Definitions

Throughout this document, we may use certain words or phrases, and it is important that you understand the meaning of them. The following is a non-exhaustive list of definitions of words and phrases found in this document: "Alvis" refers to our company, known as "Alvis Science Inc."; our Site; our Service; or a combination of all or some of the preceding definitions, depending on the context in which the word is used; "Service" refers to the services that we provide through our Site, including our customer insight services and our Site itself; "Site" refers to our website, www.getalvis.com; "User" refers to anyone who uses our Service, including general visitors to our Site; "You" refers to you, the person who is governed by this Privacy Policy. "Business partners" refer to business owners who use our paid services.

Information we collect

We collect personal information that you provide to us through the Website or by using our Services.We collect personal information that you voluntarily provide to us when you browse or register on the Website, express an interest in obtaining information about us or our Services, when you participate in activities on the Website or otherwise when you contact us. The personal information that we collect depends on the context of your interactions with us and the Website, the choices you make and the Services and features you use. The personal information we collect may include the following:

Personal information provided by you when you sign up. When you sign up using your Intercom account, we collect the information that Intercom sends to us, such as your name, email address. We use such information to create and maintain your user account, provide you with the requested Services, contact you (if necessary), and maintain our business records. The legal bases on which we rely are (i) performing our contractual obligations and (ii) pursuing our legitimate business interests (i.e., to administer our business). We store such information until you delete your user account.

Payment data. We may collect data necessary to process your payment if you make purchases, such as your name, billing address, credit card number, and the security code associated with your credit card. The payments are processed and all payment data is stored by Stripe. You may find their privacy notice link(s) here: https://stripe.com/privacy. We do not have access to your full payment details. The details that are made available to us by Stripe are your name, email, zip code, and country. The legal bases on which we rely are (i) performing our contractual obligations and (ii) pursuing our legitimate business interests (i.e., to administer our business). We store such information for the time period required by the accounting law.

Contact information. When you contact us via email, we collect your name, email address, and any other information you include in your message. Such information is used to respond to your inquiry. We rely on the legal basis of pursuing our legitimate business interests (i.e., to operate and expand our business). We keep such data until you stop communicating with us. All personal information you provide to us must be true, complete, and accurate, and you must notify us if your personal information changes.

Our role as a data controller and data processor. We act in the capacity of a data controller and a data processor with regard to the personal data processed through the Website and the Services in terms of the applicable data protection laws, including the EU General Data Protection Regulation (GDPR). Our role depends on the specific situation in which personal data is handled by us, as explained in detail below:

• Data controller. We are responsible for the collection of your personal data through the the Website and the Services and their further use. We make decisions about the types of personal data that should be collected from you and purposes for which such personal data should be used. Therefore, we act as a data controller with regard to the personal data collected directly through the Solutions (e.g., when you sign up or send us an inquiry). We comply with the data controller’s obligations set forth in the applicable laws.

• Data processor. We act in the capacity of a data processor in situations when our clients use the Services to collect certain personal data from you to collect user events, such as read an article, complete a checklist item, etc. (the “Service Data”). We do not own, control, or make decisions about the Service Data. We process the Service Data only in accordance with the instructions issued by a respective data controller (our client). To ensure that the Service Data is processed in accordance with the strictest data protection standards, we have drafted and offer for conclusion a data processing agreement (the “DPA”) that is available here.

Use of information we collect

Any of the information we collect from you may be used in one of the following ways:

To personalize your experience: Your information helps us to better respond to your individual needs. We present the responses from your customers as well as personal data you provide us when you access our service.

To improve our web/mobile apps: We continually strive to improve our website offerings based on the information and feedback we receive from you.

To improve customer service: Your information helps us to more effectively respond to your customer service requests and support needs.

To administer a contest, promotion, survey or other site feature We may reach out from time to time with questions for you about your use of the product. We may also run contests which you may be eligible for which we will contact you about.

Information protection

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.

We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential.

Third Party Access to Your Information

Although you are entering into an Agreement with Alvis to disclose your information to us, we do use third party individuals and organizations to assist us, including contractors, web hosts, and others.

Throughout the course of our provision of our Service to you, we may delegate our authority to collect, access, use, and disseminate your information. For example, our web host stores the information that you provide us, and we may hire outside contractors to perform maintenance or assist us in securing our website.

It is therefore necessary that you grant the third parties we may use in the course of our business the same rights that you afford us under this Privacy Policy. For this reason, you hereby agree that for every authorization which you grant to us in this Privacy Policy, you also grant to any third party that we may hire, contract, or otherwise retain the services of for the purpose of operating, maintaining, repairing, or otherwise improving or preserving our website or its underlying files or systems. You agree not to hold us liable for the actions of any of these third parties, even if we would normally be held vicariously liable for their actions, and that you must take legal action against them directly should they commit any tort or other actionable wrong against you. Without limiting the generality of the foregoing, you authorize us to collect, store, share, and otherwise use your information in conjunction with:

• Mixpanel

• Google Analytics

• Hotjar

• Intercom

• Stripe

• Sentry

• Postmark

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Limited Use Policy

We respects your privacy. Our use and handling of information obtained from Google APIs comply with the Google API Services User Data Policy, including Limited Use requirements. For more details, please review the Google API Services User Data Policy.

Request Access and/or Deletion of Your Data

We retain data about you for as long as you have an open account with us. You can request information about your data we hold about you, and you can also request that we erase some or all of your data from our systems by emailing us at hi@getalvis.com .

Children's Online Privacy Protection Act

We are in compliance with the requirements of COPPA (Children's Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

Your consent

By using our site, you consent to our Privacy Policy.

Controls for Do-Not-Track features

Most web browsers, as well as some mobile operating systems and mobile applications, include a Do-Not-Track ("DNT") feature or setting that you can use to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this time, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As a result, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your preference not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will notify you in a revised version of this privacy notice.

Privacy rights for California residents

California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under the age of 18, live in California, and have a registered account with the Website, you have the right to have unwanted data publicly posted on the Website removed. To request the removal of such data, please contact us using the information provided below, including your email address and a statement that you live in California. We will ensure that the data is not publicly displayed on the Website, but please be aware that it may not be completely or completely removed from all of our systems (e.g. backups, etc.).

CCPA Privacy Notice

The California Code of Regulations defines a "resident" as:

1. every individual who is in the State of California for other than a temporary or transitory purpose and

2. every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

All other individuals are defined as "non-residents."If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.

What categories of personal information do we collect?

We have collected the following categories of personal information in the past twelve (12) months:We may also collect other personal information outside of these categories instances where you interact with us in-person, online, or by phone or mail in the context of:

• Receiving help through our customer support channels;

• Participation in customer surveys or contests; and

• Facilitation in the delivery of our Services and to respond to your inquiries.

How do we use and share your personal information?

More information about our data collection and sharing practices can be found in this privacy notice. If you are using an authorized agent to exercise your right to opt-out we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf. Will your information be shared with anyone else?We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf. We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal data. Alvis Science, Inc has disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:

• Category B. Personal information, as defined in the California Customer Records law, such as your name, contact information, education, employment, employment history and financial information.

• Category G. Geolocation data, such as device location.

• Category H. Audio, electronic, visual and similar information, such as images and audio, video or call recordings created in connection with our business activities.

The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under "WHO WILL YOUR INFORMATION BE SHARED WITH?". Alvis Science, Inc has not sold any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. Alvis Science, Inc will not sell personal information in the future belonging to website visitors, users and other consumers. Your rights with respect to your personal data Right to request deletion of the data - Request to delete You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation or any processing that may be required to protect against illegal activities. Right to be informed - Request to know Depending on the circumstances, you have a right to know:

• whether we collect and use your personal information;

• the categories of personal information that we collect;

• the purposes for which the collected personal information is used;

• whether we sell your personal information to third parties;

• the categories of personal information that we sold or disclosed for a business purpose;

• the categories of third parties to whom the personal information was sold or disclosed for a business purpose; and

• the business or commercial purpose for collecting or selling personal information.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights We will not discriminate against you if you exercise your privacy rights. Verification process Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g. phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate. We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity, and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you. Other privacy rights

• you may object to the processing of your personal data

• you may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the data

• you can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.

• you may request to opt-out from future selling of your personal information to third parties. Upon receiving a request to opt-out, we will act upon the request as soon as feasibly possible, but no later than 15 days from the date of the request submission.

To exercise these rights, you can contact us using to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.

Contact us

Should you have any question about our privacy policy, you may contact us using the information below.

Email us at: hi@getalvis.com