Last updated: April 26, 2023

Welcome

At ESTU, we have created this Privacy Policy to explain how we collect, use, disclose and otherwise process personal information in connection with operating our business. This Privacy Policy describes how we process and handle data provided to ESTU in connection with your use of our products, services, apps, and websites that link to this policy (we refer to these collectively as our “services”). In this policy, ESTU,” “we,” “us,” and “our” refer to the ESTU LLC company that is responsible for your data.

Information security and privacy are at the heart of what ESTU values and promotes as a company. As such, we think it’s important to be transparent about how we handle your information. That level of transparency also makes for a lengthy document, but we’ve tried to make it more readable by organizing it into a logical structure and by using plain language.

It goes without saying, we can't help you have an awesome user experience without some information about you. We collect information generated as you use our app. Your information may be kept in an identifiable format, or in an aggregate format which means that you cannot reasonably be identified from it.

We may provide additional privacy notices to you at the time we collect your data. This type of an "in-time" notice will govern how we may process the information you provide at that time.

ESTU offers a variety of services, and certain services may process data differently, or in additional ways, to other services and what’s described in this policy.

This Privacy Policy applies to our websites and mobile applications and other online services we may provide on which this Privacy Policy is posted, and our collection of information from our corresponding social media features and pages (each a "Service" and collectively, the "Services"). In addition to describing how we collect, use, disclose and otherwise process personal information, this Privacy Policy explains the rights and choices available to individuals with respect to their personal information.

1. INFORMATION WE COLLECT AND HOW

1.1. Information we collect

While using our Services, we may ask you to provide us with certain personal data or personal information that can be used to identify you (“Personal Data”, or “data” or “information”). We may also collect Personal Data automatically, or from third-party partners or services. The Personal Data we collect includes:

1.2. Basic Identifiers and Contact Information

We collect some information from you when you provide it to us directly, such as via an email or online form, through the support feature embedded in our Services, or through another form of inquiry. This information may include your name, email, and phone number. If you apply for a job on our website, information you submit may also include a cover letter and any details included in your resume or curriculum vitae (CV).

1.3. Device Information

When you download and use our Services, we automatically collect information on the type of device you use, operating system, resolution, application version, mobile device identifiers (such as your device ID, advertising ID), language, time zone and IP address.

For example, some of our services require you to sign up with your social media account or phone number. When you do, we’ll ask for personal information like your email address, telephone number to store with your account. If you want to take full advantage of the sharing features we offer, we might also ask you to register with a Facebook account or telephone number, which may include your Facebook name and photo.

1.4. Information provided to us by third parties

Referrals. If you are invited to use an ESTU service, the person who invited you may submit your personal data, such as your email address or other contact information.

1.4.1. Third Party Accounts.

Some services may allow you to register an account using a third party account (such as a Google or Microsoft account). If you do so, that third party may send us some information about you that they have. You may be able to control what information they send us via your privacy settings for that third party account.

1.4.2. Threat Information.

We receive information from reputable members of the security industry who provide information to help us to provide, develop, test, and improve our services (for example, lists of malicious URLs, spam blacklists, phone number blacklists, and sample malware). Some of this information may contain personal data on an incidental basis.

1.4.3. Business Customers.

Organizations that use our business and enterprise products may submit personal data to facilitate account management and invite individuals to use those products.

1.5. Information provided to us directly

Photos that you upload to our apps, for example to use the Avatars and/or Video Avatars (referred collectively as "Avatars") feature. Please note that we always delete all metadata that may be associated with your photos by default (including, for example, geotags) before temporarily storing them to our systems. We can access your photos and videos only after you grant us permission to access your camera or your devices’ photo library. You provide such a permission through the request that appears on your mobile device (it may differ depending on your device operating system). You may revoke permission to access your camera or photo library through the settings on your mobile device.

1.6. Information about your gender:

When you use our Avatars feature, we ask you about your gender. This information is used by the AI model solely to generate the Avatars in accordance with the indicated gender: for example, if you choose to identify your gender as a female, then you will receive conventionally more feminine-like Avatars.

You generally do not have a duty to disclose personal data to us unless you have a contractual obligation to us to do so. However, we need to collect and process certain information that is necessary or legally required in order to provide the services to you or otherwise perform our contractual relationships with you.

2. SHARING AND USE OF PERSONAL DATA

2.1. Who do we share your information with and why?

We guarantee that your personal data will not be rented out or sold to any third parties. However, we may share information obtained through tools such as cookies, log files, device identifiers, and location data with third-party organizations that offer automatic data processing technologies for our Apps. Please note that we have no control over these third-party tracking technologies or their possible usage.

To help us provide some aspects of our services, we work with trusted third parties and partners. To protect your data we limit information sharing to the scope of what they are helping us with. Examples of activities that third parties help us with include:

providing analytics about our services
providing sales and customer support
maintaining the infrastructure required to provide our services
delivering our marketing and advertising content

In order to obtain the essential infrastructure for the delivery and enhancement of our services, we may enlist the assistance of the following third-party service providers:

Appsflyer https://www.appsflyer.com/legal/services-privacy-policy/
Amplitude https://amplitude.com/privacy
Firebase https://firebase.google.com/support/privacy?hl=en
OpenAI https://openai.com/policies/usage-policies

If you wish to obtain further information about services mentioned above, please consult the appropriate privacy policies and websites.

2.2. For legal reasons

We will share personal information with companies, organizations or individuals outside of ESTU if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable law, regulation, Legal process or enforceable governmental request. enforce applicable Terms of Service, including investigation of potential violations.detect, prevent, or otherwise address fraud, security or technical issues, protect against harm to the rights, property or safety of ESTU, our users or the public as required or permitted by law.

We may share non-personal publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

If ESTU is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

2.3. We use the information we collect for various purposes described below.

2.3.1. To provide, maintain, troubleshoot, and support our services.

We use your information for this purpose on the basis that it is required to fulfill our contractual obligations to you. Examples: using information about how much bandwidth you use and how long you use our services in order to provide the services in accordance with a plan to which you have subscribed; using threat and device information to determine whether certain items pose a potential security threat; and using usage information to troubleshoot a problem you report with our services and to ensure the proper functioning of our services.

2.3.2. For billing and payment purposes.

We use your information in order to perform billing administration activities and process payments, which are required to fulfill our contractual obligations.

2.2.3. To communicate with users and prospective users.

We use your information to communicate with you, including by responding to your requests, and sending you information and updates about our services. We may do this in order to fulfill our contract with you, because you consented to the communication, or because we have a legitimate interest in providing you with information about our services.

2.3.4. To improve our services.

We want to offer you the best services and user experiences we can, so we have a legitimate interest in continually improving and optimizing our services. To do so, we use your information to understand how users interact with our services. Examples: we analyze certain usage, device, and diagnostic information to understand aggregated usage trends and user engagement with our services (and, for example, invest in technical infrastructure to better serve regions with increasing user demand); we may use device and threat information to conduct spam, threat, and other scientific research to improve our threat detection capabilities; we review customer feedback to understand what we could be doing better.

2.3.5. To develop new services.

We have a legitimate interest in using your information to plan for and develop new services. For example, we may use customer feedback to understand what new services users may want.

To market and advertise our services. We may use your information to provide, measure, personalize, and enhance our advertising and marketing based on our legitimate interest in offering you services that may be of interest. Examples: we may use information such as who or what referred you to our services to understand how effective our advertising is; we may use information to administer promotional activities such as sweepstakes and referral programs.

2.3.6. To prevent harm or liability.

We may use information for security purposes (such as to investigate security issues or to monitor and prevent fraud) and to prevent abuse. We may do this to comply with our legal obligations, to protect an individual’s vital interests, or because we have a legitimate interest in preventing harm or liability to ESTU and our users. For example, we may use account, usage, and device information to determine if an entity is engaging in abusive or unauthorized activity in connection with our services.

2.3.7. For legal compliance.

We internally use your information as required by applicable law, legal process, or regulation. To learn about our practices regarding sharing your information with third parties for legal compliance purposes, see Section 3.1 below. We also use your information to enforce our legal rights and resolve disputes.

2.4. Duration of personal data storage

We usually keep your personal information for as long as it is necessary to carry out the functional service of the App and to comply with legal obligations. If you wish to stop us from utilizing your information that we have access to and store, you can request that we delete your personal information and close your account.
Nonetheless, some data may still be kept for a limited duration (which will not exceed the required storage purpose) if the information is essential to fulfill legal obligations such as taxation, accounting, audit, or to maintain safety and data backup settings, prevent fraud or other malicious activities.

2.4.1 How we process your photos

With regard to the User-Generated Content related to the avatars and video avatars features, specific storage terms apply. To create your Avatars, we need to send the uploaded photos(e.g. face data) to our backend servers, which have the necessary computing resources to perform this function. During this process, your photos are temporarily stored on our servers, which are provided by Google Cloud Platform (USA). We then create a copy of the AI model to personalize it with your photos and generate your Avatars. Once this is done, we immediately delete your original photos from our servers. Your purchased Avatars are stored on our servers for your exclusive access within our App for a limited time (30 days) or until you delete them. We never use your photos or Avatars for purposes other than creating your personalized Avatars, and we don't use them to identify individual users, for authentication, advertising, marketing, or any other purpose. We don't transfer, share, sell, or provide your photos or Avatars to any third parties, including advertising platforms, analytics providers, data brokers, or information resellers. Additionally, we don't use your photos or Avatars to create or train separate artificial intelligence products.

You can request us to delete your data by contacting via email support@estudev.com

3. Tracking Technologies & Cookies

3.1. About Tracking Technologies

ESTU uses various technologies in our services to help us collect information. For convenience, we refer to these as “tracking technologies,” although they are not always used to track individuals and the information collected is in a non-identifiable form that does not reference any personal data. Tracking technologies include:

Cookies.

Cookies are small portions of text that are stored on the device you use to access our services. Cookies enable us (or third parties that we allow to set cookies on your device) to recognize repeat users. Cookies may expire after a period of time, depending on what they are used for.

Pixel Tags / Page Tags / Web Beacons / Tracking Links.

These are small, hidden images and blocks of code placed in web pages, ads, and our emails that allow us to determine if you perform a specific action. When you access a page, ad, or email, or click a link, these items let us know that you have accessed that page, opened an email, or clicked a link.

SDKs.

SDKs or software development kits are software code provided by our business partners that let our software interact with the services those partners provide. For example, in our free mobile apps, we may use an SDK to enable our app to serve ads from an advertising network. Sometimes these interactions will involve that business partner collecting some information from the device on which the software is run.

3.2. Why we use Cookies

We use cookies:

To provide our services.

Some cookies are essential for the proper operation of our services. For example, cookies allow us to authenticate who you are and whether you’re authorized to access a resource.

To store your preferences.

Cookies can store your preferences, such as language preferences or whether to pre-fill your username on sign in forms. We may also use them to optimize the content that we show to you.

For analytics.

Cookies are used to inform us how users interact with our services so we can, as a legitimate interest, improve how they work (such as what screens or webpages you access, and whether our advertising is effective).

For security.

Cookies can enable us and our payment processors to detect certain kinds of fraud.

For advertising-related purposes.

We advertise our services online with the help of third parties who show ads and marketing about us on sites around the internet.

3.3. Third Parties

We may allow our business partners to place certain tracking technologies in our services. These partners use these technologies for the following purposes:

To provide our services.

Some business partners who help us to provide our services may use these technologies to support those efforts.

For Analytics.

To help us understand how you use our services.

For Marketing.

To help us market and advertise our services to you, including on third party websites.

Cookies are used in connection with this to measure the performance of our advertising, attribute actions you take with our ads with actions you take on our services, deliver ad retargeting (serving ads based on your past interactions with our services), and target ads at similar audiences.

To Serve Ads.

This is relevant to users of our free products only. Ad networks may use these technologies to display ads which they think will be more relevant to you. For more information, please see the “Displaying Third Party Ads” section above.

3.4. Your Choices:

Our Cookies.

Most web browsers and some mobile devices give you the ability to manage your cookie preferences, including deleting cookies and blocking cookies from being set on those browsers or devices. Visit the “help” section of your browser to understand what controls it gives you over cookies. Note that deleting or blocking certain cookies could adversely impact the proper operation of our services.

Google Analytics.

We use Google Analytics to help us understand how users use our services. Google makes available a Google Analytics Opt Out Browser Add-On if you do not want to participate in Google Analytics.

4. Security

ESTU employs a range of administrative, organizational, technical, and physical safeguards designed to protect your data against unauthorized access, loss, or modification. We continuously work to improve such safeguards.

5. SOCIAL MEDIA AND OTHER COMMUNICATIONS

We maintain a presence on several social networking and blogging platforms, such as Facebook, Instagram, Google, LinkedIn, Twitter, Snap, TikTok and Pinterest. We may incorporate some third-party social networking features into our Services (including, allowing users to interact with others and share certain content and information on social media platforms) or utilize third-party provided platforms to publish or manage the Services or portions thereof. Through these platforms and features, we receive or may share information about you, and this Privacy Policy applies to that information as well. In addition, some providers of third-party social media or blogging platforms we utilize have their own privacy policies which explain how the third parties that provide them may collect, use and protect your information (e.g., if you establish an account with such platform providers directly). By using social features, you agree to those third parties' privacy policies and terms of use.

If you choose to communicate with us or another user through social features available on our websites or mobile applications or through our social media pages, or other similar communication or messaging features or services, such information may be made publicly available. For security purposes, please do not include any password, social security number, payment card or other sensitive information via these features. We have the right, but not the obligation to monitor messages and communications between and among users for security and training purposes. We may, but are not obligated to, remove any content we deem inappropriate.

6. International Data Transfers

6.1. Transfers to Other Countries

ESTU may transfer your personal data to countries other than the one in which you reside. We do this to facilitate our operations, and transferees include other ESTU group companies, service providers, and partners. Laws in other countries may be different to those that apply where you reside. For example, personal data collected within Switzerland or the European Economic Area (EEA) may be transferred and processed outside Switzerland or the EEA for purposes described in this policy. However, we put in place appropriate safeguards that help to ensure that such data receives an adequate level of protection.

7. Data Retention

ESTU generally retains your personal data for as long as is needed to provide the services to you, or for as long as you have an account with us. We may also retain personal data if required by law, or for our legitimate interests, such as abuse detection and prevention, and defending ourselves from legal claims. Residual copies of personal data may be stored in backup systems for a limited period as a security measure to protect against data loss.

8. Your Rights

Depending on your country of residence, you may have certain legal rights in relation to your personal data that we maintain. Subject to exceptions and limitations provided by applicable law, these may include the right to:

access and receive a copy of your personal data;
correct your personal data;
restrict the processing of your personal data;
object at any time to the processing of your personal data;
have your personal data erased;
data portability;
withdraw any consent you previously gave to the processing of your data (such as opting out to marketing communications);
lodge a complaint with a data protection authority;
request that we provide you with the categories of personal data we collect, disclose or sell about you;
the categories of sources of such information; the business or commercial purpose for collecting or selling your personal data; and the categories of third parties with whom we share personal data. This information may also be provided in this Privacy Policy.

Please note your rights and choices vary depending upon your location, and some information may be exempt from certain requests under applicable law.

You may be able to exercise some of these rights by using the settings and tools provided in our services. For example, you may be able to update your user account details via the relevant account settings screen of our apps. You may also be able to opt out from receiving marketing communications from us by clicking an “opt out” or “unsubscribe” link in such communications.

Otherwise, if you wish to exercise any of these rights, you may contact us using the details in the “Contact Us” section below. As permitted by law, we may ask you to verify your identity before taking further action on your request.

9. INFORMATION FOR RESIDENTS OF CALIFORNIA: YOUR CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, the California Consumer Privacy Act ("CCPA") may provide you with rights that are in addition to those set forth elsewhere in this Privacy Policy regarding our use of your personal information. The CCPA Notice applies to "Consumers" as defined by the law. This section describes your CCPA rights as a California Consumer and explains how to exercise those rights. See Sections 1 - 4 above to learn what information we collect from you and how it is collected, used and shared.

9.1 Access to Information and Data Portability Rights

You have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:
The categories of personal information we have collected about you.
The categories of sources from which we collected your personal information.
The business or commercial purposes for our collecting or selling your personal information.
The categories of third parties to whom we have shared your personal information.
The specific pieces of personal information we have collected about you.
A list of the categories of personal information disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.

A list of the categories of personal information sold about you in the prior 12 months, or that no sale occurred. If we sold your personal information, we will explain:

the categories of your personal information we have sold.
the categories of third parties to which we sold personal information, by categories of personal information sold for each third party.

You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your personal information that we have collected in the period that is 12 months prior to the request date and are maintaining.

9.2. Data Deletion Rights

Except to the extent we have a basis for retention under CCPA, you may request that we delete your personal information that we have collected directly from you and are maintaining. Note also that we are not required to delete your personal information that we did not collect directly from you.

9.3. Exercising Your Rights

To make a request for access, portability or deletion according to your rights under CCPA, mail your request for the attention of the Privacy / Legal Department to support@estudev.com

9.4. The Verifiable Consumer Request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Some personal information we maintain about Consumers is not sufficiently associated with enough personal information about the Consumer for us to be able to verify that it is a particular Consumer's personal information (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the CCPA, we do not include that personal information in response to Verifiable Consumer Requests. If we cannot comply with a request, we will explain the reasons in our response.

We will make commercially reasonable efforts to identify Consumer personal information that we collect, process, store, disclose, and otherwise use and to respond to your California Consumer privacy rights requests. We will typically not charge a fee to fully respond to your requests, but we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome.

9.5. Opt-Out

There is not yet a consensus as to whether third party cookies and tracking devices associated with our websites and mobile apps may constitute a "sale" of your PI as defined by the CCPA. To make a request to opt-out of sale under CCPA, send mail to support@estudev.com.

We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable data. In addition, we may offer you financial incentives for the collection, sale and retention and use of your personal information as permitted by the CCPA that can, without limitation, result in reasonably different prices, rates, or quality levels. The material aspects of any financial incentive will be explained and described in its program terms. We may add or change incentive programs and/or their terms by posting notice on the program descriptions and terms linked to above so check them regularly.

10. INFORMATION RELATING TO CHILDREN

We do not knowingly collect information from children under the age of 16 years old (or older if required in an applicable jurisdiction to comply with applicable laws). If you are not over 16 years old (or older if required in an applicable jurisdiction to comply with applicable laws) then DO NOT DOWNLOAD OR USE THE SERVICES. If you believe that we may have personal information from or about a child under the age of 16 years old, please contact us here. Note that we'll attempt to delete the account of any child under the age of 16 that's reported to us as soon as possible. You are responsible for any and all account activity conducted by a minor on your account.

11. Privacy Policy Updates

ESTU may update this Privacy Policy from time to time in accordance with this section for reasons such as changes in laws, industry standards, and business practices. ESTU will post updates to this page and update the “Last updated” date above. If we make updates that materially alter your privacy rights, we will also provide you with advance notice, such as via email or through the services. If you disagree with such an update to this policy, you may cancel your services account. If you do not cancel your account before the date the update becomes effective, your continued use of our services will be subject to the updated Privacy Policy.

12. Contact Us

We expect this Privacy Policy to evolve over time and welcome feedback from our users about our privacy practices. If you have any questions or complaints about our privacy practices, you can contact us using the following details:

901 N. Pitt Street, Suite 170 Alexandria, VA 22314

support@estudev.com