ENTERPRISE PRIVACY POLICY

Darwin Now Inc. ("Darwin Now", "we", "our" or "us") is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used, and disclosed.

This Privacy Policy applies to our website and its associated subdomains (collectively, our "Service"), along with our application, Darwin Now. By accessing or using our Service, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.

SECTION 1: DATA PROCESSING ROLES AND RESPONSIBILITIES

1.1 Role Distinction

For Enterprise Customers (B2B):

• Darwin Now acts as a Data Processor when processing end user data on behalf of our enterprise customers
• The Customer acts as Data Controller and is responsible for determining the purposes and means of processing personal data of their end users
• The processing relationship is governed by our separate Data Processing Agreement (DPA), which complies with Article 28 of the GDPR

For Direct Users (B2C):

• Darwin Now acts as Data Controller when we collect and process information directly from individuals using our services

1.2 Reference to DPA

For enterprise customers processing end user data from the European Union or subject to GDPR, our separate Data Processing Agreement (DPA) applies. The DPA complements this Privacy Policy and establishes our obligations as a Data Processor under Article 28 of GDPR.

To obtain a copy of our DPA or discuss enterprise data processing terms, contact: enterprise@darwinnow.io

SECTION 2: DEFINITIONS AND KEY TERMS

• Cookie: Small amount of data generated by a website and saved by your web browser
• Company: DARWINNOW INC, 1111B S GOVERNORS AVE STE 26344 DOVER, DE 19904, United States
• Country: United States of America
• Customer: The company, organization, or person that signs up to use the Darwin Now Service to manage relationships with consumers or service users
• Data Controller: The natural or legal person who determines the purposes and means of processing personal data
• Data Processor: Natural or legal person who processes data on behalf of the Data Controller
• Device: Any internet-connected device such as a phone, tablet, computer, or any other device
• IP Address: Number assigned to each device connected to the Internet
• Personnel: Individuals employed by Darwin Now or under contract to perform services
• Personal Data: Any information that allows for the identification of a natural person
• Service: The service provided by Darwin Now as described in the relative terms and on this platform
• Third-party Service: Advertisers, sponsors, promotional partners, and others who provide content or services
• Website: Darwin Now's site, accessible at: https://darwinnow.io/
• End User: Individuals whose personal data is processed by Darwin Now on behalf of our Customers
• You: A person or entity registered with Darwin Now to use the Services

SECTION 3: INFORMATION WE COLLECT

3.1 Information Collected Directly From You

We collect information when you:

• Visit our website
• Register an account
• Place an order
• Subscribe to our newsletter
• Respond to surveys
• Fill out forms

Types of information:

• Name / Username
• Email addresses
• Mailing addresses
• Passwords (encrypted)
• Billing and payment information

3.2 Mobile Device Information (Optional)

With your explicit consent:

• Location (GPS): To personalize location-based services
• Contact List: To facilitate interaction within the platform

3.3 Data Processed on Behalf of Enterprise Customers

As a Data Processor, we collect and process end user data according to our Customers' instructions, including:

• Conversation information
• AI agent interaction data
• Data provided by end users through our Customers' services

3.4 Information from Third Parties

For End Users:
We collect data necessary to provide services to our Customers. End users may provide us with information publicly available on social media.

For Customers:
We receive information from third parties when you contact us, including automated fraud detection services and publicly available information on social media.

3.5 Google Calendar API Permissions

Darwin Now uses the following Google Calendar permissions to offer comprehensive event management:

• calendar: Full access for efficient calendar management
• calendar.calendarlist: Management of user's calendar list
• calendar.calendars.readonly: Read-only access to calendars
• calendar.events: Full access to calendar events
• calendar.events.owned: Management of events created by the user
• calendar.events.readonly: Read-only view of events

SECTION 4: LEGAL BASIS FOR PROCESSING (GDPR)

We process personal data under the following legal bases:

4.1 Contract Performance

We process data necessary to provide our services according to the terms agreed with you.

4.2 Legitimate Interests

We process data to:

• Improve our services and user experience
• Prevent fraud and ensure security
• Conduct analytics and product development
• Direct marketing (with right to object)

4.3 Consent

We process certain data with your explicit consent, which you can withdraw at any time.

4.4 Legal Obligation

We process data when required by applicable law or regulation.

SECTION 5: HOW WE USE COLLECTED INFORMATION

5.1 Processing Purposes

We use your information to:

• Personalize your experience: Respond to your individual needs
• Improve our website: Based on information and feedback received
• Improve customer service: Effectively respond to support requests and needs
• Process transactions: Manage payments and orders
• Administer promotions: Contests, surveys, or other site features
• Send communications: Periodic emails with relevant information
• Analytics and development: Improve services and develop new functionalities
• Security: Prevent fraud and protect the integrity of our services

5.2 Use of Email Addresses

By providing your email, you agree to receive communications from us. You can cancel at any time using the opt-out link in each email.

We may also use your email for:

• Audience targeting on advertising platforms (Facebook, Google)
• Sending order-related information
• Marketing communications (with opt-out option)

Note: We only send emails to people who have authorized us to contact them. We do not send unsolicited commercial emails.

SECTION 6: SHARING INFORMATION WITH THIRD PARTIES

6.1 Sharing with Subprocessors (For Enterprise Customers)

When acting as a Data Processor, we may share end user data with carefully selected subprocessors for:

• Server hosting and maintenance
• Database storage and management
• Payment processing
• Email services
• Customer support services

All subprocessors are contractually obligated to comply with GDPR and our DPA.

Updated list of subprocessors available upon request at: enterprise@darwinnow.io

6.2 Sharing for Business Purposes

We may share information with:

• Advertisers and marketing partners
• Current and future business partners
• Affiliated companies
• Successors in case of merger, asset sale, or business reorganization

6.3 Analytics and Auditing

We share log data, including IP addresses, with:

• Web analytics partners
• Application developers
• Ad networks

6.4 Legal Requirements

We disclose information when necessary to:

• Respond to legal process (subpoenas, court orders)
• Protect our rights and interests
• Ensure public safety
• Prevent illegal or unethical activities
• Comply with applicable laws, rules, and regulations

SECTION 7: INTERNATIONAL DATA TRANSFERS

7.1 Data Location

Darwin Now is incorporated in the United States. Information collected may be transferred to:

• Our offices in different global locations
• Personnel located worldwide
• Third-party service providers in various jurisdictions

7.2 Transfer Safeguards (GDPR)

For transfers of personal data from the EEA to third countries, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy Decisions when available
• Additional security measures to protect data in transit

For more information about our transfer safeguards, contact: privacy@darwinnow.io

SECTION 8: DATA RETENTION

8.1 General Retention Period

We retain your information only as long as necessary to:

• Provide Darwin Now services
• Fulfill the purposes described in this policy
• Comply with legal or regulatory obligations

8.2 Specific Retention Periods

• Conversation and personal data: Up to 6 years, unless account is deleted
• Deleted account data: Maximum 60 days after deletion
• Backup data: May persist in backup systems according to rotation schedules

8.3 Data Deletion

When we no longer need your information:

• We delete it from our active systems
• We depersonalize it so you cannot be identified

SECTION 9: INFORMATION SECURITY

9.1 Security Measures Implemented

We implement multiple security measures:

• Physical: Facility access controls
• Electronic: SSL/TLS encryption for data transmission
• Administrative: Security policies and procedures
• Technical: Firewalls, intrusion detection systems, continuous monitoring

9.2 Sensitive Information Security

• Credit card information transmitted via SSL
• Financial data encrypted in payment gateway databases
• Access restricted to authorized personnel only
• Private information never stored after transactions

9.3 Security Limitations

Despite our efforts, no system is completely secure. We cannot guarantee absolute security of transmitted or stored information.

SECTION 10: YOUR DATA RIGHTS (GDPR AND CCPA)

10.1 Rights Under GDPR (EEA Residents)

If you are an EEA resident, you have the right to:

1. Right of Access: Request information about personal data we process
2. Right of Rectification: Correct inaccurate personal data
3. Right of Erasure ("Right to be Forgotten"): Request deletion of personal data
4. Right of Restriction: Limit the processing of your data
5. Right of Portability: Receive data in structured, transferable format
6. Right to Object: Object to processing based on legitimate interests
7. Rights related to automated decisions: Not be subject to decisions based solely on automated processing
8. Right to withdraw consent: When processing is based on consent

To exercise these rights, contact: privacy@darwinnow.io

Response time: 30 days from verified request

10.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

1. Right to Know: Information about categories and specific pieces of personal data collected
2. Right to Delete: Request deletion of personal data collected
3. Right to Non-Discrimination: You will not receive discriminatory treatment for exercising privacy rights
4. Right to Opt-Out of Sale: Request that we not sell your personal data

Important statement: We do not sell personal data of our users.

10.3 Process to Exercise Rights

To exercise any right:

1. Submit verifiable request to: privacy@darwinnow.io
2. Provide sufficient information to verify your identity
3. Clearly specify the right you wish to exercise
4. You will receive a response within 30 days

SECTION 11: PROTECTION OF MINORS' DATA

11.1 Children Under 13

We collect information from children under 13 only to improve our services. If you are a parent or guardian and know that your child has provided us with personal data without your permission, contact us.

If we discover that we have collected personal data from children under 13 without verification of parental consent, we take steps to remove that information from our servers.

11.2 Children Under 16 (GDPR)

For EEA residents under 16, we require consent from the holder of parental responsibility to process personal data.

SECTION 12: COOKIES AND TRACKING TECHNOLOGIES

12.1 Use of Cookies

Darwin Now uses cookies to:

• Identify areas of our website you have visited
• Improve performance and functionality
• Remember login information
• Analyze site usage

12.2 Types of Cookies Used

• Essential cookies: Necessary for basic site functionality
• Performance cookies: Usage analysis and service improvement
• Functional cookies: Remember user preferences
• Marketing cookies: Targeted advertising (with consent)

12.3 Cookie Control

You can configure your browser to:

• Block all cookies
• Accept only specific cookies
• Delete existing cookies

Note: Disabling cookies may affect site functionality.

12.4 Other Tracking Technologies

• Local Storage: Client-side data storage
• Sessions: Identification of visited areas on our platform
• Google Maps API: May collect information according to its Privacy Policy

SECTION 13: SPECIFIC POLICIES FOR ENTERPRISE CUSTOMERS

13.1 Customer Responsibilities as Controller

When Darwin Now acts as Processor, the Customer (Controller) is responsible for:

• Obtaining legal basis to process end user data
• Providing appropriate privacy notices to end users
• Responding to data rights requests from end users
• Ensuring processing complies with applicable laws
• Instructing Darwin Now on data processing

13.2 Darwin Now Obligations as Processor

When acting as Processor we commit to:

• Process data only according to Customer's documented instructions
• Ensure authorized personnel are subject to confidentiality
• Implement appropriate technical and organizational security measures
• Assist Customer in responding to data rights requests
• Assist Customer in ensuring compliance with security obligations
• Delete or return personal data upon service termination
• Provide necessary information to demonstrate compliance

13.3 Subprocessing

Darwin Now may engage subprocessors for:

• Infrastructure hosting
• Database services
• Analytics services
• Payment processing

Customer will be notified of any changes in subprocessors at least 30 days in advance.

13.4 Data Breach Notification

In case of personal data breach:

• We will notify the Customer without undue delay
• Notification within 72 hours of breach awareness
• We will provide available information about the nature of the breach
• We will cooperate in investigation and remediation

SECTION 14: CHANGES TO THIS PRIVACY POLICY

14.1 Update Process

We may update this Privacy Policy periodically to reflect:

• Changes in our services
• Changes in laws or regulations
• Improvements in privacy practices

14.2 Change Notification

We will notify significant changes:

• Through our Service
• By email to registered customers (for material changes)
• At least 30 days in advance before they take effect

14.3 Acceptance of Changes

Continued use of the Service after changes constitutes acceptance of the updated Policy.

SECTION 15: CONTACT INFORMATION AND SUPERVISORY AUTHORITY

15.1 Privacy Contact

For questions about this Privacy Policy or to exercise your rights:

General email: founders@darwinnow.io
Privacy email: privacy@darwinnow.io
Enterprise/DPA email: enterprise@darwinnow.io

Mailing address:
DARWINNOW INC
1111B S GOVERNORS AVE STE 26344
DOVER, DE 19904
United States

15.2 Supervisory Authority (GDPR)

If you are an EEA resident and have concerns about our processing of personal data, you have the right to file a complaint with your local data protection authority.

15.3 Response Time

We will respond to all privacy inquiries within 30 days.

SECTION 16: ADDITIONAL PROVISIONS

16.1 Governing Law

This Privacy Policy is governed by the laws of:

• United States of America
• Mexico
• GDPR (for EEA resident data)
• CCPA (for California resident data)

16.2 Links to Third-Party Sites

This Policy applies only to Darwin Now Services. We are not responsible for privacy practices of third-party websites linked from our site.

16.3 Sale of Business

We reserve the right to transfer information to third parties in case of sale, merger, or other asset transfer, provided the third party agrees to adhere to the terms of this Policy.

16.4 Your Consent

By using Darwin Now, registering an account, or making a purchase, you consent to this Privacy Policy and agree to its terms.

Last Updated: November 19, 2025
Version: 2.0 Enterprise
Complementary Document: Data Processing Agreement (DPA) available for enterprise customers

© 2025 Darwin Now Inc. All rights reserved.