Last Updated: March 18, 2022

Tiny Brain Robotics Inc. d/b/a Tiny Mile (“Tiny Mile”, “we”, “us”, “our”) has created this Privacy Policy (“Privacy Policy”) to set out how we collect, use, process and disclose information about identifiable individuals and information which can be used to identify an individual (“Personal Information”) through our Website (defined below) and in the course of providing our products, software (“Products”) and services (collectively, all of the foregoing the “Services”).

Privacy is of great importance to us. We do not actively collect Personal Information for the purpose of selling or marketing that Personal Information to third parties. In other words, we do not sell customer lists. Personal Information may be collected about users and visitors to the Website, as well as our customers and their end users who interact with our Services. By visiting our website located at https://tinymile.ai/, including subpages, (collectively, the “Website”), or using the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and you hereby consent to the collection, use and disclosure of your Personal Information in accordance with this Privacy Policy.

1. OVERVIEW

1.1. Lawful Processing. We process Personal Information only to the extent necessary for the purposes described in this Privacy Policy. We set out below the type of Personal Information we collect and how we use such Personal Information. Except as set forth in this Privacy Policy, your Personal Information will not be used for any other purpose without your consent. You may withdraw your consent to our processing of your Personal Information at any time. However, withdrawing consent may result in your inability to continue using the Services.

1.2. Scope. This Privacy Policy covers the activities of Tiny Mile but does not apply to the practices of companies that we do not own or control, including our customers and third parties that may resell Tiny Mile Products and Services and any services offered by other companies or other sites linked from our Services. You are responsible for ensuring that you have obtained the necessary authorizations and consents for any Personal Information you make available to us for use in accordance with this Privacy Policy. In particular, our customers represent and warrant to Tiny Mile that they have the necessary rights under applicable law or have obtained the necessary consents from each end user whose Personal Information is provided by that customer to Tiny Mile in order to allow Tiny Mile to use, disclose and otherwise process such Personal Information for the purposes described in this Privacy Policy in the manner described in this Privacy Policy.

2. COLLECTION AND USE OF PERSONAL INFORMATION

2.1. What we Collect. Set out below are the ways in which we may collect Personal Information:

• Personal Information We Collect from our Customers. We collect business contact information from our customers, including email, telephone number and address, and may collect contact information of individuals who work for our customers in order to communicate with those customers about their business relationship with Tiny Mile, this includes email, telephone number and address. We also collect payment credentials or related information from our customers in order to allow those customers to pay Tiny Mile for Services provided and any tips provided to Tiny Mile by a customer’s end users.

• Personal Information Provided to Tiny Mile in the course of Services. We receive Personal Information from our customers about their end users. The Personal Information provided to us by customers about their end users consists of an end users’ name, delivery address, email address and phone number. If a customer has a privacy policy that applies to its end users, then that privacy policy shall take precedence over this Privacy Policy, and subject to our obligations under applicable law and our contractual arrangements with the applicable customer, we will comply with that privacy policy. For certainty, Tiny Mile does not collect information from a customer’s end users and Tiny Mile’s use of the Personal Information of a customer’s end user is only as a sub-processor and the applicable customer privacy policy under which the information is collected is the applicable privacy policy.

For all of the rights described in this Section 2.1 , in certain instances, where we are acting as a sub-processor for one of our customers who is the actual data controller, we may not be able to respond to or take action in respect to a request from you in connection with your Personal Information or personal data without notifying and receiving consent and/or further instructions from such customer who is the actual data controller. Where we are acting as a sub-processor for one of our customers who is the actual data controller, please direct your Personal Information and personal data questions to the applicable customer (i.e., the organization on whose behalf we made the applicable delivery), as your use of the Services is subject to that organization’s privacy policies. We are not responsible for our customer’s privacy or security practices, and those practices may be different from those described in this Privacy Policy. If you seek to access, amend, or delete inaccurate information or seek to assert any other rights with respect to your Personal Information held by one of our customers, you should direct your request to the applicable customer (the “Data Controller”).

• Video Footage. We collect video footage from the delivery robots during the course of rendering our Services. The collected video footage may include footage of people, including but not limited to, both a customer and a customer’s end user and people who are incidentally viewed by a robot as it navigates its delivery route. We retain video footage collected during the course of rendering our Services for insurance and legal purposes (for example, an accident involving a robot or instances of abuse of a robot), for customer service purposes and to improve our Services.

• Employee and Contractor Candidate Information. When we seek candidates for potential jobs or contracting engagements with Tiny Mile, we collect information that those candidates choose to provide to us when applying, which may include contact information, education and employment history, credentials, place of residence and other information the candidate believes to be relevant. For people who become our employees or contractors, we will typically retain the information provided by those people in the application process along with additional information to manage their employment or contractor relationship with us.

• Tiny Mile Suppliers and Partners. Tiny Mile collects business contact information of individuals who work for our suppliers and other partners to communicate with those suppliers and partners about their business relationship with Tiny Mile.

2.2. Use of Personal Information. Tiny Mile uses the Personal Information described above to:

• verify end user’s identities for the purposes of know-your-customer laws and regulations;
• provide, operate, maintain and improve the Services;
• send technical notices, delivery-related communications, updates, security alerts and support and administrative messages;
• process payments for our Services;
• respond to comments, questions, and requests and provide customer service and support;
• communicate with you and provide news or information about us;
• investigate and prevent accidents, unauthorized access to the Services, and other illegal activities;
• investigate and take legal actions in respect to abuse of delivery robots;
• conduct business and contractual relationships that we have with various persons and companies (such as customers, suppliers, partners and employees); and
• for other purposes which we will notify you about and seek your consent.

2.3. Use of Video Footage. Tiny Mile collects video footage from the delivery robots during the course of rendering our Services and uses collected video footage to improve and develop the Services. If you wish to request video footage containing your Personal Information to be deleted, please contact our Privacy Officer in accordance with Section 9 below. To comply with your request under this Section 2.3, we may ask you to provide information such as the date, time and location the video footage was taken. We may also require government identification to verify your request.

3. STORAGE LOCATION AND TRANSFER OF PERSONAL INFORMATION

Tiny Mile processes and stores its data, including Personal Information, on servers located in the United States. Tiny Mile also transfers data to third-party service providers, including the third-party service providers listed in this privacy policy (“Sub-Processors”). You agree to this transfer, storing or processing of your Personal Information in Canada and the United States. You acknowledge and agree that your Personal Information may be accessible to law enforcement and governmental agencies in Canada and the United States under lawful access regimes or court order.

4. DISCLOSURE OF PERSONAL INFORMATION WITH THIRD PARTIES

4.1. Service Providers and Business Partners. We may from time to time employ third parties to perform tasks for us and we may need to share Personal Information (including account information) with them to perform those tasks. Unless we tell you differently, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary for them to perform the relevant tasks for us. The third parties we currently engage include third-party companies and individuals employed or contracted by us to provide certain capabilities within the Services and for certain general business functions, including the provision of database management, payment processing and customer relationship management tools, including the Sub-Processors.

4.2. Business Transfers. If our business (or substantially all of our assets) are acquired by a third party, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information may be made available or otherwise transferred to the new controlling entity, where permitted under applicable law. Your Personal Information may also be transferred in connection with due diligence for any such transactions. In all cases, if any such transactions occur, your Personal Information will remain subject to the restrictions and protections set forth in this Privacy Policy.

4.3. With Your Consent. If we need to use or disclose any Personal Information in a way not identified in this Privacy Policy, we will notify you and/or obtain consent as required under applicable privacy laws.

4.4. As Required by Law. We may disclose your Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. Further, we may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law.

We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to:

• satisfy any applicable law, regulation, legal process or governmental request (including in pursuant to subpoenas, civil investigative demands, or similar processes); enforce our contracts or user agreements, including investigation of potential violations hereof;
• investigate and take legal actions in respect to abuse of delivery robots and/or accidents involving delivery robots; and
• detect, prevent, or otherwise address fraud, security, or technical issues.

The above may include exchanging information with other companies and organizations for fraud protection, spam/malware prevention, and know-your-customer purposes. Notwithstanding the general terms of this policy, the collection, use, and disclosure of Personal Information may be made outside of the terms of this Privacy Policy to the extent provided for in any applicable privacy or other legislation in effect from time to time, or pursuant to court orders (including in respect to depositions, interrogatories, subpoenas, civil investigative demands, and other court or regulatory-mandated discovery processes).

5. RETENTION

We will keep your Personal Information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. Personal Information in respect to financial transactions is retained for at least five (5) years by Tiny Mile for financial compliance and to meet regulatory requirements. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally identifiable data, account recovery, or if required by law. All retained Personal Information will remain subject to the terms of this Privacy Policy.

6. ACCESS, CORRECTION AND ACCURACY

You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that Personal Information. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances, and as permitted under law, we may not be able to make all relevant Personal Information available to you, such as where that Personal Information also pertains to another individual. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access to and modifications of Personal Information in a timely manner.

We will make every reasonable effort to keep your Personal Information accurate and up to date, and we will provide you with mechanisms to update, correct, delete or add to your Personal Information as appropriate. As appropriate, this amended Personal Information will be transmitted to those parties to which we are permitted to disclose your Personal Information. Having accurate Personal Information about you enables us to give you the best possible service.

7. CALIFORNIA RESIDENTS

This section provides additional details about the Personal Data we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act (the “CCPA”).

For more details about the Personal Data we collected over the last twelve (12) months, please see Section 2.1 above. We collect this Personal Data for commercial purposes described in Section 2.2 above. We will only share your Personal Information with third parties as described in Section 4 above. We do not sell (as that term is defined in the CCPA) the Personal Data we collect from you.

Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of Personal Data we collect (including how we use and disclose this Personal Data), to delete their Personal Data, to opt out of any “sales” of Personal Data that may be occurring, and to not be discriminated against for exercising these rights.

California consumers may make a request pursuant to their rights under the CCPA by contacting us in accordance with Section 9 below. We may require government identification to verify your request. You may also designate an authorized agent to exercise your CCPA rights on your behalf.

8. CHANGES TO THIS PRIVACY POLICY

We may amend this Privacy Policy from time to time. Processing of Personal Information we collect is subject to the Privacy Policy in effect at the time such Personal Information is collected, used or disclosed as this Privacy Policy may subsequently be updated in accordance with this Section 8. If we make material changes or changes in the way we use Personal Information, we will notify you by updating the “Last Updated” date at the top and bottom of this Privacy Policy You are bound by any changes to the Privacy Policy when you use the Website or Services after such changes have been first announced.

9. ADDITIONAL INFORMATION

Questions regarding this Privacy Policy or Tiny Mile’s privacy practices and requests to access, correct or delete your Personal Information should be directed to our Privacy Officer as follows:

By mail:

Tiny Mile US, Corp. 130 - 127 W Trade St. Charlotte, NC 28202 USA

Or by email:

legal@tinymile.ai

Effective Date: 6 April, 2022

SUB-PROCESSORS

To support Tiny Mile in delivering the Services, Tiny Mile engages third-party service providers as sub-processors.

This page identifies our sub-processors, describes where they are located, lists the services they provide to us and identifies the type of Personal Information processed.

Our business needs may change from time to time and Tiny Mile will periodically update this list to provide notice of additions and removals to our list of sub-processors.

Service Provider	Types of PI processed	Processor Activities	Location
Google	End user name, phone number, email, address	Verification, navigation and routing, order processing	United States
Twilio	End user name, phone number	Notification of Customer	Ireland
Prefinery	End user name, phone number	Notification of Customer	United States
Suvicate	End user survey responses	Analytics	Poland
Quickbooks	Credit card information	Payment processing	United States
Plausible	Web usage statistics	Analytics	Germany
Breezy.hr	Hiring candidate name, phone number,email, address, experience	Talent Acquisition	United States
Plausible	Web usage statistics	Analytics	Germany

Last Updated: 30 August, 2022