(the “Policy”) available to explain how we collect, use, protect, store, and
otherwise process your Personal Information (defined below) and how we comply with
applicable data protection laws. The term “Company”, “we”, “us”, and their derivatives
mean StormX Global SEZC, Inc., a Caymanian corporation, and its affiliates, subsidiaries
and related companies, including StormX, Inc., a Delaware corporation, the parent company
of StormX Global SEZC, Inc.
This Policy applies to and governs your use of the websites, products, apps,
browser extensions, and services that we make available to you, including, without
limitation, the stormx.io website (the “Website”), StormX, Storm App, Storm Play, Storm
Loyalty Program, StormShop browser extension, and any other products including those
that may be introduced from time to time in the future, including any trial versions
thereof (the “Services”). This Policy does NOT apply to information we collect offline
or you provide to or is collected by any third party (except as otherwise provided below).
Our Services are not designed for children, and we do not intentionally collect,
store, disclose, or otherwise process any Personal Information from children.
A “child” is usually considered to be under the age of 16 under applicable law.
If you are a parent or guardian of a child who has submitted Personal Information,
please contact us by submitting a ticket at https://help.stormx.io.
2. What types of Personal Information does the Company collect
We may collect different types of information from you depending on how you use
our Services, including Personal Information. “Personal Information” means information
that relates to an identified or identifiable natural person. The categories of
Personal Information we may collect are listed below. Certain types of Personal
Information may fall under more than one category.
Identifiers. We may collect your first name, last name, phone number,
cryptocurrency wallet address, IP address, email address, display name, social
media account information from Facebook and Google, and information about the
devices you use to access the Services (e.g., the unique identification numbers
associated with your mobile device or through the application programming interface,
mobile carrier, device processes, device type, model and manufacturer, mobile
device operating system, brand and model, device name, and battery life)
(collectively, the “Device Information”).
Geolocation data. We may collect your geographical location data, including
GPS coordinates (e.g., latitude and/or longitude), city, and country.
Commercial information. We may collect your earning history, withdrawal history,
and information concerning transactions in which you may engage through the Services.
For example, through our StormShop Browser Extension, we may collect information about
the coupons, deals, merchants, and offers you click on (collectively, the “Click-Through Data”)
and information about your purchases, including the name, SKU, and number of items purchased,
date of purchase, total purchase amount, amount paid for taxes and shipping, and order number.
By way of another example, we may collect and store information about the websites you view even
when you are not interacting with the StormShop Browser Extension (e.g., URLs of web pages visited,
general information about the visited web page, product searches, product search results, information
about products added to cart, confirmation page details, and other product information
(collectively, the “Passive Data”)).
Internet or other similar network activity. We may collect your task completion
history, internet usage, timestamps, website activity, Click-Through Data, and Passive Data.
Sensory data. We may collect your picture.
Categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
We may collect your first name, last name, phone number, social media account information
from Facebook and Google, cryptocurrency wallet address, earning and withdrawal
histories, Click-Through Data, and Passive Data.
Inferences drawn from other Personal Information. With your prior consent,
we may use your Personal Information to create a profile about you reflecting your preferences.
Other categories. We may collect information from your social media if you
use our Services to connect to or interact with such third party platforms (e.g.,
content you post or share on your social media profile like “likes”). We may also
collect the information you provide in the Internal Revenue Service’s W9 and W-8BEN
forms that you submit to us through our Storm Loyalty Program.
We may also collect information that does not generally identify you but may become
associated with your account. We may use information that does not identify you for
any permissible business purpose under applicable law.
Among the services are certain privacy-related apps that currently include:
UnEXIF Free, and UnEXIF Pro (collectively, the “Privacy Apps”).
We do not collect, transmit, store, or otherwise process any of your Personal
Information through the Privacy Apps. Furthermore, these apps do NOT employ,
contain, or use any kind of analytics such as Google Analytics. For privacy apps
containing advertisements, however, our advertising service providers may collect
and transmit non-Personal Information in order to fulfill their advertising services.
3. From what sources does the Company collect Personal Information?
Directly From You
We may collect your Personal Information when you provide it to us directly. For example:
When you register for an account to use certain Services, we may collect your first name,
last name, email address, phone number, and profile picture.
When you send us your picture to verify your identity, we may collect that information.
When you post to or share on social media when using our Services, we may collect that information.
When you contact us or report a problem with the Services, we may collect records and
copies of your correspondence.
When you submit an Internal Revenue Service’s W9 or W-8BEN form to us through our Storm
Loyalty Program, we may collect the information provided.
When you respond to a survey or questionnaire, we may collect the information provided.
Automatically From You
We may collect your Personal Information automatically as you use our Services. For example
information as you browse our Website or use our apps, such as your IP address, website
activity, timestamps, geographical location, and Passive Data. For more information about
our use of automatic tracking technologies and certain choices we offer you with respect to
them, please see Section 4 below.
From Third Parties
We may receive Personal Information from or through our service providers that helps us
provide or facilitate your access to the Services, or market or improve the Services. For
example, we may receive your Personal Information (e.g., your IP address, Device Information,
geographical location data, website activity, and Facebook or Google account information) from our:
Attribution tracking partners;
Affiliate advertising partners; and
Data analytics providers.
We may also receive your Personal Information from social media (e.g., when your Personal
Information is accessible on a user’s social media profile).
We abide by this Policy when we use Personal Information provided to us by third parties.
However, we do not control the Personal Information that third parties collect or how they
use that Personal Information. You should review the third parties' privacy policies for more
information about how they collect, use, and share information they obtain and use, including
the information they may disclose to us if you use their service credentials to log into our Services.
As you use the Services, we may use automatic data collection technologies, in particular,
cookies, to collect certain Personal Information and information about browsing actions and
usage patterns. Cookies are small data file identifiers that are transferred to your computer
or mobile web browser that allow us and our service providers to recognize your browser or
mobile device and transfer information about you and your use of our Services.
or web pages visited while using our Services. By way of another example, if you start a
shopping session using the StormShop Browser Extension, we may use a cookie to track your
shopping session and credit your Cryptocurrency reward.
Third Party Cookies
Some cookies on the Services come from third parties. These cookies improve your experience
by helping us better tailor our Services to you. For example, Google Analytics may use
cookies to collect your Personal Information on our behalf to analyze your use of the Services.
Google Analytics is a web analysis service of Google Inc., 1600 Amphitheatre Parkway,
Mountain View, CA 94043, United States. The Personal Information collected by Google in
connection with your use of our Services is transmitted to a server of Google in the United States,
where it is stored and analyzed. Google’s collection and use of Personal Information is
Your IP address will not be associated with any other information held by Google.
Choices about Cookies
You may set your browser to refuse all or some browser cookies (e.g., by opting
out of Google Analytics at http://tools.google.com/dlpage/gaoptout
or to alert you when cookies are being sent. Please note that,
some aspects of the Services may be inaccessible or not function properly.
Opting Out on Mobile Devices
You may restrict the collection of your Device Information by (a) deleting our app; (b)
adjusting the in-app settings of the app; or (c) opting out of sharing your mobile advertiser
ID by limiting ad tracking on your mobile device.
For iOS, navigate to your Settings > Select Privacy > Select Advertising > Enable the "Limit Ad Tracking" setting.
For Android, open your Google Settings app > Ads > Enable "Opt out of interest-based advertising” setting.
For more information on specific opt-out choices, please visit:
5. For what purposes does the Company collect Personal Information?
To provide or improve the Services – We may use your Personal Information to process
your requests to access the Services and certain of their features and to generally present
and improve our Services. For example, we may analyze your use of the Services to provide a
better customer experience that is tailored to what you want to see or to diagnose any
problems so that we can deliver better Services to you.
To market the Services – We may use your Personal Information to market our Services
to you. For example:
With your prior consent, we may send you newsletters, rewards, discounts, promotion codes,
events, and general information about the Services; or
With your prior consent, we may create a profile of your preferences and provide advertisements,
content, or features to match your profile.
To administer the Services – We may use your Personal Information for any lawful
business purpose in connection with administering the Services. For example, if you reach
out to us with a customer service inquiry, we may use your Personal Information to respond
to you. By way of another example, we may use your Personal Information to prevent fraud and
the abuse of our Services, and secure your account.
In furtherance of legal, health, and safety objectives – We may access, use,
and share with others your Personal Information for purposes of health, safety, and
other matters in the public interest. We may also provide access to your Personal
Information to cooperate with official investigations or legal proceedings (e.g., in
response to subpoenas, search warrants, court orders, or other legal processes). We may
also provide access to protect our rights and property and those of our agents, users,
In connection with a sale or other transfer of our business – In the event all or
some of our assets are sold, assigned, transferred to, or acquired by another company due
to merger, divestiture, restructuring, reorganization, dissolution, financing, acquisition,
bankruptcy, or otherwise, your Personal Information may be among the transferred assets.
As may be described to you when collecting your Personal Information.
You voluntarily provide it to us with your specific and informed consent (for example,
when signing up for our newsletters or in connection with the creation of a profile of your
preferences to provide advertisements, content, or features to match your profile);
It is necessary to provide you a Service that you have requested (for example, providing
you access to one of our apps);
We have a legitimate business interest that is not outweighed by your privacy rights (for
example, to provide customer service, or to detect fraud, illegal activity, or other activities
that may violate our rights or a right of a third party).
It is necessary to protect your vital interests or the vital interests of others (for example,
we may collect or share Personal Information where necessary to resolve an urgent medical
situation or protect the health or safety of one of our users or someone else).
6. To whom does the Company disclose your Personal Information?
Third Party Service Providers
We may disclose your Personal Information to a third party such as a service provider for a
business purpose. When we disclose Personal Information for a business purpose, we enter into
a contract with that service provider that describes the purpose and requires the service
provider to both keep that Personal Information confidential and not use it for any purpose
except performing the contract. These service providers include our affiliate advertising
partners that help us provide you with information, advertisements, or offers specific to
your location and interests.
To our subsidiaries and affiliates;
To a buyer or other successor in the event of a merger, divestiture, restructuring,
reorganization, dissolution, or other sale or transfer of some or all of the Company’s
assets, whether as a going concern or as part of bankruptcy, liquidation, or similar
proceeding, in which Personal Information held by the Company pertaining to the users
of our Services is among the assets transferred;
To comply with any court order, law, or legal process, such as responding to a
government or regulatory request;
To enforce any contract we may have in effect with you; and
If we believe disclosure is necessary or appropriate to protect the rights,
property, or safety of us, our users, or others.
7. How is my Personal Information protected?
Our Retention, Purpose Limitation, and Security Policies
We protect your Personal Information through a combination of collection, security,
and retention policies.
Limited retention. We only keep your Personal Information for as long as we
need it for business and operational needs or to comply with any statutory, regulatory,
or legal obligations.
Purpose limitation. We will use your Personal Information only for the Services
you choose to access and for the purposes for which you choose to share it. We will
respect your requests to start or stop processing your Personal Information for marketing
purposes, as well as the types of marketing messages you may wish to receive.
Security measures. We use appropriate measures to ensure a level of security
appropriate to the risk involved and have implemented contractual, technical,
administrative, and physical security measures designed to protect Personal Information
from unauthorized access, disclosure, use, and modification, including restricting
access to Personal Information on a need-to-know basis. As part of our privacy
compliance processes, we review these security procedures on an ongoing basis to
consider new technology and methods as necessary. However, please understand that
our implementation of security measures as described in this Policy does not guarantee
the security of your Personal Information.
In the event of a security breach, no longer than 72 hours after we become aware
of such a breach, we will notify the proper regulatory authorities and any users
of the breach.
Your Practices and Activities
Your practices and activities are likewise very important for the protection your own
Personal Information. You can take certain steps to help protect your Personal
Information, such as being mindful of what you post in public places. For example:
Do not use your real name when selecting a username.
Do not post your real name in public-facing areas of the Services and do not share
anything private about yourself.
Remember that we have no control over what third parties do with the content of
such communications and no responsibility or obligation regarding third parties.
8. How does the Company treat Personal Information transferred out of the EU?
Place of Business
We may store or process your Personal Information outside of the country where
we collect it or which you reside. The Company has its primary place of business
in the United States of America. You should understand that we may transfer some
or all of your Personal Information to the United States of America to carry out
certain operational and processing needs as described in this Policy.
When transferring Personal Information out of the EU, we implement technical,
organizational, and physical safeguards to protect your Personal Information. We
use European Commission approved standard contractual clauses and implement related
measures required by applicable law. Please contact us if you have questions related
to the relevant transfer mechanism for your Personal Information.
9. What rights do you have to your Personal Information?
Right to Access, Correct, Delete, or Restrict Processing
Subject to any limitations and exceptions under applicable law, you have the right
to request access to your Personal Information and exercise a number of rights:
You have the right to correct or update certain types of Personal Information.
In many cases, you can review or update your account information by accessing
your account online.
You have the right to request deletion of your Personal Information. If you choose to
have your Personal Information removed from our Services, we will carry out your request
within 30 days of account verification, subject to extension, and will only retain minimal
Personal Information to document your request and the actions we took to carry out your
request. Please submit a ticket at https://help.stormx.io
with the title “Remove Data”.
You have the right to restrict certain processing of your Personal Information,
and the right to object to some types of processing of your Personal Information.
You have the right to object to your Personal Information being used for marketing or
advertising purposes. For example, you can revoke your consent to direct marketing by
submitting a ticket at https://help.stormx.io
with the title “Revoke Consent”.
We will comply with your requests in accordance with, and subject to, applicable law.
For example, the Company is not required to delete your Personal Information if it has
an overriding legitimate ground for retaining that information such as to prevent fraud.
Please note that we are legally prohibited from carrying out requested actions in some
instances, including (1) when we are unable to confirm your identity; (2) where the request
is considered excessive; and (3) where doing so would adversely affect the rights or
freedoms of other individuals.
We Are Here to Help
Please contact us using the contact information provided in Section 12 of this
Policy if you would like to exercise any of the rights described above or if you
have questions regarding your rights.
Right to Complain
You have the right to lodge a complaint regarding our collection, storage, or
processing of your Personal Information with a data protection supervisory
authority in the country where you live or work.
10. Additional Notice for California Residents
The following applies to California residents pursuant to the California Consumer Privacy Act of 2018 (“CCPA”):
In the preceding 12 months, the Company has disclosed the categories of Personal Information
listed in Section 2 above for business purposes.
In the preceding 12 months, the Company has not sold Personal Information. The Company only
discloses Personal Information to service providers.
You have the right to request that the Company disclose certain information to you about our
collection and use of your Personal Information over the past 12 months. Once we receive and
confirm your verifiable consumer request, we will disclose to you:
The categories of Personal Information we collected about you.
The categories of sources for the Personal Information we collected about you.
Our business or commercial purpose for collecting or selling that Personal Information.
The categories of third parties with whom we share that Personal Information.
The specific pieces of Personal Information we collected about you (also known as a
data portability request).
If we sold or disclosed your Personal Information for a business purpose, two separate
lists disclosing: (a) sales, identifying the Personal Information categories that each
category of recipient purchased; and (b) disclosures for a business purpose, identifying
the Personal Information categories that each category of recipient obtained.
You have the right to request that the Company delete any of your Personal
Information that we collected from you and retained, subject to certain exceptions.
Once we receive and confirm your verifiable consumer request, we will delete
(and direct our service providers to delete) your Personal Information from our
records, unless an exception applies. We may deny your deletion request if retaining
the information is necessary for us or our service providers to:
Complete the transaction for which we collected the Personal Information,
provide the Service that you requested, take actions reasonably anticipated within
the context of our ongoing business relationship with you, or otherwise
perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent,
or illegal activity, or prosecute those responsible for such activities.
Debug Services to identify and repair errors that impair existing intended
Exercise free speech, ensure the right of another user to exercise their
free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
Engage in public or peer-reviewed scientific, historical, or statistical
research in the public interest that adheres to all other applicable ethics and privacy
laws, when the information’s deletion may likely render impossible or seriously
impair the research’s achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with user expectations
based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible
with the context in which you provided it.
We will not discriminate against you for exercising any of your CCPA rights.
Unless permitted by the CCPA, we will not:
Deny you the Services.
Charge you different prices or rates for the Services, including through
granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of the Services.
Suggest that you may receive a different price or rate for the Services or
a different level or quality of the Services.
Verifiable Consumer Requests
To exercise your rights described above, please submit a verifiable consumer
request to us by submitting a ticket at https://help.stormx.io
with the subject line “CCPA”. Only you, or someone legally authorized to act
on your behalf, may make a verifiable consumer request related to your Personal
Information. You may also make a verifiable consumer request on behalf of your
child. You may only make a verifiable consumer request for access or data
portability twice within a 12-month period. The verifiable consumer request must:
Provide sufficient information that allows us to reasonably verify you are the
person about whom we collected Personal Information or an authorized representative.
Describe your request with sufficient detail that allows us to properly
understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot
verify your identity or authority to make the request and confirm that the Personal
Information relates to you. Making a verifiable consumer request does not require you to
create an account with us. We will only use Personal Information provided in a verifiable
consumer request to verify your identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 30 days of its receipt.
If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account.
If you do not have an account with us, we will deliver our written response by mail or
electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the receipt of
verifiable consumer request. The response we provide will also explain the reasons we
cannot comply with a request, if applicable.
For data portability requests, we will select a format to provide your Personal Information
that is readily useable and should allow you to transmit the information from one entity
to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless
it is excessive, repetitive, or manifestly unfounded. If we determine that the request
warrants a fee, we will tell you why we made that decision and provide you with a cost
estimate before completing your request.
11. How will the Company notify users of changes to this Policy?
The Company reserves the right to change this Policy from time to time consistent
with applicable law. If we make changes to this Policy, we will notify you by revising
the date at the top of this Policy, and in some cases, we may provide you with additional
notice (such as adding a statement to the homepages of our Services or sending you an email notification).
12. How can someone contact the Company?
If you have questions, you may submit a ticket at https://help.stormx.io.