Terms of Use

Tailorbird Privacy Policy

Last Modified: May 12, 2025

This Privacy Policy describes how Tailorbird, Inc. ("Tailorbird," "we",“us” or "our") processes personal data that we collect through our digital or online properties or subscription services (see below for more detail regarding the information you may provide to Tailorbird. Tailorbird may provide additional or supplemental privacy policies to individuals for specific products or services that we offer at the time we collect personal information.

Tailorbird provides construction software that uses analytics and automation to make multifamily renovations faster, easier, and more cost effective. This Privacy Policy does not apply to information that we process on behalf of our business customers(such as owners and contractors) while providing the Tailorbird Platform to them. Our use of information that we process on behalf of our business customers is governed by our agreements with such customers and paragraph 2 below.

Our websites, products and services are designed for enterprise customers and their authorized users. We do not offer products or services for use by individuals for their personal, family or household purposes. Accordingly, we treat all personal information we collect as pertaining to individuals in their capacities as representatives of the relevant business and not their individual capacities.

Information we collect

Information you provide to us. Information you may provide to us through our website or any other sites or services, with our representatives, at events, or when a customer uses the subscription services. When you interact with us, we may collect personal information as described below:

1. When you visit our website and submit a webform, request customer support or otherwise interact with our website, we may ask for contact data such as your email address, first and last name, job title, company name, phone number and other similar business information. Much of our website can be explored without providing personal information.

2. When you use the Tailorbird subscription services,

a. we may collect personal information when you sign-up for a user account, create or modify your user information, set preferences or related information needed to access the Tailorbird subscription services. When customers access our subscription services, they may provide personal information such as first and last name, email address, physical address, phone number, a password or related information. We call this information “Personal Data” under our SaaS Platform Terms and Conditions. We process information about and on behalf of our customers based on the customer’s instructions and in accordance with that customer’s SaaS Platform Terms andConditions they entered with Tailorbird. If you have concerns regarding your personal information that we process on behalf of a business customer, please direct your concerns to that customer.

b. we automatically collect information such as your device model and version, operating system or device identifiers if you access the Tailorbird subscription service through a mobile application.

c. customers may connect third party integrations to their subscription services, which may ask for certain permissions or access data. It is the customer’s or user’s responsibility to review and authorize such third-party integrations. We arenot responsible for data that a third-party application uses, so carefully review the permissions you grant to third party applications. We may collect information about the types of integrations that are used related to your user account.

d. Property data, from the customer or publicly available third-party sources, relating to or needed to complete your orders on or through the subscription services such as property specific information and transaction history.

• From Third Parties or Other Sources. We may receive information from third party services providers, from our business and solution partners, data licensors, publicly available sources such as social media platforms. This may include physical mail address, job titles, email address, phone numbers and social media profiles. We may receive marketing or communication data such as your preferences for receiving our marketing communications and details about your engagement with them, information based on our exchanges with you, including when you contact us through the website or subscription services, social media or otherwise. service providers that provide services on our behalf or help us operate the subscription services or our business.Or other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection. This information helps us update our services, improve our products and identify new customers.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with our website or subscription services, our communications and other online services, such as:

• Device data, such as your computer or mobile device’s operating system type andversion, manufacturer and model, browser type, screen resolution, RAM and disksize, CPU usage, device type (e.g.,phone, tablet), IP address, uniqueidentifiers (including identifiers used for advertising purposes), language settings, mobiledevice carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and generallocation information such as city, state or geographic area.

• Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.

• General Location data when you authorize the website or subscription services to access your device’s location.

• Communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.

Cookies and similar technologies. Some of the automatic collection described above is facilitated by the following technologies:

• Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service provider’s place.

• Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.

• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

How we use your personal Information

We may use your personal information for the following purposes or as otherwise described at the time of collection:

Subscription services delivery and operations. We may use your personal information to:

· provide, operate and improve the subscription service and our business;

· establish and maintain your user profile on the subscription services;

· personalizing the subscription services, including remembering the devices from which you have previously logged in and remembering your selections and preferences as you navigate the Service;

· communicate with you about events or contests in which you participate;

· understand your needs and interests, and personalize your experience with the subscription service and our communications; and

· provide support for the subscription services, and respond to your requests, questions and feedback.

No Mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the subscription service and our business and to develop new products and services. As part of these activities, we may create aggregated, de-identified and/or anonymized data from personal information we collect. We make personal information into de-identified or anonymized data by removing information that makes the data personally identifiable to you. We may use this aggregated, de-identified or otherwise anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the subscription services and promote our business.

Marketing. We and our service providers may send you direct marketing communications and may personalize these messages based on your needs and interests. You may opt-out of our marketing communications as described in the opt-out of communications section below.

Service improvement and analytics.We may use your personal information to analyze your usage of the subscription services, improve the subscription services, improve the rest of our business, help us understand user activity on the subscription services, including which pages are most and least visited and how visitors move around the subscription services, as well as user interactions with our emails, and to develop new products and services.

Events, promotions and contests.We may use your personal information to:

· administer promotions and contests;

· communicate with you about promotions or contests in which you participate; and

· contact or market to you after collecting your personal information at an event

Compliance and protection. We may use your personal information to:

· comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;

· protect our, your or others’ rights, privacy, safety or property (including by making and

defending legal claims);

· audit our internal processes for compliance with legal and contractual requirements or our internal policies;

· enforce the terms and conditions that govern the Service; and

· prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

Cookies and similar technologies. In addition to the other uses included in this section, we may use the cookies and similar technologies described above for the following purposes:

· Technical operation. To allow the technical operation of the website or subscription services.

· Functionality. To enhance the performance and functionality of our website or subscription services.

Analytics. To help us understand user activity, including which pages are most and least visited and how visitors move around the website or subscription services, as well as user interactions with our emails. For example, we use Google Analytics for this purpose. You can learn more about GoogleAnalytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.

How we share your personal Information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection.

Affiliates. Our corporate parent, subsidiaries, and affiliates.

Service providers. Third parties that provide services on our behalf or help us operate the website or subscription services or our business (such as hosting, information technology, customer support, email delivery, marketing, consumer research and website analytics).

Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so.

Partners. Third parties with whom we partner, including parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

‍

Business transferees. We may disclose personal information in the context of actual or prospective business transactions (e.g., investments in Tailorbird, financing of Tailorbird, public stock offerings, or the sale, transfer or merger of all or part of our business, assets or shares),for example, we may need to share certain personal information with prospective counterparties and their advisers. We may also disclose your personal information to an acquirer, successor, or assignee of Tailorbird as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.

Consent Management

We provide users with clear choices regarding the collection and use of their personal data. Users are given the opportunity to provide or withdraw consent at the point of data collection. If required, consent will be:

· Freely given, specific, informed, and unambiguous.

· Collected using clear and plain language.

· Logged and stored as evidence of user agreement.

You may manage your consent preferences by adjusting your browser settings, opting out via cookie banners, or contacting us at legal@tailorbird.us. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Data Breach Notification and Response

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected individuals and relevant authorities as required by applicable laws such as GDPR and CCPA. Our incident response plan includes:

· Immediate containment and investigation of the breach.

· Notification to data protection authorities within 72 hours (In case of GDPR requirements).

· Timely communication to affected individuals, including nature of breach, data involved, and steps taken.

· Implementation of corrective actions and review of policies and procedures to prevent recurrence.

Your choices

Opt-out of communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.

Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, theService may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. You can also configure your device to prevent images from loading to prevent web beacons from functioning.

Blocking images/clear gifs: Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your particular browser or device settings.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Data Subject Rights (GDPR & CCPA)

Depending on your location, you may have the right to:

· Access and obtain a copy of your personal information.

· Request correction or deletion of your personal information.

· Object to or restrict the processing of your information.

· Withdraw consent at any time (where processing is based on consent).

· Data portability (GDPR).

· Opt-out of targeted advertising or sale of personal information (CCPA).

Other sites and services

The subscription services may contain links to websites, mobile applications, and other online services operated by third parties.In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party.We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

International data transfer

We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

‍

Children

The subscription services are not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the website or subscription services from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the website, subscription services or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the website and subscription service after the effective date of any modified Privacy Policy indicates your acknowledging that the modifiedPrivacy Policy applies to your interactions with the website, subscription service and our business.

Legal and Data Protection Officer (DPO) Contact

For GDPR-related inquiries, you may contact our Data Protection Officer. Please address the email as

“To the Data Protection Officer”:

· Email: legal@tailorbird.us

· Address: 213 Nassau Street Princeton NJ 08542

DPO Roles and Responsibilities:

· Create, implement, and supervise the organization's privacy policies and processes, ensuring compliance with applicable data protection regulations.

· Ensure compliance with data protection laws and regulations.

· Act as the organization's primary point of contact for personal data processing issues.

· To ensure that the various audits are performed within the required time range.

· Conduct frequent audits to monitor data processing processes, identify risks, and conduct Data Protection Impact Assessments (DPIAs) to evaluate and reduce data protection risks.

· To ensure that the records of processing activities (RoPA) are completed whenever the organization collects and processes personal data.

· To inform and advise the organization and its personnel who process personal data on their obligations under the GDPR or local data protection regulations.

· Educate and train employees on data protection policies and practices, fostering a culture of awareness and compliance within the organization.

· DPO conducts risk assessments related to data processing activities and factors such as the nature, scope, circumstances, and purposes.

· To provide quick responses to individuals whose data is processed (workers, clients, or any other data subject) on any problems concerning the processing of their personal data and the exercise of their rights as outlined in the Regulation.

California privacy rights notice

Under California’s Shine the Light law (California Civil Code Section 1798.83), California residents may ask companies with whom they have formed a business relationship primarily for personal, family or household purposes to provide the names of third parties to which they have disclosed certain personal information (as defined under the Shine the Light law) during the preceding calendar year for their own direct marketing purposes, and the categories of personal information disclosed. You may send us requests for this information to legal@tailorbird.us. In your request, you must include the statement “Shine the Light Request," and provide your first and last name and mailing address and certify that you are a California resident. We reserve the right to require additional information to confirm your identity and California residency. Please note that we will not accept requests via telephone, mail, or facsimile, and we are not responsible for notices that are not labelled or sent properly, or that do not have complete information.