR Representative Limited, Office 2, 12A Lower Main Street, Lucan Co. Dublin K78 X5P8 Ireland (Email: contact@gdprlocal.com, Telephone: 353 15 549 700).