Pookie Privacy Policy

Last Update: December 3 ,2025

Thank you for using Pookie!

JINGSHENG HENGXING TECHNOLOGY PTE.LTD., along with its affiliates (collectively referred to as “The Company”, “we”, “our”, or “us”) operates the mobile and web versions of Pookie (“Pookie”), and related services (collectively, the “Services”). We are committed to respecting your privacy and diligently protecting any information we gather from or about you. This Privacy Policy (“Privacy Policy”) outlines how we process Personal Data through your use of Pookie and/or Services (as defined in the Terms of Use accessible at [support@pookiepod.com] (“Terms”).

Please read this Privacy Policy carefully. This Privacy Policy forms part of the Agreement between you and us. By clicking or checking “I agree”, “Accept” or similar statements on Pookie, or by accessing or using any part of Pookie and/or Services, you acknowledge that you have read and understood this Privacy Policy, and have agreed and consented to the collection, use, disclosure and/or Processing of your Personal Data by Aftershock as described in this Privacy Policy. If you do not agree with any terms of this Privacy Policy, please do not access or use Pookie and/or Services.

Revision

The terms of this Privacy Policy may be revised from time to time by us. We will use commercially reasonable methods to notify you of such revisions, such as by emailing you or by posting a revised version of this Privacy Policy on Pookie . Your continued access to or use of Pookie and/or Services after such notice had been given and such revised Privacy Policy had come into effect shall constitute your acceptance of the revised Privacy Policy.

Contacting Us

If you want to contact us with specific queries or concerns in relation to this Privacy Policy, or if you have any questions or complaints as to how your Personal Data is collected, used, disclosed and/or Processed by us, please contact us at [support@pookiepod.com].

1. Definitions

In this Privacy Policy, the following words and expressions shall have the meanings respectively assigned to them hereunder:

• “Data Protection Laws” means all applicable laws and regulations in any jurisdiction which relate to the collection, disclosure, use and/or Processing of Personal Data, including without limitation to the PDPA, including all amendments thereto and subsidiary legislation enacted thereunder, whether now or in the future.

• “PDPA” means the Personal Data Protection Act 2012 of Singapore, including all amendments thereto and subsidiary legislation enacted thereunder, whether now or in the future.

• "Personal Data" means data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which a party has or is likely to have access.

• “Process”, in relation to Personal Data, means the carrying out of any operation or set of operations in relation to the Personal Data, including without limitation to recording, holding, organising, adapting, altering, modifying, retrieving, combining, transmitting, erasing, or destroying, and “Processing” shall be construed accordingly.

Any capitalized term not defined herein shall have the meaning ascribed to them in these Terms.

• What Personal Data We Collect

We may collect the following Personal Data about you when you access or use our App and/or Services, or when you register for an account on our App with us (“Account”):

Personal Data You Provide to Us Directly

We collect Personal Data if you create an Account to use our Services or communicate with us as follows:

• Identity and Profile Information. This is the Personal Data that is provided by you to enable you to create, log into, and access your Account, Pookie and/or Services. We may also use such Personal Data to verify your identity or contact you such as your date of birth, username, email address and/or telephone number, and password.

• Transaction Information. When you make purchases on Pookie, we will collect data and information relating to your purchase (which may be directly from you, or from our partnering third-party payment service providers (e.g., Google Pay or Apple Pay)) for the purposes of verifying your transaction and processing your transaction. This may include your credit card details, bank account details, bank statements, billing address, payments and orders to and from you, and other details of services that you have purchased through Pookie.

• User Content. When you use our Services, we may collect your text input, prompt, uploaded files, videos, chat history, or other content that you provide to our model and Services ("Prompts" or "Inputs"). We generate responses ("Outputs") based on your Inputs. If you include Personal Data or reference external content in your Inputs, we will collect that information, which may be reproduced in your Outputs.

• Face Data and Image Processing. Our app does NOT collect biometric "Face Data" (TrueDepth API/Face ID). We only use the standard camera/photos for two specific features:

  • AI Character Creation (Voluntary): Users can optionally upload a static photo for AI generation. The uploaded photo is used solely for AI secondary creation to generate a stylized character image. We do not use it for facial recognition or authentication purposes. User-uploaded photos are automatically deleted from our servers within 24 hours after the generation is completed. We store this temporary data for AI generation purposes in UCloud OSS (US3 region) to enable the image processing functionality. The 24-hour retention period is necessary to ensure the AI generation process completes successfully and allows for any necessary reprocessing or error recovery. After this period, all uploaded photos are permanently deleted and cannot be recovered.

  • Video Calls: Users can use the standard camera for real-time video calls. The video stream is transmitted in real-time for communication purposes only and is not analyzed for facial data. Video streams are processed by Agora.io for real-time transmission and are not stored (0 retention). Video call data is not retained on our servers or by Agora.io after the call ends.

• Communication Information. When you contact us, we collect the information you send us, such as proof of identity or age, contact details, feedback or inquiries and the contents of any messages you send.

Personal Data We Receive from Your Use of the Services:

We automatically collect certain information from you when you use the Services, including internet or other network activity information such as your IP address, unique device identifiers, and cookies.

• Device and Network Information. In accordance with the permissions set on your device or browser, your device or browser automatically provides us with information regarding the timing and manner in which you install, access, or use our Services. This information may include details such as your device type, operating system, browser data and referring web pages, mobile network and connection details, mobile carrier or internet service provider (ISP), time zone configuration, IP address (including location information inferred from your IP address), and various identifiers (such as device or advertising identifiers, probabilistic identifiers, and other unique personal or online identifiers).

• Usage Information. We collect information about your use of the Services, such as the dates and times of access, browsing history, search, information about the links you click, pages you view, and other information about how you use the Services, and technology on the devices you use to access the Services.

• Log Information. We collect information about how our Services are performing when you use them. This information includes log files. In the event that you or your device encounters an error, we may collect details about the error, the time it occurred, the feature in use at that moment, the application's state when the error happened, and any communications or content present at the time of the error.

• Interests and Preferences. We also learn about your interests and your preferences over time through your use of the App and/or Services to personalize your conversations and the features of Pookie and/or Services.

Personal Data We Receive from Other Sources

We may receive the information described in this Privacy Policy from other sources, such as:

• Third-Party Log-in and Sign-up. We may obtain Personal Data about you, such as your name and email address, as permitted by your profile settings under such third-party platform. When you register for an Account on Pookie using a third-party platform, we will use such Personal Data to authenticate your identity and allow you to access Pookie and Services

• Security Information. We receive information from our trusted partners, such as security partners, to protect against fraud, abuse, and other security threats to our Services.

• How We Use Your Personal Data

We may collect, use, disclose, and /or Process your Personal Data for any or all of the following purposes:

• To provide you with access to Pookie and the Services;

• To process, administer, or manage your Account, including: a) to verify your age and identity; and b) to assess your suitability and/or eligibility for certain function, features or services;

• To operate and administer Pookie and the Services:

  • To provide the core functionality of Pookie, including providing you a personalized AI companion character and allowing you to personalize your profile, interests, and character, enabling you to have individualized and safe conversations and interactions with your character, allowing your character to learn from your interactions to improve your conversations and syncing your history across the devices you use to access the Pookie and Services.

  • To process images for AI Character Creation: When you voluntarily upload a photo for AI character generation, we process the image solely to create a stylized character image. This processing is necessary to provide the AI character creation feature you have requested. We do not use uploaded images for facial recognition, authentication, or any other purpose beyond generating the stylized character image.

  • To facilitate video calls: When you use the video call feature, we process video streams in real-time solely for communication purposes. The video data is transmitted through our service provider for real-time communication and is not analyzed, stored, or used for any other purpose.

  • To provide and maintain the content and other functionalities of Pookie and Services;

  • To carry out obligations arising from our contract with you;

  • To manage our relationship with you, which includes sending administrative information to you relating to Pookie and Services.

• To improve Pookie and Services, including:

  • To conduct research, analysis, and developing activities (including but not limited to data analytics, surveys and/or profiling) to improve Pookie and/or the Services;

  • To personalise or customise the content and services that we provide to you, including provide you with Services that are more tailored to your preferences;

  • To improve user experiences;

  • To improve user interface of Pookie;

• For legal and operational purposes, including:

  • To store, host and/or back up Personal Data for disaster recovery purposes, whether within or outside Singapore;

  • To respond to, handle, and process queries, requests, applications, complaints, and feedback from you;

  • To carry out fraud detection;

  • To contact you in order to provide you with information or services where required by law or that you request from us;

  • To share Personal Data in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we satisfy the requirements of applicable Data Protection Laws when disclosing your Personal Data;

  • To respond to any legal processes, pursue legal rights and remedies, and manage any complaints or claims;

  • To respond to requests for information from public and governmental/regulatory authorities, statutory boards, related companies and for audit, compliance, investigation and inspection purposes;

  • To comply with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority, whether within or outside Singapore.

• To process your purchases on our Pookie, including:

  • To enable you to browse Pookie and make purchases on Pookie;

  • Verifying and carrying out payment transactions;

  • Updating you on status of your purchases; and

  • Providing you with customer support.

• To market and advertise the App and the Services:

  • Providing information which you may find useful or which you have requested, such as information about Pookie and Services, features, and surveys;

  • Displaying and targeting advertisements about Pookie and Services on the Internet.

• To transmit to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Singapore or abroad, for the aforementioned purposes.

• To achieve any other incidental business purposes related to or in connection with the above.

The purposes listed above may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter.

• How We Share Your Personal Data

We may disclose your Personal Data to the following categories of recipients whether within or outside Singapore, for the purposes set out above or otherwise permitted/ required by law:

• Affiliates: our affiliated companies in the The Company Group and/or their designated service providers, who provide data processing services necessary to provide you with our Services;

• Other users of Pookie: We may share certain Personal Data relating to you to other users where necessary in order to provide certain Services to you.

• Vendors and Service Providers: third party vendors and service providers partners who provide data processing services to us as necessary to provide you with our Services, or assist us in delivering our products, services, websites and platforms as well as improving and optimising the same, or who otherwise process Personal Data for purposes described in this Privacy Policy. For example:

  • We use third party payment services providers such as [Google Pay, Apple Pay or PayPal] to process payments from you.

  • We use cloud service providers to host our data and Pookie;

  • We use data analytics service providers to provide you with customized and tailored services.

  • AI Image Generation Services: For AI Character Creation, we share uploaded photos with third-party AI service providers (Claude, GPT, and Gemini) solely for the purpose of generating stylized character images. These AI service providers process the images only to perform the image generation task you have requested. They do not retain the uploaded photos after the generation is completed. The temporary data for AI generation is stored in UCloud OSS (US3 region) during the processing period, and all data is automatically deleted within 24 hours after generation completion. UCloud OSS does not retain face data beyond this 24-hour period and does not use the data for any purpose other than temporary storage during the AI generation process.

  • Video Call Services: For video calls, we use Agora.io to process and transmit video streams in real-time. Agora.io processes video streams solely for real-time communication transmission and does not store, analyze, or retain any video data or face data. Agora.io's processing is limited to facilitating the real-time video communication feature, and all video data is deleted immediately after the call ends (0 retention). Agora.io does not store face data and does not use video streams for facial recognition, analysis, or any other purpose beyond real-time transmission.

• Business Transfers: any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or any debt or asset sale) involving any of the Companies;

• Government Authorities or Other Third Parties: any competent law enforcement body, regulatory, government agency, court or other third party (such as our professional advisers) where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights or so a third party can defend theirs, or (iii) to protect your vital interests or those of any other person; and

• Advisors: We may share your Personal Data with or disclose your Personal Data to our advisors (including auditors and lawyers) in the course of seeking professional advice.

• With your consent: any other person, with your consent to the disclosure.

• Third Party Links and Collection of Personal Data by Third Parties

Pookie may from time to time, contain links to and from the websites of our affiliates, advertisers, or other third parties (“Third Party Websites”). Certain functions and features within Pookie (such as the payment function) may be provided by third parties (such as payment service providers) (such functions and features being “Third Party Services”). Third Party Websites and Third Party Services are operated by third parties (“Third Party Service Providers”). When you access or use such Third Party Services, or when you click on the link to Third Party Websites, your Personal Data may be collected directly by such Third Party Service Providers.

As these Third Party Websites and Third Party Services are not owned or operated by us, we do not accept any responsibility or liability for such Third Party Websites and Third Party Service, or the collection of your Personal Data by such Third Party Service Providers. Your access to such Third Party Websites and Third Party Services, and provision of Personal Data to these Third Party Service Providers are entirely at your own risk. Please check the privacy policies that apply to such Third Party Websites and Third Party Services carefully before you provide any Personal Data to such Third Party Service Providers.

By accessing or using Third Party Websites and/or Third Party Services, or providing your Personal Data to Third Party Service Providers, you acknowledge and agree that:

• you have read and understood such Third Party Service Providers’ privacy policies, and consent to the collection, use, disclosure and/or Processing of your Personal Data by such Third Party Service Providers pursuant to their privacy policies;

• we do not control such Third Party Service Providers, and the manner in which and purposes for which your Personal Data may be collected, used, disclosed and/or Processed is determined solely by such Third Party Service Providers as data controllers (as defined under applicable Data Protection Laws); and

• to the maximum extent permissible by law, we shall not be liable for any liabilities, losses or damages that may be incurred by you as a result of your use of any Third Party Websites and/or Third Party Services, or the collection, use, disclosure and/or Processing of your Personal Data by any Third Party Service Providers.

• Cookies

We use cookies on Pookie. A cookie is a text file for our App to remember who you are. Cookies only record those areas of our App that have been visited by you and for how long.

Our advertising partners may also use such technologies to collect limited information about your device and interactions with the App and/or Services, such as the links you click, pages you visit, IP address, advertising ID, and browser type, but they will never have access to your conversations with Pookie or any photos or other content you submit through the Pookie.

You have the ability to accept or decline cookies by modifying the setting in your browser. However, you may not be able to use certain features of Pookie if cookies are disabled.

• Your Rights and Choices

Depending on your location and the nature of you interactions with our Services, you are entitled with the following rights and options regarding your Personal Data subject to applicable laws and regulations,: .

• Right to know: Information about how we have collected and used Personal Data. We have made this information available to you without having to request it by including it in this Privacy Policy. .

• Access: the right to request a copy of the Personal Data we process about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format. You could also access some of your Personal Data through account settings (for instance, your nickname) .

• Deletion: deletion of Personal Data that we no longer need to provide the Services or for other lawful purposes. You can delete your Account in your account settings..

• Correction: the right to request that we correct inaccurate personal data we retain about you. Please note that we cannot guarantee the factual accuracy of Outputs. If Outputs contain factually inaccurate Personal Data relating to you, you can submit a correction request and we will make a reasonable effort to correct this information—but due to the technical complexity of our large language models, it may not always be possible for us to do so.

• Withdrawal of consent. Where our processing of your personal data is based on consent, you have the right to withdraw your consent. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Please contact us by using the contact information provided in this Privacy Policy if you would like to exercise any of your rights. We will respond to your request consistent with applicable law and subject to proper verification. We may ask for specific information from you to help us confirm your identity.

In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. Further, please note that a reasonable fee may be charged for certain request.

• The Security of Your Personal Data

The security of your Personal Data is a priority for us. We implement commercially reasonable technical, administrative, and physical security measures to protect your Personal Data from unauthorized access, theft, disclosure, alteration, or loss. We regularly assess our security practices to incorporate new technologies and methods. However, please note that no Internet or email transmission is completely secure or error-free. Specifically, emails sent to or from us may not be fully secure. As a result, we advise you to exercise caution when deciding what information to send to us via the Services or email. Additionally, we are not responsible for any bypassing of privacy settings or security measures on the Service or third-party websites.

• How Long Do We Keep Your Personal Data

We retain Personal Data for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy.

Retention periods vary based on the volume, type, and sensitivity of the Personal Data, the purposes for which we use it, and any legal requirements, among other factors.

Specific Retention Periods for Face Data and Images:

• AI Character Creation Photos: User-uploaded photos for AI character generation are automatically deleted from our servers and UCloud OSS storage within 24 hours after the generation is completed. This 24-hour retention period is necessary to ensure the AI generation process completes successfully and allows for any necessary reprocessing or error recovery. We do not retain face data indefinitely, and all uploaded photos are permanently deleted after this period and cannot be recovered.

• Video Call Data: Video streams from video calls are not retained at all (0 retention). Video data is processed in real-time by Agora.io for transmission purposes only and is immediately deleted after the call ends. No face data from video calls is stored by us or by Agora.io.

When the Personal Data collected is no longer required by us, we and our service providers will perform the necessary procedures to cease to retain your Personal Data, or remove the means by which the data can be associated with you as permitted or required under applicable laws.

• Where We Store Your Personal Data

Our Services are operated in Singapore. If you are located in another jurisdiction, please be aware that the Personal Data you provide to us may be transferred to, stored, and processed in Singapore, a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside or are a citizen.

• Face Data Collection, Use, Storage, and Sharing

This section provides comprehensive information about our practices regarding face data and image processing, as required by applicable data protection laws and App Store guidelines.

What Face Data We Collect:

Our app does NOT collect biometric "Face Data" (TrueDepth API/Face ID). We only use the standard camera/photos for two specific features:

1. AI Character Creation (Voluntary): Users can optionally upload a static photo for AI generation. The uploaded photo is used solely for AI secondary creation to generate a stylized character image. We do not use it for facial recognition or authentication purposes.

2. Video Calls: Users can use the standard camera for real-time video calls. The video stream is transmitted in real-time for communication only and is not analyzed for facial data.

Why We Store Face Data:

• AI Character Creation: We temporarily store uploaded photos for AI generation purposes to enable the image processing functionality. The storage is necessary to process your request and generate the stylized character image you have requested.

• Video Calls: We do not store face data from video calls. Video streams are processed in real-time for transmission only and are not stored.

How Long We Store Face Data:

• AI Character Creation Photos: User-uploaded photos are automatically deleted from our servers within 24 hours after the generation is completed. The 24-hour retention period is necessary to ensure the AI generation process completes successfully and allows for any necessary reprocessing or error recovery. We do not retain face data indefinitely. After this period, all uploaded photos are permanently deleted and cannot be recovered.

• Video Calls: Video streams are not retained at all (0 retention). Video data is processed in real-time and is immediately deleted after the call ends.

Which Third Parties We Share Face Data With:

• AI Image Generation Services: For AI Character Creation, we share uploaded photos with third-party AI service providers (Claude, GPT, and Gemini) solely for the purpose of generating stylized character images. These AI service providers process the images only to perform the image generation task you have requested.

• Cloud Storage Services: The temporary data for AI generation is stored in UCloud OSS (US3 region) during the processing period.

• Video Call Services: For video calls, we use Agora.io to process and transmit video streams in real-time.

Why We Share Face Data with Third Parties:

• AI Service Providers (Claude, GPT, Gemini): We share uploaded photos with these AI service providers because they provide the AI image generation technology necessary to create the stylized character images you request. This sharing is essential to provide the AI Character Creation feature.

• UCloud OSS: We use UCloud OSS for temporary storage of uploaded photos during the AI generation process. This is necessary to enable the image processing functionality and ensure reliable service delivery.

• Agora.io: We use Agora.io to facilitate real-time video communication. This sharing is necessary to provide the video call feature you use.

Third Party Face Data Storage Practices:

• AI Service Providers (Claude, GPT, Gemini): These AI service providers do not retain the uploaded photos after the generation is completed. They process the images only to perform the image generation task and do not store face data beyond the processing period. They do not use the data for facial recognition, analysis, or any other purpose beyond generating the stylized character image.

• UCloud OSS: UCloud OSS stores the temporary data for AI generation during the processing period only. All data is automatically deleted within 24 hours after generation completion. UCloud OSS does not retain face data beyond this 24-hour period and does not use the data for any purpose other than temporary storage during the AI generation process. The 24-hour retention period is necessary to ensure the AI generation process completes successfully and allows for any necessary reprocessing or error recovery.

• Agora.io: Agora.io processes video streams solely for real-time communication transmission and does not store, analyze, or retain any video data or face data. Agora.io's processing is limited to facilitating the real-time video communication feature, and all video data is deleted immediately after the call ends (0 retention). Agora.io does not store face data and does not use video streams for facial recognition, analysis, or any other purpose beyond real-time transmission.

Explicit Statement on Face Data Retention:

We explicitly state that we do NOT retain face data indefinitely. All face data and images collected through our Services are either:

• Automatically deleted within 24 hours after AI generation completion (for uploaded photos), or
• Not stored at all (0 retention for video call data).

No face data is retained beyond these specified periods, and all third-party service providers we work with follow the same retention practices as described above.

• Personal Data Relating to Children

Our Services are not directed to, or intended for, the individual under 18 or under the applicable minimum age required by local law. Users under the minimum age must have their parent or legal guardian to carefully review the Terms of Service and consent their use our Services. If we become aware that a person below the required minimum age is using Pookie, we will promptly restrict access and delete their account..

We do not knowingly collect Personal Data from children under 13. If you have reason to believe that a child under 13 provided Personal Data to us through the Services, please contact us via the contact details set out below. We will investigate any notification and, if appropriate, delete the Personal Data from our systems.

• Privacy Policy Updates

We may update this Privacy Policy from time to time. When we do, we will publish an updated version and effective date on this page, unless another type of notice is required by applicable law. We recommend that you review the Privacy Policy each time you access our Services to stay informed of our privacy practices.

• No Right of Enforcement by Third Parties

A person who is not a party to this Privacy Policy has no right to enforce any of the provisions under this Privacy Policy.

• Contact Us

Questions, comments and requests regarding this policy should be addressed to [support@pookiepod.com] or click “Contact us” column on Pookie.

Appendix 1 - California Privacy Rights and Additional Information

This privacy notice for California residents supplements the information contained in this Privacy Policy and applies to visitors, users, and others who reside in the State of California. If you are a California resident, the California Consumer Privacy Act (“CCPA”) provides you with certain rights with respect to your Personal Data.

1. Collection and Use of Personal Data

In the preceding 12 months, we have collected the following categories of Personal Data:

• Identifiers (e.g., contact information);

• Commercial information (e.g., purchase history and details);

• Internet activity information (e.g., usage data);

• Demographic information (e.g., date of birth);

• Geolocation data (e.g., your current location derived from your IP address);

• Audio and visual information (e.g., customer support center calls);

• Other “personal information” as defined under California law; and

• Inferences drawn from any of these categories.

For examples of more specific information we collect and the sources of such collection, please see Section 2 “What Personal Data We Collect” in the Privacy Policy. We collect your Personal Data for the business and commercial purposes described in Section 3 “How We Use Your Personal Data”.

• Disclosure of Personal Data

We may share your Personal Data with third parties as described in the Section 4 “How We Share Your Personal Data” above. In the preceding 12 months, we have disclosed the following categories of your Personal Data for business or commercial purposes:

• Identifiers (e.g., contact information);

• Commercial information (e.g., purchase history and details);

• Internet activity information (e.g., usage data);

• Other “personal information” as defined under California law; and

• Inferences drawn from any of these categories.

All categories of Personal Data listed here may be shared with categories of third parties as listed in Section 4 “How We Share Your Personal Data”.

• Sale of Personal Data

We do not sell your Personal Data, as defined under CCPA. If in the future we do sell your Personal Data, we will notify you and you may have the right to opt-out of such sale.

• Your Rights

You have the following rights under CCPA:

• Right to Know: You have the right to request more information about the categories and specific pieces of Personal Data we have collected, sold, and disclosed for a business purpose in the last 12 months;

• Right to Delete: You have the right to request deletion of your Personal Data;

• Right to Non-Discrimination: You have the right to be free from discrimination for exercising your rights under the CCPA;

• Right to Opt-Out: You have the right to opt-out of the sale or sharing of your Personal Data;

• Right to Correct: You have the right to correct inaccurate Personal Data we may have; and

• Right to Limit Use and Disclosure of Sensitive Personal Data: You have the right to limit the use and disclosure of sensitive Personal Data we may have.

To exercise any one of these rights, please contact through the means provided under Section 14 “Contact Us”. You are also permitted under the CCPA to designate an authorized agent to submit certain requests on your behalf. In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent’s request.

• California “Shine the Light” Disclosure

California Civil Code Section 1798.83 permits users of Services that are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please submit a verifiable consumer request to us by sending email to [support@pookiepod.com].

• California Rights for Minor Users

California Business and Professions Code Section 22581 permits you, if you are a California resident under the age of 18, to view, correct, or remove information provided by you or publicly posted by you. To make such a request, please submit a verifiable consumer request to us by sending email to [support@pookiepod.com].

Appendix 2 – Notice for the EEA and UK Residents

If you are in the European Economic Area (“EEA”) or the United Kingdom (“UK”) , the following additional information applies to you in addition to the Privacy Policy set out above.

1. Data Subject Rights

In addition to the information set out in Section 7 "Your Rights and Choices" in the Privacy Policy above, you have the right to:

• Ask us to restrict the Processing of your Personal Data;

• Data portability;

• To object to the Processing of Personal Data.

• Legal Basis for Processing Your Personal Data

Our legal basis for collecting and using the information described in Section 2 “What Personal Data We Collect” for the purposes in Section 3 “How We Use Your Personal Data” of our Privacy Policy above is:

• To establish and perform our contract with you (i.e. our Terms of Services) and to provide our Services;

• For our legitimate interests, where those interests are not overridden by your data protection interests of fundamental rights and freedoms, e.g. to protect our legal rights, to pursue or defend legal claims, to improve our services;

• Consent, where obtained separately;

• For compliance with our legal obligations under applicable laws and regulations;

• To protect our or your vital interests or those of another person (for example, another player), e.g. against fraud and violations of our terms;

• While we typically do not collect sensitive or special category Personal Data, where we do this, it will be on the grounds of explicit consent or other applicable lawful basis.

Where we rely on a legitimate interest for the processing of your Personal Data, we have performed a legitimate interest assessment to determine whether your interests outweigh our interests in the processing taking place. You can obtain more information about this balancing test by using the contact details under Section 14 “Contact Us”.

If you have questions, need further information about the legal bases for processing your Personal Data, or want to withdraw your consent, please see Section 14 “Contact Us” in the Privacy Policy above.

• Cross-border Data Transfer

As a global company, we may transfer your Personal Data to our affiliates, third party service providers and partners that operate around the world, which are located in countries other than the country in which you are resident (e.g. Singapore). These countries may have Data Protection Laws that are different to the laws of your country.

Where we transfer your Personal Data to countries and territories outside of the European Economic Area and the UK, which have been formally recognized as providing an adequate level of protection for Personal Data, we rely on the relevant “adequacy decisions” from the European Commission, where applicable.

Where the transfer is not subject to an adequacy decision, we have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Privacy Policy. The transfer will be based on at least one of the following:

• Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum issued by the Information Commissioner's Office as providing an adequate level of data protection.

• The transfer is necessary for the performance of a contract with you, is necessary for the conclusion or performance of a contract in your interest, or to take measures that you have requested, or is based on your explicit consent, or other legal methods available to us under applicable law.

All companies are required to protect Personal Data that they process from Europe in accordance with European Union Data Protection Laws. Transferred Personal Data includes basic information such as your name, or contact information such as your email address.

• Children’s Notice

Our services are not marketed to, or intended for children. Children for the purposes of our services are (a) under the age of 13 years old or, if older (b) between 13 and 18 years old but under the age at which they can give valid digital consent to processing of their Personal Data under applicable data privacy laws. We strive to follow the different minimum age guidelines set by the laws of individual regions when determining the age that children can access certain features of our services.

Children are not permitted to use our services, and we do not knowingly collect any Personal Data from children. Though our services are not intended for children as the primary audience, we may collect age information before allowing a user to proceed for certain services. If we learn that we have inadvertently gathered Personal Data about a child that is not subject to an exemption under applicable privacy law, we will take measures to promptly remove that information from our records.

• Data Protection Supervisory Authority

To lodge a complaint with your national or regional data protection supervisory authority, please contact the competent authority.