We take your privacy very seriously. Our Privacy Policy explains how we collect information from you and how we may use and share that information (including personal data within the meaning of GDPR). For information about how we collect, use, share, or otherwise process your personal data and your use of the Services, please see our Privacy Policy. With respect to your data protection obligations please review also section 6 hereunder.

You must be at least eighteen (18) years old to create an Account and use our Services. If you are agreeing to these Terms on behalf of an organization or entity, you represent and warrant that you are authorized to agree to these Terms on that organization or entity’s behalf and bind them to these Terms. In such case, “you” and “your” will refer to that organization.

Company’s customer service team can address the majority of any concerns or disputes you may have about your use of the Services. Please contact us by email, phone or in writing at the following:

If customer service is unable to resolve any concern or dispute (collectively, “Claim”), you agree to first try to resolve the Claim informally and in good faith by providing a written Notice of Claim to the address below:

The Notice of Claim must provide Company with reasonable notice of your identity, a description of the nature and basis of your Claim, and the relief you are seeking, including the specific amount of any monetary relief you are seeking on an individual basis.

If your Claim is not resolved within 60 days of receipt, any resulting legal actions must be resolved through binding arbitration, including any dispute about whether arbitration is required for the dispute, subject to the exceptions set forth below. Neither party shall initiate legal action until 60 days after the Notice of Claim is received.

This section governs any dispute between you and us, and how that dispute will be legally resolved if necessary. Remember, these dispute resolution provisions only apply to disputes between Company and you.

These Terms shall be exclusively governed by and construed in accordance with the laws of New York, United States of America, without regard to its conflict of law principles, provided that the arbitration provision shall be governed by the United States of America Federal Arbitration Act and federal arbitration law.

Any Claim, including, but not limited to, any dispute, controversy, or claim arising out of or relating to this contract, including the formation, interpretation, breach, or termination thereof, including whether the claims asserted are arbitrable, will be referred to and finally determined by arbitration in accordance with the JAMS International Arbitration Rules. The Tribunal will consist of one arbitrator. If the parties cannot agree on the sole arbitrator within 14 days of the commencement of the arbitration, then JAMS shall designate the sole arbitrator.

The place of arbitration will be New York, US. Judgment upon the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof.

Please note that, depending on your country of residence, under certain circumstances, you may be able to bring a dispute before the appropriate authorities or courts in the country in which you reside.

For US Residents, any disputes under these Terms will be resolved on an individual basis through binding arbitration, with no class relief.

The following time limits are to apply to any arbitration arising out of or related to these Terms:

The arbitrator must agree to the foregoing deadlines before accepting appointment. Failure to meet any of the foregoing deadlines will not render the award invalid, unenforceable, or subject to being vacated. The arbitrator, however, may impose appropriate sanctions and draw appropriate adverse inferences against the party primarily responsible for the failure to meet any such deadlines.

By agreeing to arbitration, each party waives its right to sue in court or to have a jury trial.

The language of the arbitration shall be in English.

The United States of America Federal Arbitration Act governs the interpretation and enforcement of these Terms to arbitrate.

The parties shall maintain the confidential nature of the arbitration proceeding and the award, including the Hearing, except as may be necessary to prepare for or conduct the arbitration hearing on the merits, or except as may be necessary in connection with a court application for a preliminary remedy, a judicial challenge to an award or its enforcement, or unless otherwise required by law or judicial decision.

You and Company agree to resolve disputes with us on an individual basis in arbitration. You agree that any arbitration or other legal action shall be limited to the two of us as parties, and any joinder of other parties is not allowed. This means that you cannot participate in any sort of representative proceeding against Company, including, but not limited to, as a plaintiff or class member in any purported class action.

If any portion of this class action waiver is deemed unenforceable or invalid as to a particular remedy, then that remedy (and only that remedy) must be severed from the arbitration and may be sought in court.

Even though we are agreeing to arbitration, you and Company are both allowed to seek relief from a Court of Competent Jurisdiction in aid of arbitration.

For example, a court proceeding would be allowed to stay a court action, compel arbitration, confirm an arbitration award, or seek injunctive relief whether temporary or permanent.

Subject to your compliance with these Terms and applicable laws, Company grants you a non-exclusive, non-sublicensable, revocable, non-transferable limited license to access and use the Services. This license allows you to use the Services, but it does not allow you to reproduce, duplicate, copy, modify, sell, or otherwise exploit any portion of the Services without the prior express written consent of Company. All rights not expressly granted in these Terms are reserved by Company.

To access certain parts of the Services, you will need to register and create an account (your “Account”). You represent and warrant that all information you provide in connection with your Account and your use of the Services is current, complete, and accurate, and that you will update that information as necessary. You further represent and warrant that you are not impersonating any person or entity through your Account or misleading others as to your affiliation with any person or entity. You are responsible for maintaining the confidentiality of your Account credentials, including your username and password. You agree to notify Company immediately of any unauthorized use of your Account. If we suspect, in our sole discretion, that there has been a breach of your Account security, we reserve the right to refuse access to the Services, terminate your Account, delete information from the Account (including Content, as defined hereunder), suspend or terminate your right to use the Services or take such other action as we deem necessary. Further, we may close your Account and/or delete the data on it if there is no activity on it for a period of more than 33 days, if you do not have a subscription with us or if you have used only (part of) our free services.

● Content Ownership: As between you and Company, you retain intellectual property rights or other proprietary rights associated with your test reports; however, we require the following license from you in order to be able to display some of your reports on the Services as expressly permitted by you — for example, to make your review visible to others.

● Sharing Your Content: By posting your test reports to any part of the Site or making test reports accessible to the Site by linking your Account from the Site to any of your social networking accounts, you automatically grant, and you represent and warrant that you have the right to grant, to us an unrestricted, unlimited, irrevocable, perpetual, non-exclusive, transferable, royalty-free, fully-paid, worldwide right, and license to host, use, copy, reproduce, disclose, sell, resell, publish, broadcast, retitle, archive, store, cache, publicly perform, publicly display, reformat, translate, transmit, excerpt (in whole or in part), and distribute such test reports for any purpose, commercial, advertising, or otherwise, and to prepare derivative works of, or incorporate into other works, such test reports, and grant and authorize sub-licenses of the foregoing. The use and distribution may occur in any media format and through any media channels. This license will apply to any form, media, or technology now known or hereafter developed, and includes our use of your name, company name, and franchise name, as applicable, and any of the trademarks, service marks, trade names, logos, and personal and commercial images you provide. You waive all moral rights in your test reports, and you warrant that moral rights have not otherwise been asserted in your test reports.

● Limitation of Liability and Indemnification for Claims related to Content: We are not liable for any statements or representations of yours provided by you in any area on the Site. You are solely responsible for your content to the Site and as such, you agree to defend, indemnify, and hold harmless Company from and against any and all claims, actions, demands, causes of action, and other proceedings including but not limited to legal costs and attorneys’ fees, arising out of or relating to your content.

● Removal: We have the right, in our sole and absolute discretion, (1) to edit, redact, or otherwise change any content; (2) to re-categorize any content to place them in more appropriate locations on the Site; and (3) to pre-screen or delete any content at any time and for any reason, without notice. We have no obligation to monitor your content but we reserve the right to do so if we need to ensure that your use of the Services is in compliance with these Terms.

● Reviews and Comments: With respect to any reviews or comments provided by you to Company as part of your content, you represent and warrant that such reviews or comments are true and accurately represent your experience as a bona fide customer.

We impose certain restrictions on your use of the Services, and you agree to not:

i. Provide any false, misleading, or inaccurate information, create more than one Account, transfer your Account, or create an Account without authorization

ii. Upload, post, transmit, display, perform, or distribute any content, information, or materials that are libelous, defamatory, abusive, threatening, violent, harassing, or obscene

iii. Use the Services to post or distribute any sensitive personal information, such as (but not limited to) national ID cards, driver’s license, passport, date of birth, biometrics, medical information, or credit card or other payment information.

iv. Impersonate or misrepresent affiliation, connection, or association with any party

v. Modify or change the placement or location of any advertisement posted through the Site

vi. Disclose, harvest, or otherwise collect information about users, for example, email addresses and phone numbers

vii. Use or attempt to use any engine, software, tool, agent, or other device or mechanism (including without limitation browsers, spiders, robots, avatars, or intelligent agents) to harvest or otherwise collect information from the Services for any use, including without limitation use on Third Party Websites (defined below)

viii. Access content or data not intended for you, or log into a server or account that you are not authorized to access

ix. Use the Services for any commercial or non-personal purposes without express consent

x. Attempt to probe, scan, or test the vulnerability of the Site, or any associated system or network, or breach security or authentication measures without proper authorization

xi. Interfere or attempt to interfere with the use of the Services by any user, host, or network, including (without limitation) by submitting malware or exploiting software vulnerabilities

xii. Forge, modify, or falsify any network packet or protocol header or metadata in connection with, or transmission to, the Services (for example, SMTP email headers, HTTP headers, or Internet Protocol packet headers)

xiii. Attempt to modify, reverse-engineer, decompile, disassemble, or otherwise reduce or attempt to reduce to a human-perceivable form any of the source code used in providing the Site and Services, including without limitation any fraudulent effort to modify software.

xiv. Use the Services in any manner implying any partnership with, sponsorship by, or endorsement of your Services and their content by us.

xv. We reserve the right to terminate your Account and use of the Services for violating any of the above prohibited uses or any of these Terms or for violating any applicable law.

You may be required to purchase or pay a fee to access our Services. You agree to pay Company all fees (“Fees”) associated with your use of the Services, as indicated to you at the time you agree to such Fees (such as through the Subscription, as defined hereunder, and during the checkout process). You agree to provide current, complete, and accurate purchase and account information for all purchases made. You further agree to promptly update Account and payment information, including email address, payment method, and payment card expiration date, so that we can complete your transactions and contact you as needed. We bill you through an online billing account for purchases made via personality.co. Plans and prices may be charged in US dollars or local currencies, so exact charges may vary based on location.

You agree to pay all charges or fees at the prices then in effect for your purchases, and you authorize us to charge your chosen payment provider for any such amounts upon making your purchase. If your purchase is subject to recurring charges, then you consent to our charging your payment method on a recurring basis without requiring your prior approval for each recurring charge, until you notify us of your cancellation.

We reserve the right to correct any errors or mistakes in pricing, even if we have already requested or received payment. We also reserve the right to refuse any order placed through the Services.

Company offers certain Services on a subscription basis. If you enroll in one of our subscription plans (your “Subscription”), you will be billed according to the terms of the Subscription (the “Subscription Terms”) as displayed to you at the time you enroll. You can learn more about our subscription services here.

At the time you enroll in your Subscription, you will be required to provide payment information to pay for the Fees associated with your Subscription. If you choose to enroll in a Subscription, you understand and agree that your payment method on file will be charged Fees for additional Subscription periods (e.g., monthly), as disclosed to you when you enroll, without obtaining further permission or confirmation from you. In other words, your Subscription renews automatically unless canceled in advance of the next payment period by you. Please pay attention to the Fees and Subscription Terms disclosed to you during the order process for your Subscription. We may find it necessary to change the Fees in effect for a Subscription and reserve the right to do so at our sole discretion. We will not increase Fees for your Subscription without prior notice to you that is sufficient to afford you an opportunity to cancel your Subscription before incurring the increased fees.

Company may offer new users a one-time trial plan (“Trial Plan”) for a certain fee to unlock their personality report after completing the chosen test. Your Trial Plan must be used within the specified time (e.g., 14 days after receipt of test reports). You must cancel your Trial Plan before the end of the promotional period to avoid being charged regular Fees for the next billing period.

To change or cancel your Trial Plan or Subscription, you can log into your Account, go to the Billing tab and click Cancel Subscription. You may also provide us with the email address you used for registration here and we will cancel your Subscription. Alternatively, you can contact our customer support team at [email protected] and someone will assist you with canceling your Subscription. You may also cancel your subscription by visiting personality.co/cancel-subscription and inputting the email you used when creating your Account. Changes and cancellations to your Trial Plan or Subscription must be made at least 1 day before the next billing period to avoid being charged for any additional subscription cycles.

We offer a 30-day money-back satisfaction guarantee. If, for any reason, you are not satisfied with the Services, you may request a full refund within the first 30 days after the date of your last purchase.

We do not offer refunds for transactions older than 30 days or more before the date you contacted us with a refund request.

Refunds may be issued under exceptional circumstances and in Company’s sole discretion 30 days after any last purchase. Refunds are not available for Accounts that have violated these Terms.

To initiate the refund process, you may email us at [email protected] or call us at +1-315-325-8670.

You expressly acknowledge and agree that it is your responsibility to comply with any and all privacy and data protection laws that may come into effect from time to time, regulations and terms applicable to any personal data provided by you for the purposes of the Service regardless of the country/state in which you are based. This includes but is not limited to, complying with any applicable privacy policies and cookie policies.

We may collect and process personal data regarding you in connection with the Services. Such processing is described in our Privacy Policy.

(Data processing - For EU users) In the event that we process personal data as a processor on your behalf and applicable law requires parties to put in place a data processing agreement (DPA) to govern such data processing our DPA shall apply and will be deemed an integral part of these Terms (please see Attachment 1 hereunder).

(Data transfer - For EU users) With respect to the transfer of data to countries outside of EU (including the US) we comply with the data importer’s obligations set out in the EU Standard Contractual Clauses which are incorporated in the DPA.

We may find it necessary to revise these Terms and our Privacy Policy from time to time to better reflect changes to the law, new regulatory requirements, or improvements or enhancements made to our Services.

If we decide to modify these Terms, we will post the modification on our Site and update the date of last update at the bottom of these Terms and provide you with notice of the modification on our Site. Any change to these Terms will be effective as of the date of last update. By continuing to access or use the Services after such date, you agree to be bound by the modified Terms. If the modified Terms are not acceptable to you then you have to cease using the Services.

If you don’t agree to the updates we make, please cancel your Account and stop using the Services before the updated Terms become effective. By continuing to use or access the Services after the updates come into effect, you agree to be bound by the revised Terms.

personality.co and/or the Services may link to and reference the websites and content of third parties (“Third Party Websites”), some of whom may have established relationships with Company and some of whom may not. Company does not have control over the content or performance of Third-Party Websites. Company has not reviewed and cannot control all Third-Party Websites. Accordingly, Company does not represent, warrant, or endorse any Third-Party Websites, or the accuracy, currency, content, fitness, lawfulness, or quality of the information, material, goods, or services available through the Third-Party Websites. Company disclaims, and you agree to assume all responsibility and liability for any damages or other harm, whether to you or to third parties, resulting from your use of Third-Party Websites.

Personality, the personality logo, the personality.co website and domain, any other Company owned website domain(s), and all content and other materials available through the Services (collectively, the “Company IP”), exclusive of user content, are the trademarks, copyrights, and intellectual property of and owned by Company or its licensors and suppliers. Except as expressly provided in these Terms, neither your use of the Services nor these Terms grant you any right, title, or interest in, or any license to reproduce or otherwise use, the Company IP. You agree that any goodwill in the Company IP generated as a result of your use of the Services will inure to the benefit of Company, and you assign all such goodwill to Company. You shall not at any time challenge Company’s right, title, or interest in, or the validity of, the Company IP.

Company has a customer support team to assist with any issues regarding the personality.co or the Services. We encourage you to seek resolution of any issues by first contacting customer support at [email protected]. Before beginning any arbitration, users should first contact Company to try to reach a resolution. Complaints received regarding the Services will be handled within a reasonable time of receipt of the notice.

These Terms shall commence on the date you have started to use our Services and remain in effect until terminated in accordance with this section. Provided, however, that if you purchased a paid account, these Terms will continue for the duration of the term selected by you, based on your Subscription Terms, unless otherwise terminated as permitted herein. If your paid account is set to automatically renew, your account will thereafter automatically renew for additional terms of the same length as initially set by you, or to the extent a shorter or a longer renewal term is required by law.

Either party may terminate these Terms at any time. Company may also unilaterally and immediately terminate these Terms, your Account, and your use of the Services at any time without notice, including for suspected violation of these Terms or any applicable law, or discontinuation of the Services. If a user deletes his/hers account, this also counts as termination of the Terms with us. Upon termination of these Terms, all applicable rights and access granted to you herein will automatically terminate and you will cease any further use of the Services. However, all payment obligations outstanding at the time of termination as well as all sections of these Terms which by its nature would survive its termination (e.g., Sections 3, 4 (Indemnification), 5-7, 9, and 12-15) shall survive the termination of these Terms. Users will not receive a (partial) refund or reimbursement of any fees already paid for Subscription/s.

In addition to the indemnity terms contained in section 4 (D)(4th bullet point), the following indemnification terms apply. To the maximum extent permitted by law, you agree to indemnify, defend (with counsel reasonably acceptable to us), and hold harmless Company and its owners, officers, directors, employees agents, affiliates, consultants, representatives, sub-licensees, successors, and assigns from any and all claims, actions, damages, obligations, losses, liabilities, costs or debt, and expenses (including attorney’s fees), resulting from or arising out of a) your use of or access to the Services, including your Account, or b) your violation of these Terms or any applicable law.

You knowingly and freely assume all risk when using the Services. You, on behalf of yourself, your personal representatives, and your heirs, voluntarily agree to release, waive, discharge, hold harmless, defend, and indemnify Company and its parents, subsidiaries, affiliated companies, employees, agents, officers, owners, directors, successors, and assigns (who shall be third-party beneficiaries of this provision) from any and all claims, actions, or losses for bodily injury, property damage, wrongful death, emotional distress, loss of privacy, or other damages or harm, whether to you or to third parties, that may result from your access to or use of the Services.

The Services does not offer professional or definitively accurate advice or opinions regarding products or services. The information and opinions provided are for entertainment and educational purposes only and should not replace professional advice. Therefore, before making any decisions based on your scores, we recommend consulting with appropriate professionals. We do not provide any professional or definitively accurate advice on products or services. ANY USE OR RELIANCE ON INFORMATION FOUND ON THE SITE IS AT YOUR OWN RISK.

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL COMPANY, ITS MANAGERS, EMPLOYEES, PARTNERS, AGENTS, SUPPLIERS, LICENSORS, OR AFFILIATES BE LIABLE TO YOU FOR ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, LOST PROFITS, LOST DATA OR CONFIDENTIAL OR OTHER INFORMATION, LOSS OF PRIVACY, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, FAILURE TO MEET ANY DUTY INCLUDING WITHOUT LIMITATION OF GOOD FAITH OR OF REASONABLE CARE, NEGLIGENCE, OR OTHERWISE, REGARDLESS OF THE FORESEEABILITY OF THOSE DAMAGES. COMPANY ASSUMES NO LIABILITY OR RESPONSIBILITY FOR (I) ANY ERRORS, MISTAKES, OR INACCURACIES OF CONTENT PROVIDED BY YOU; (II) ANY PERSONAL INJURY OR PROPERTY DAMAGE, OF ANY NATURE WHATSOEVER, RESULTING FROM YOUR USE OF OUR SERVICES; (III) ANY UNAUTHORIZED ACCESS TO OR USE OF OUR SERVERS OR YOUR ACCOUNT OR ANY PERSONAL INFORMATION STORED THEREIN; (IV) ANY INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE personality.co WEBSITE; (V) ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE THAT MAY BE TRANSMITTED TO OR THROUGH OUR SERVICES BY ANY THIRD PARTY; OR (VI) ANY ERRORS OR OMISSIONS IN ANY CONTENT OR FOR ANY LOSS OR DAMAGE INCURRED AS A RESULT OF THE USE OF ANY CONTENT POSTED, EMAILED, TRANSMITTED, OR OTHERWISE MADE AVAILABLE THROUGH THE SERVICES. IN NO EVENT SHALL COMPANY, ITS MANAGERS, EMPLOYEES, PARTNERS, AGENTS, SUPPLIERS, LICENSORS, OR AFFILIATES BE LIABLE TO YOU FOR ANY CLAIMS, PROCEEDINGS, LIABILITIES, OBLIGATIONS, DAMAGES, LOSSES, OR COSTS IN AN AMOUNT EXCEEDING $100.00 OR THE AMOUNT YOU PAID TO US IN THE LAST THIRTY DAYS. THIS SECTION APPLIES WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER BASIS. YOU AGREE THAT THIS LIMITATION OF LIABILITY REPRESENTS A REASONABLE ALLOCATION OF RISK AND IS A FUNDAMENTAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN COMPANY AND YOU. THE SERVICES WOULD NOT BE PROVIDED WITHOUT SUCH LIMITATIONS.

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, COMPANY, ON BEHALF OF ITSELF, ITS MANAGERS, EMPLOYEES, PARTNERS, AGENTS, SUPPLIERS, LICENSORS, AND AFFILIATES, EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE WEBSITE AND SERVICES, ARISING BY OPERATION OF LAW OR OTHERWISE, INCLUDING WITHOUT LIMITATION ANY AND ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT IN ADDITION TO ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. COMPANY DOES NOT WARRANT THAT (A) THE WEBSITE OR SERVICES WILL FUNCTION OR BE UNINTERRUPTED, SECURE, OR AVAILABLE AT ANY PARTICULAR TIME OR LOCATION; (B) ANY ERRORS OR DEFECTS WILL BE CORRECTED, (C) THE WEBSITE OR SERVICES ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS; OR (D) THAT THE SERVICES WILL MEET YOUR REQUIREMENTS OR EXPECTATIONS. COMPANY DISCLAIMS ALL IMPLIED LIABILITY FOR DAMAGES ARISING OUT OF THE WEBSITE AND SERVICES.

Some jurisdictions may not allow the exclusion of certain implied warranties or the limitation of certain damages, so some of the above disclaimers, waivers, and limitations of liability may not apply to you. Company’s licensors and suppliers are intended third-party beneficiaries of these disclaimers, waivers, and limitations. No advice or information, whether oral or written, obtained by you through the Service or otherwise shall alter any of the disclaimers or limitations stated in this section.

We follow the notice and takedown procedures in the Digital Millennium Copyright Act (“DMCA”). If you believe that any content on the Services violates your copyright, please immediately notify Company by emailing a DMCA takedown notice (“Infringement Notice”) to [email protected]. Your Infringement Notice should include all information described below:

A description of the content you believe infringes your copyright (the “Infringing Content”). Your description should include enough information about the nature and location of the Infringing Content to allow us to locate it on the Services.

Your name, address, telephone number, and email address.

The name, address, telephone number, email address, or other information (for example, username) of the user who posted the Infringing Content.

You believe in good faith that the use of the material that you claim to infringe your copyright is not authorized by the copyright owner or by law; and

You declare, under penalty of perjury, that all the information contained in your Infringement Notice is accurate, and that you are either the copyright owner or a person authorized to act on their behalf.

Your signature, whether electronic or physical, as the copyright owner or a person authorized to act on behalf of the copyright owner.

You should email your Infringement Notice with the subject line “DMCA Infringement Notice.” We will respond to all compliant Infringement Notices by taking any action required under the DMCA.

Please note that the DMCA requires that your Infringement Notice be submitted in good faith. This means you are required to evaluate whether the use of your content on the Services is a “fair use,” as fair uses are allowed under the law. If you are not sure if the Infringing Content infringes your copyright, you should consult with an attorney. If you submit an Infringement Notice in bad faith, the user who posted the Infringing Content could have legal claims against you.

Infringement Notices are not anonymous. If we act in response to your Infringement Notice—such as by removing the Infringing Content—we will pass on your Infringement Notice to the user to provide an opportunity to respond. Counter notices should be emailed and comply with the DMCA.

The following terms apply when you use a mobile application obtained from either the Apple Store or Google Play (each an “App Distributor”) to access the Services: (1) the license granted to you for our mobile application is limited to a non-transferable license to use the application on a device that utilizes the Apple iOS or Android operating systems, as applicable, and in accordance with the usage rules set forth in the applicable App Distributor’s terms of service; (2) we are responsible for providing any maintenance and support services with respect to the mobile application as specified in the terms and conditions of this mobile application license contained in these Terms or as otherwise required under applicable law, and you acknowledge that each App Distributor has no obligation whatsoever to furnish any maintenance and support services with respect to the mobile application; (3) in the event of any failure of the mobile application to conform to any applicable warranty, you may notify the applicable App Distributor, and the App Distributor, in accordance with its terms and policies, may refund the purchase price, if any, paid for the mobile application, and to the maximum extent permitted by applicable law, the App Distributor will have no other warranty obligation whatsoever with respect to the mobile application; (4) you represent and warrant that (i) you are not located in a country that is subject to a U.S. government embargo, or that has been designated by the U.S. government as a “terrorist supporting” country and (ii) you are not listed on any U.S. government list of prohibited or restricted parties; (5) you must comply with applicable third-party terms of agreement when using the mobile application, e.g., if you have a VoIP application, then you must not be in violation of their wireless data service agreement when using the mobile application; and (6) you acknowledge and agree that the App Distributors are third-party beneficiaries of the terms and conditions in this mobile application license contained in these Terms, and that each App Distributor will have the right (and will be deemed to have accepted the right) to enforce the terms and conditions in this mobile application license contained in these Terms against you as a third-party beneficiary thereof.

As part of the functionality of the Services, you may link your Account with online accounts you have with third-party service providers (each such account, a “Third-Party Account”) by either: (1) providing your Third-Party Account login information through the Services; or You represent and warrant that you are entitled to disclose your Third-Party Account login information to us and/or grant us access to your Third-Party Account, without breach by you of any of the terms and conditions that govern your use of the applicable Third-Party Account, and without obligating us to pay any fees or making us subject to any usage limitations imposed by the third-party service provider of the Third-Party Account. By granting us access to any Third-Party Accounts, you understand that: (1) we may access, make available, and store (if applicable) any content that you have provided to and stored in your Third-Party Account (the “Social Network Content”) so that it is available on and through the Services via your Account, including without limitation any friend lists and (2) we may submit to and receive from your Third-Party Account additional information to the extent you are notified when you link your Account with the Third-Party Account. Depending on the Third-Party Accounts you choose and subject to the privacy settings that you have set in such Third-Party Accounts, personally identifiable information that you post to your Third-Party Accounts may be available on and through your Account on the Services. Please note that if a Third-Party Account or associated service becomes unavailable or our access to such Third-Party Account is terminated by the third-party service provider, then Social Network Content may no longer be available on and through the Services. You will have the ability to disable the connection between your Account on the Services and your Third-Party Accounts at any time. PLEASE NOTE THAT YOUR RELATIONSHIP WITH THE THIRD-PARTY SERVICE PROVIDERS ASSOCIATED WITH YOUR THIRD-PARTY ACCOUNTS IS GOVERNED SOLELY BY YOUR AGREEMENT(S) WITH SUCH THIRD-PARTY SERVICE PROVIDERS. We make no effort to review any Social Network Content for any purpose, including but not limited to, for accuracy, legality, or non-infringement, and we are not responsible for any Social Network Content. You acknowledge and agree that we may access your email address book associated with a Third-Party Account and your contacts list stored on your mobile device or tablet computer solely for purposes of identifying and informing you of those contacts who have also registered to use the Services. You can deactivate the connection between the Services and your Third-Party Account by contacting us using the contact information below or through your account settings (if applicable). We will delete any information stored on our servers that was obtained through such Third-Party Account, except the username and profile picture that become associated with your Account.

These Terms constitute the entire agreement between the parties as to the matters in these Terms and supersede any prior agreements. These Terms do not create any agency, partnership, employer, or joint venture relationship. Use of the Services, including creation and use of an Account, constitutes your consent to receiving communications from us, including emails with marketing offers and information about your Account. The parties shall not be liable for any event beyond that party’s reasonable control, such as a war, epidemic, pandemic, natural disaster, government order or regulation, explosion, fire, strike, act of God, or other force majeure event. If any provision of these Terms is ruled to be invalid or unenforceable, the remainder of the Terms shall continue to be valid and enforceable, and to this end these Terms are severable.

In order to resolve a complaint regarding the Services or to receive further information regarding the use of the Services, please contact us at:

Novomedia EOOD,

60 Major Thompson blvd., bl. 12, entrance A

1407 Sofia, Bulgaria

Phone: +1-315-325-8670

Last updated: August 2024

This Data Processing Agreement (“DPA”) forms part of the Terms of Use (“Terms”) between you (“you,” “your,” or “user”) and Novomedia EOOD, a Bulgarian company with registration number 205083653, headquartered at 60 Major Thompson blvd., bl. 12, entrance A 1407 Sofia, Bulgaria, (“Company,” “we,” “our,” or “us”) This DPA reflects the parties’ agreement with regard to the Processing of Personal Data. All capitalized terms not defined herein will have the meaning set forth in the Terms or under the applicable privacy laws and regulations.

1.1. Scope and Roles. This DPA applies when Personal Data is Processed by us as part of the provision of our Service. In this context, you are the data controller and we are the data processor (under the CCPA, you are the business and we are the service provider).

1.2. Subject Matter, Duration, Nature and Purpose of Processing. We process your Personal Data as part of providing you with the Service, pursuant to the specifications and for the duration under the Terms.

1.3. Type of Personal Data and Categories of Data Subjects. We have no control over the type of Personal Data that you upload on personality.co when using the Service. Accordingly, we have no control over the categories of Data Subjects that your Personal Data relates to.

1.4. Instructions for Processing of Personal Data. We will only process Personal Data on behalf of and in accordance with your instructions. You instruct us to process Personal Data for the following purposes:

1.5. As required under all applicable privacy Laws and regulations, we will inform you immediately, if in our opinion an instruction infringes any provision under the GDPR and will be under no obligation to follow such instruction until the matter is resolved in good faith between the parties.

1.6. We will not sell Personal Data, or retain, use, or disclose Personal Data (i) for any purpose other than for the specific purpose of performing the Service, if applicable, or (ii) outside of the direct business relationship between you and us, except as permitted under the applicable legislation.

1.7 The parties acknowledge and agree that the Personal Data that you disclose to us is provided to us for a business purpose, and you do not sell Personal Data to us in connection with the Terms.

1.8 You undertake to provide all necessary notices to Data Subject and receive all necessary permissions and consents, or otherwise secure the required lawful ground of Processing, as necessary for us to process Personal Data on your behalf under the Terms and this DPA, pursuant to the applicable legislation.

1.9 To the extent required under the applicable legislation, you will appropriately document Data Subjects’ notices and consents, or necessary assessment with other applicable lawful grounds of Processing, if and where necessary.

2.1 To the extent required by law, we will assist you by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of your obligation to respond to requests for exercising the Data Subjects’ rights under the GDPR. We will further assist you in ensuring compliance with your obligations in connection with the security of Processing, notification of a Personal Data Breach to supervisory authorities and affected Data Subjects, your data protection impact assessments, and your prior consultation with supervisory authorities, in relation to our Processing of Personal Data under this DPA.

3.1. Limitation of Access. We will ensure that our access to Personal Data is limited to those personnel who require such access to perform the Terms.

3.2. Confidentiality. We will impose appropriate contractual obligations upon our personnel engaged in the Processing of Personal Data, including relevant obligations regarding confidentiality, data protection, and data security. We will ensure that our personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training in their responsibilities, and have executed written confidentiality agreements. We will ensure that such confidentiality agreements survive the termination of the employment or engagement of our personnel.

4.1 We may engage third-party service providers to process Personal Data on your behalf (“Sub-processors”). You hereby provide us with general authorization to engage Sub-processors if and where needed.

4.2 All Sub-processors have entered into written agreements with us that bind them by substantially the same material obligations under this DPA.

4.3 Where Sub-processor fails to fulfill its data protection obligations in connection with the Processing of Personal Data under this DPA, we will remain fully liable to you for the performance of that Sub-processor’s obligations.

5.1 Transfer of GDPR governed your Personal Data (“EEA Transferred Data”) to a Third Country is made in accordance with the EU Standard Contractual Clauses (“EU SCCs”), pursuant to EU Commission Decision C(2021)3972, in the module specified in Exhibit A which is attached and incorporated by reference to this DPA, or, as required, in accordance with any successor thereof or an alternative lawful data transfer mechanism, and as follows:

5.1.1. In Clause 7, the optional docking clause will apply;

5.1.2. If applicable – in Clause 9, Option 2 will apply;

5.1.3. In Clause 11, the optional language will not apply;

5.1.4. In Clause 17, Option 1 will apply, and the EU SCCs will be governed by Bulgarian law;

5.1.5. In clause 18(b), disputes will be resolved before the courts of Bulgaria.

5.2 In accordance with Article 46 of the GDPR and the EU SCCs, and without prejudice to any provisions of this DPA, we undertake to implement organizational and technical safeguards, in addition to the safeguards mandated by the EU SCCs to ensure the required adequate level of protection to the EEA.

5.2.1. For the purposes of safeguarding EEA Transferred Data when any Third Country’s government or regulatory authority requests access to such data (“Request”), and unless required by a valid court order or if otherwise, we may face criminal charges for failing to comply with orders or demands to disclose or otherwise provide access to EEA Transferred Data, or where the access is requested in the event of an imminent threat to lives, we will:

a. not purposefully create back doors or similar programming that could be used to access EEA Transferred Data;

b. not provide the source code or encryption keys to any government agency for the purpose of accessing EEA Transferred Data; and

c. upon your written request, provide reasonably available information about the requests of access to Personal Data by government agencies we have received in the 6 months preceding your request.

5.2.2. If we receive a request by a government agency to access your Personal Data, we will notify you of such request to enable you to take necessary actions, communicate directly with the relevant authority, and respond to the request. If we are prohibited by law to notify you of such request, we will make reasonable efforts to challenge such prohibition through judicial action or other means at your expense and, to the extent possible, will provide only the minimum amount of information necessary.

5.3 Transfer of UK GDPR-governed Personal Data of yours (“UK Transferred Data”) to a Third Country, is either:

a. made in accordance with the EU Standard Contractual Clauses (“Previous SCCs”), pursuant to EU Commission Decision 2010/87/EU of 5 February 2010, as officially published at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=EN, or other official publications of the European Union, mutatis mutandis, for as long as it is lawfully permitted to rely on in accordance with the UK GDPR, and on the following basis:

● Appendix 1 to the Previous EU SCCs will be completed with the relevant information set out in Annex I to this DPA;

● Appendix 2 will be completed with the relevant information set out in Annex II to this DPA;

● The optional illustrative indemnification Clause under Appendix 2 of the Previous EU SCCs will not apply; or –

b. where Section a) above does not apply, however the parties are lawfully permitted to rely on the EU SCCs in relation to the UK Transferred Data Subject to completion of an International Data Transfer Addendum (“UK Addendum”) issued by the UK Information Commissioner’s Office. The new EU SCCs are not valid for restricted transfers under UK GDPR on their own but using the Addendum allows you to rely on the new EU SCCs for your transfers under UK GDPR.

● the EU SCCs giving effect to the module specified in Exhibit A which is attached and incorporated by reference to this DPA, will also apply to UK Transferred Data, subject to Sections 5.1 and 5.2 above;

● the UK Addendum will be deemed executed between the parties, and the EU SCCs will be deemed amended as specified by the UK Addendum in relation to the UK Transferred Data. or –

c. If neither Section a) and b) apply, then the parties will cooperate in good faith to implement appropriate safeguards for transfers of UK Transferred Data, as required or permitted by the UK GDPR without undue delay.

6.1 We will maintain technical and organizational safeguards for the protection of the security, confidentiality and integrity of your Personal Data (please check Exhibit B hereunder). We regularly monitor compliance with these safeguards. We will not materially decrease the overall security of the Services during the term of the terms.

7.1 We will maintain security incident management policies and procedures and will notify you without undue delay after becoming aware of a Personal Data Breach related to your Personal Data which we, or any of our Sub-processors Process. Our notice will at least: (a) describe the nature of the Personal Data Breach including where possible, the categories and approximate number of Data Subjects concerned and the categories and approximate number of Personal Data records concerned; (b) communicate the name and contact details of our data protection team, which will be available to provide any additional available information about the Personal Data Breach; (c) describe the likely consequences of the Personal Data Breach; (d) describe the measures taken or proposed to be taken by us to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.

7.2 We will work diligently, pursuant to its incident management policies and procedures to promptly identify and remediate the cause of the Personal Data Breach and will inform you accordingly.

7.3 Your liability for a Personal Data Breach toward you and any third party is subject to the following limitations: (a) the Personal Data Breach is a result of a breach of our information security obligations under this DPA; and (b) the Personal Data Breach is not caused by: (i) your acts or omissions, or any person acting on behalf of or jointly with you (collectively “Your Representatives”); (ii) Your Representatives’ instructions to us; (iii) a willful, deliberate or malicious conduct by a third party; or (iv) acts of God or force major, including, without limitation, acts of war, terror, state-supported attacks, acts of state or governmental action prohibiting or impeding us from performing its information security obligations under the Terms and natural and manmade disasters.

8.2 To the extent required under applicable Privacy Laws and Regulations, we will allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you, in relation to our obligations under this DPA. We may satisfy the audit obligation under this section by providing you with attestations, certifications, and summaries of audit reports conducted by accredited third-party auditors. Audits by you are subject to the following terms: (i) the audit will be pre-scheduled in writing with us, at least 40 business days in advance and will be performed not more than once a year (except for an audit following a Personal Data Breach); (ii) the auditor will execute a non-disclosure and non-competition undertaking towards us; (iii) the auditor will not have access to Personal Data that does not belong to you; (iv) You will make sure that the audit will not interfere with or damage our business activities and information and network systems; (v) You will bear all costs and assume responsibility and liability for the audit; (vi) the auditor will first deliver a draft report to us and will allow us reasonable time and no less than 10 business days, to review and respond to the auditor’s findings, before submitting the report to the you; (vii) You will keep the audit results in strict confidentiality and will use them solely for the specific purposes of the audit under this section; and (viii) as soon as the purpose of the audit is completed, you will permanently dispose of the audit report.

9.1. Data Deletion. Within reasonable time after the end of the provision of the Service, we will return your Personal Data to you or will delete such data, including by de-identifying thereof.

9.2. Data Retention. You acknowledge and agree that we may retain copies of your Personal Data as necessary in connection with our routine backup and archiving procedures and to ensure compliance with our legal obligations and our continuing obligations under applicable law, including to retain data pursuant to legal requirements and to use such data to protect us, our affiliates, agents, and any person on our behalf in court and administrative proceedings.

10.1. We may disclose Personal Data (a) if required by a subpoena or other judicial or administrative order, or if otherwise required by law; or (b) if we deem the disclosure necessary to protect the safety and rights of any person or the general public.

11.1. We may process data based on extracts of Personal Data on aggregated and non-identifiable forms, for our legitimate business purposes, including for testing, development, controls, and operations of the Service, and may share and retain such data at our discretion.

12.1. The parties agree to communicate regularly about any open issues or process problems that require resolution. The parties will attempt in good faith to resolve any dispute related to this DPA as a precondition to commence legal proceedings, first by direct communications between the persons responsible for administering this DPA and next by negotiation between executives with authority to settle the controversy. Either party may give the other party a written notice of any dispute not resolved in the normal course of business. After delivery of the notice, the receiving party will submit to the other party a written response without undue delay. The notice and the response will include a statement of each party’s position and a summary of arguments supporting that position and the name and title of the executive who will represent that party. The executives of both parties might also meet at a mutually acceptable time and place, including by phone, and thereafter as often as they reasonably deem necessary, to resolve the dispute. All reasonable requests for information made by one party to the other will be honored. All negotiations pursuant to this clause are confidential and will be treated as compromise and settlement negotiations for purposes of applicable rules of evidence.

13.1. This DPA will commence on the later of the date of its execution or the effective date of the Terms to which it relates and will continue until the Terms expired or are terminated.

14.1. We are responsible to make sure that all our personnel adheres to this DPA.

14.2. Our privacy team can be reached at: [email protected].

Any alteration or modification of this DPA is not valid unless made in writing and executed by duly authorized personnel of both parties. Invalidation of one or more of the provisions under this DPA will not affect the remaining provisions. Invalid provisions will be replaced to the extent possible by those valid provisions which achieve essentially the same objectives.

Standard Contractual Clauses (taking into account the terms and conditions of Article 5 of the DPA)

ANNEX to the COMMISSION IMPLEMENTING DECISION on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, as officially published at: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en#files

MODULE TWO: Transfer controller to processor or MODULE THREE: Transfer processor to processor.

In certain cases and where applicable with respect to the Services under the Terms MODULE ONE might apply.

The described TOMs are constantly updated and new ones are added, so the below list is not exhaustive, but gives an idea of the level of protection we impose.

1. Access Control: We have a comprehensive system in place that controls access to sensitive information. This system ensures that only authorized personnel can access specific resources, minimizing potential security breaches.

2. Multi-factor Authentication: We've implemented a multi-factor authentication process to reinforce our system's security. This process requires two or more verification methods, adding an extra layer of security against unauthorized access.

3. Data Encryption: We've enacted robust encryption methods to secure our data, whether in transit across networks or at rest in storage. This ensures the confidentiality of our data against unauthorized access. The encryption used is AES 256.

4. User Access Reviews: As part of our commitment to security, we periodically review and update user access rights. This continuous assessment helps us minimize the risk of unauthorized access.

5. Data Backup and Recovery: We have instituted regular data backups to ensure data availability. Moreover, we have a robust recovery system that can restore data quickly and fully after any data loss incident.

6. Regular Updates and Patch Management: We maintain the security of our systems through regular updates and patches, safeguarding them from known vulnerabilities.

7. Secure Development Practices: We've integrated security measures into the entire development lifecycle of our applications. This practice allows us to identify and mitigate potential security issues at an early stage.

8. Antivirus and Anti-malware Solutions: Our systems are fortified with antivirus and anti-malware solutions that help protect against malicious software, ensuring continuous operations and data security.

9. Log Management and Monitoring: Our proactive log management and monitoring system allows us to collect, store, and analyze log data. This process helps us to identify and promptly respond to security incidents.

10. Secure Configuration: We have ensured all our systems and applications are securely configured by default, further bolstering our defense against potential breaches.

11. Network Segmentation: We've segmented our network systems into isolated sub-networks or zones. Each zone operates separately, providing an extra layer of security and preventing lateral movement of potential threats.

12. Employee Training: We highly value employee education, regularly conducting training sessions on security threats and best practices. This ongoing education empowers our team to become integral to our security measures.

13. Incident Response Planning: We've developed a detailed incident response plan, which is regularly tested to ensure its effectiveness. This plan allows us to respond quickly and efficiently to any security incidents.

14. Vendor Risk Management: We continuously evaluate and monitor the security postures of our third-party vendors, mitigating any associated risks that could potentially impact our operations.

15. Secure Data Sharing: Our data sharing practices are secure, providing a protected method for sharing sensitive data both within and outside our organization.

16. Privacy by Design and Default: We've committed to maintaining user privacy by integrating data privacy considerations into the design and operation of all our systems, products, and services.

17. API Security: When it comes to our web applications that use APIs, we've ensured that they are secure and access to them is appropriately managed.

18. Data Minimization: We're committed to collecting, processing, and storing only the minimum amount of personal data necessary for our operations, thereby reducing potential security risks.

19. Incident Management: We've established a robust incident management process that ensures swift and effective handling of any security incidents.

20. Secure Disposal of Equipment: Our processes include secure disposal of equipment that may contain personal data, thereby protecting against potential data leaks.

1. DDoS Mitigation: We've implemented strategies and technologies to resist Distributed Denial-of-Service (DDoS) attacks, safeguarding our services' availability.

2. Identity and Access Management (IAM): We've implemented AWS IAM to regulate access to our AWS services and resources. Following the principle of least privilege, we ensure that users only gain access to the tools and data they require, minimizing unnecessary exposure.

3. AWS Security Groups and Network Access Control Lists (NACLs): We utilize AWS security groups and NACLs to manage both inbound and outbound network traffic on an instance and subnet level. This enables precise control over traffic, increasing our network's overall security.

4. AWS Key Management Service (KMS): In our efforts to maintain secure cryptographic practices, we employ AWS KMS to create and manage cryptographic keys, controlling their usage across various AWS services and within our applications.

5. Amazon Inspector: We make use of Amazon Inspector to automatically evaluate our applications for any vulnerabilities or deviations from established best practices. This tool helps ensure our networks, systems, and data remain secure and up to standard.

6. AWS CloudTrail: We've enabled AWS CloudTrail in our environment to maintain a detailed event history of our AWS account activity. This includes actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.

7. Amazon GuardDuty: We've activated Amazon GuardDuty, a threat detection service that persistently monitors for malicious activity and unauthorized behavior. This keeps our AWS accounts and workloads under continuous surveillance and protection.

8. AWS Secrets Manager: We've adopted AWS Secrets Manager to safeguard access to our applications, services, and IT resources. By doing so, we've eliminated the need for upfront and ongoing expenses to maintain our secrets management infrastructure.

9. VPC Flow Logs: We've enabled VPC Flow Logs to capture data about IP traffic to and from network interfaces in our VPC. This information aids us in troubleshooting security and connectivity issues and ensures that our network access rules function as intended.

10. AWS Shield: We employ AWS Shield for our DDoS protection needs. This managed service provides always-on detection and automatic inline mitigations, minimizing application downtime and latency during potential DDoS events.

11. Amazon RDS Security Groups: We use Amazon RDS security groups to control who can connect to our RDS databases. These security groups act as virtual firewalls for our database instances and associated applications.

12. Database Encryption: We've implemented encryption at rest and in transit for our databases. We use AWS Key Management Service (KMS) for handling encryption keys to secure our data.

13. Database Access Management: We manage database access using Identity and Access Management (IAM) roles and policies, ensuring only authorized entities can access our databases.

14. AWS Backup: We use AWS Backup to automate database backup processes, ensuring that we can recover quickly in case of any data loss.

15. Database Monitoring: We use AWS CloudWatch along with database logs to monitor database performance and operation, ensuring any anomalies are detected and addressed promptly.

16. Cloud-Native Firewalls: We employ firewalls designed specifically for the cloud environment, providing robust security controls that scale with our cloud usage.

17. Configuration Management Tools: We use tools that manage code deployments and infrastructure changes automatically, helping to ensure consistent configurations and prevent configuration drift in our cloud environment.

18. Real-Time Security Monitoring and Alerting: We have put in place real-time monitoring and alerting to track security incidents and alert us immediately, allowing for quick response and mitigation.

19. Cloud Security Orchestration, Automation, and Response (SOAR): We use SOAR solutions to collect data about security threats and respond to low-level security events without human assistance.