RARIby Whimzy.io

Privacy Policy

Effective Date: July 2, 2025

Whimzy LLC d/b/a RARI by Whimzy.io (“Whimzy,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal and business information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website and services, including the RARI Sound Print service, which is available at rari.whimzy.io and related whimzy.io pages (collectively, the “Platform”). It also describes your rights and choices regarding your information, in accordance with applicable privacy laws in the United States, European Union, and other international jurisdictions.

By accessing or using our Platform or services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use the Platform.

1. Scope and Applicability

This Privacy Policy applies to information we collect through: (a) our website at whimzy.io and its subdomains (including rari.whimzy.io); (b) your communications with us (such as emails, calls, or support inquiries to support@whimzy.io); and (c) your use of our products and services, including when you fill out the RARI Sound Print intake form or otherwise provide information to us as a client or prospective client.

It does not apply to any third-party websites or services that you may access through our Platform, which are governed by their own privacy policies (for example, if you make a payment, the payment processing service’s policy will apply to information you provide directly to them). We are not responsible for the privacy practices of third parties that we do not control.

If you are a resident of California, the European Economic Area (EEA), the United Kingdom, or another region with specific privacy laws, additional rights may apply to you – please see Section 9 (Your Rights) for region-specific information.

2. Information We Collect

We collect several types of information from or about users of our Platform, including:

A. Information You Provide Directly:

  • Contact Information: When you inquire about our services or create an account or place an order, we may collect personal information such as your name, business name, email address, mailing address, phone number, and job title/role. For example, if you fill out a contact form or sign up for updates, you will provide your name and email. If you register or order, we will collect your contact and billing details.
  • Intake Form Data (Business Information): As part of the Sound Print configuration and intake process, we will collect detailed information about your enterprise. This can include narrative descriptions of your brand identity, values, target audience, industry, internal culture, marketing objectives, and other strategic or creative inputs. You may also provide documents, links, or reference materials (e.g., brand guidelines, sample sounds you like, etc.). This may include sensitive or proprietary information about your business, which we understand is confidential (see Section 6 on How We Protect Your Information). While this data is about a company, it could indirectly include personal data (for instance, if you mention key individuals or share a team photo with sound preferences); any personal elements in the intake are treated as personal data under this Policy.
  • Payment Information: If you make a purchase, our third-party payment processor (e.g., Stripe) will collect your payment card details and billing information. We may receive a record of your payment transaction (e.g., your name, the amount, date, and a confirmation that payment was completed). We do not store your full credit card number or security code on our systems, but we may store your billing address or postal code as needed for transaction records and tax calculations.
  • Communications: If you email us, call us, or chat with us (if chat support is available), we will collect your name, contact information, and the content of your communication. This includes any feedback, questions, or support requests you send us. We may also keep records of our correspondence with you for quality assurance and to better service your account.
  • Other Voluntarily Provided Info: You may provide information when using certain features on our Platform, such as signing up for a newsletter, responding to a survey, participating in a promotional offer, or commenting on a blog. The specifics will depend on what you do, but could include, for example, your opinions, testimonials, or any content you choose to submit.

B. Information We Collect Automatically:

When you visit our website or use the Platform, we (or service providers acting on our behalf) may automatically collect information about your device and usage of the site via cookies, web beacons, and other tracking technologies. This information may include:

  • Technical Identifiers: IP address, device type, operating system version, browser type, and approximate location (e.g., city, region, inferred from IP).
  • Usage Data: Dates and times of access, pages viewed, links clicked, the route by which you navigated to the site (referring URL), and your interaction with our site content. For instance, we might track that a user visited the Sound Print information page and then visited the pricing page.
  • Cookies and Similar Technologies: We use cookies (small text files stored on your device) and similar technologies to remember your preferences, provide a smooth user experience, and analyze usage of our site. For example, a cookie might keep you logged in during a session or remember your language preference. For more details, see Section 7 (Cookies and Tracking Technologies).

This automatically collected data typically does not identify you by name, but it may be linked to your user account or order if you log in or submit information on our site. We use this data primarily to maintain the security and functionality of the site and to understand and improve how users interact with our Platform.

C. Information from Third Parties:

We generally collect information directly from you. However, in some cases we might receive information about you from third parties, such as:

  • Service Providers: For example, if you make a payment, the payment processor will return information to us like whether payment was successful or if any issue occurred. If we use an analytics provider or advertising partner (like Google Analytics), they may provide aggregated insights about how users find and use our site.
  • Enterprise Clients or Partners: If you are an employee or representative of a client company, it’s possible your contact details or other information were provided to us by someone else in your organization (e.g., listing you as a project contact). We treat any such information in accordance with this Policy once it’s in our possession.
  • Public Sources: We do not typically seek out personal data from public databases, but if you are a business contact we might, for instance, confirm your business contact information via LinkedIn or your company’s website for accuracy or send you a connection/request. Any such outreach will comply with applicable laws (for example, if we were to engage in B2B marketing in the EU, we’d ensure we have a lawful basis such as consent or legitimate interest and an ability for you to opt-out easily).

We do not purchase marketing contact lists from third parties, nor do we collect sensitive personal data like social security numbers, government ID numbers, or biometric data. The focus of our data collection is to support a B2B service relationship.

3. How We Use Your Information

We use the collected information for the following purposes, consistent with the grounds described (where applicable) under data protection laws like GDPR:

  • To Provide and Personalize Our Service: We use the information you provide (especially intake form data and any brand materials) to create and deliver your Sound Print and any related deliverables. This includes processing the data through our AI-powered Sonic DNA Analysis tools and our human creative team to generate a custom composition tailored to your input. Any personal or business information in the intake is used strictly for fulfilling that service (performance of a contract/legal basis). We may also use certain data to customize the user experience on our site – for example, remembering your preferences or pre-filling forms with your info when logged in.
  • To Process Transactions: We use contact and payment information to process your orders, take payment, provide invoices/receipts, and keep records of purchases (performance of contract; and compliance with legal obligations for financial record-keeping). If there are issues with payment, we use the info to contact you and resolve them.
  • To Communicate with You: We use your contact information (email, phone) to send service-related communications. This includes confirmations and updates about your order (e.g., order confirmation, intake form link, delivery notification), responding to your inquiries or support requests, and sending any critical notifications (for example, if there’s an update to these Terms or Privacy Policy, or a security alert). These communications are part of our contractual obligations and legitimate business interests in providing good customer service. If you provide a testimonial or we collaborate on a case study (with your permission), we might also communicate about that.
  • For Confidential Service Delivery: We treat your business and personal info with confidentiality. Within our team, we only share your info on a need-to-know basis to fulfill the service. For example, the sound designers working on your project will have access to your intake info, but our finance team would only access billing details. We may internally use anonymized or aggregated insights from projects to improve our creative process (legitimate interests), but we will not use or disclose any identifying details of your project to other clients or the public without permission.
  • To Improve and Innovate: We may use usage data and feedback to improve our Platform’s functionality, user interface, and services (legitimate interests in improving our business). For instance, understanding which pages users linger on or where they drop off in the order process can help us streamline the UI. We might also analyze requests and outcomes of our Sound Prints in aggregate to refine our AI algorithms or creative techniques. Important: If we ever wish to use your specific data (intake information or Sound Print output) to train our AI models beyond your individual project or to develop new product features that are not solely for you, we will either use anonymized data or obtain your consent. By default, we do NOT include your confidential business data or unique Sound Print in any general AI training sets without explicit permission. Any AI processing of your data is primarily for your project (performance of contract), and possibly for maintaining or monitoring the performance of our AI systems (legitimate interest in ensuring our tools work correctly).
  • Marketing and Updates (Opt-In): We may use your contact information to send you news about new features, services, or promotions from Whimzy that we believe may be of interest, but only if you have given us consent to do so (for example, by subscribing to a newsletter or opting in during account registration). You have the right to opt out of marketing emails at any time (each marketing email will include an unsubscribe link, or you can contact us at any time to be removed). We do not spam and we do not sell your information to third-party marketers. Marketing communications, if any, are based on consent or, in some B2B cases, our legitimate interest in staying in touch with existing customers, within legal limits.
  • Analytics and Performance: We use automatically collected data (Section 2B) to administer and protect our Platform (troubleshooting, load balancing, and security monitoring), as well as to analyze how users navigate and use our site (legitimate interests in running an efficient, secure service and improving user experience). For example, we might use Google Analytics to see aggregated statistics on page views or conversion rates. These analytics help us understand the effectiveness of our webpages and advertising campaigns (if any) so we can optimize content and offerings.
  • Legal Compliance and Security: We may use your information as necessary to comply with applicable laws and regulations (e.g., maintaining proper records for tax, accounting, and audits; responding to lawful requests by public authorities). We also process data to detect, investigate, prevent, or address fraud, abuse, security incidents, and other harmful activity (legitimate interests in protecting our business and users; and legal obligation in some cases). For instance, IP addresses and other identifiers may be used to block malicious attempts to access our systems, and we may log and review actions on the Platform to ensure integrity (e.g., ensuring terms are not violated).
  • Business Transfers: Should we (Whimzy LLC) engage in a merger, acquisition, bankruptcy, or sale of all or part of our assets, your information may be transferred to or acquired by a successor or other entity as part of that transaction. We would ensure any such entity is bound by similar privacy obligations for the information collected under this Policy. This use is based on legitimate interest in transitioning our business while maintaining protection of user data.

We will not use your personal information for purposes that are materially different, unrelated, or incompatible with those above without providing you notice and, if required by law, obtaining your consent.

4. How We Disclose or Share Information

We understand that your information, especially the enterprise data you provide for Sound Print creation, is sensitive. We share personal and business information only as necessary and with appropriate safeguards, as described below:

  • With Service Providers (“Processors”): We employ trusted third-party companies and individuals to perform certain services on our behalf in order to deliver our services effectively. These include:
    • Cloud Hosting and Storage Providers: We use secure, enterprise-grade cloud infrastructure to host our Platform and store data (including your intake information and deliverables). These providers (such as Amazon Web Services or similar) store data in data centers with high security standards. We may also use a hybrid-cloud approach for specific needs. Upon request (especially for enterprise clients needing detailed info for compliance), we can provide our Enterprise Data Sheet with specifics on data residency, security certifications, and infrastructure details. In general, our primary servers are located in the United States, but we can accommodate EU or other regional hosting if required by a client’s data residency needs.
    • Payment Processors: As mentioned, a third-party (e.g., Stripe, PayPal, or bank transfer service) will process payment transactions. These processors are PCI-DSS compliant and specialize in secure handling of payment data. They have access to the personal information needed to process payments (such as your name, card info, billing address) but are not permitted to use it for other purposes. We share only what is necessary (for example, our site might pass your name, email, and payment amount to the processor, and you enter your card on their secure iframe).
    • AI and Technical Service Providers: If our Sonic DNA Analysis uses external AI platforms or APIs, your relevant data may be processed through those services. For example, we might utilize a secure AI service to analyze text you provide (like brand descriptions) to suggest musical elements. Any AI service we use is also under strict obligations to protect your data – we use enterprise-grade AI providers which either do not store the data or use it beyond the immediate analysis, or we ensure via contract/settings that your data isn’t retained or used to train their public models. We will disclose to you upon request what AI tools are involved in your project. By default, we do not allow our AI vendors to use your data for their own purposes; it’s processed only to give us the result (e.g., a model output) for your Sound Print.
    • Email and Communications Tools: We may use email service providers (like SendGrid, Mailchimp, or Gmail/GSuite) to send notifications and communications. Those providers will handle your email address and message content under confidentiality.
    • Analytics and Tracking: We may use Google Analytics, which involves Google acting as a processor of pseudonymous data (it may set cookies and collect usage data as described in Section 2B). IP addresses are anonymized where required. You can opt out of Google Analytics as described in Section 7.

    In all cases, we share with service providers only the information necessary for them to perform their functions. They are contractually obligated to keep your information confidential and use it solely for the purposes of providing their services to us (in GDPR terms, they are Data Processors acting on our instructions). We continuously assess our vendors for strong security practices.

  • Within Our Corporate Family/Affiliates: Currently, Whimzy LLC operates RARI by Whimzy.io as a distinct brand. If we have affiliated entities or subsidiaries in the future that are involved in delivering the services or providing support, we may share information with them. Any such affiliate will abide by terms consistent with this Policy. (For example, if Whimzy LLC establishes an EU branch to better serve EU clients and host data locally, information may be transferred to that branch under appropriate data protection arrangements.)
  • With Your Consent: We will share personal information with third parties if and when you explicitly direct us to. For instance, if you request that we collaborate with a third-party agency of yours or you want us to share the Sound Print directly with another vendor (like your advertising firm), we will do so at your direction and with your consent. Another example: if we want to feature your Sound Print and brand in our marketing materials, we will only do so with your explicit approval (as mentioned in Terms of Service regarding portfolio use).
  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid legal process (e.g., a subpoena, court order, or government demand, including to meet national security or law enforcement requirements). We will evaluate each request to ensure it has appropriate legal authority, and we will strive to notify you of such requests if permissible. We may also disclose information if we believe in good faith that such action is necessary to (a) comply with laws or regulations, (b) protect or defend our rights, safety, or property, or that of our clients or others, (c) investigate fraud, security, or technical issues, or (d) enforce our Terms of Service or other agreements or policies.
  • Business Transfers: As noted earlier, if Whimzy undergoes a business transaction such as a merger, acquisition by another company, or sale of all or a portion of its assets, your information may be among the assets transferred. We will ensure that any such transfer is subject to confidentiality commitments and that the successor will continue to handle your information in accordance with this Privacy Policy (unless you are notified of changes and given an opportunity to exercise choices regarding your data).
  • De-Identified or Aggregate Data: We may share information that has been aggregated or anonymized in such a way that it cannot reasonably be used to identify you. For example, we might publish trends about how many clients in a certain industry have used our service, or overall satisfaction ratings, etc. This data would not include anything that reveals your identity or confidential info. Such sharing (for marketing or insight purposes) is not subject to restrictions because it no longer constitutes personal data or confidential info once anonymized.

No Selling of Personal Data: We do not sell or rent your personal information to third parties for their own marketing use. We also do not share your information with third parties for cross-context behavioral advertising without your consent. Any sharing that might be considered a “sale” or “sharing” under laws like CCPA (California Consumer Privacy Act) – for example, certain advertising cookie sharing – will be disclosed and managed via opt-outs. As of the Effective Date of this Policy, we do not engage in such practices.

5. International Data Transfers

We are based in the United States, and the majority of our data processing occurs in the U.S. If you are accessing our Platform from outside the U.S., please be aware that your information may be transferred to, stored on, and processed in servers in the United States or other countries. Data protection laws in these jurisdictions may be different from those in your country of residence.

For Users in the European Economic Area (EEA), United Kingdom, or Switzerland: Whenever we transfer personal data out of these regions, we will take steps to ensure appropriate safeguards are in place to protect your information, as required by the GDPR and related laws. This typically involves using European Commission-approved Standard Contractual Clauses (SCCs) or transferring data to countries that have been deemed “adequate” by the European Commission. Whimzy LLC, as a U.S. company, relies on Standard Contractual Clauses for any transfer of personal data from the EEA/UK to the U.S. and commits to upholding the principles required by European data privacy laws. If applicable and we participate in any approved frameworks (such as the EU-U.S. Data Privacy Framework, once fully in effect or any UK extension of it), we will state our compliance and provide relevant details.

You can request a copy of the relevant transfer safeguards (for example, a copy of our Standard Contractual Clauses) by contacting us at privacy@whimzy.io.

Data Residency Requests: For enterprise clients with strict data residency requirements, we offer options such as using EU-based servers or other regional infrastructure. These custom arrangements would be part of a separate agreement or data processing addendum. In all cases, no matter where data is stored, we apply the same high security standards.

Please note that by using the Platform or providing us information, you consent to the transfer of your information to the United States and potentially other countries, subject to the safeguards described above.

6. Data Security and Storage

We take data security seriously and implement a variety of technical and organizational measures to protect your personal and business information from unauthorized access, alteration, disclosure, or destruction. Given the sensitive nature of the enterprise data we handle, we treat security as a top priority, akin to an enterprise-class service:

  • Secure Infrastructure: As mentioned, we use secure cloud and hybrid-cloud infrastructure. This includes servers in reputable data centers with 24/7 security, redundant power, backup systems, and regular security audits. Our systems employ firewalls, intrusion detection systems, and monitoring to guard against unauthorized access.
  • Encryption: We enforce encryption in transit for all data you send us. This means our website and intake forms are served over HTTPS (TLS encryption) to protect data during upload. For particularly sensitive transfers (e.g., if you send us any documents), we can provide secure upload links or accept encrypted files. Additionally, we encrypt sensitive data at rest in our databases and storage (using strong encryption algorithms) wherever feasible. For example, passwords (if any accounts) are stored hashed, not in plaintext, and any sensitive personal identifiers are encrypted on disk.
  • Access Controls: Internally, we limit access to your data strictly to personnel and contractors who need it to perform their duties. Access to sensitive project data is restricted to the core team working on your Sound Print and key technical staff for maintenance. All employees and contractors are bound by confidentiality agreements. We follow the principle of least privilege, meaning each person or service is given the minimum access necessary. Administrative access to systems that contain personal data requires strong authentication (such as multi-factor authentication) and is logged.
  • Audit and Monitoring: We maintain logs of access to sensitive systems and regularly review these for any anomalies. Our team is trained to recognize and respond to security incidents. We also periodically review our security controls and policies, updating them as needed to address new threats or changes in industry best practices.
  • Testing and Assessments: We conduct periodic vulnerability scanning and apply security patches promptly on our systems. Where appropriate, we may conduct penetration testing or code reviews (especially for any custom-developed parts of our Platform) to catch and fix security issues. If we use third-party software or tools, we ensure they are up-to-date and reputable.
  • Data Retention & Minimization: We do not keep personal data longer than necessary (see Section 8 on data retention). We also minimize what data is collected in the first place – only asking for information that is pertinent to providing the service or improving the user experience.
  • Organizational Policies: Whimzy has internal policies for data protection, and we train our staff on privacy and security practices. We also have an incident response plan to handle any suspected data breaches, which includes notifying affected parties and authorities as required by law.

Despite our strong security measures, it is important to note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means and best practices to protect your personal information, we cannot guarantee absolute security. In the unlikely event of a security breach that affects your personal data, we will notify you and the appropriate authorities as required by applicable law.

By using our service, you acknowledge and accept these security measures and understand that there are inherent risks in transmitting information over the internet.

7. Cookies and Tracking Technologies

Our Platform uses cookies and similar tracking technologies to distinguish you from other users and to optimize your experience. This section explains what these technologies are and why we use them, as well as your choices for controlling them.

What Are Cookies?

Cookies are small data files placed on your browser or device when you visit a website. They allow the site to recognize your device and store some information about your preferences or past actions. Other similar technologies include web beacons (tiny graphic images embedded in emails or webpages) and local storage (which can store data in your browser similar to cookies).

Types of Cookies We Use:

  • Essential Cookies: These cookies are necessary for the Platform’s core functionality. For example, if our site has a login, an essential cookie might keep you logged in as you navigate between pages, or remember your order configuration as you go through the multi-step process. Without these cookies, services you have asked for (like remembering items in your cart) cannot be provided. These are generally first-party cookies (set by whimzy.io).
  • Analytics Cookies: We use these to collect information about how visitors use our site. For instance, we might use Google Analytics cookies to see which pages are popular or how users move through the site. The information collected is typically aggregated and not used to identify you personally. It helps us improve the site’s performance and design. Google Analytics may set cookies such as _ga (to distinguish users) and _gid (to distinguish sessions). We have configured Google Analytics to anonymize IP addresses in the EU and to not share data with Google’s other services. You can learn more about Google Analytics privacy and how to opt out at Google’s site (Google provides a browser add-on for opting out of Analytics).
  • Functional Cookies: These enable enhanced features and personalization. They may be set by us or third-party providers whose services we have added to our pages. For example, if we have a chat support widget or if we allow you to select a language preference, a cookie might remember your settings. Also, if you fill part of the intake form and come back later, a cookie might retain your inputs (for your convenience) – however, sensitive data in forms is generally not stored unless you submit it to us.
  • Advertising or Tracking Cookies: As of now, we do not host third-party advertisements on RARI by Whimzy.io that would profile you, and we don’t have third-party ad trackers. If this changes in the future (for example, if we participate in any advertising or retargeting campaigns), we will update this Policy and obtain any necessary consents. We may use our own tracking to see the effectiveness of our marketing (like if you came to us via an email campaign or partner link), but that is usually done via URL parameters rather than cookies.

Your Choices:

When you first visit our site, you may see a cookie notice or banner (especially if required by law, like in EU jurisdictions). You can choose to accept or reject non-essential cookies. Most web browsers also allow you to control cookie settings:

  • You can typically find options in your browser’s Settings to clear cookies or block cookies for certain sites or all sites.
  • You can also use “Private” or “Incognito” modes which usually do not store cookies persistently.
  • For Google Analytics specifically, you can opt-out as mentioned or use browser tools to block scripts.

Please note that if you disable or refuse cookies, some parts of the Platform may become inaccessible or not function properly (for instance, our site might not remember your cart or login status from page to page).

Do Not Track Signals:

Some browsers have a “Do Not Track” (DNT) feature that sends a signal to websites requesting not to track your activity. At this time, we do not respond differently to DNT signals. We treat all visitors according to this Privacy Policy. If standardized response and compliance mechanisms for DNT are established in the future, we will reassess our approach.

For any questions or more details about our use of cookies and tracking technologies, feel free to contact us at privacy@whimzy.io.

8. Data Retention

We will retain your personal information and the business information you provide for as long as necessary to fulfill the purposes for which we collected it, including to provide you with our services, to comply with legal, accounting, or reporting requirements, and to resolve disputes or enforce our agreements.

Here are some general retention guidelines for different categories of data:

  • Account and Contact Data: If you create an account or become a client, we will retain your account information and contact details for as long as your account is active or as needed to provide services to you. If you cease being a client or delete your account, we may still retain certain information (and archive your account) for a period of time in case you return or for record-keeping purposes, unless you request deletion (see Your Rights in Section 9). Even after account deletion, we may retain your email to ensure we don’t inadvertently contact you, if you opted out of communications.
  • Intake and Project Data: The information and materials you provide in the Sound Print intake, as well as the final deliverables (Sound Print audio files), may be retained in our secure archives. Because the Sound Print is a valuable asset for your brand, we keep a backup copy indefinitely (or until you ask us to delete it) to assist you with future needs (e.g., if you lose your copy, or if you come back for an update or related project) and for our internal reference. However, if you request us to purge this data after project completion (for confidentiality or policy reasons), we will do so, provided that we may keep a minimal record of the engagement (e.g., client name, dates, amount paid) for legal and business records. By default, we aim to retain project files for at least the duration of our relationship and a reasonable period thereafter (for example, a few years) since many clients return for new projects or updates.
  • Communications: Emails and communications with you may be kept for a period of time as necessary for our business purposes and to track our customer service history. Support inquiries may be logged; we typically retain these records for at least 1-2 years, and in some cases longer if they contain information that we might need to reference (for instance, if it relates to how a project was done).
  • Financial Records: We are generally required by law to keep transaction records (including invoices, payments, and associated client details) for a certain period (e.g., 7 years in some jurisdictions for accounting/tax records). Thus, even if you request deletion of personal data, we might retain information necessary for legal compliance (see Section 9 for more on deletion requests).
  • Analytics Data: Aggregated analytics data is typically retained indefinitely since it doesn’t identify individuals. Raw web logs or identifiable analytics might be kept for a shorter duration (perhaps 14 to 30 months in Google Analytics, for example, depending on our settings) unless needed longer for security analysis.
  • Legal Hold: If we are in a legal dispute or if the law requires, we may retain certain information for longer than our standard periods until that issue is resolved (e.g., if there’s an investigation, we’ll preserve relevant data).

After the retention period expires or the data is no longer needed, we will either securely delete or anonymize your information. Secure deletion might involve erasing electronic files via secure wiping and shredding any physical documents. Anonymization means we alter the data so that it can no longer be linked to you (e.g., aggregating it or removing personal identifiers).

If you have specific questions about our data retention practices for a particular type of data, you can contact us for more detail.

9. Your Rights and Choices

Depending on your jurisdiction and the applicable law, you have certain rights regarding your personal information. We are committed to honoring these rights and have processes in place for you to exercise them.

For Individuals in the European Union (GDPR) and Similar Jurisdictions:

If you are in the European Economic Area (EEA), United Kingdom, Switzerland, or other jurisdiction with comprehensive data protection laws, you have the following rights (subject to certain exceptions and limits):

  • Right to Access: You have the right to request a copy of the personal data we hold about you and to obtain information about how we process it. (For example, you can ask: what data do you have about me, and for what purpose?)
  • Right to Rectification: If any of your personal information is inaccurate or incomplete, you have the right to request correction or completion. We rely on you to provide accurate information, and we will promptly update details upon your request.
  • Right to Erasure (Right to be Forgotten): You can request that we delete your personal data, provided that the data is not required for us to fulfill our obligations (e.g., delivering a service you’ve paid for) or to comply with laws. For instance, if you were a client and the project is complete, you could request deletion of your account and personal details. We will do so unless we must retain certain data for legal reasons (in which case we’ll let you know).
  • Right to Restrict Processing: You can ask us to restrict or suspend processing of your personal data in certain circumstances – for example, if you contest the accuracy of the data or if you object to us processing it and we are considering your request. While restricted, we will store the data but not actively use it.
  • Right to Data Portability: For data you provided to us, which we process by automated means based on your consent or to perform a contract, you have the right to request a common machine-readable copy (for example, in CSV format) and/or have that data transmitted to another controller where technically feasible.
  • Right to Object: You have the right to object to our processing of your personal data when we do so based on legitimate interests, including any profiling based on those interests. You also have the right to object at any time to processing of your personal data for direct marketing purposes. If you object, we will cease the processing unless we have compelling legitimate grounds that override your interests or where needed for legal claims. In the context of marketing emails, an “unsubscribe” or opt-out will be honored immediately for marketing purposes.
  • Right not to be subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects or similarly significant effects. Note: Our Sound Print creation involves automated AI processing, but it does not produce legal or adverse effects on you – it produces a creative output. Additionally, human expertise is involved, so it’s not purely automated. If you have concerns about this, please let us know, but generally this right is not implicated by our service.
  • Right to Withdraw Consent: In cases where we rely on your consent (e.g., for optional marketing emails or using a testimonial), you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing done before the withdrawal.

To exercise any of these rights, please contact us at privacy@whimzy.io with your specific request. We may need to verify your identity to ensure that we do not disclose or delete data at the request of someone other than the data subject. We will respond to your request within one month, or inform you if we need an extension or cannot comply with a specific request due to a legal exemption.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. For example, if you are in the UK, that would be the Information Commissioner’s Office (ICO); in France, the CNIL; in Germany, the regional Data Protection Authority, etc. We would, however, appreciate the chance to address your concerns directly first.

For California Residents (CCPA/CPRA):

If you are a resident of California, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights (some overlap with GDPR rights above) include:

  • Right to Know: You can request that we disclose the categories of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purpose for collecting (or selling/share, if applicable) it, the categories of third parties with whom we share it, and specific pieces of personal information we hold about you. Essentially, you can ask for both a general rundown of our data practices and a copy of the specific data we have about you.
  • Right to Delete: You can request that we delete personal information we have collected from you (with similar exceptions as under GDPR – e.g., we may retain data needed for completing a transaction, legal compliance, security, etc.).
  • Right to Correct: You can request that we correct inaccurate personal information we hold about you.
  • Right to Opt-Out of Sale or Sharing: We already stated that we do not sell personal information as defined by CCPA. We also do not “share” personal information for cross-context behavioral advertising. In the event that changes, we will implement a “Do Not Sell or Share My Personal Information” link or similar mechanism to allow you to opt-out. As of now, this is not applicable.
  • Right to Limit Use of Sensitive Personal Information: CCPA grants the right to limit certain uses of “sensitive personal information.” We do not use or disclose sensitive personal info for purposes other than providing our services (no use for inferring characteristics or advertising). The types of data we collect (business info, contact info) typically don’t fall under “sensitive” (which includes things like social security number, financial account info, precise geolocation, racial or ethnic origin, etc.). If in the future we collected any sensitive info, we would only use it for necessary purposes or would obtain consent, thus an opt-out of secondary use would be provided.
  • Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. That means we won’t deny you goods or services, charge you different prices, or provide a different quality of service just because you exercised your rights. (However, note that deleting certain data might affect our ability to provide service – e.g., if you ask us to delete all data while a project is ongoing, we might not be able to complete it. We’ll inform you if such a situation arises.)

How to exercise CCPA rights: You (or your authorized agent) can submit requests to us at privacy@whimzy.io or via any designated web form if we have it on our site. For verification, if you have an account, we will verify through the account credentials. If not, we may ask for information like your name, email, or last interaction details to match records. For requests for specific pieces of information (Right to Know specific pieces), we may require a signed declaration under penalty of perjury that you are the consumer whose data is being requested, as an extra verification step.

We aim to respond to verifiable consumer requests within 45 days as the CCPA dictates, or inform you if an extension is needed.

For Other Regions:

  • Canada: If you are in Canada, your personal information is protected under PIPEDA or similar provincial laws. You generally have rights to access and correct your data, and to withdraw consent. Our practices of not sharing without consent and allowing opt-outs align with these principles. You can contact us to exercise your rights similarly.
  • Australia: Under the Australian Privacy Act, you have rights to access and correct personal information and to complain about how we handle your data. This Privacy Policy outlines how we manage your data. You can contact us with any concerns.
  • Other US States: States like Virginia, Colorado, Connecticut, and Utah have passed privacy laws that come into effect around 2023-2025. We believe our practices of transparency, allowing access/deletion requests, and not selling data put us in compliance with these emerging laws as well. If you are a resident of those states, you may contact us to exercise any analogous rights (like access, deletion, correction, opt-out of certain processing) and we will honor them as required.

Opt-Out of Marketing:

Regardless of jurisdiction, if at any point you prefer not to receive future marketing emails from us, you can opt out by clicking the “unsubscribe” link at the bottom of any marketing email or by contacting us. Please note that you will still receive transactional messages related to services you’ve requested (e.g., order confirmations, important service updates).

Managing Cookies/Tracking:

As described in Section 7, you have choices to manage cookies via browser settings or opt-out mechanisms. Additionally, if you don’t want Google Analytics tracking, you can use the opt-outs described.

If you have any questions about your privacy rights or need assistance exercising them, please email privacy@whimzy.io. We’re here to help.

10. Children’s Privacy

Our Platform and services are not directed to children under the age of 16, and we do not knowingly collect personal information from children. The RARI Sound Print service is intended for enterprises and their adult representatives. If you are under 16 (or a minor under the laws of your jurisdiction), please do not use our site or send us any personal information.

If we become aware that we have inadvertently collected personal information from a child under 16, we will take steps to delete such information as soon as possible. Parents or guardians who believe that we might have information about a child under 16 should contact us at privacy@whimzy.io, and we will promptly investigate and remove any such data.

For minors aged 16-18, if you are using the Platform (for instance, maybe an intern at a company), please ensure you have permission from a parent or guardian, and note that in certain jurisdictions you may have additional rights regarding removal of content you posted (like California’s minor content removal law), though this is less likely to apply given the nature of our service.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do, we will revise the “Effective Date” at the top of the Policy. If changes are significant, we will provide a more prominent notice (such as on our website homepage or via email notification, if appropriate).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Platform or services after any changes to this Policy constitutes your acceptance of the updated terms, to the extent permitted by law.

If we make changes that materially affect your privacy rights, we will seek to notify you in advance and, if required, obtain your consent. For example, if we ever decided to use your personal information for a new purpose not originally disclosed, we would get your consent or give you a chance to opt out.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Whimzy LLC – Privacy Office
Email: privacy@whimzy.io
Mail: Whimzy LLC (Attn: Privacy)
355 South Grand Avenue, Suite 2450 PMB #2259
Los Angeles, CA 90071-3180
USA

You may also reach out to our general support at support@whimzy.io, and they will route your inquiry to the appropriate personnel (however, for sensitive privacy inquiries, contacting the Privacy Office email directly is recommended).

We will respond to your questions or requests as promptly as possible, typically within a few business days. Your trust is extremely important to us, and we welcome feedback on our privacy and terms to ensure we meet the high expectations of our luxury enterprise clientele.

Thank you for entrusting RARI by Whimzy.io with your sonic branding needs. We value your privacy and look forward to delivering an exceptional and secure service experience.