Table of Contents

• 1. Introduction and Scope
• 2. Definitions
• 3. Information We Collect
• 4. Hardware Access and Device Permissions
• 5. How We Use Your Information
• 6. Artificial Intelligence and Automated Processing
• 7. Information Sharing and Disclosure
• 8. Cookies, Tracking Technologies, and Analytics
• 9. Data Retention and Deletion
• 10. Data Security
• 11. International Data Transfers
• 12. Your Rights and Choices
• 13. User Responsibilities and Acceptable Use
• 14. Assumption of Risk and Limitation of Liability
• 15. Indemnification
• 16. Third-Party Services, Links, and Integrations
• 17. Children's Privacy
• 18. Do Not Track Signals
• 19. California Privacy Rights (CCPA/CPRA)
• 20. Virginia, Colorado, Connecticut, Utah, and Other U.S. State Privacy Rights
• 21. European Economic Area, United Kingdom, and Swiss Privacy Rights (GDPR)
• 22. Dispute Resolution and Arbitration
• 23. Severability
• 24. Changes to This Privacy Policy
• 25. Contact Us

1. Introduction and Scope

This Privacy Policy ("Policy") describes how Mai Ai ("WithMai," "we," "our," or "us") collects, uses, stores, processes, shares, transfers, and discloses information in connection with our mobile application ("App"), our website located at withmai.com ("Site"), and all related services, features, content, and functionality (collectively, the "Services"). This Policy applies to all users of the Services, including users on Android, iOS, web browsers, and any other platform through which the Services are made available.

By accessing, downloading, installing, registering for, or using our Services in any manner, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy in its entirety. If you do not agree with any part of this Policy, you must immediately cease all use of our Services and delete your account. Your continued use of the Services after any modifications to this Policy constitutes your acceptance of those modifications.

This Policy should be read in conjunction with our Terms of Service, Acceptable Use Policy, and any other agreements or policies referenced herein. In the event of a conflict between this Policy and the Terms of Service, the Terms of Service shall prevail unless this Policy specifically provides otherwise.

We reserve the right to modify, amend, supplement, or replace this Policy at any time in our sole discretion. Material changes will be communicated as described in Section 24 below.

2. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below:

• "Personal Information" or "Personal Data" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. This includes but is not limited to names, email addresses, IP addresses, device identifiers, geolocation data, biometric data, and online activity information.
• "User," "you," or "your" means any individual who accesses or uses the Services in any capacity, including registered account holders, guests, and visitors.
• "Content" means any text, messages, images, photographs, audio, video, files, data, feedback, suggestions, or other materials or information that a User submits, uploads, transmits, posts, or otherwise makes available through the Services.
• "AI Companion" means the artificial intelligence-powered virtual characters, chatbots, personas, and conversational agents available through the Services.
• "Device" means any smartphone, tablet, computer, wearable, or other electronic device used to access the Services.
• "Processing" means any operation or set of operations performed on Personal Information, whether by automated means or not, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
• "Service Provider" means a third party that processes Personal Information on our behalf pursuant to a written contract.
• "Sensitive Personal Information" means Personal Information that reveals racial or ethnic origin, religious or philosophical beliefs, health or medical information, sexual orientation, precise geolocation, biometric data, financial account information, or similar categories as defined under applicable law.

3. Information We Collect

We collect information from and about you in several ways, as described below. The categories and specific types of information we collect depend on the nature of your interactions with us and the Services you use.

3.1. Information You Provide Directly

We collect Personal Information that you voluntarily provide when you register for, access, or use our Services. This includes but is not limited to:

• Account Registration Information: When you create an account, we collect your full name, email address, username, password (stored in hashed form), date of birth, and any other information you provide during the registration process, including information provided through third-party single sign-on services (e.g., Google, Apple, Facebook).
• Profile Information: You may voluntarily provide additional profile details, including but not limited to a display name, profile photograph or avatar, biographical information, gender, location, language preferences, timezone, and personal interests.
• User-Generated Content: Any Content you create, submit, upload, transmit, or share through the Services, including but not limited to text messages, chat conversations with AI Companions, voice messages, audio recordings, photographs, images, videos, files, and any other materials.
• Communications: When you contact us for customer support, submit feedback, participate in surveys or promotions, report issues, or otherwise communicate with us via email, in-app messaging, social media, or any other channel, we collect the content and metadata of those communications.
• Payment and Transaction Information: If you make purchases, subscribe to premium features, or engage in any financial transactions within or related to the Services, we may collect billing information, purchase history, subscription details, and transaction records. Payment card details (credit card numbers, CVV, etc.) are processed directly by our third-party payment processors (such as Google Play Billing, Apple In-App Purchase, Stripe, or PayPal) and are not directly stored by us. However, we may receive and retain partial payment information such as the last four digits of your card, card type, billing address, and transaction confirmation details.
• Preferences and Settings: Your in-app settings, notification preferences, AI Companion customization preferences, communication preferences, and any other configuration choices you make within the Services.
• Verification Information: If we implement age verification, identity verification, or other verification mechanisms, we may collect government-issued identification information, selfie photographs, or other verification materials as required.

3.2. Information Collected Automatically

When you access or use our Services, we and our third-party service providers automatically collect certain information using various technologies, including but not limited to:

• Device Information: Device make, model, and manufacturer; operating system type and version; unique device identifiers (including but not limited to IMEI, MEID, serial number, Android ID, IDFA, IDFV, Google Advertising ID); screen resolution and display information; RAM and storage capacity; CPU and hardware specifications; battery level and status; device language and locale settings; mobile carrier and network type (Wi-Fi, 4G, 5G, LTE); and SIM card information.
• Log and Usage Data: IP address (both IPv4 and IPv6); access timestamps and session duration; pages, screens, and features viewed or accessed; clickstream data and navigation paths; search queries within the Services; in-app actions and interactions; error logs, crash reports, and diagnostic data; referring URLs and exit pages; browser type, version, and settings; and the frequency and pattern of your use of the Services.
• Location Information: We may collect approximate location information derived from your IP address, Wi-Fi access points, or cellular network triangulation. If you grant explicit permission, we may collect precise geolocation data from your device's GPS, Bluetooth, or other location-sensing technologies. You may disable precise location access through your device settings at any time, though this may affect certain location-dependent features.
• Cookies and Similar Technologies: We use cookies (both session and persistent), web beacons (pixel tags), local storage, software development kits (SDKs), and similar tracking technologies to collect information about your interactions with our Services. For more details, see Section 8.
• Inferences: We may derive inferences from the information we collect to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, interests, and aptitudes, solely for the purposes described in this Policy.

3.3. Information from Third Parties

We may receive information about you from third-party sources and combine it with information we collect directly. These sources include:

• Authentication Providers: If you register or log in using a third-party account (e.g., Google, Apple, Facebook), we may receive your name, email address, profile picture, and other publicly available profile information from that provider, subject to their privacy policies and your privacy settings on those platforms.
• Analytics Providers: Third-party analytics services (such as Google Analytics, Firebase, Mixpanel, Amplitude, or similar services) may provide us with aggregated and individualized usage data, demographic information, and interest-based data.
• Advertising Partners: If we serve advertisements, our advertising partners may share information about your interactions with ads, including ad impressions, clicks, conversions, and related advertising identifiers.
• App Stores and Distribution Platforms: We may receive information from Google Play, Apple App Store, or other distribution platforms regarding your app downloads, installations, updates, refund requests, and reviews.
• Public Sources: We may collect information from publicly available sources, including social media profiles, public databases, and government records, to the extent permitted by applicable law.

4. Hardware Access and Device Permissions

Our Services may require access to certain hardware features and device permissions to provide core functionality and enhance your experience. We request permissions transparently, and you may manage or revoke them at any time through your device's operating system settings. Revoking certain permissions may limit or disable specific features of the Services.

4.1. Microphone Access

4.2. Storage Access

4.3. Camera Access

4.4. Notification Access

We are committed to using hardware access and device permissions responsibly and in full compliance with Google Play's Permissions Policy, User Data Policy, and all other applicable platform policies. We only request permissions that are essential for providing the Services' stated features and will never use them for undisclosed, unauthorized, or deceptive purposes.

5. How We Use Your Information

We use the information we collect for the following purposes, each of which we consider to be a legitimate business interest or otherwise legally justified:

• Service Provision and Operation: To provide, operate, maintain, personalize, and improve the Services; to create and manage your account; to authenticate your identity; to process transactions; and to deliver the features and functionality you request.
• AI and Machine Learning: To train, develop, improve, and refine our artificial intelligence models, machine learning algorithms, natural language processing capabilities, and AI Companion behaviors, using aggregated, de-identified, and/or anonymized data derived from user interactions. Individual conversations may be reviewed by automated systems for quality assurance, safety enforcement, and content moderation purposes.
• Personalization: To personalize your experience, including tailoring AI Companion responses, recommendations, and content based on your preferences, usage patterns, and interaction history.
• Communications: To send you service-related communications, including account verification, technical notices, security alerts, system updates, support messages, and responses to your inquiries. With your consent, we may also send promotional communications, newsletters, and marketing materials.
• Safety and Security: To protect the safety, integrity, and security of our Services, users, and the public; to detect, prevent, investigate, and respond to fraud, unauthorized access, illegal activities, violations of our Terms of Service or Acceptable Use Policy, and other harmful or potentially harmful conduct.
• Content Moderation: To monitor, review, and moderate Content for compliance with our policies, applicable laws, and community standards, using both automated tools and human review where necessary.
• Analytics and Research: To conduct analytics, perform research, measure performance, analyze trends, understand user behavior and demographics, and generate insights to improve our Services, develop new features, and inform business decisions.
• Legal and Regulatory Compliance: To comply with applicable laws, regulations, legal processes, governmental requests, industry standards, and our legal obligations; to establish, exercise, or defend legal claims; and to protect our rights, property, and interests.
• Business Operations: To facilitate corporate transactions, audits, financial reporting, internal administration, and other legitimate business operations.

6. Artificial Intelligence and Automated Processing

Our Services utilize artificial intelligence, machine learning, and automated processing technologies to provide AI Companion interactions and related features. By using the Services, you acknowledge and agree to the following:

• AI-Generated Content: Responses and content generated by AI Companions are produced by automated systems and do not represent the views, opinions, advice, or endorsements of WithMai or any human individual. AI-generated content may be inaccurate, incomplete, misleading, biased, or inappropriate. You should not rely on AI-generated content for medical, legal, financial, psychological, or other professional advice.
• No Professional Advice: AI Companions are not licensed professionals in any field. Their responses do not constitute professional advice of any kind, including but not limited to medical, therapeutic, psychiatric, psychological, legal, financial, investment, tax, or career advice. Always consult qualified human professionals for such matters.
• Automated Decision-Making: We may use automated processing, including profiling, for content moderation, safety enforcement, personalization, and fraud detection. You have the right, under certain applicable laws, to request human review of significant decisions made solely through automated processing. See Section 12 for details on exercising your rights.
• Continuous Improvement: We continuously develop and improve our AI systems. The behavior, capabilities, accuracy, and features of AI Companions may change over time without prior notice.

7. Information Sharing and Disclosure

We do not sell your Personal Information to third parties for their direct marketing purposes. We may share, disclose, or transfer your information in the following circumstances:

• With Your Consent: We may share your information when you provide explicit, informed consent for a specific sharing purpose.
• Service Providers and Processors: We share information with third-party service providers, vendors, contractors, and processors who perform services on our behalf, including but not limited to cloud hosting and infrastructure (e.g., AWS, Google Cloud, Azure), payment processing, email and push notification delivery, customer support, analytics and data analysis, content delivery networks, AI model training and inference, fraud detection and prevention, and cybersecurity services. These providers are contractually obligated to protect your information and use it solely for the purposes for which it was disclosed.
• Legal Obligations and Law Enforcement: We may disclose your information when required by law, subpoena, court order, governmental regulation, or legal process, or when we believe in good faith that disclosure is necessary to: (a) comply with applicable laws or legal obligations; (b) respond to lawful requests from public authorities, including law enforcement agencies and national security agencies; (c) protect and defend our rights, property, or safety, or the rights, property, or safety of our users or the public; (d) prevent or investigate possible wrongdoing, fraud, or security issues; or (e) enforce our Terms of Service, this Policy, or other agreements.
• Business Transfers: In connection with, or during negotiations of, any merger, acquisition, consolidation, restructuring, sale of all or substantially all of our assets, financing, initial public offering, dissolution, bankruptcy, receivership, or similar corporate transaction, your information may be shared, transferred, sold, or otherwise disclosed as part of that transaction. We will use reasonable efforts to ensure that any successor entity is bound by privacy obligations substantially similar to those in this Policy.
• Aggregated and De-Identified Data: We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for any lawful purpose, including research, analytics, marketing, industry benchmarking, and public reporting.
• Professional Advisors: We may share information with our lawyers, auditors, accountants, insurers, financial advisors, and other professional advisors in connection with the professional services they provide to us.
• Affiliated Entities: We may share information with our parent companies, subsidiaries, affiliates, and related entities for purposes consistent with this Policy.

8. Cookies, Tracking Technologies, and Analytics

We and our third-party partners use cookies, web beacons (pixel tags), local storage (HTML5), software development kits (SDKs), and similar tracking technologies to collect information about your interactions with our Services and other websites and online services.

8.1. Types of Cookies and Technologies

• Essential/Strictly Necessary: Required for the basic operation of the Services, including authentication, session management, security, and load balancing. These cannot be disabled.
• Functional/Preference: Enable enhanced functionality and personalization, such as remembering your settings, language preferences, and login details.
• Analytics/Performance: Help us understand how users interact with the Services by collecting anonymous usage statistics, page views, feature usage, error rates, and performance metrics.
• Advertising/Marketing: Used to deliver relevant advertisements, measure ad performance, and track conversions. These may be placed by third-party advertising partners.

8.2. Third-Party Analytics

We use third-party analytics services (including Google Analytics, Firebase Analytics, Mixpanel, and similar services) that use cookies and similar technologies to collect and analyze usage information. These services may collect information about your use of other websites and online services. You can learn more about Google's practices at https://policies.google.com/privacy and opt out using the Google Analytics opt-out browser add-on.

8.3. Your Cookie Choices

Most web browsers allow you to manage cookie preferences through browser settings, including blocking or deleting cookies. Mobile devices offer controls for managing advertising identifiers and limiting ad tracking. Please note that disabling certain cookies or tracking technologies may impair the functionality of our Services.

9. Data Retention and Deletion

We retain your Personal Information for as long as reasonably necessary to fulfill the purposes for which it was collected, as described in this Policy. Specific retention criteria include:

• Account Data: Retained for the duration of your account's active status, plus a reasonable period following account deletion or deactivation to allow for account recovery requests, legal compliance, fraud prevention, and dispute resolution.
• Conversation and Content Data: Chat logs, messages, and User-Generated Content are retained for the duration of your account's active status. Upon account deletion, content is queued for deletion and permanently removed within 30 days, except where retention is required by law or legitimate business necessity.
• Usage and Analytics Data: Generally retained in identifiable form for up to 24 months, after which it is aggregated, anonymized, or deleted.
• Legal and Compliance Data: Retained for the duration required by applicable laws, regulations, legal holds, or litigation preservation obligations.
• Backup and Disaster Recovery: Copies of data may persist in encrypted backup systems for a limited period following deletion from primary systems, after which they are overwritten in the normal course of backup rotation.

To request deletion of your Personal Information, please see Section 12 (Your Rights and Choices) or contact us as described in Section 25.

10. Data Security

We implement and maintain a comprehensive information security program that includes reasonable and appropriate administrative, technical, and organizational measures designed to protect your Personal Information from unauthorized access, use, alteration, disclosure, destruction, or loss. These measures include but are not limited to:

• Encryption of data in transit using TLS 1.2 or higher and encryption of data at rest using AES-256 or equivalent encryption standards.
• Role-based access controls (RBAC) with the principle of least privilege applied to all internal systems.
• Multi-factor authentication (MFA) for administrative access.
• Regular security assessments, vulnerability scanning, and penetration testing.
• Incident response procedures and breach notification protocols.
• Employee security awareness training and confidentiality agreements.
• Secure software development lifecycle (SDLC) practices.
• Network segmentation, firewalls, and intrusion detection/prevention systems.
• Regular audits and reviews of security practices.

NOTWITHSTANDING THE FOREGOING, NO METHOD OF TRANSMISSION OVER THE INTERNET, METHOD OF ELECTRONIC STORAGE, OR OTHER SECURITY MEASURE IS COMPLETELY SECURE OR ERROR-FREE. WE CANNOT AND DO NOT GUARANTEE THE ABSOLUTE SECURITY OF YOUR INFORMATION. YOU ACKNOWLEDGE AND ACCEPT THAT ANY TRANSMISSION OF PERSONAL INFORMATION TO US IS AT YOUR OWN RISK.

11. International Data Transfers

Your information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States and other jurisdictions where our servers, service providers, or affiliates are located. These countries may have data protection laws that differ from those in your jurisdiction.

Where required by applicable law, we implement appropriate safeguards for international data transfers, which may include Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, binding corporate rules, certification mechanisms, or other legally recognized transfer mechanisms. By using the Services, you consent to the transfer of your information to countries outside your country of residence, subject to the safeguards described in this Policy.

12. Your Rights and Choices

Depending on your jurisdiction and applicable law, you may have certain rights regarding your Personal Information, including but not limited to:

• Right to Access: The right to request confirmation of whether we process your Personal Information and to obtain a copy of the specific Personal Information we hold about you.
• Right to Rectification/Correction: The right to request correction of inaccurate or incomplete Personal Information.
• Right to Deletion/Erasure: The right to request deletion of your Personal Information, subject to certain legal exceptions and retention requirements.
• Right to Restrict Processing: The right to request that we limit the processing of your Personal Information in certain circumstances.
• Right to Data Portability: The right to receive your Personal Information in a structured, commonly used, and machine-readable format and to transmit it to another controller.
• Right to Object: The right to object to the processing of your Personal Information for certain purposes, including direct marketing and profiling.
• Right to Withdraw Consent: Where processing is based on consent, the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Opt-Out of Sale/Sharing: The right to opt out of the "sale" or "sharing" of your Personal Information, as those terms are defined under applicable law.
• Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising your privacy rights.
• Right to Appeal: The right to appeal a decision we make regarding your privacy rights request.

To exercise any of these rights, please contact us using the information provided in Section 25. We will verify your identity before processing your request and respond within the timeframe required by applicable law. You may also designate an authorized agent to make a request on your behalf, subject to appropriate verification.

13. User Responsibilities and Acceptable Use

THIS SECTION IS OF CRITICAL IMPORTANCE. PLEASE READ IT CAREFULLY.

By using the Services, you acknowledge, represent, warrant, and agree to the following:

13.1. Lawful and Responsible Use

You are solely responsible for your use of the Services and for all Content you submit, upload, transmit, or share. You agree to use the Services only for lawful purposes and in compliance with all applicable local, state, national, and international laws, regulations, and ordinances. You are responsible for ensuring that your use of the Services does not violate any applicable law or regulation in your jurisdiction.

13.2. Prohibited Conduct

You shall not use the Services to:

• Engage in, promote, solicit, facilitate, or encourage any illegal activity or conduct.
• Harass, threaten, intimidate, stalk, defame, or bully any individual or entity.
• Upload, transmit, or distribute any Content that is unlawful, harmful, threatening, abusive, tortious, defamatory, vulgar, obscene, libelous, invasive of another's privacy, hateful, or racially, ethnically, or otherwise objectionable.
• Create, distribute, or possess child sexual abuse material (CSAM) or any content that sexualizes minors in any way.
• Impersonate any person or entity, or falsely state or misrepresent your affiliation with a person or entity.
• Attempt to gain unauthorized access to the Services, other user accounts, computer systems, or networks connected to the Services.
• Interfere with or disrupt the integrity or performance of the Services or the data contained therein.
• Use the Services to develop, train, or improve competing AI or machine learning systems without our prior written consent.
• Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code or algorithms of the Services.
• Use any automated means, including bots, scrapers, crawlers, or spiders, to access or interact with the Services without our prior written consent.
• Circumvent, disable, or otherwise interfere with any security-related features of the Services.

13.3. User Acknowledgments

You expressly acknowledge and agree that:

• AI Companions are artificial intelligence programs and are not real people, sentient beings, licensed professionals, or substitute for human relationships or professional services.
• All interactions with AI Companions are fictional in nature and should be treated as entertainment only.
• You are solely responsible for any decisions, actions, or consequences arising from your use of the Services or reliance on AI-generated content.
• WithMai reserves the right to monitor, review, and moderate all Content and interactions for safety, compliance, and quality purposes.
• Violation of these responsibilities may result in immediate account suspension or termination, without prior notice or refund.

14. Assumption of Risk and Limitation of Liability

PLEASE READ THIS SECTION CAREFULLY. IT AFFECTS YOUR LEGAL RIGHTS.

14.1. ASSUMPTION OF RISK

YOU EXPRESSLY ACKNOWLEDGE, UNDERSTAND, AND AGREE THAT YOUR USE OF THE SERVICES IS ENTIRELY AT YOUR OWN RISK. THE SERVICES, INCLUDING ALL CONTENT, AI COMPANIONS, AI-GENERATED RESPONSES, AND FEATURES, ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ACCURACY, RELIABILITY, AVAILABILITY, OR COMPLETENESS.

14.2. USER LIABILITY

YOU ARE SOLELY AND FULLY RESPONSIBLE AND LIABLE FOR ALL ACTIVITIES CONDUCTED THROUGH YOUR ACCOUNT AND ALL CONTENT YOU SUBMIT, UPLOAD, TRANSMIT, OR OTHERWISE MAKE AVAILABLE THROUGH THE SERVICES. IF YOUR USE OF THE SERVICES OR ANY CONTENT YOU PROVIDE VIOLATES ANY LAW, REGULATION, OR THIRD-PARTY RIGHT, OR CAUSES HARM TO ANY PERSON, YOU ARE SOLELY RESPONSIBLE AND LIABLE FOR ALL CONSEQUENCES ARISING THEREFROM, INCLUDING ANY LEGAL, CIVIL, OR CRIMINAL LIABILITY.

14.3. LIMITATION OF LIABILITY

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, WITHMAI, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AFFILIATES, SUCCESSORS, AND ASSIGNS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, GOODWILL, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR RELATED TO: (A) YOUR USE OF OR INABILITY TO USE THE SERVICES; (B) ANY CONTENT OBTAINED FROM OR THROUGH THE SERVICES, INCLUDING AI-GENERATED CONTENT; (C) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA; (D) STATEMENTS OR CONDUCT OF ANY THIRD PARTY ON THE SERVICES; (E) ANY DATA BREACH, SECURITY INCIDENT, OR UNAUTHORIZED DISCLOSURE OF YOUR INFORMATION; (F) ANY DECISION OR ACTION TAKEN BY YOU IN RELIANCE ON INFORMATION OR CONTENT PROVIDED THROUGH THE SERVICES; OR (G) ANY OTHER MATTER RELATING TO THE SERVICES. IN NO EVENT SHALL OUR TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THE SERVICES EXCEED THE GREATER OF (I) THE AMOUNT YOU HAVE PAID US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (II) ONE HUNDRED U.S. DOLLARS ($100.00).

Some jurisdictions do not allow the exclusion or limitation of certain warranties or liabilities, so some of the above limitations may not apply to you. In such jurisdictions, our liability shall be limited to the maximum extent permitted by law.

15. Indemnification

You agree to defend, indemnify, and hold harmless WithMai, its officers, directors, employees, agents, affiliates, licensors, service providers, successors, and assigns from and against any and all claims, demands, actions, suits, proceedings, losses, liabilities, damages, judgments, penalties, fines, costs, and expenses (including reasonable attorneys' fees and legal costs) arising out of or relating to: (a) your use of the Services; (b) any Content you submit, upload, transmit, or otherwise make available through the Services; (c) your violation of this Policy, the Terms of Service, or any applicable law, regulation, or third-party right; (d) your negligence, willful misconduct, or fraud; (e) any claim that your Content caused damage to a third party; or (f) any dispute between you and another user of the Services. This indemnification obligation shall survive the termination of your account and your use of the Services.

16. Third-Party Services, Links, and Integrations

The Services may contain links to, integrations with, or content from third-party websites, applications, services, or platforms ("Third-Party Services"). These Third-Party Services are not owned, controlled, or operated by us, and we are not responsible for their privacy practices, content, terms, policies, or security measures. We encourage you to review the privacy policies of any Third-Party Services you access. Our inclusion of a link to or integration with a Third-Party Service does not imply endorsement, affiliation, or sponsorship. Your interactions with Third-Party Services are governed solely by those services' own terms and privacy policies, and you use them entirely at your own risk.

17. Children's Privacy

The Services are not directed to, intended for, or designed to attract children under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect, solicit, or receive Personal Information from children under 18. If we become aware that we have collected Personal Information from a child under 18, we will take prompt steps to delete such information from our records and terminate the associated account. If you are a parent or guardian and believe that your child has provided us with Personal Information without your consent, please contact us immediately using the information in Section 25, and we will take appropriate action.

BY USING THE SERVICES, YOU REPRESENT AND WARRANT THAT YOU ARE AT LEAST 18 YEARS OF AGE OR THE AGE OF MAJORITY IN YOUR JURISDICTION, WHICHEVER IS GREATER.

18. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. At this time, there is no universally accepted standard for how companies should respond to DNT signals. Accordingly, our Services do not currently respond to DNT signals. However, you may manage your tracking preferences through your browser settings, device settings, or the choices described in this Policy. We will continue to monitor developments in DNT technology and update our practices as industry standards evolve.

19. California Privacy Rights (CCPA/CPRA)

This section applies to California residents and supplements the information in this Policy with disclosures required under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA").

19.1. Categories of Personal Information

In the preceding 12 months, we have collected the following categories of Personal Information as defined by the CCPA: identifiers (name, email, IP address, device identifiers); personal information categories listed in Cal. Civ. Code § 1798.80(e); characteristics of protected classifications under California or federal law (age, gender); commercial information (purchase history, subscription details); internet or other electronic network activity information (browsing history, usage data, interaction data); geolocation data; audio, electronic, and visual information (voice recordings, profile photos); inferences drawn from the above categories; and sensitive personal information (account login credentials, precise geolocation, where applicable).

19.2. Your California Rights

As a California resident, you have the following rights under the CCPA:

• Right to Know: You may request that we disclose the categories and specific pieces of Personal Information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share your information.
• Right to Delete: You may request deletion of your Personal Information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate Personal Information.
• Right to Opt Out of Sale/Sharing: We do not sell your Personal Information in the traditional sense. If our data practices constitute a "sale" or "sharing" under the CCPA (e.g., through certain advertising technologies), you have the right to opt out.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit the use and disclosure of your Sensitive Personal Information to purposes permitted by the CCPA.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To submit a verifiable consumer request, please contact us using the information in Section 25. We will verify your identity using a reasonable verification process.

19.3. Shine the Light

Under California Civil Code § 1798.83 ("Shine the Light"), California residents may request information regarding the disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us using the information in Section 25.

20. Virginia, Colorado, Connecticut, Utah, and Other U.S. State Privacy Rights

If you reside in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Hampshire, New Jersey, Nebraska, Maryland, Minnesota, or another U.S. state with comprehensive privacy legislation, you may have additional rights under your state's privacy law, including the rights to access, correct, delete, and obtain a portable copy of your Personal Information, as well as the right to opt out of targeted advertising, the sale of Personal Information, and profiling in furtherance of decisions that produce legal or similarly significant effects.

To exercise your state-specific privacy rights, please contact us using the information in Section 25. If your request is denied, you may have the right to appeal. Instructions for submitting an appeal will be included in our response to your request.

21. European Economic Area, United Kingdom, and Swiss Privacy Rights (GDPR)

If you are located in the European Economic Area ("EEA"), the United Kingdom ("UK"), or Switzerland, the processing of your Personal Data is governed by the General Data Protection Regulation (EU) 2016/679 ("GDPR") and/or the UK GDPR, as applicable.

21.1. Legal Bases for Processing

We process your Personal Data based on one or more of the following legal bases:

• Consent: Where you have given us your explicit, informed consent for specific processing activities.
• Contract: Where processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.
• Legitimate Interests: Where processing is necessary for our legitimate business interests (or those of a third party), provided that such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include operating and improving the Services, ensuring security, preventing fraud, and marketing.
• Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.

21.2. Your GDPR Rights

In addition to the rights listed in Section 12, you may have the right to lodge a complaint with a supervisory authority in the EU/EEA member state or UK where you reside, work, or where an alleged infringement occurred. A list of supervisory authorities is available at https://edpb.europa.eu.

21.3. Data Protection Officer

If you have questions about how we process your Personal Data or wish to exercise your rights, you may contact us at the address provided in Section 25.

22. Dispute Resolution and Arbitration

Any dispute, claim, or controversy arising out of or relating to this Privacy Policy, the Services, or the collection, use, or disclosure of your information ("Dispute") shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of laws principles.

To the fullest extent permitted by applicable law, you and WithMai agree that any Dispute shall be resolved exclusively through final and binding individual arbitration administered by the American Arbitration Association ("AAA") under its Consumer Arbitration Rules, rather than in court. You and WithMai agree to waive the right to a trial by jury and to participate in any class action, collective action, or representative proceeding. The arbitration shall take place in Delaware, United States, unless otherwise agreed by the parties or required by law. Each party shall bear its own costs and expenses of arbitration, except as otherwise required by law or the AAA rules.

Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of intellectual property rights, confidentiality obligations, or other proprietary rights.

23. Severability

If any provision of this Privacy Policy is held to be invalid, illegal, or unenforceable by a court or tribunal of competent jurisdiction, such provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving its original intent. If modification is not possible, the invalid provision shall be severed, and the remaining provisions of this Policy shall remain in full force and effect.

24. Changes to This Privacy Policy

We reserve the right to modify, amend, supplement, or replace this Privacy Policy at any time in our sole discretion. When we make material changes, we will: (a) update the "Last Updated" date at the top of this Policy; (b) provide prominent notice through the Services (such as an in-app notification, banner, or pop-up); and (c) where required by applicable law, obtain your consent to the changes. For non-material changes, we will update this page and the "Last Updated" date without additional notice. Your continued use of the Services following the posting of any changes constitutes your acceptance of those changes. If you do not agree with any changes, you must stop using the Services and delete your account.

25. Contact Us

If you have any questions, concerns, complaints, or requests regarding this Privacy Policy, our data practices, or the exercise of your privacy rights, please contact us at:

We will make every effort to respond to your inquiry within a reasonable timeframe and in compliance with applicable law.