Privacy Policy

FULL PRIVACY POLICY TABLE OF CONTENTS: Introduction. What Information Do We Collect? How Do We Use AI to Process Your Information? How Do We Process Your Information? Email and Calendar Integration. Retailer and E-Commerce Integrations. Health and Wellness Information. When and With Whom Do We Share Your Personal Information? Government and Legal Requests. What Is Our Stance on Third-Party Websites? Do We Use Cookies and Other Tracking Technologies? How Do We Handle Your Social Logins? How Long Do We Keep Your Information? How Do We Keep Your Information Safe? Your Responsibilities and Security Obligations. Data Breach Notification. Do We Collect Information from Minors? What Are Your Privacy Rights? Controls for Do-Not-Track Features. Do United States Residents Have Specific Privacy Rights? International Users and Data Transfers. Automated Decision-Making. Do We Make Updates to This Notice? How Can You Contact Us About This Notice? How Can You Review, Update, or Delete the Data We Collect from You? | 1. INTRODUCTION: Welcome to Roo AI - Shopperoo and Textroo AI ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. Shopperoo is an AI-powered shopping assistant that searches across major retailers in real-time to find you the best prices and value on products. Textroo AI includes all Shopperoo shopping features plus additional capabilities: health and wellness assistance, calendar reminders, email-to-calendar conversion, memory journals, and task list management. By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services. Roo AI is owned and operated by Azayra.AI. | 2. WHAT INFORMATION DO WE COLLECT? | Personal Information You Provide to Us: We collect personal information that you voluntarily provide when you: Register for an account. Use our shopping search features. Ask health or wellness questions. Connect your email or calendar. Create reminders, tasks, or memory journals. Contact us for support. The personal information we collect may include: Identity Information: Names, usernames, passwords. Contact Information: Email addresses, phone numbers, zip codes, mailing addresses. Shopping Information: Product searches, price alerts, purchase preferences, shopping history, wish lists. Calendar and Email Data: Email content, calendar events, event titles, dates, participants, locations. Health Information: Health and wellness questions, symptoms, general wellness queries. Task Management Data: To-do lists, reminders, task descriptions, due dates. Journal Entries: Memory journal content, personal notes, dates. Communication Preferences: Notification settings, alert preferences. Payment Information: If you subscribe to premium features (processed through secure third-party payment processors). | Payment and Billing Information: If you subscribe to premium features or services: Payment Processors: We use Stripe to process payments. We do NOT store your full credit card numbers on our servers. What We Store: Last 4 digits of card, card brand, expiration date, billing address, transaction history. What We Share: Billing information is shared only with our payment processors to complete transactions. PCI DSS Compliance: Our payment processors are PCI-DSS Level 1 compliant. Transaction Records: Retained for 7 years for tax, accounting, and legal compliance purposes. Subscription Management: You can view and update payment methods in Settings > Billing. Failed Payments: We may automatically retry failed charges and notify you via email. Currency: All transactions processed in USD unless otherwise specified. | Sensitive Information: With your explicit consent or as permitted by law, we process the following sensitive information: Health and wellness queries submitted to Textroo AI. Email content when you use email-to-calendar features. Personal journal entries and private notes. Account login credentials (encrypted and securely stored). IMPORTANT: All personal information you provide must be true, complete, and accurate. You must notify us of any changes to your personal information. | Information Automatically Collected: When you visit or use our Services, we automatically collect certain information, including: Device Information: IP address, browser type and version, device type, operating system, unique device identifiers. Usage Data: Pages viewed, features used, search queries, time spent on Services, click patterns, date/time stamps. Location Information: Approximate location based on IP address or zip code (to provide localized retailer results). Performance Data: Error reports, crash data, system activity, diagnostic information. This information is primarily used to maintain security, perform analytics, and improve our Services. | Information from Third Parties: We may receive information from: Retailers and e-commerce platforms (product availability, pricing). Email and calendar providers (when you grant us access). Social media platforms (if you use social login). Analytics providers (usage statistics). Payment processors (transaction confirmations). | 3. HOW DO WE USE AI TO PROCESS YOUR INFORMATION? Our Services use artificial intelligence and large language models (LLMs) to provide you with personalized assistance. AI Processing Includes: Shopping Queries: Analyzing your product searches to find the best prices and value across retailers. Health Questions: Processing health and wellness queries to provide general information (NOT medical advice). Email Parsing: Reading email content to extract relevant calendar events and tasks. Natural Language Understanding: Interpreting your requests to create reminders, journals, and to-do lists. Recommendation Generation: Suggesting products, tasks, or actions based on your usage patterns. Important AI Disclosures: ✓ Human Review: Certain queries may be reviewed by our team for quality assurance and safety purposes. ✓ Training Data: We do not use your personal conversations, health queries, or email content to train third-party AI models without your explicit consent. Anonymized, de-identified data may be used to improve our Services. ✓ Data Security: All data processed by AI systems is encrypted in transit and at rest. ✓ Limitations: AI responses are automated and may contain errors. Always verify important information independently. | ARTIFICIAL INTELLIGENCE LIMITATIONS AND DISCLAIMERS: You Acknowledge and Understand That: Our AI systems are probabilistic and may: Provide inaccurate, incomplete, or outdated information. Misunderstand or misinterpret your requests. Generate biased, inappropriate, or offensive responses. Fail to work as expected or produce unexpected results. "Hallucinate" or fabricate information that sounds plausible but is false. Provide inconsistent responses to similar queries. No Warranties for AI Outputs: AI outputs are provided "AS IS" without any warranties of accuracy, completeness, or reliability. You will independently verify all important information before relying on it. You use AI features entirely at your own risk. We are not liable for any decisions you make, actions you take, or outcomes that result from using AI-generated information. Specific AI Use Cases and Limitations: Health Information: AI health responses are for general educational purposes ONLY. NOT a substitute for professional medical advice, diagnosis, or treatment. May not reflect the latest medical research or your specific health circumstances. See Section 7 for full health information disclaimers. Shopping Recommendations: Product suggestions may not reflect current availability or pricing. We do not guarantee the quality, safety, or suitability of recommended products. Always verify product details on retailer websites before purchasing. Any problems or defects with the products you purchase are entirely the responsibility of the retailer it is purchased from. Email and Calendar Processing: AI may misinterpret email content and create incorrect calendar entries. You are responsible for reviewing and confirming all AI-generated calendar events. Task and Reminder Creation: AI-generated tasks may be incomplete or incorrect. Review and modify AI suggestions before relying on them. Your Responsibilities When Using AI: ✓ Verify Critical Information: Always double-check important facts, dates, prices, health information, and recommendations. ✓ Report Errors: Help us improve by reporting inaccurate or problematic responses through the feedback mechanism. ✓ Use Common Sense: If an AI response seems wrong, unusual, or inappropriate, do not rely on it. ✓ Stay Informed: Understand that AI technology is evolving and has inherent limitations. Our Commitment: While we cannot guarantee perfect AI performance, we: Continuously work to improve accuracy and safety. Implement safeguards against harmful outputs. Monitor for and address systematic errors. Update our AI systems regularly. By using our AI-powered features, you acknowledge these limitations and agree to use AI outputs responsibly and at your own risk. | 4. HOW DO WE PROCESS YOUR INFORMATION? We process your personal information for the following purposes: To Provide Our Services: Facilitate account creation and authentication. Process shopping searches and price comparisons. Access and parse emails for calendar entries (with your permission). Create and manage calendar reminders. Store and organize memory journals and task lists. Provide general health and wellness information. | To Improve and Personalize: Analyze usage trends and patterns. Develop new features and functionality. Personalize product recommendations. Optimize search algorithms. Improve AI response accuracy. | To Communicate With You: Send service updates and notifications. Respond to inquiries and provide support. Send price alerts and shopping notifications. Deliver marketing communications (with your consent). Request feedback. | For Security and Legal Compliance: Protect against fraud and abuse. Enforce our Terms of Service. Comply with legal obligations. Respond to legal requests and prevent harm. | With Your Consent: Any other purpose disclosed to you at the time of collection. | 5. EMAIL AND CALENDAR INTEGRATION What We Access: When you connect your email or calendar to Textroo AI, we may access: Email: Subject lines, body content, sender/recipient information, dates, attachments (metadata only). Calendar: Event titles, descriptions, dates, times, locations, participants, recurrence patterns. | How We Use This Data: Extract event information from emails to create calendar entries. Set reminders based on email content. Generate task lists from action items in emails. Organize and categorize calendar events. | Your Control: You can revoke access at any time through your account settings. You choose which email accounts to connect. You can delete any calendar entries we create. We do not share your email content with third parties except as necessary to provide the service (e.g., calendar providers). | Data Retention: Email metadata is retained for up to [30 days / until you disconnect access]. We do not store full email content permanently. Calendar event data is retained as long as your account is active. | Third-Party Providers: We integrate with services such as: Google Workspace (Gmail, Google Calendar). Microsoft 365 (Outlook, Outlook Calendar). Apple iCloud (Mail, Calendar). Your use of these services is subject to their respective privacy policies. | 6. RETAILER AND E-COMMERCE INTEGRATIONS How Shopping Search Works: Shopperoo and Textroo AI search across major retailers including but not limited to: Amazon - As an Amazon Associate we earn from qualifying purchases. Walmart. Target. Best Buy. Home Depot. And other participating retailers. | Retailer Data Sharing: We do NOT sell your personal information to retailers. We do NOT share your shopping searches with retailers for marketing purposes. We may receive publicly available product information, pricing, and availability from retailers. Some search results may contain affiliate links (see below). | Affiliate Relationships: We participate in affiliate marketing programs, which means: If you click on a product link and make a purchase, we may earn a commission. This does not affect the price you pay. This does not influence our search results – we show you the best value regardless of affiliate status. Affiliate links help us keep our Services free or low-cost. | Retailers We Partner With: We are participants in affiliate programs with: Amazon.com (Amazon Associates Program). Walmart. Target. Best Buy. Home Depot. Wayfair. And other retailers. | Our Commitment to You: You don't pay more - Affiliate commissions do NOT increase the price you pay. Honest recommendations - We recommend products based on value, quality, and relevance, not commission rates. Editorial independence - Our search algorithms prioritize the best deals for you, regardless of affiliate relationships. Transparency - We clearly label affiliate links throughout our services. | How It Works: You search for a product on Shopperoo/Textroo. We show you results from multiple retailers. If you click a product link and make a purchase, the retailer may pay us a small commission. This doesn't affect what you pay - retailers pay us from their marketing budgets. | FTC Compliance: This disclosure is required by the Federal Trade Commission's 16 CFR Part 255: "Guides Concerning the Use of Endorsements and Testimonials in Advertising." | Retailer Cookies and Tracking: When you click through to a retailer's website, that retailer may place cookies on your device. We are not responsible for retailer privacy practices. Review each retailer's privacy policy before making purchases. | Price Alerts: You can set price drop alerts for specific products. We monitor prices and notify you of changes. Price alert data is stored until you delete it or close your account. | 7. HEALTH AND WELLNESS INFORMATION ⚠️ IMPORTANT DISCLAIMER: Textroo AI is NOT a medical service and does NOT provide medical advice, diagnosis, or treatment. Our health and wellness features provide general information only. Do NOT rely on Textroo AI for medical emergencies. Always consult qualified healthcare professionals for medical concerns. If you are experiencing a medical emergency, call 911 immediately. | How We Handle Health Information: Health queries are treated as sensitive personal information. Health data is encrypted both in transit and at rest. We do NOT share your health questions with third parties for marketing purposes. Health information is NOT used to make decisions about your eligibility for services, employment, or insurance. | Data Retention: Health-related conversations are stored in your account history. You can delete specific health queries at any time. Health data is deleted when you close your account (within 30 days). | HIPAA Compliance: Our Services are NOT HIPAA-compliant. We are not covered entities or business associates under HIPAA. Do not use our Services to transmit protected health information (PHI) as defined by HIPAA. | Your Responsibilities: Do not share medical records or highly sensitive health information. Use our Services only for general wellness questions. Verify all health information with qualified professionals. | 8. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION? We may share your information in the following circumstances: Service Providers: We share information with third-party vendors who perform services on our behalf: Cloud hosting providers (AWS, Google Cloud, Microsoft Azure). Email and calendar services (Google, Microsoft, Apple). Payment processors (Stripe, PayPal). Analytics services (Google Analytics). AI and machine learning providers (OpenAI, Anthropic, other LLM providers). Customer support tools. Marketing and communication platforms. All service providers are bound by confidentiality agreements and are prohibited from using your data for their own purposes. | Business Transfers: If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred. You will be notified via email and/or prominent notice on our Services of any change in ownership or uses of your personal information. | Legal Requirements: We may disclose your information if required to do so by law or in response to: Court orders or subpoenas. Legal processes or government requests. Protection of our rights, property, or safety. Investigation of fraud, security issues, or illegal activity. Enforcement of our Terms of Service. | With Your Consent: We may share your information for any other purpose with your explicit consent. | We Do NOT: Sell your personal information to third parties. Share your email content, health queries, or journal entries for advertising purposes. Provide retailers with your personal shopping search history for their marketing use. | 9. GOVERNMENT AND LEGAL REQUESTS When We Disclose Data to Authorities: We take user privacy seriously and disclose personal data to government authorities or law enforcement only when legally required: Valid court orders or subpoenas issued by a court of competent jurisdiction. Search warrants properly executed under applicable law. National security requests (e.g., National Security Letters) - if prohibited from disclosure by law, we cannot notify you. Emergency requests where we have a good faith belief that disclosure is necessary to prevent imminent physical harm, death, or serious property damage. | Our Review Process: Before complying with any legal request, we: Verify Legal Validity: We carefully review all requests to ensure they comply with applicable laws and our policies. Challenge Overbroad Requests: We object to requests that are overly broad, vague, or lack proper legal authority. Minimize Disclosure: We provide only the minimum information necessary to satisfy the legal requirement. Seek Court Approval: When appropriate, we request court authorization before disclosing data. Require Proper Form: We insist on proper legal documentation (not informal requests from law enforcement). | User Notification: We notify affected users whenever we receive a legal demand for their data, unless: We are legally prohibited from doing so (e.g., gag orders, national security requests). Notification would create a risk of harm or obstruct a legitimate law enforcement investigation. The account has been hijacked or is being used to commit illegal acts. | Delayed Notification: If prohibited from immediate notification, we will notify you once the prohibition expires. | Types of Information That May Be Requested: Account registration information (name, email, creation date). Usage logs and IP addresses. Shopping search history. Communication records. Payment transaction details. | Types of Information We Strongly Resist Disclosing: Email content (without clear legal authority and user notification). Health queries and wellness information. Private journal entries. Real-time location tracking. Bulk or dragnet data requests. | Transparency Commitment: [Optional: Transparency Report] We publish an annual transparency report detailing the number and types of government requests we receive and how we respond. [Link to transparency report if available]. | Statistical Data: Government requests received: [Number]/year. Requests complied with: [Number]. Requests challenged or rejected: [Number]. | National Security Requests: If we receive national security requests (such as FISA orders or National Security Letters under 18 U.S.C. § 2709), we may be prohibited from disclosing their existence. In such cases: We cannot notify affected users. We will seek to narrow the scope of such requests. We will challenge gag orders when legally possible. We may use warrant canaries or other legally permissible signaling methods. | Data Retention for Legal Purposes: Even after you delete your account, we may retain certain records as required by law: Financial records: 7 years (tax compliance). Legal hold data: Indefinitely if involved in litigation. Compliance records: As required by specific regulations. | Your Rights: You may seek independent legal advice if you believe your data has been improperly disclosed. You may file complaints with relevant supervisory authorities. In some jurisdictions, you have the right to challenge government requests directly. | Limitations: We are not above the law. While we advocate for user privacy, we must comply with valid legal obligations. This section describes our best efforts to protect your data while fulfilling our legal duties. | 10. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES? Our Services may contain links to third-party websites, retailers, and services, including: Retailer websites (Amazon, Walmart, etc.). Social media platforms. Payment processors. Calendar and email providers. | We are not responsible for: The privacy practices of third parties. The security of third-party websites. The accuracy of third-party content. | When you click a link to a third party, you leave our Services and are subject to that third party's privacy policy and terms. We encourage you to review their policies before providing any information. | 11. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES? Yes, we use cookies, web beacons, pixels, and similar tracking technologies. | Types of Cookies We Use: Essential Cookies: Required for the Services to function (authentication, security). Preference Cookies: Remember your settings and preferences. Analytics Cookies: Help us understand how you use our Services. Advertising Cookies: Deliver relevant ads based on your interests. | Third-Party Tracking: We use Google Analytics to analyze usage patterns. Google Analytics collects information such as how often users visit our Services, what pages they visit, and what other sites they used prior to coming to our Services. | To opt out of Google Analytics: Visit https://tools.google.com/dlpage/gaoptout | Your Cookie Choices: Most browsers allow you to refuse cookies or alert you when cookies are being sent. Blocking cookies may impact functionality of our Services. You can manage cookie preferences in your account settings. | 12. HOW DO WE HANDLE YOUR SOCIAL LOGINS? If you register or log in using a social media account (Google, Facebook, Apple), we may access: Profile name. Email address. Profile picture. Friends list (if you grant permission). | We use this information only: To create and authenticate your account. As described in this Privacy Policy. With your consent for other purposes. | You can disconnect social logins at any time through your account settings. | 13. HOW LONG DO WE KEEP YOUR INFORMATION? We retain your information for as long as necessary to: Provide our Services. Comply with legal obligations. Resolve disputes. Enforce our agreements. | Specific Retention Periods: Account Information: Retained while your account is active. Shopping Search History: Up to 24 months or until deleted. Email Metadata: Up to 30 days or until you disconnect access. Calendar Events: While your account is active or until deleted. Health Queries: While your account is active or until deleted. Journal Entries: While your account is active or until deleted. Task Lists: While your account is active or until deleted. Usage Logs: Up to 12 months. Inactive Accounts: Up to 84 months (7 years) after last activity, then deleted or anonymized. | Deletion: When information is no longer needed, we will: Delete it from our active systems. Anonymize it for analytical purposes. Securely archive it if required by law. You may request deletion of your data at any time (see Section 25). | 14. HOW DO WE KEEP YOUR INFORMATION SAFE? We implement appropriate technical and organizational security measures to protect your information. | Security Measures Include: Encryption: AES-256 encryption for data at rest; TLS 1.3 for data in transit. Access Controls: Role-based access restrictions; multi-factor authentication. Secure Infrastructure: Firewalls, intrusion detection systems, regular security audits. Data Segregation: Sensitive data stored separately with additional protections. Employee Training: Regular security awareness training for staff. Third-Party Audits: Periodic independent security assessments. Incident Response Plan: Procedures to detect, respond to, and recover from security incidents. | ⚠️ Important Limitation: No method of transmission or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for: Maintaining the confidentiality of your password. Restricting access to your device. Logging out after using our Services on shared devices. | 15. YOUR RESPONSIBILITIES AND SECURITY OBLIGATIONS While we implement robust security measures to protect your information, the security of your account also depends on your actions. By using our Services, you agree to the following responsibilities: | Password Security: You are responsible for: Creating a strong, unique password - Use at least 12 characters with a mix of letters, numbers, and symbols. Never sharing your password with anyone, including family members, friends, or anyone claiming to be from our support team. Not reusing passwords from other websites or services. Changing your password immediately if you suspect it has been compromised. Using a password manager to generate and store complex passwords (recommended). We will NEVER ask for your password via email, phone, or any other communication method. | Device Security: You are responsible for: Securing your devices with passwords, PINs, biometric locks, or other authentication methods. Keeping your operating system and apps updated with the latest security patches. Installing reputable antivirus/anti-malware software on your devices. Using secure, password-protected Wi-Fi networks - avoid public Wi-Fi for sensitive activities. Logging out of your account when using shared or public devices. Enabling device encryption (available on most modern smartphones and computers). Remotely wiping devices if they are lost or stolen. | Account Access Management: You are responsible for: Monitoring account activity - Review your account regularly for unauthorized access. Reporting suspicious activity immediately to security@[yourdomain].com. Revoking access from connected apps, email accounts, or calendar services you no longer use. Managing active sessions - Log out of devices you no longer use or recognize in Settings > Security > Active Sessions. Not sharing accounts - One account is for one person only; you are liable for all activity on your account. Reviewing connected third-party services regularly (email providers, social logins, etc.). | Contact Information: You are responsible for: Providing accurate contact information - We need a valid email address to send security alerts. Updating your email address if it changes - We are not responsible if security notifications are sent to an old email. Checking your email regularly for security alerts, password reset requests, or suspicious activity notifications. Marking our emails as "not spam" to ensure you receive critical security communications. | Recognizing Security Threats: You are responsible for: Recognizing phishing attempts - We will never ask you to provide your password, credit card, or sensitive information via email. Verifying URLs - Only log in through our official website or mobile apps (not through links in emails). Being cautious of social engineering - Don't trust unsolicited calls, emails, or messages claiming to be from us. Reporting phishing attempts to security@[yourdomain].com. Red flags to watch for: Urgent requests to "verify your account" or "prevent account closure". Misspelled domain names or suspicious sender addresses. Requests for passwords, credit card numbers, or Social Security numbers. Links to websites that look similar but aren't our official domain. | Responsible Use: You are responsible for: Complying with our Terms of Service and all applicable laws. Not attempting to hack, reverse engineer, or exploit our Services. Not sharing or distributing content that violates others' privacy or rights. Not using automated tools (bots, scrapers) to access our Services without authorization. Not creating fake accounts or impersonating others. Not attempting to access other users' accounts or data. | Data You Share: You are responsible for: The accuracy of information you provide to us. Not sharing highly sensitive information unnecessarily (e.g., Social Security numbers, medical records, financial account numbers in journal entries). Understanding the risks of storing sensitive data in cloud services. Backing up important data you store with us (we provide export tools in Settings). | Third-Party Integrations: You are responsible for: Understanding what access you grant when connecting email, calendar, or social media accounts. Reviewing permissions for third-party services you authorize. The security practices of third-party services you choose to integrate (Google, Microsoft, etc.). Revoking access immediately if you suspect a connected account has been compromised. | Minor Access: You are responsible for: Ensuring minors (under 18) do not use our Services - Our Services are not designed for children. Supervising any use of our Services on devices accessible to minors. Notifying us immediately if you discover a minor has created an account. | Legal Compliance: You are responsible for: Using our Services only for lawful purposes. Complying with export control laws if accessing our Services from restricted countries. Paying applicable taxes on any commercial use of our Services. Not storing illegal content in your account (we will report violations to authorities). | Incident Reporting: You MUST notify us immediately if: You suspect unauthorized access to your account. You notice unusual activity (purchases you didn't make, searches you didn't perform, emails you didn't send). You receive security alerts about logins you didn't initiate. You lose a device that was logged into your account. Your password has been compromised. You experience a security incident that may affect our Services. Report security issues to: security@[yourdomain].com. | Consequences of Breaching These Responsibilities: If you fail to fulfill these security obligations: We may suspend or terminate your account to protect our Services and other users. You may be liable for damages resulting from unauthorized use of your account. We are not responsible for losses that result from your failure to maintain reasonable security practices. We may be unable to recover your data if you lose access due to negligence. You may lose legal protections available to users who follow security best practices. | Our Commitment: While you have these responsibilities, we commit to: Providing clear security guidance and tools to help you protect your account. Notifying you promptly of any security incidents affecting your data. Offering security features like two-factor authentication (when available). Never asking for your password through insecure channels. Investigating security reports promptly and thoroughly. | Security Resources: We provide the following resources to help you maintain security: Security Settings: Settings > Security (enable two-factor authentication, view active sessions, review login history). Account Activity Log: Settings > Activity (view recent actions on your account). Connected Services: Settings > Connections (manage third-party integrations). Security Best Practices Guide: [Link to help center article]. Data Export: Settings > Privacy > Download My Data (backup your information). | BY USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND AGREE TO THESE SECURITY RESPONSIBILITIES. Failure to comply may result in account termination and legal liability. | 16. DATA BREACH NOTIFICATION In the event of a data breach that affects your personal information: We Will: Investigate the breach to determine its scope and impact. Contain the breach and secure our systems. Notify You without undue delay and within the timeframe required by law (typically within 72 hours of discovery). Provide Information about: What information was compromised. What we are doing to address the breach. Steps you can take to protect yourself. How to contact us for more information. | Notification Methods: Email to your registered address. Prominent notice on our website or in-app notification. Other methods as required by applicable law. | 17. DO WE COLLECT INFORMATION FROM MINORS? No. Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. We do not knowingly market to children. | If we discover that a minor has provided us with personal information, we will: Deactivate the account immediately. Delete the information from our systems. Notify parents/guardians if required by law. | If you believe a minor has provided us with personal information, please contact us immediately at [privacy email]. | 18. WHAT ARE YOUR PRIVACY RIGHTS? Depending on your location, you may have the following rights: | Access and Portability: Request a copy of your personal information. Receive your data in a structured, commonly used format. Transfer your data to another service. | Correction: Request correction of inaccurate or incomplete information. Update your account information directly. | Deletion (Right to be Forgotten): Request deletion of your personal information. Close your account and have all data removed. | Restriction: Request that we limit how we use your information. Object to certain types of processing. | Opt-Out: Unsubscribe from marketing emails. Opt out of targeted advertising. Disable certain tracking technologies. | Withdraw Consent: Withdraw previously given consent at any time. Disconnect email, calendar, or social logins. | Non-Discrimination: You will not face discrimination for exercising your privacy rights. | How to Exercise Your Rights: Mail us. We will respond to your request within 30 days (or as required by applicable law). | 19. CONTROLS FOR DO-NOT-TRACK FEATURES Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature that signals to websites that you do not want your online activity tracked. | Current Status: There is no uniform standard for recognizing and implementing DNT signals. We do not currently respond to DNT browser signals or other mechanisms that provide the ability to exercise choice regarding collection of personally identifiable information about your online activities over time and across third-party websites. | If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy. | 20. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS? Yes. Residents of certain U.S. states have specific privacy rights under state laws. | California Residents (CCPA/CPRA): California residents have the right to: Know what personal information is collected, used, shared, or sold. Access specific pieces of personal information. Delete personal information (subject to certain exceptions). Opt-out of the sale or sharing of personal information. Correct inaccurate personal information. Limit the use of sensitive personal information. Not face discrimination for exercising these rights. | Categories of Personal Information We Collect: Identifiers: Name, email address, IP address, device identifiers. Commercial Information: Shopping searches, purchase history, product preferences. Internet Activity: Usage data, browsing history, search queries, clickstream data. Geolocation Data: Approximate location based on IP address or zip code (NOT precise GPS coordinates). Sensitive Personal Information: Health queries, email content, journal entries, account credentials (see detailed breakdown below). | Categories We Do NOT Collect: Precise geolocation data (GPS coordinates). Audio, electronic, or visual recordings (unless you voluntarily provide). Professional or employment information. Education information. Biometric information. Inferences used for profiling in ways that produce legal or similarly significant effects. | CALIFORNIA SENSITIVE PERSONAL INFORMATION (CPRA): Under the California Privacy Rights Act (CPRA), "sensitive personal information" has a specific legal definition. Here's what we collect and don't collect: Social Security, driver's license, state ID, or passport number. Do We Collect? ❌ NO. We do not collect government-issued identification numbers. Account log-in, financial account, debit card, or credit card number with required security/access code. Do We Collect? ✅ YES. We collect account login credentials (encrypted). Payment card details are handled by third-party processors only. Precise geolocation. Do We Collect? ❌ NO. We use only approximate location (zip code or city level), not GPS coordinates. Racial or ethnic origin, religious or philosophical beliefs, or union membership. Do We Collect? ❌ NO. We do not collect this information. Contents of mail, email, or text messages (where we are not the intended recipient). Do We Collect? ✅ YES. With your explicit permission, we access email content to create calendar entries. We do NOT read emails where we are not the intended recipient. Genetic data. Do We Collect? ❌ NO. We do not collect genetic or DNA information. Biometric information for unique identification. Do We Collect? ❌ NO. We do not collect fingerprints, faceprints, voiceprints, retina scans, or other biometric identifiers. Health information. Do We Collect? ✅ YES. We collect health and wellness questions you submit to Textroo AI. Sex life or sexual orientation information. Do We Collect? ❌ NO. We do not collect this information. Citizenship or immigration status. Do We Collect? ❌ NO. We do not collect this information. | How We Use Sensitive Personal Information: We use sensitive personal information ONLY for the following purposes: Account Credentials: Authentication and account security. Email Content: Processing your emails to extract calendar events (only with your permission). Health Queries: Providing general wellness information in response to your questions. Payment Information: Processing subscription payments (handled by third-party processors). | We do NOT use sensitive personal information for: Targeted advertising or marketing. Profiling or automated decision-making with legal effects. Selling or sharing with third parties for their own use. Any purpose incompatible with the services you requested. | Your Right to Limit Use of Sensitive Personal Information: California residents can limit our use and disclosure of sensitive personal information to only what is necessary to provide the services you requested. Limiting sensitive information use does not allow you to use our Services while preventing all processing of that data—only uses beyond what's necessary to provide the service. | Sale of Personal Information: We do NOT sell your personal information as traditionally defined. However, sharing data for targeted advertising may be considered a "sale" or "sharing" under California law. You can opt out by adjusting your account settings. | Other States: Similar rights may apply to residents of: Virginia (VCDPA). Colorado (CPA). Connecticut (CTDPA). Utah (UCPA). And other states with comprehensive privacy laws. | How to Exercise Your Rights: Mail: Shopperoo/Textroo AI, Azayra.AI, 4203 S 87th Place, Bentonville, AR 72713, United States. Verification: We may require verification of your identity before processing requests. Authorized Agents: You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization. Appeal: If we deny your request, you have the right to appeal. Contact us at the mail address above. | 21. INTERNATIONAL USERS AND DATA TRANSFERS Our Services are operated in the United States. If you access our Services from outside the U.S., please be aware that: | Your information will be transferred to, stored, and processed in the United States. U.S. data protection laws may differ from those in your country. By using our Services, you consent to the transfer of your information to the U.S. | European Economic Area (EEA) and UK Users: If you are in the EEA or UK, we comply with the General Data Protection Regulation (GDPR) and UK GDPR. Your data rights include: Right of access. Right to rectification. Right to erasure. Right to restrict processing. Right to data portability. Right to object. Rights related to automated decision-making. | Legal Basis for Processing: Contract performance. Legitimate interests. Consent. Legal compliance. | Data Transfers: We use Standard Contractual Clauses or other approved transfer mechanisms for international data transfers. | Supervisory Authority: You have the right to lodge a complaint with your local data protection authority. | 22. AUTOMATED DECISION-MAKING We use AI and automated systems to: Generate product recommendations based on your searches. Suggest tasks or calendar events from emails. Provide health and wellness information responses. Optimize search results and pricing alerts. | Your Rights: You can request human review of automated decisions. You can opt out of certain automated recommendations. You can adjust personalization settings in your account. | Note: Automated decisions do NOT significantly affect your legal rights or similarly significant matters. | 23. DO WE MAKE UPDATES TO THIS NOTICE? Yes, we may update this Privacy Policy from time to time to reflect: Changes in our practices. Changes in applicable laws. New features or services. Operational, legal, or regulatory changes. | How We Notify You: Material Changes: We will notify you via email or prominent notice in our Services at least 30 days before changes take effect. Non-Material Changes: We will post the updated policy on our website with a revised "Last Updated" date. | Your continued use of our Services after changes take effect constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically. | 24. HOW CAN YOU CONTACT US ABOUT THIS NOTICE? If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us: Mail: Azayra.AI, 4203 S 87th Place, Bentonville, AR 72713, United States. Text: Text the phone number provided on our Contact Page. | Response Time: We will respond to your inquiry within 30 days. | ADDITIONAL TERMS Survival: If we discontinue our Services or our business closes, we will: | Provide 60 days notice (if feasible). | Offer data export options. | Delete all personal data after the notice period (unless required by law to retain). | Governing Law: This Privacy Policy is governed by the laws of the State of Arkansas and applicable U.S. federal law. | Severability: If any provision of this Privacy Policy is found to be unenforceable, the remaining provisions will remain in effect. | Relationship to Terms of Service: This Privacy Policy is incorporated into and subject to our Terms of Service. Use of our Services is subject to both documents. | By using Shopperoo or Textroo AI, you acknowledge that you have read, understood, and agree to this Privacy Policy.