Privacy Policy

Last Updated: September 29, 2022

Tilia LLC and its affiliates (collectively “Tilia”, “we”, “us”, “our”) respect the privacy of its online visitors and users of its websites, apps, products and services, including the services accessible within third-Party Platforms and Publishers (each term as defined in our Terms of Services) (collectively, the “Services”).  

We recognize the importance of protecting information collected from our users and have adopted this Privacy Policy to inform you about how we gather, use, store, disclose, and otherwise process your information, including personal information (also known as personal data), in conjunction with your access and use of our Services.  Please read this Privacy Policy carefully to understand our views and practices regarding your personal information and how we will treat it.  

1. TYPES OF INFORMATION WE COLLECT AND HOW WE COLLECT IT

We collect two types of information – “personal information” and “anonymous information” – which we may use to create a third type of information, “aggregate information”.  

• “Personal Information”, also often referred to as “Personal Data”, means information that identifies (whether directly or indirectly) a particular individual, household, or device, such as the individual’s first and last name, postal address, e-mail address, telephone number, username, and/or image.  
• “Anonymous Information” means information that does not directly or indirectly identify, and cannot reasonably be used to identify, an individual, household, or device.  
• “Aggregate Information” means information about groups or categories of individuals which does not identify, and cannot reasonably be used, to identify an individual, household, or device.  We may share Aggregate and Anonymous Information with other parties without restriction.

Information You Provide

We collect the information which you provide us which may include:

• Registration or Account Information. Information you provide when you register to use our Services or create an account such as: your first name and last name, country of residence, date of birth, e-mail address, username and password.  
  
  Not all information will be mandatory to create the account or register to use the Services, for example we do not ask you to provide sensitive information or special category data (such as that regarding your race, ethnicity, religious beliefs or sexual orientation).  However, if you opt to provide more information, please note that this may become publicly available depending on its nature and why it was provided (e.g. your image for your account profile photo).  

• Identity and KYC Information. When you use certain of our Services, including when accessed through a Publisher’s Platform, we will need to confirm your identity to comply with applicable laws.  To do this, we require that you provide us with information commonly referred to as “KYC” or “Know Your Client” information.  Which KYC information is required differs depending on which law applies but generally, the information that may be required includes your name, date of birth, social security number, address, email address, phone number, photo of an ID document (such as a passport or government-issued photo identification), and card details.      
• Purchase and Transaction Information. When using our Services to conduct transactions, including through a Publisher’s Platform, we may collect and retain some or all of the information related to these transactions, including payment details, transaction amount(s), parties involved, time and manner of exchange, the IP address of where the transaction is originating, and other transaction circumstances, such as payment method and names or emails of external third-party accounts (for example, PayPal or Skrill).
• Your Marketing Preferences. We like to keep in touch with our users and future users through different communications such as emails.  To ensure you find these communications useful, we ask you for your marketing preferences which may include your personal information.    
• Surveys, Contests and Promotions. As part of our Services, we sometimes offer or ask you to take part in surveys, contests, or promotions.  Depending on the nature of the survey, contest, or promotion, we may ask you, or you may volunteer, to provide certain personal information, such as your name, address or opinion.
• When you do Business with us. If you are a vendor, service provider, or business partner (or a prospective vendor, service provider or business partner) of us, we may collect information about you and the services you provide, including your or your employees’ business contact information and other information you or your employees provide to us as part of the services you may provide and our agreement with you.
• Communications. We collect information you provide when you contact us, for example regarding customer support inquiries or other inquiries related to your account, or to provide us with feedback on the Services.  

Information We Collect Automatically

When using our Services, in addition to the information you provide us, there is also some information we may collect automatically that identifies you or the device you are using to access the Service, such as your computer or mobile device.  Generally, this information relates to your use of the Services and your preferences, such as the types of Services you view or engage with, the features you use, the actions you take, the people or accounts you interact with, and the time, frequency and duration of your activities.  In addition, we may also collect location information when you use the Services, including geolocation information or your internet protocol (IP) address.

For more information on this, please see our Cookies Policy.

Information We Receive From Third Parties

• Publishers can also create accounts on your behalf if you use one of our Services on their Platform and when they do this, they will provide certain information to us such as your first name and last name, country of residence, date of birth, e-mail address, username and password.  You will know when this happens as you will be prompted to review our Terms of Service and this Privacy Policy.
• When verifying your identity, we may use the services of third parties for all or part of the process.  As part of doing so, the third party may provide information about you such as credit history and credit information.  
• We may also receive information about you from Publishers who make our Services available to you through their Platforms.

2. USE OF YOUR INFORMATION BY TILIA

Tilia may use your personal information, subject to and at all times in compliance with applicable laws and your choices and controls, for the following purposes:

• Services. To provide you with the Services you request, including to create and manage your account, create your Tilia wallet, process payments and transactions, and provide you with customized Services and experiences based on your preferences.
• Conduct KYC Checks. As explained above, we are required by law to verify your identity in certain countries before we are allowed to provide you with certain of our Services.  Therefore, to do so, we must process the information required by the relevant applicable law in order to be able to verify your identity.
• Service Communications. Communicate with you about your account or transactions with us, or other Service-related announcements such as regarding features on our Services and applications or changes to our policies or terms.
• Marketing Communications. Send you offers and promotions for our Services or, as permitted, third-party products and services, via email, or text.
• Other Communications. If you submit a question, inquiry or concern to us, we will use your personal information to respond to you.
• Advertising. Provide you or serve you with advertising or information based on your activity on our Services and on third-party sites and applications
• Surveys, Contests or Promotions. If we administer a survey, contest, or promotion, we will need to process certain personal information to do so.  This will vary depending on the nature of the survey, contest, or promotion.
• Improve Our Services. Develop and test our Services and operations to optimize and improve our Services and operations.
• Violations, Illegal Acts or Fraud. Detect, investigate and prevent activities on our Services that may violate our policies (including any applicable terms of service or terms of use) or may be illegal or harmful in any way to us, our Services users, our property, or any other third party.  This includes any potential or actual act(s) of fraud or fraudulent behaviour using or related to our Services.
• Verification and Monitoring. Verify accounts and monitor activities within our Services to promote safety and security of our Services, our users and our properties, and to detect any potential or actual act(s) of fraud or fraudulent behaviour related to our Services.‍
• Compliance. Comply with applicable laws and regulations and any lawful requests from regulators, governmental bodies or other authorities.

3. SHARING YOUR INFORMATION WITH THIRD PARTIES

We will not share your personal information with any third party except in limited circumstances and where permitted by applicable law, including:

• When you are accessing our Services through a Publisher’s Platform, we will share some of the information we collect or process about you with the Publisher.  This is to ensure the relevant task or action is performed, e.g. the Publisher provides the item purchased within the Platform;

• When you consent to us sharing your personal information with another company;          

• When companies perform services on our behalf, including those who help us provide the best services to you and others (such as hosting/storage, anti-fraud functions, billing, collections, registration, customer support, e-mail delivery, age verification, or other operations).  These companies are prohibited from using your personal information for purposes other than those requested by us or required by law;
• With our business partners that we perform joint campaigns with;
• With our business partners that may include partners in our ad network (see section “Your Controls, Rights and Choices” for more information on these partners);
• In connection with the sale of any of our Services, assets and/or businesses, or when the ownership or control of all or part of our Services changes;
• To enforce our Terms of Service or other rules or policies, to ensure the safety and security of our users and third parties, to identify and prevent potential or actual fraud or fraudulent activities, to respond to requests from law enforcement, officials, regulatory agencies and other lawful requests or legal processes, or to comply with a legal obligation to which we are subject, or other legal process or in other cases if we believe in good faith that disclosure is required by law; and
• To effectively perform our Services, we may share your personal information with our affiliates.  

4. CHILDREN’S PRIVACY

As stated in our Terms of Service, we do not make our Services available to anyone under the age of 18. Therefore, we do not intend to collect or otherwise process personal information of anyone under the age of 18. If you have reason to believe we are processing personal information of anyone under 18, please get in touch with us as soon as possible using the contact details in section “Comments and Questions”.

5. ADDITIONAL INFORMATION FOR INDIVIDUALS LOCATED IN THE U.S.

U.S. GLBA Notice

Personal information relating to U.S. users that we collect in connection with the solicitation and provision of our payment and stored value services is subject to our U.S. GLBA Notice.  In the event of conflict or inconsistency between this Privacy Policy and our U.S. GLBA Notice, the U.S. GLBA Notice will apply that information.

Other information we collect from U.S. persons will be subject to the provisions of this Privacy Policy.

CCPA

If you are a California resident in accordance with the California Consumer Privacy Act (CCPA), the following information applies to you.

Personal Information We May Collect

During the past twelve (12) months, we may have collected the following categories of personal information about you:

Categories of personal information

Examples

Personal Identifiers

Full name (including any nickname or alias you have used), date and place of birth, taxpayer or government-issued identification number (such as your Social Security number, driver’s license or identification number, passport number, or other similar identifiers), IP address, device identifier, avatar information if this reflects your identity, unique personal identifier, online identifier, and Services account name.

Personal Information under CA Code §1798.80(e)

Contact details (name, address, email address, telephone number, any information you may provide to us about yourself).

Characteristics of Protected Classes or Groups Under State or Federal Law

Age, gender, national origin, race, national origin, and citizenship.

Financial Information (information described in CA Code §1798.80)

Services obtained, transaction histories, purchasing or consuming histories.

Biometric information

N/A

Internet or Network Activity

Internet or Network Activity

Geolocation Data

Device location, geographic location from which your transaction originates.

Inferences drawn from any of the categories of Personal Information above

We may verify your identity against third-party databases; potential fraudulent activity or behaviour.

Education information

N/A

Professional and employment information

Business; job title.

Audio, electronic, visual, thermal, olfactory, or similar information

N/A

Why We Collect Personal Information and How We Use It

‍The purposes for which we collect and use your personal information (described in detail above) depends on how you engage with us and our Services.  The table below lists the purposes for which we may collect and use your personal information:

Purposes for collection and use

Examples

To collect, process, and retain your personal information where required by law.

To fulfill our obligations under federal and state laws.

To provide you with the information, products, and services that you request from us.

To allow you to transact with Publishers and their users through our Services.

To provide, maintain, personalize, optimize, and improve the Services, including research and analytics regarding use of the Services, or to remember you when you leave and return to the Services.

To provide you with the same preferred settings each time you use our Services.

Provide you with more relevant content in marketing, promotional, or other communications to which you may be subscribed.

To inform you about events and news we think you’ll be interested in.

Detect, investigate, and prevent activities that may violate our policies or may be fraudulent or illegal.

To ensure you are who you’re telling us, and to ensure you are using our Services from where you are telling us.

Sources of Personal Information

We collect or receive your personal information from the following sources:

• From you and your use of our Services.  
• Third-party sources, as described above in Privacy Policy.

We may also combine your personal information from the Services with the categories of sources listed above.

Disclosure of Personal Information

The categories of third parties to whom we disclose personal information about you depends on, among other things, our relationship or interaction with you.  During the past twelve (12) months, we have disclosed your personal information for our business purposes described above to the following categories of third parties:

• Service providers that assist us in providing the Services, including in relation to hosting/storage, anti-fraud functions, billing, registration, customer support, e-mail delivery, age verification, or other operations;
• Third parties authorised by you;
• Advertising platforms (for further information, see our Cookies Policy); and
• Analytics and search engine providers.

Your Rights

The CCPA grants certain rights to California residents, namely:

• Right to Access.  A California resident has the right to request a report showing the personal information collected, shared, and sold about them in the past twelve (12) months.
• Right to Deletion.  A California resident has the right to request we delete any personal information collected about them.
• Right to Opt-Out of Sale of Personal Information.  A California resident has the right to opt-out of the sale of their personal information to third parties (see further below).
• Right to Non-Discrimination.  A California resident also has the right to not be discriminated against by us if they choose to exercise any of the above rights.

If you wish to exercise any of these rights, please see section “Your Controls, Rights and Choices” for email and postal details.

Sale of Personal Information

We do not sell personal information.

Other U.S. State Privacy Laws and Requirements

• “Shine the Light” and “Eraser” Laws: Residents of the State of California may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes.  If you are a California resident under the age of 18, and a registered user of the website where this policy is posted, you may request removal of content or information you have publicly posted.  Please be aware that such a request does not ensure complete removal from the Internet of the content or information you posted, and there may be circumstances in which the law does not require or allow removal.  If you wish to exercise these rights, please see section “Your Controls, Rights and Choices”.
• Do Not Track Signals: We currently do not respond to Do Not Track signals or similar signals.  Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.  You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Vermont Residents: We will not share your information with companies outside of Tilia, except for our everyday business purposes, for marketing our products and services to you, or with your consent. We will not disclose credit information about you within or outside Tilia except as required or permitted by law.

6. ADDITIONAL INFORMATION FOR INDIVIDUALS LOCATED IN THE EU OR THE UK

In addition to the information provided throughout this Privacy Policy, there are certain other pieces of information we are required by law in the EU and UK to provide you.  

Controller

The controller of your personal information is Tilia LLC of 945 Battery Street San Francisco, CA 94111.  

Processor    

With respect to some of the personal information and processing described above, we will act as a processor of your personal information as opposed to a controller.  This is when we are only processing your personal information on behalf of a Publisher; this generally occurs when you access our Services through a Publisher’s Platform and we do not need to process the personal data for our own purposes.  An example of processing for our own purposes is performing KYC checks.

When we do act as a processor, certain details in this Privacy Policy will not apply to you; most importantly, if we process your personal information as a processor, you may not be able exercise the rights listed in “Your Controls, Rights and Choices” directly to us.  You can, however, exercise them with the controller of your personal data which will most likely be a Publisher whose Platform you use.  

If you have any questions regarding our role as a processor, you can get in touch using the contact details in section “Comments and Questions”.

Your Rights

For information on the rights exercisable by EU or UK individuals, and details on how to exercise them, please see section “Your Controls, Rights and Choices”.

In addition to those listed below, EU and UK individuals also have the right, at any time, to submit a complaint to a data protection authority.   We would, however, appreciate the opportunity to resolve your issue before you do this.

International Transfers

As an organisation operating globally, we may be required to transfer your personal information to countries other than that from which it was collected.  Whenever your personal information is transferred, stored or processed by us, we will take reasonable steps to safeguard the privacy of your personal information in accordance with applicable law.  In particular, when transferring personal information from the EU or UK, we will either only transfer your personal information to a country which has been deemed by the European Commission or the UK data protection authority, the Information Commissioner’s Office, to be adequate or we will ensure the following appropriate measures are in place so your personal information is treated by the recipients in a way that is equivalent to, and which respects, the EU and UK laws on data protection and your rights as an EU or UK data subject.  These include:

• the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR, as may be amended or replaced from time to time (the “EU Clauses”); and
• standard data protection clauses specified in regulations made by the Secretary of State under section 17C(b) of the 2018 Data Protection Act and for the time being in force in the United Kingdom (the “UK Clauses”).

Where necessary, we may also further supplement the EU Clauses and/or UK Clauses with additional measures specific to a relevant transfer, such as increased security.  If you require further information about either the EU Clauses or the UK Clauses, or the other protective measures in place, please contact us using the details provided in section “Comments and Questions”.

Lawful Basis for Processing

We will only collect, use, process and store your personal information where we have a valid lawful basis.  Our lawful bases include:

• Consent (you have given us consent);
• Performance of a contract (our processing is necessary for the performance of a contract we have with you or to take specific steps before entering into a contract with you.  This may be, for example, a contract to receive Services from us);
• Legal obligation (processing is necessary for us to comply with applicable laws, regulations and regulatory authorities, court orders or law enforcement requests, for example to perform KYC checks); and
• Legitimate interests (processing is necessary for ours, or a third party’s, legitimate interests.  The legitimate interests pursued by us are improving our business or customer relationships, marketing and advertising, resolving disputes, identifying and preventing fraud and abuse, analysing and improving safety and security of our Services, enforcing our Terms of Service.  You have the right to object to processing based on legitimate interests).

Retention

We will only retain your personal information for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.  We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.  For example, we retain your personal information while each of your accounts is in existence or as needed to provide you with Services.  

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

7. ADDITIONAL INFORMATION FOR INDIVIDUALS LOCATED OUTSIDE THE U.S., THE EU OR THE UK

In certain jurisdictions, we will need your explicit consent to obtain, process and share your personal information.  All such processing will be carried out in line with this Privacy Policy.  To the extent required, your use of the Services will be deemed your explicit consent to obtain, process and share your personal information.  If you do not wish to provide us such consent, you should cease using the Services immediately and contact us using the contact details provided in section “Comments and Questions”.

If you are located in a country outside of the U.S., the EU or the UK and have any questions about how we process your personal information, or regarding whether you have any rights with regards to your information, please contact us using the contact details provided in section “Comments and Questions”.

8. YOUR CONTROLS, RIGHTS AND CHOICES

Right to Access and Control your Personal Information

In certain circumstances, you may have the right to:

• Correct or Update: You may correct or update your account registration or your personal information or you may also ask us to change or update your information in certain cases, particularly if it is inaccurate;
• Delete: You may delete your account or ask us to erase or delete all or some of your personal information (for example, if it is no longer necessary to provide Services to you);
• Object to processing: You may object to the processing of your personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.  You also have the right to object where we are processing your personal information for direct marketing purposes;
• Limit or Restrict use of Personal Information: You may ask us to stop or suspend using all or some your personal information in certain scenarios (for example if we have no legal right to keep using it) or to limit our use of it (for example, if your personal information is inaccurate or unlawfully held);
• Withdraw Consent: You may withdraw consent at any time where we are relying on consent to process your personal data and you may change your choices for subscriptions, newsletters and alerts (for example, you may choose whether to receive offers and promotions, or other marketing, from us for our products and services, or products and services that we think may be of interest to you);
• Right to Access Your Information: You may request access to the personal information we hold about you; access includes details about your personal information and how it is being processed and a copy of such personal information (commonly known as a “data subject access request”);
• Right to Move Your Personal Information: You may request a copy of your personal information in machine-readable form, and you may have the right to transmit such data to another controller, without hindrance from us.

To exercise one of the above rights, please contact us at the postal address below or by emailing privacy@tilia.io.

Tilia LLC    
Attention: Privacy
8605 Santa Monica Blvd, PMB 59201
West Hollywood, California 90069    

You can submit a request on your own behalf or on behalf of someone else.  If you are acting on someone else’s behalf, we will need to verify your authority to do so.  

We will consider your request in accordance with applicable laws.  We may need to request specific information from you to help us confirm your identity and ensure your right to exercise the right.  This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.  We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within the timeframe required by applicable law.  Occasionally it could take us longer than this if your request is particularly complex or you have made a number of requests.  In this case, we will notify you and keep you updated.

Account Closure

You may close your account by contacting us at privacy@tilia.io.  If you choose to close your Tilia account, we may retain information for a limited period for the purposes set out in this Privacy Policy, at all times to the extent permitted at law.

Advertising Choices

We participate in ad and/or affiliate networks operated by various third-party companies.  We and these third-party companies may collect and use certain information about you and your visits to our Services to help serve advertising that is relevant to your interests.  If you would like to learn more about these specialized advertising technologies, the Network Advertising Initiative offers useful information about Internet advertising companies, including information about how to opt-out of certain information collection.  

For more information on how to opt-out of receiving internet-based advertising, please visit:

• Digital Advertising Alliance (US) https://www.aboutads.info/choices/
• Digital Advertising Alliance (Canada) https://youradchoices.ca/en/tools
• Digital Advertising Alliance (EU) https://www.youronlinechoices.com/
• Network Advertising Initiative https://optout.networkadvertising.org/?c=1

On many mobile devices, you can control interest-based advertising through your device’s settings.  These options can include resetting your device’s advertising ID or selecting “Limit Ad Tracking” (for iOS devices) or “Opt out of Ads Personalization” (for Android devices) in your device settings.

Ad choices settings and options will vary depending on your browser and device settings, and this is not an exhaustive list.  Please note that your opt-out choices will only apply to the specific browser or device from which you opt out.  We encourage you to explore your device and browser settings to better understand your choices.

Precise Location

You can withdraw consent for our collection, use, and transfer of precise location information by adjusting the location settings on your device.

9. SECURITY

We implement technical, physical and organizational security safeguards designed to protect your personal information, from loss, misuse and unauthorized access and disclosure.  In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

We regularly monitor our systems for possible vulnerabilities and attacks.  However, given the nature of electronic communications and information processing technologies, we cannot guarantee the security or safety of any information that is sent to us, transmitted through the Internet or stored on our systems.  There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach by others of any of our physical, technical, or organizational safeguards.  We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

10. DATA TRANSFERS

We operate globally and may transfer your personal information to other Tilia companies or third parties in locations around the world for the purposes described in this Privacy Policy.  When we do this, we take reasonable steps to ensure an appropriate level of protection for your information, in compliance with applicable law.

If you are located in the EU or the UK, please see the section above titled “Additional Information for Individuals Located in the EU or the UK”.

11. THIRD-PARTY LINKS

Our Services may include links to third-party websites, plug-ins and applications.  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements.  When you leave our Services, we encourage you to read the privacy policy of every website you visit.

12. CHANGES TO THIS PRIVACY POLICY

We keep our Privacy Policy and practices under review, and this Policy was last updated on the date given above.  From time to time, we may change this Privacy Policy to accommodate new technologies, industry practices, regulatory requirements or for other purposes.  Any changes to this Policy will be posted online, and we will provide notice to you through our Services if these changes are material and, where required by applicable law, we will obtain your consent.  If you object to any changes, you may close your account.  

13. COMMENTS AND QUESTIONS

If you have a comment or question about this Privacy Policy or our privacy practices, please send an e-mail to privacy@tilia.io or write to us at:

Tilia LLC
Attention: Privacy
8605 Santa Monica Blvd, PMB 59201
West Hollywood, California 90069

‍