Introduction

Cuckoo Labs Inc. (“Cuckoo”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy describes how the company collects, uses, and discloses data related to its products, services, and website at www.cuckoo.so across all platforms (collectively, “Services”).

The company operates as a United States entity subject to U.S. laws. The United States may not offer a level of privacy protection as great as that offered in other jurisdictions. Data may be transferred to, stored, or processed in the United States. By using these Services, you consent to data collection, storage, processing, and transfer to U.S. facilities and third parties as described in this Policy and the Terms of Service Agreement.

1. Definitions

• Customer: A person or entity registered with Cuckoo to use the Services
• Distribution List: A list of Subscribers and all related data
• Personal Data: Any information relating to an identified or identifiable natural person
• Subscriber: Any person or entity on a Distribution List
• You: A Cuckoo Customer or other person visiting the Services

2. Information We Collect

The Services collects two types of information: Personal Data and Non-Personal Data.

Personal Data

• Identification and Contact Data: name, date of birth, gender, address, title, contact details, username, demographic information
• Financial Information: credit card details, account details, payment information
• Employment Details: employer, job title, geographic location, area of responsibility
• IT Information: IP address, cookie data
• Personal Interests or Preferences: purchase history, social media profile information

You may decline to provide Personal Data, though some is mandatory for service provision. Declining mandatory data may prevent service delivery.

Non-Personal Data

• Browser and Device Data: IP address, device type, unique user device number, device manufacturer and model, browser type, operating system, dates and times of use, screen resolution, plug-ins, add-ons, location, and Services version
• Cookies and Tracking Technologies: time spent on Services, pages visited, email campaign performance
• Aggregate Information: combined usage data from multiple users to develop features and tailor Services

3. How We Use Your Information

3.a. Personal Data

The company may use Personal Data to:

1. Provide the Services
2. Resolve disputes, calculate and collect fees, and troubleshoot problems
3. Verify your identity and the information you provide
4. Encourage a safe online experience and enforce our policies
5. Customize your experience and analyze usage of, improve and measure interest in, and inform you about the Services
6. Provide you with information that may affect your use of the Services
7. Communicate marketing and promotional offers
8. Provide customer service, including receipts
9. Develop new products
10. Perform certain other business activities

3.b. Non-Personal Data

Non-Personal Data may be used for:

1. Measuring traffic patterns
2. Understanding demographics, customer interest, and other trends among users
3. Providing, improving, and modifying the Services
4. Promotional and marketing purposes

3.c. AI Model Training

Cuckoo does not use Customer Content — including transcriptions, translations, audio recordings, or meeting data — to train artificial intelligence or machine learning models. Customer Content is processed solely to provide and improve the Services for the applicable Customer.

4. How We May Disclose Your Information

4.a. Personal Data

The company may disclose Personal Data to:

1. Service Providers and others who help with our business operations, including application development, hosting, maintenance, data analysis, infrastructure, IT services, customer service, email delivery, payment processing, marketing, analytics, and agreement enforcement
2. Third parties in the event of a reorganization, merger, sale, asset financing, joint venture, assignment, transfer, or business disposition (including insolvency, bankruptcy, or receivership)
3. Cuckoo subsidiaries, affiliates, or business partners
4. Other users of the Services to identify you to anyone to whom you send messages or comments
5. Persons or entities with whom you consent to have your Personal Data shared
6. Third parties in order to prevent damage to our property, for safety reasons, or to collect amounts owed to us
7. Merchants and payment processors
8. Third parties as we believe necessary or appropriate under applicable law, including to comply with legal process, respond to government authorities, enforce agreements, protect operations, protect rights, privacy, safety, or property, and pursue available remedies

We will never sell, rent, or lease your Personal Data to a third party.

4.b. Non-Personal Data

The company may disclose Non-Personal Data for any purpose, as it does not and cannot identify individual persons.

5. Advertising

5.a. Opting Out of Receiving Electronic Communications

If you no longer want marketing-related emails, you may opt-out via the unsubscribe link or by notifying legal@cuckoo.so. The company may still send important administrative messages, updates, disputes, and required customer service communications.

5.b. Cookies and Other Tracking Technologies

Cuckoo and partners may use cookies, pixels, and web beacons to administer Services, track movements, analyze trends, serve targeted advertisements, and gather demographic information. You can control cookie use at the browser level. Third-party partners may use tracking for off-site advertising.

5.c. Web Beacons

The company uses web beacons in customer emails to track opens and clicks, measuring campaign performance and improving features. Web beacons are also used in emails delivered for Customers to create performance reports and track Subscriber actions.

6. Data Collected by Our Customers

6.a. Our Relationship with Subscribers

Customers may import Personal Data collected from Subscribers or other individuals. Cuckoo has no direct relationship with Subscribers or non-Customer individuals. Customers are responsible for ensuring necessary permissions for data collection, storage, and processing.

Subscribers should unsubscribe directly from Customer newsletters or contact Customers to modify data. Subscriber inquiries are referred to their respective Customers.

6.b. Use and Transfer of Data

Personal Data may be transferred to entities helping promote, provide, or support Services (“Service Providers”). All Service Providers agree to protect Personal Data per this Privacy Policy. The company will never sell, rent, or lease Customer Distribution Lists.

7. Public Data and Third-Party Sites

The Services may provide areas for public information posting. This information may be read, collected, and used by anyone. Cuckoo does not control or endorse third-party posts, is not liable for user posts, and disclaims liability from such posts.

This Policy does not cover collection, use, or disclosure by third parties through applications, websites, products, or services not controlled by Cuckoo. Users expressly relieve Cuckoo from liability arising from third-party website use. Third-party links do not imply endorsement. Users remain responsible for understanding third-party merchant and payment processor privacy policies and terms.

8. Data Retention

The company will retain Personal Data for the period necessary to fulfill Policy purposes unless longer retention is required or allowed by law.

9. Users Under 13 Years of Age

Services are not directed to children under 13, and the company does not knowingly collect Personal Data from them. If aware that a child under 13 provided Personal Data, Cuckoo will take steps to remove such data. Contact legal@cuckoo.so if your child provided data without consent.

By using the Services, you represent that you are not under 13 years of age.

10. Data Security

The company employs commercially reasonable security measures; however, no system is impenetrable. Account holders are responsible for protecting account security, content, and all account activities. You must immediately notify Cuckoo of unauthorized account uses or security breaches by emailing legal@cuckoo.so.

11. Privacy Rights Notice to California Residents

The California Consumer Privacy Act (CCPA) provides California residents specific rights regarding Personal Data, including requests for information about data collection and use, deletion requests (subject to exceptions), opt-out from Personal Data sales, and non-discrimination for exercising these rights.

Cuckoo acts as a “service provider” under CCPA when offering Services to Customers, collecting Personal Data on their behalf. Subscribers should contact their Customer directly regarding CCPA requests; Cuckoo will refer inquiries to Customers.

Cuckoo will not discriminate against users exercising their CCPA rights by denying services, charging different prices, or providing different quality. Financial incentives contingent on Personal Data are only offered when benefits reasonably relate to data value.

Cuckoo does not sell Personal Data. The company offers a Data Processing Agreement for Customers considered “businesses” under CCPA. Request it at legal@cuckoo.so.

12. EU-U.S. and Swiss-U.S. Privacy Shield

Cuckoo complies with EU-U.S. and Swiss-U.S. Privacy Shield Frameworks set by the U.S. Department of Commerce regarding Personal Data transfer from the EU, United Kingdom, EEA, and Switzerland to the United States. The company has certified adherence to Privacy Shield Principles, including Supplemental Principles. Conflicts between this Policy and the Privacy Shield Principles are resolved in favor of the Principles.

12.a. Accountability for Onward Transfer

Cuckoo is responsible for processing Personal Data received under Privacy Shield Frameworks and subsequent third-party transfers. The company complies with onward transfer principles including liability provisions. Personal Data may be disclosed responding to lawful public authority requests, national security, law enforcement, or legal compliance requirements.

12.b. Security

The company uses reasonable and appropriate physical, electronic, and administrative safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the nature of the Personal Data and risks involved in processing that information.

12.c. Data Integrity and Purpose Limitation

Cuckoo collects only Personal Data relevant to Services provision and processes it compatibly with Services or authorization. The company takes reasonable steps ensuring data reliability, accuracy, completeness, and currency, adhering to Privacy Shield Principles throughout retention.

12.d. Access to Personal Data

Users wishing to review, correct, delete, or update previously disclosed Personal Data should email legal@cuckoo.so. Access may be limited or denied where unreasonably burdensome or expensive. Customers receive assistance responding to EU/EEA, United Kingdom, and Swiss individuals exercising Privacy Shield rights. Subscribers should contact their Customer directly regarding access or disclosure limitation requests.

12.e. Recourse, Enforcement, and Dispute Resolution

EU/EEA, United Kingdom, or Swiss individuals with Privacy Shield compliance questions or complaints may email legal@cuckoo.so. If unresolved, contact JAMS, an independent U.S.-based dispute resolution provider. Binding arbitration may be available for unresolved complaints. Cuckoo is subject to Federal Trade Commission investigatory and enforcement powers.

12.f. Data Processing Agreement

Cuckoo offers Data Processing Agreements for Customers processing EU/EEA and Swiss individual data. Request via legal@cuckoo.so.

12.g. Notice and Choice

1. The types of Personal Data we collect are described in Section 2
2. The purposes for which we collect and use Personal Data are described in Sections 3 and 4
3. The choices we offer individuals for limiting use and disclosure are described in Section 5

13. Legal Basis for Processing Personal Data

Under GDPR (EU) 2016/679, Cuckoo generally acts as a processor for Customers. When processing as a data controller, the company does so under the following legal bases:

1. To perform our contract with you for the use of the Services
2. In reliance on our legitimate interests in administering, operating, and supporting the Services
3. In reliance on our legitimate interests in providing certain features
4. In reliance on our legitimate interests in enforcing our Terms of Service Agreement and applicable law
5. In reliance on our legitimate interests in preventing fraud and abuse
6. In reliance on our legitimate interests in meeting legal requirements
7. In reliance on our legitimate interests in improving the Services
8. In reliance on our legitimate interests in supporting our marketing activities
9. In reliance on our legitimate interests in providing network and information security
10. You provided us your consent

14. Do Not Track Disclosure

Currently, no industry standard exists for recognizing Do Not Track browser signals, so Cuckoo does not respond to them.

15. Changes to This Privacy Policy

Cuckoo may change this Privacy Policy at any time. The most recent version is indicated by the “Last Updated” date at the top. All changes are effective immediately upon posting. Users should review the Policy frequently for updates. Continued Services use signifies continuing consent to this Policy.

16. Contact Information

For Privacy Policy questions, email legal@cuckoo.so.