TACITA, INC.
PRIVACY STATEMENT

Last Updated: December 11, 2025

Your privacy is important to us. This privacy statement explains our collection, use, and disclosure of personal data, which is data linked or reasonably linkable to an identified or identifiable individual (“Personal Data”). This privacy statement applies to Tacita, Inc. and to our controlled affiliates and subsidiaries (“Bright Canary”). References to our “Services” in this statement include our websites, apps, devices, and other products and services. This statement applies to our Services that display or reference this statement, but it does not apply to any Services that display or reference a different privacy statement. Terms used but not defined in this privacy statement have the meaning given to them in our Terms of Use.

PERSONAL DATA WE COLLECT

The Personal Data we collect depends on how you interact with us, the Services you use, and the choices you make.

We collect information about you from different sources and in various ways when you use our Services, including information you provide directly, information collected automatically, third-party data sources, and data we infer or generate from other data.

Information you provide directly.

We collect Personal Data you provide to us, including when you register for an account to use the Service. For example:

Name and contact information. We collect name, username or alias, and contact details such as email address, postal address, and phone number.
Demographic data. In some cases, we request that you provide age, gender, marital status, and similar demographic details.
Payment information. If you make a purchase or other financial transaction, we collect credit card numbers, financial account information, and other payment details.
Content and files. We collect the photos, documents, or other files you upload to our Services; and if you send us email messages or other communications, we collect and retain those communications.

Information we collect automatically.

When you use our Services, we collect some information automatically. For example:

Identifiers and device information. Our servers automatically log your IP address and information about your device, including device identifiers (such as MAC address), device type, and your device’s operating system, browser, and other software details.
Usage data. We automatically log your activity on our websites, apps, and connected products, including UUIDs for push notifications, referring URLs, pages viewed, time spent on pages, access times, and other usage metrics.
Linked online accounts. When you link a social media or other third-party account to our Services, we automatically collect certain information about that account, which may include Personal Data about the Child whose accounts you link. Any information this privacy statement says we may collect about you may also be collected about that Child.

Information we create or generate.

We infer new information from data we collect, including using automated means to generate information about likely preferences or characteristics (“inferences”). For example, we generate content scores for URLs of videos, images, and text to provide parental alerts. We may develop inferences using artificial intelligence (“AI”) technologies, and we may use any information to train and operate those technologies.

Information obtained from third-party sources.

We collect and analyze information from third-party applications associated with you or your Child’s account using the credentials you provide. These sources include:

• Third-party apps and platforms such as Google, iMessage, Instagram, Snapchat, TikTok, and YouTube

• Co-branding or marketing partners

• Service providers supporting geolocation, analytics, or other functions

• Public sources such as government databases

We do not collect Personal Data directly from your Child.

You may decline to provide Personal Data, and you can use browser or device settings to limit certain types of automatic data collection. However, if you do so, some Services or features may not function properly.

COOKIES, MOBILE IDs AND SIMILAR TECHNOLOGIES

We use cookies, web beacons, mobile analytics IDs, and similar technologies to operate our websites and Services and to collect Personal Data.

What are cookies and similar technologies?

Cookies are small text files placed by a website and stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.

Web beacons are electronic images (also called single-pixel or clear GIFs) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content. We also include web beacons in our email messages or newsletters to tell us if you open and act on them.

Mobile analytics and advertising IDs are generated by operating systems for mobile devices (iOS and Android) and can be accessed and used by apps in much the same way that websites access and use cookies. Our apps contain software that enables us and our third-party analytics and advertising partners to access these mobile IDs.

How do we and our partners use cookies and similar technologies?

We, and our analytics and advertising partners, use these technologies in our websites, apps, and online Services to collect personal information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) when you use our Services, including personal information about your online activities over time and across different websites or online Services. This information is used to store your preferences and settings, enable you to sign-in, analyze how our websites and apps perform, track your interaction with the site or app, develop inferences, combat fraud, and fulfill other legitimate purposes. We and/or our partners also share the information we collect or infer with third parties for these purposes. The third-party analytics and advertising providers we use on our Services include, for example:

To learn about their privacy practices and how to opt-out from their use of cookie data for targeted advertising purposes, click on the links above. You may also use the advertising and cookie controls described below.

What controls are available?

• Advertising controls. Our advertising partners may participate in associations that provide simple ways to opt out of ad targeting, which you can access at NAI (http://optout.networkadvertising.org) and DAA (http://optout.aboutads.info/). These choices are specific to the browser you are using. If you access our Services from other devices or browsers, take these actions from those systems to ensure your choices apply to the data collected when you use those systems.
• Browser cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or Services of our website. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated.
• Mobile advertising ID controls. iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.
• Email web beacons. Most email clients have settings which allow you to prevent the automatic downloading of images, including web beacons, which prevents the automatic connection to the web servers that host those images.
• Do Not Track. Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our websites do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control Personal Data collection and use, including the cookie controls and advertising controls described above.

OUR USE OF PERSONAL DATA

We use Personal Data for the following purposes:

• Product and service delivery

• Business operations

• Product improvement and research

• Personalization

• Customer support

• Communications

• Marketing

We combine Personal Data across sources to give you a consistent and personalized experience.

OUR SHARING OF PERSONAL DATA

We share Personal Data as necessary to provide Services, with:

• Service providers

• Financial institutions and payment processors

• Affiliates

• Parties to corporate transactions

• Legal and law enforcement entities

• Parties necessary for security, fraud prevention, and rights protection

Third-party analytics and advertising companies also collect Personal Data via our Services.

We may also share de-identified information in accordance with applicable law.

CHILDREN’S DATA

The Services are for the exclusive use of parents and guardians age 18+ who have legal authority to provide their Child’s account credentials so that their Child’s online activity can be monitored. No one else, including your Child, may use the Service or provide Personal Data to us. We may collect the same categories of Personal Data about your Child that we may collect about you.

RETENTION OF PERSONAL DATA

We retain Personal Data as long as necessary to provide Services, meet legal obligations, resolve disputes, enforce agreements, and achieve other legitimate business purposes. Retention periods vary depending on data type, user expectations, sensitivity, and legal requirements.

LOCATION OF PERSONAL DATA

The Personal Data we collect may be stored and processed in your region or in countries where we or our service providers maintain facilities, primarily the United States.

All Personal Data processed by the AI Component of the app is stored exclusively in the United States on cloud servers.

We take steps to ensure Personal Data is processed according to this privacy statement and applicable law regardless of location.

SECURITY OF PERSONAL DATA

We take reasonable and appropriate steps to help protect Personal Data from unauthorized access, use, disclosure, alteration, and destruction.

Personal Data processed by the AI Component of the app is stored using secure storage technologies, including encryption at rest.

We recommend that you use strong passwords and avoid reusing passwords across accounts.

COMPLIANCE WITH LAW

Tacita complies with all applicable federal and state privacy, data protection, and consumer protection laws in the jurisdictions where our Services are used. We maintain compliance as laws evolve and as new requirements become applicable to our operations.

CHANGES TO THIS PRIVACY STATEMENT

We update this privacy statement as needed to reflect changes to our Services, Personal Data practices, and applicable law. We will revise the “Last Updated” date when changes are posted and will provide additional notice or obtain consent where legally required.

HOW TO CONTACT US

If you have a privacy concern, complaint, or question, contact us at privacy@brightcanary.io.

You may also contact us to:

• Stop collection of Personal Data, including data about your Child

• Review Personal Data we hold about your Child

• Request deletion of your Child’s Personal Data

Mailing address:
Tacita Inc.
999 N. Northlake Way
Seattle, WA 98103
USA