Legal & Policies

Tranch Inc. and its subsidiaries ("Tranch", "we", "our", or "us") is committed to protecting and respecting your privacy.

Last Updated: 28th March 2024

1. Introduction

This privacy policy sets out how we collect, store, process, transfer, share and use data that identifies or is associated with you ("personal information") when you use the Tranch platform at https://tranch.com/ (the "Website"), as a result of your, your company’s (in which you are a shareholder, person with significant control, beneficial owner, and/or a director), your employer’s or other engaging entity’s (your “Engaging Entity”) use of our services or other interactions with us for business purposes. It applies to all employees, shareholders, directors, partners, persons with significant control, beneficial owners, workers, and contractors (as relevant) of any entity that may interact with us for business purposes (“you” or, “your”).

As further described in the "Information Collected through the Product" section, when you apply for an account with Tranch as a business customer or create an account as an authorized user of a business customer ("Tranch Account"), access or interact with our online platform available at https://tranch.com/ through your Tranch Account ("Platform"), collectively, the "Product", our processing of information through the Product is governed by the terms of our agreements with the issuing bank(s) and the applicable business customer, including our Terms of Service. In the event we are required to process the information for our own purposes, we will process the information in accordance with the practices described in this Privacy Policy.

Your use of the Service or Product constitutes your agreement to our data practices, and any other policies made available by us to you. If you do not agree, please notify us in writing to close your Tranch Account, delete any cookies you may have on your devices, and cease all use of the Service and Product. In certain circumstances, the business customer on whose behalf we provide services will need to confirm your choice before we can fully process your request.

If you have any questions or wish to exercise your rights and choices, please contact us at [email protected] or as further set out in the "Contact Us" section. If you are a Nevada resident, California resident, or data subject in Europe, please see the additional disclosures at the end of this Privacy Policy.

2. Information That Tranch Collects

A. Information Collected through the Service

We collect information when you use or interact with our Service. For example, we collect information when you browse our Website, read our emails, view our advertisements, engage in our affiliate referral programs, apply for a job, contact sales, or ask us a question. We collect information that you actively provide to us, and information that is automatically collected through tracking technologies (described below). We (or service providers on our behalf) may then send communications and marketing to these emails or addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.

The categories of information you provide to us through our Service include:

1. Contact Data, including your first name, last name, email address, phone number, job title, and marketing preferences.
2. Company Data, including your company name, government issued identification number, and postal address.
3. Content, including content within any messages you send to us (such as when contacting sales or asking a question).
4. Job Applicant Data, including your employment and education history, transcripts, writing samples, and references as necessary to consider your job application for open positions.
5. Referral Data, including information you provide about your contact details and any potential referrals as part of our affiliate referral program, such as their name, email address, and phone number. Where you provide information about potential referrals, you agree that you have all rights and permissions necessary to provide such information to us.

You may choose to voluntarily provide other information to us that we do not request, and, in such instances, you are solely responsible for such information.

The categories of information we automatically collect through our Service include:

1. Service Use Data, including information about how much time you spend on particular pages you visit, the features you use, your preferences or selections, the services you view, the time of day you browse, and your referring and exiting pages.
2. Device Data, including information about the type of device or browser you use, your device's operating software, your internet service provider, your device's regional and language settings, and device identifiers such as IP address and Ad Id.
3. Location Data, including imprecise location information (such as location derived from an IP address or information that indicates a city or postal code level).

The types of tracking technologies we use to automatically collect information include:

1. Log Files, which are files that record events that occur in connection with your use of the Service.
2. Cookies, which are data files stored on your device that act as a unique tag to identify your browser. We use two types of cookies: session cookies and persistent cookies. Session cookies make it easier for you to navigate our website. Persistent cookies help with personalizing your experience, remembering your preferences, and supporting security features. Additionally, persistent cookies allow us to bring you advertising. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings.
3. Pixels (also known as web beacons), which is code embedded in a website, email, or advertisement that sends information about your use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access a website, email, or advertisement that contains a pixel, the pixel may permit us or a separate entity to read cookies on your browser. Pixels are used in combination with cookies to track activity by a particular browser on a particular device. We may incorporate pixels from separate entities that allow us to track our conversions, bring you advertising, and provide you with additional functionality.
4. Device Fingerprinting, which is the process of analyzing and combining sets of data elements from your device's browser, such as JavaScript objects and installed fonts, to create a "fingerprint" of your device and uniquely identify your browser and device.

You may limit our collection of this information through tracking technologies by changing your browser or device settings. However, doing so may affect or limit the features available to you. For further information on how we use tracking technologies for analytics and advertising, and your rights and choices regarding them, see the "Analytics and Advertising" and "Your Rights and Choices" sections below.

B. Information Collected through the Product

Our Product is designed for use by business customers and their employees and authorized users. Our processing of information collected through the Product or otherwise provided to us by a business customer in connection with their use of the Product is governed by the terms of our agreements with the issuing bank(s) and the applicable business customer, including our Terms of Service. In the event of a conflict between this Privacy Policy and the terms of any agreements between a business customer and Tranch, the terms of those agreements will control. In the event we are permitted to process the information for our own purposes, we will process the information in accordance with the practices described in this Privacy Policy. We are not responsible for how our business customers treat information we collect on their behalf, and we recommend you review their own privacy policies.

We collect information through the Product when you:

1. Start the process of creating a Tranch Account.
2. Fill out an application or open a Tranch Account.
3. Sign-in to or access your Tranch Account.
4. Make changes to your Tranch Account.
5. Browse the Platform.
6. Upload an invoice on the Platform.
7. View your invoices
8. Select a Product for an Invoice on the Platform.
9. Change administrative or other settings within your Tranch Account.
10. Use or redeem rewards, such as referral bonuses.
11. Use integrations to connect your Tranch Account to third party services.

The categories of information you provide to us through the Product include:

1. Contact Data.
2. Company Data, including the information listed in Section 2.A. as well as any information you submit to us about your company when you apply for a Tranch Account or otherwise, such as details about your company's leadership, ownership, Financial Data, and Billing Data.
3. Financial Data, including your company's bank balance, routing and account numbers, transaction history, tax identification number, and related information.
4. Billing Data, including information to process your company’s payments to us, such as routing and account numbers.
5. Account Credentials, including your information for authentication and account access.
6. Transaction Data, including information associated with your company’s payments.
7. Receipt Data, including information you submit to us to process your company’s invoices.
8. Authorized User Data, including information you provide about any users who will be added to the Platform such as their name, email address, and phone number. Where you provide information about other users, you agree that you have all rights and permissions necessary to provide such information to us.
9. Content, including content within any messages you send to us either on the platform or via our email or video communication channels (such as when contacting support or asking a question).

Where you do not provide information when required---or where it is inaccurate, out-of-date, or unable to be validated---we may prohibit your use of the Product.

In addition, when you access or interact with our Platform, we automatically collect Service Use Data, Device Data, and Location Datathrough the types of tracking technologies listed in Section 2.A. above.

C. Information Collected from Other Sources

We also collect information from other sources. The categories of sources from which we collect information include:

1. Financial Partners, including credit bureaus in connection with your use of the Product.
2. Identity Verification Services and Financial Information Providers.
3. Third Party Integrations, such as with your designated bank, account services, transactional information providers, and other integrations that you connect to your Tranch Account.
4. Social Networks and other locations that serve or assist in serving our advertisements.
5. Joint Marketing, Referrals, and Rewards Partners that we engage for joint marketing activities and also our referrals and rewards programs.
6. publicly-available sources, including information in the public domain.

We treat the information collected from other sources subject to any laws or contractual obligations applicable to us. In the event we are permitted to process the information for our own purposes, we will process the information in accordance with the practices described in this Privacy Policy.

3. How We Use Information

We collect and use information for business and commercial purposes in accordance with the practices described in this Privacy Policy. Our business purposes for collecting and using information include:

1. Providing Services. We use the information we collect to operate and manage our Service and Product, including to provide the Website, determine eligibility for the Product, allow you to use the Platform, and otherwise provide services requested by you and our business customers.
2. Important Communications with You. We use the information we collect to send you technical notices, updates, security alerts, information regarding changes to our policies, and support administrative messages.
3. Security and Fraud Detection. We use the information we collect to prevent and detect potentially fraudulent or unauthorized transactions, breach of policies or terms, and threats of harm.
4. Understanding Usage and Improving our Services and Products. We use the information we collect to understand how our business customers use the Service and Product, and improve our services and products. We may also improve usability of the Service and Product by analyzing how you interact with our Service and Product (such as analyzing how you use tools made available to you or which links you click).
5. Auditing and Research. We use the information we collect to conduct internal reporting, auditing, and research, including focus groups and surveys.
6. Marketing and Advertising. We use the information we collect through the Service to develop and send advertising, direct marketing, and communications about our and other entities' products, offers, promotions, rewards, events, and services.
7. At your Direction. We use the information we collect to fulfil any other purpose at your direction. For example, if you send us a photo of your receipt through text message, we will process that receipt to provide the Product to you. Also, if you direct us to connect your Tranch Account to a third party integration, such as Slack, we will process that request accordingly.
8. With Notice to You and Your Consent. We may otherwise use the information we collect after providing notice to you and obtaining your consent.

Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by law or contractual obligation applicable to us. For information on your rights and choices regarding how we use information about you, please see the "Your Rights and Choices" section below.

4. Sharing Information

We share information we collect, including information that identifies you, in accordance with the practices described in this Privacy Policy. Unless otherwise prescribed below, the following terms govern confidentiality between each party:

• Each party may be given access to Confidential Information from the other party in order to perform its obligations under the Terms of Service. A party’s Confidential Information shall not be deemed to include information that:
  • is or becomes publicly known other than through any act or omission of the receiving party;
  • was in the other party’s lawful possession before the disclosure;
  • is lawfully disclosed to the receiving party by a third party without restriction on disclosure;
  • is independently developed by the receiving party without referencing the information disclosed by the disclosing party, which independent development can be shown by written evidence; or
  • is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.
• Each party shall hold the other’s Confidential Information in confidence and, unless required by law, not make the other’s Confidential Information available for use for any purpose other than as needed to perform these Terms of Service including disclosing Confidential Information to third parties as necessary in connection with any credit and due diligence checks.
• Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by it or its employees or agents in violation of these Terms of Service.
• Each party shall take a back-up of its own Confidential Information and shall not be responsible to the other for any loss, destruction or alteration of Confidential Information.

The categories of parties with whom we may share information include:

1. Service Providers. We share information with service providers that process information on our behalf. Service providers assist us with services such as payment processing, data analytics, website hosting, and technical support. We contractually prohibit our service providers from retaining, using, or disclosing information about you for any purpose other than performing the services for us, although we may permit them to use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law or contractual obligation.
2. Affiliates. We share information with our affiliates and related entities, including where they act as our service providers or for their own internal purposes.
3. Supplier Partners. We share limited information with Supplier Partners to enable them to see the progress of a payment or lending application relating to their invoices. We only share details of the status of specific invoices or groups of invoices payable to them, including customer name, reference(s), invoice amount(s), date of upload to the Platform and the relevant status, for example: Pending, Approved, Expired, Paid, Failed, Refunded or Ineligible.
4. Identity Verification Services. We share information as necessary to verify your identity.
5. Credit Reporting Agencies and Other Financial Information Providers. We may share information about you and your company with credit reporting agencies to verify information about your business, to report on your business's performance, and to report late payments, missed payments, or other defaults, if applicable.
6. Marketing and Advertising. We share information collected through the Service with vendors or other parties for marketing and advertising related purposes. These parties may act as our service providers, or in certain contexts, independently decide how to process your information. For more information, see the "Analytics and Advertising" section below.
7. Mergers and Acquisition. We share information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
8. Security and Compelled Disclosure. We share information to comply with the law, regulations, payment network rules, or other legal process, and where required in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also share information with regulators, law enforcement, financial services providers, and other authorized third parties as required by law. We will also share information to protect the rights, property, life, health, security and safety of us, the Service, the Product, or anyone else.
9. Referrals and Joint Marketing. We share information with our partners in connection with facilitating referral partnerships or engaging in joint marketing activities. For example, if you were referred to our Service or Product through a referral partner, we share information with our referral partner to calculate the referral fee.
10. At your Request. We share information at your request or direction, such as if you direct us to connect your Tranch Account to a third party integration.
11. With Notice to You and Your Consent. We may otherwise share information after providing notice to you and obtaining your consent.

Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by law or contractual obligation applicable to us. For information on your rights and choices regarding how we share information about you, please see the "Your Rights and Choices" section below.

5. Other Parties

The Service and Product may link to or integrate with websites, platforms, and services operated or controlled by other parties. Some examples include:

1. Links. Our Service and Product may link to websites, platforms, and other services not operated or controlled by us.
2. Log-In. We may embed a pixel on our Service that allows you to log-in to your Tranch Account through another service. For example, you may log-in to your Tranch Account through your account with Google. If you choose to engage with such integration, we may receive information from the other service that you have authorized to share with us. Please note that the other service may independently collect information about you through the integration.
3. Social Media. We may offer our content through social media. Any information you provide to us when you engage with our content is treated in accordance with this Privacy Policy. Also, if you publicly reference our Service or Product on social media (e.g., by using a hashtag associated with Tranch in a tweet or post), we may use your reference on or in connection with our Service.
4. Platform Linking. We may offer you the ability to link your Tranch Account to another service in order to retrieve certain information about your account on that service. For example, if you link your account to an accounting and bookkeeping platform, such as QuickBooks or NetSuite, or a business communication platform, such as Slack, the linking may allow us to obtain information such as your username, email address, photo, Transaction Data, and duplicate transactions. For more information about how these platforms handle information about you, please refer to their respective privacy policies and terms of use.

Please note that when you interact with other parties, including when you leave our Service or Product, those parties may independently collect information about you and solicit information from you. The information collected and stored by those parties remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

6. Analytics and Advertising

We use analytics services, such as PostHog and Plausible.io, to help us understand how users access and use the Service. In addition, we work with agencies, advertisers, ad networks, and other technology services to place advertisements on our behalf on other websites and services. For example, we may place ads through Google and Facebook that you may view on their platforms as well as on other websites and services.

As part of this process, we may incorporate tracking technologies into our own Service (including our Website and emails) as well as into our ads displayed on other websites and services. Some of these tracking technologies may track your activities across time and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you ("Interest-based Advertising").

As indicated above, vendors and other parties may act as our service providers, or in certain contexts, independently decide how to process your information. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

While you may disable some tracking technologies by blocking cookies in your browser, you may still see advertising as part of a broader marketing campaign. For further information on the types of tracking technologies we use on the Service and your rights and choices regarding analytics and Interest-based Advertising, please see the "Information Collected through the Service" and "Your Rights and Choices" sections.

7. Data Transfer

Our Service and Product are operated from and directed toward business customers with a presence in the United States and United Kingdom, for exclusive use by their employees and authorized users. Any information we collect may be transferred to, processed, used, handled, and stored in the United States and other jurisdictions from our services in London, United Kingdom. Data protection laws in the United States and other jurisdictions may differ from those of your country of residence. The information we collect is governed according to United States law.

By using the Service or Product, you consent to the transfer, processing, use of, handling, and storage of information about you in the United States and other jurisdictions as described in this Privacy Policy. For personal data transferred from Europe or the United Kingdom, we will provide appropriate safeguards, such as through the use of standard contractual clauses.

8. Additional Important Information

Security. We use organizational, technical, and administrative measures designed to protect information about you from loss, theft, misuse, and unauthorized access, disclosure, alteration and destruction. However, no information security program or transfer via the internet is entirely secure and we cannot guarantee the security of information about you.

Use by Minors. We do not direct any of our services to children. We do not knowingly collect personal information (as defined by the U.S. Children's Privacy Protection Act, or "COPPA") from children under 13. We also do not knowingly "sell," as that term is defined under the CCPA, the personal information of minors under 16 who are California residents. If you are a parent or guardian and believe we have violated this provision, contact us at [email protected].

Changes to this Privacy Policy. We reserve the right to change and reissue this Privacy Policy at any time by posting an updated version. Your continued use of our Service or Product indicates your consent to the Privacy Policy then posted. If we have an existing relationship with you, you represent a business customer, or if you are an employee or authorized user, we may provide you or the business customer notice through our Website or your Tranch Account; or provide notice directly to you using the Contact Data provided to us. If we do not have an existing relationship with you---for instance, if you only visit our Website---any notice we provide will be posted to our Website. Any privacy notice is effective upon posting or when it is provided to you.

9. Your Rights and Choices

Tranch Account. The information in your Tranch Account is governed by our agreements with the applicable business customer. You may access, update, or delete certain information within your Tranch Account through the Platform, provided that the business customer will make the ultimate decision around the processing. The business customer's administrator is responsible for your Tranch Account associated with the business customer. The business customer administrator has the ability to grant, restrict, suspend, or terminate your access to or use of the Product. The administrator can also access information about you on the Product, access and retain information we have stored on your behalf, and limited your ability to edit, modify, delete, or use information associated with your use of the Product. Please note that if you delete information through your Tranch Account, we will retain and use information about you as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Tracking Technology Choices.

1. Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.
2. Do Not Track. Your browser settings may allow you to automatically transmit a "Do Not Track" signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to "Do Not Track" signals. For more information on "Do Not Track," visit http://www.allaboutdnt.com.

Please be aware that if you disable or remove tracking technologies some parts of the Service and Product may not function correctly.

Analytics and Interest-Based Advertising. Google provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout and by Google Analytics for Display Advertising or the Google Display Network at https://www.google.com/settings/ads/onweb.

The companies we work with to provide you with targeted ads in connection with the Service are required by us to give you the choice to opt out of receiving targeted ads. Most of these companies are participants of the Digital Advertising Alliance ("DAA") and/or the Network Advertising Initiative ("NAI"). To learn more about the targeted ads provided by these companies, and how to opt out of receiving certain targeted ads from them, please visit: (i) for website targeted ads from DAA participants, https://www.aboutads.info/choices; and (ii) for targeted ads from NAI participants, https://www.networkadvertising.org/choices. Opting out only means that the selected participants should no longer deliver certain targeted ads to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., in connection with the participants' other customers or from other technology services).

Please note that if you opt out using any of these methods, the opt out will only apply to the specific browser or device from which you opt out. We are not responsible for the effectiveness of, or compliance with, any opt out options or programs, or the accuracy of any other entities' statements regarding their opt out options or programs.

Communications.

1. E-mails. You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link. Please note that you cannot opt-out of transactional emails, such as those about your Tranch Account, transactions, servicing, or our ongoing business relations.
2. Text, SMS Messages, or WhatsApp messages. If you have opted in to receiving text, SMS messages or WhatSapp messages related to your use of the Product, you can opt-out at any time by texting "STOP" to the short code. After you send the SMS message "STOP" to us, we will send you a message to confirm that you have been unsubscribed. After this, you will no longer receive messages from us. For more information, please see our Terms of Service.

Please note that your opt out is limited to the email address or phone number used and will not affect subsequent subscriptions.

Unlinking Platforms. If you have linked your Tranch Account with certain other services, such as Slack or QuickBooks, you may unlink your accounts at any time by visiting your Tranch Account settings. Please note that unlinking your accounts will not affect any information previously shared through the linking. Tranch is not responsible for the data practices of any other entities, and we recommend that you carefully review their privacy policies and terms of use.

11. Additional Disclosures for Nevada Residents

Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us at [email protected].

12. Additional Disclosures for California Residents

These additional disclosures apply only to California residents and only to the extent applicable.

Our Service and Product are primarily intended to provide information and services to job applicants and business customers. You understand and agree that personal information collected about you is solely within the context of (i) your role as an employee, authorized user, job applicant, owner, director, officer, or contractor or (ii) Tranch conducting due diligence regarding, or providing or receiving a product or service to or from your employer.

We acknowledge that you may have rights under the CCPA in connection with the personal information we process on behalf of our business customers. If personal information about you has been processed by us as a service provider on behalf of a business customer and you wish to exercise any rights you have with such personal information, please inquire with our business customer directly. If you wish to make your request directly to us, please provide the name of our business customer on whose behalf we processed your personal information. We will refer your request to that business customer, and will support them to the extent required by applicable law in responding to your request.

Notice of Collection

The California Consumer Privacy Act of 2018 ("CCPA") provides additional rights and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights. In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:

1. Identifiers, including name, postal address, email address, and online identifiers (such as IP address).
2. Customer records, including phone number and mailing address.
3. Characteristics of protected classifications under California or federal law, including gender.
4. Commercial or transactions information, including records of products or services purchased, obtained, or considered.
5. Internet activity, including browsing history, search history, and interactions with a website, email, application, or advertisement.
6. Geolocation data.
7. Employment and education information.
8. Inferences drawn from the above information about your predicted characteristics and preferences.

For further details on information we collect, including the sources from which we receive information, review the "Information that Tranch Collects" section above. We collect and use these categories of personal information for the business purposes described in the "How We Use Information" section above.

We do not sell information collected through the Service or Product.

Right to Know and Delete

You have the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us:

1. The categories of personal information we have collected about you;
2. The categories of sources from which the personal information was collected;
3. The categories of personal information about you we disclosed for a business purpose or sold;
4. The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
5. The business or commercial purpose for collecting or selling the personal information; and
6. The specific pieces of personal information we have collected about you.

In addition, you have the right to delete the personal information we have collected from you. Closure or deletion of your company’s Tranch Account will mean that the business customer will permanently lose access to the Personal Information and data associated with the Tranch Account. Personal information or de-identified information associated with your company’s Tranch Account may nonetheless remain on systems owned or maintained by Tranch where required to comply with the law, our contractual obligations, or carrying out legitimate business functions.

Where Tranch retains Personal Information after an account has closed, individuals may have the right to access, delete, or assert other rights under the laws of their jurisdiction.

To exercise any of these rights, please submit a request by sending an email to [email protected] with "CCPA Request" in the subject line and specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. If personal information about you has been processed by us as a service provider on behalf of a business customer, we will follow the procedure set out above. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.

Authorized Agent.

You can designate an authorized agent to submit requests on your behalf. However, we will require signed proof of the agent's permission to do so and verify your identity directly.

Right to Non-Discrimination.

You have the right not to receive discriminatory treatment by us for the exercise of any of your rights.

Shine the Light.

Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties' own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclose such information. To exercise a request, please write to us at [email protected] or the postal address set out in "Contact Us" above and specify that you are making a "California Shine the Light Request." We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.

13. Additional Disclosures for Data Subjects in Europe

Roles.

Data protection laws in Europe distinguish between organizations that process personal data for their own purposes (known as "controllers") and organizations that process personal data on behalf of other organizations (known as "processors"). Tranch acts as a controller with respect to personal data collected as you interact with our Service. For the Product, Tranch acts as a controller, and in certain instances may act as a processor on behalf of a business customer, which is the controller,. Any questions that you have relating to the processing of personal data by Tranch as a processor should be directed to the relevant business customer.

Lawful Basis for Processing.

Data protection laws in Europe require a "lawful basis" for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers, partners, or business customers; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests. Where applicable, we will transfer your personal data to third countries subject to appropriate safeguards, such as standard contractual clauses.

Your Data Subject Rights.

You have the right to access, rectify, or erase any personal data we have collected about you. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.

To exercise any of these rights, please contact us as set out in the "Contact Us" section above and specify which right you are seeking to exercise. We will respond to your request within 30 days. We may require specific information from you to help us confirm your identity and process your request. If personal data about you has been processed by us as a processor on behalf of a business customer and you wish to exercise any rights you have with such personal data, please inquire with our business customer directly. If you wish to make your request directly to us, please provide the name of our business customer on whose behalf we processed your personal data. We will refer your request to that business customer, and will support them to the extent required by applicable law in responding to your request.

Please note that we retain information as necessary to fulfill the purposes for which it was collected, and may continue to retain and use information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

If you have any issues with our compliance, you may contact us at [email protected]. You also have the right to lodge a complaint with the data protection regulator in your jurisdiction.