Effective Date: January 1, 2021
For Cloak users located in Canada or the United States of America (“USA”), we are Ruby Life Inc. located at PO Box 67027, Toronto, Ontario, Canada M4P 1E4 and, for Cloak users located in any other jurisdiction, we are Ruby Life International Limited, located at PO Box 54090, 3720 Limassol, Cyprus (as applicable, “we,” “us,” “our” or “Cloak.”)
When you use the Services, we collect and receive two types of data:
We collect and receive the following Personal Data and Non-Personal Data directly from you and automatically through your use of our Services:
Data that we will not have
Data you may be required to provide to us
Data you may choose to provide to us
Data that will be collected automatically from your device
Data collected from third parties
We may use the Personal Data and Non-Personal Data that we collect for the following purposes:
We also use Non-Personal Data. For example, we may collect and analyze aggregated and/or de-identified information to produce statistical data to help us improve our provision of the Services and manage user activity.
The following only applies to users residing in the EU.
We collect your data as a Data Controller when we have a legal basis to do so. The following legal bases pertain to our collection of data:
Our use of your Personal Data is in accordance with your consent. This applies to our processing activities described at 4E, 4H and 4J (in each case where required by local law).
We may provide Personal Data to third parties in the following limited circumstances:
We do not otherwise share, or give your Personal Data to any third parties, unless you give us additional consent to do so.
You should be aware that some of your Personal Data will be provided to, or otherwise visible to, other users of the Services as part of the normal operation of the Services (as set out in the terms or description of the Services). For example, your username, profile information and any information that you post to the mobile application will be available to, and searchable by, other users of the Services. In the European Union, the lawful basis for this disclosure is voluntarily making the data public. If you are not comfortable making this data public, you can subscribe to our Hide Profile feature, which allows your profile to remain private and un-searchable.
Other users of the Services, who may be located in any country in the world where our Services are offered, also may receive notifications (on the Services, via email, or through device notifications) that show your post, including your nickname and your profile photo.
We may disclose Non-Personal Data in a number of circumstances, including to third-party advertisers.
As we have a multinational business operation, your Personal Data may be transferred to recipients located in jurisdictions outside your jurisdiction of residence, and your profile may be accessible by users in different countries around the world. If you are concerned about this, you can stop using our Services at any time. These recipients include the two corporations listed in Section 1, and may include our parent, subsidiary or sister entities, or service providers, which may be based in other countries.
As a result, your Personal Data may be collected, stored, accessed, used and/or disclosed in countries outside your jurisdiction of residence, including without limitation Canada and Cyprus. Some of these jurisdictions do not have an equivalent level of data protection laws as those in your country; however, we will take steps to ensure that the information receives the same level of protection as if it remained within your home country. In particular, if you are a resident of the European Union, whenever we transfer your data outside of Europe we will either: (a) ensure that the country is deemed adequate by the European Commission; (b) put in place Standard Contractual Clauses; or, (c) implement appropriate safeguards approved by the European Commission to ensure an adequate level of protection in compliance with applicable data protection laws. You have a right to request details about the appropriate safeguards where this is documented (but it may be redacted to ensure security and confidentiality).
We take the protection of your Personal Data seriously. We implement appropriate measures and take steps to protect Personal Data against loss and theft as well as unauthorized access, disclosure, copying, use, and modification using security safeguards, including physical, organizational and technological measures, commensurate with the sensitivity of your Personal Data. Our employees who have access to your Personal Data are made aware of the importance of keeping it confidential.
Where we use service providers who might have access to your Personal Data, we require them to have privacy and security standards that are comparable to ours. We use contracts and other measures with our service providers to maintain the confidentiality and security of your Personal Data and to prevent it from being used for any other purpose.
Please be aware that no data security measures can guarantee complete security. You also should take steps to protect against unauthorized access to your phone, other mobile device and computer by, among other things, signing off after using a shared device, and choosing a robust password – for access to your hardware – that nobody else knows or can guess easily
We keep your Personal Data for only as long as it is required for the purposes for which it was collected, or as otherwise permitted by applicable law, after which we delete or de-identify your Personal Data, rendering it Non-Personal Data.
In general, we retain your Personal Data for a period of time corresponding to a statute of limitations setting out the period during which legal claims may be filed in court. For example, we may retain your Personal Data during the statute of limitations period, to maintain an accurate record of your dealings with us and, as applicable, assert or defend against a legal claim. However, in some circumstances we may retain Personal Data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.9. CHILDREN
The Services are not for use by children under the age of 18 years. Accordingly, we do not knowingly collect, store, share or use the Personal Data of children under 18 years. If you are under the age of 18 years, please do not use this Service or provide any Personal Data, even if prompted by the Services to do so.
If you choose to sign up for marketing emails, we will ask you to provide us with your age. Failure to answer accurately will be deemed to be fraudulent on your part, and you, not us, will bear responsibility for such fraudulent behaviour and any resultant consequences.
You have the ability to exercise the following rights:
If you would like to exercise any of these rights, please contact us using the contact information provided in Section 15, below.
Provided we have obtained necessary permissions and consents in accordance with local laws, we use these tools only to provide you with an improved user experience, to better understand your needs and preferences, to provide you with content (including advertising and/or marketing emails) that is most relevant to you, and to monitor trends respecting the usage of our Services.
Do-Not-Track. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies or opting out of ad networks as described further in this section).
Clear GIFs. Clear GIFs (a.k.a. web beacons, web bugs or pixel tags) are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies though, clear GIFs are embedded invisibly on web pages and in applications, not stored on your hard drive. These “images” are loaded automatically to your browser/device when you visit our website or open an html format email message from us, thereby letting us know if a certain page was visited or an email message was opened. Clear GIFs can allow us to record simple user actions related to our websites and to email communications received from us, to help us determine the usage and effectiveness of our site and communications. We might use clear GIFs to track the activities of our website visitors and app users, help us manage content, and compile statistics about usage. We and our third-party service providers also might use clear GIFs in html e-mails to our customers, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded. These may be blocked by using a third-party application (look for a browser extension for content-filtering, including ad-blocking) or, in the case of emails, by changing your settings to prevent images from being downloaded (where your email provider supports this functionality).
Where we have necessary permissions and consents in accordance with local laws: (a) we will send you marketing information about our Services, and about other products and services our affiliates and/or third parties offer where we legitimately believe this may be of interest to you; and, (b) this content will be personalized. Where you have specifically requested marketing information from us about our marketing affiliates and/or third parties that we work with, or have expressly indicated that you would like to receive details from our parent, subsidiary or sister entities, we also may send promotional offers.
We use Personal Data that you provide in your user profile combined with certain algorithms and machine-based learning to improve our Services’ search function and to present posts to you which are more likely to be of interest – in particular based on the demographic data of individuals with whom you interact in order to present more posts of other similar users that you appear to be interested in. You can elect to change your preferences at any time in your profile. This does not amount to “automated decision making” which would have any significant impact on you.
You have the opportunity to (i) opt out of certain communications, (ii) modify/update Personal Data you have provided to us, and (iii) hide certain information visible to public users of the application at any time by deleting a specific post. You also may choose not to share personal information in your profile.
Please be aware that there may be a short delay for any custom changes you make to take effect on the public areas of the system. Please also note that changing or deleting your information through your profile or settings, or opting out of email notifications from us, will only change or delete the data in our database for the purpose of future activities and communications.
If you have any questions or concerns regarding our policies and practices related to your information, please contact our Data Protection Officer/Chief Privacy Officer at [email protected], or by writing to:
Where you are a Canadian or US resident:
Ruby Life Inc.
Attention: Chief Privacy Officer
PO Box 67027
Toronto, ON Canada M4P 1E4
Where you are a resident of any other jurisdiction:
Ruby Life International Limited
Attention: Data Protection Officer
PO Box 54090
3720 Limassol, Cyprus
As noted in Section 14 above, subject to certain restrictions required or permitted by law, you have the right to access Personal Data we hold about you and to have any concerns you may have over our policies and practices addressed. In addition, you have the right to obtain information regarding our policies and practices as they relate to the collection, storage, access, use and disclosure of Personal Data, including with respect to the transfer and storage of your information outside your home jurisdiction, and to request updates to, or correction of, your Personal data.
We aim to resolve all complaints promptly. For residents of the European Union, if you are not satisfied with any resolutions proposed, or if you have concerns with processing of data, you may contact your local data protection authority, a list of which is found here. https://edpb.europa.eu/about-edpb/board/members_en.
This section provides information for California residents. Pursuant to California privacy laws, including the California Consumer Privacy Act (“CCPA”), we provide California residents information about how we collect and process your Personal Information.
Categories of Personal Information that We Collect, Disclose, and Sell
Personal Information of California Residents: Categories Collected, Processed, and Shared with Third Parties
|Categories of personal information||Do we collect?||Do we disclose for business purposes?||Do we sell?||Sold or Disclosed for a business or commercial purpose in the prior 12 months?|
|NAME, CONTACT INFORMATION AND IDENTIFIERS: Identifiers such as username, password, city, Internet Protocol (IP) address, and (where provided by resident), name, gender, age, sexual orientation and email address.||YES||YES||NO||We may validate through a third party whether your email address is accurate (i.e., exists).|
We may share other aggregate information.
|CUSTOMER RECORDS: Paper and electronic customer records containing personal information, such as name, physical characteristics or description, address, telephone number, bank account number, credit card number.||NO||NO||NO||NO|
|PROTECTED CLASSIFICATIONS: Characteristics of protected classifications under California or federal law such as race, sex, age or sexual orientation.||YES||NO||NO||● We may disclose aggregate information about age groups/range segment conversion data to certain performance marketing campaigns to confirm payment-qualifying transactions. Users may choose to provide sensitive information such as their sex, age or race to describe themselves to other users of the service|
|PURCHASE HISTORY AND TENDENCIES: Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||NO||NO||NO||We may share aggregate information|
|USAGE DATA: Internet or other electronic network activity information such as usage of services, and information regarding a resident’s interaction with an internet website, application, or advertisement.||YES||YES||NO||We may share aggregate information.|
|GEOLOCATION DATA: City of residence.||YES||NO||NO||NO|
|AUDIO/VISUAL: Audio, electronic, visual, thermal, olfactory, or similar information.||NO||NO||NO||NO|
|EMPLOYMENT HISTORY: Professional or employment-related information.||NO||NO||NO||NO|
If you would like to exercise any of these rights, please contact us using the contact information provided in Section 15.
California Residents’ Rights
California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.
Do-Not-Sell. We do not sell your Personal Data.
Verifiable Requests for Copy, Deletion and Right to Know. Subject to certain exceptions, California residents have the right to make the following requests, at no charge, up to twice every 12 months:
Right of Deletion: California residents have the right to request deletion of their Personal Data that we have collected about them, subject to certain exemptions, and to have such Personal Data deleted, except where necessary for specific purposes exempt under the law.
Right to a Copy: California residents have the right to request a copy of the specific pieces of Personal Data that we have collected about them in the prior 12 months and to have this delivered, free of charge, either: (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance.
Right to Know: California residents have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including the:
Submitting Requests. Requests to exercise the right of deletion, right to a copy, and / or the right to know may be submitted by contacting: [email protected]. We will respond to verifiable requests received from California consumers as required by law.
Incentives and Discrimination. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California residents related to their personal information. We respect your privacy rights. We do not discriminate against residents who exercise their rights under CCPA.
California Privacy Rights under California’s Shine-the-Light Law.
Under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who provide us certain Personal Data are entitled to request and obtain from us, free of charge, information about the Personal Data (if any) we have shared with third parties for their own direct marketing use. Such requests may be made once per calendar year for information about any relevant third-party sharing in the prior calendar year. California residents who would like to make such a request may submit a request in writing (see Section 15 “Contact Us” for ways to reach us).