TactiPath - Terms of Service and Privacy Policy

Terms of Service

Effective Date: 1st January 2026

1. Acceptance of Terms

By downloading, installing, or using TactiPath, you agree to these Terms of Service ("Terms"). If you do not agree, you may not use our application or services.

2. User Eligibility and Accounts

You must be at least 18 years old to create an account and use TactiPath. Our services are not intended for anyone under 18, and we do not knowingly allow minors to use or register for TactiPath. You agree to provide accurate, current information during registration and to maintain the confidentiality of your account credentials. You are responsible for all activities under your account and must promptly notify us of any unauthorized access or security breaches.

3. Subscription, Tips and Payments

TactiPath may offer in-app purchases such as tips, donations, or subscriptions. These are billed through third-party platforms (Apple App Store, Google Play Store) or via Stripe for web payments.

Tips/Donations: If you choose to make a one-time tip or donation, the payment is processed immediately and is non-refundable except where required by law. These contributions do not provide ongoing entitlements, but they directly support the continued development of TactiPath.

Subscriptions: If you choose a subscription, it will automatically renew unless cancelled at least 24 hours before the end of the current period. You will receive notification from the billing platform prior to renewal. Subscription fees are inclusive of GST unless stated otherwise and are charged upon purchase confirmation. We may change subscription fees with at least 30 days' advance notice (e.g. via email or in-app notification).

We reserve the right to suspend or terminate your access for non-payment or unresolved payment disputes.

4. Cancellation and Refunds

You may cancel your subscription at any time through the platform where you purchased (Apple App Store, Google Play, or Stripe). Cancellation takes effect at the end of the current paid period, and you will retain access until that period ends. Refund requests are subject to the respective platform's policies. Generally, partial-period refunds are not provided unless required by applicable law or at our discretion.

For users in the United States: Refund requests are also subject to applicable state consumer protection laws in the United States, including but not limited to state warranty laws, unfair and deceptive practices acts, or other consumer protection statutes in your jurisdiction.

Nothing in these Terms restricts your statutory rights (for example, rights under the Australian Consumer Law, New Zealand Consumer Guarantees Act, UK Consumer Rights Act 2015, or other consumer protection laws in your jurisdiction).

5. Dispute Resolution

5A. Dispute Resolution for Users Outside the United States

If you have a dispute or issue arising from these Terms or your use of TactiPath, please first contact our customer support at Tactipath@sagentivum.com. We will attempt to resolve the issue in good faith within 30 days. If we cannot resolve the dispute informally, any unresolved dispute will be submitted to individual arbitration administered by the Australian Centre for International Commercial Arbitration (ACICA), applying Australian law. Class actions and collective arbitration are not permitted – disputes must be pursued on an individual basis. This arbitration agreement does not deprive you of any mandatory protections or remedies you are entitled to under consumer law (e.g. you may still seek remedies under Australian Consumer Law through courts or tribunals as applicable).

5B. Dispute Resolution for Users in the United States

If you are a resident of or located in the United States and have a dispute or issue arising from these Terms or your use of TactiPath, please first contact our customer support at Tactipath@sagentivum.com. We will attempt to resolve the issue in good faith within 30 days.

If we cannot resolve the dispute informally, any unresolved dispute will be submitted to individual binding arbitration administered by the American Arbitration Association (AAA) under its Consumer Arbitration Rules, and judgment on the award rendered by the arbitrator may be entered in any court having jurisdiction thereof. The arbitration will be conducted in the state where you reside or another mutually agreed location, and will apply the laws specified in Section 16B below. You and Sagentivum Pty Ltd agree that these Terms affect interstate commerce and that the enforceability of this arbitration provision will be governed by the Federal Arbitration Act (9 U.S.C. § 1 et seq.).

Class Action Waiver: Class actions, class arbitrations, private attorney general actions, and consolidation with other arbitrations are not permitted. Disputes must be pursued on an individual basis only.

Opt-Out Right: You have the right to opt out of this arbitration agreement. To opt out, you must notify us in writing within 30 days of first accepting these Terms by sending an email to Tactipath@sagentivum.com with the subject line "Arbitration Opt-Out" and including your name, email address, and a clear statement that you wish to opt out of the arbitration agreement. If you opt out, all other terms continue to apply, but disputes will be resolved in court as specified in Section 16B.

Exceptions: This arbitration agreement does not prevent you from bringing issues to the attention of federal, state, or local agencies, including, for example, the Federal Trade Commission. Such agencies can, if the law allows, seek relief against us on your behalf. Additionally, this arbitration agreement does not deprive you of any mandatory protections or remedies you are entitled to under applicable consumer protection laws.

6. Content and Intellectual Property

All content, designs, scenarios, methodologies, and intellectual property in the TactiPath application are owned by Sagentivum Pty Ltd. We grant you a limited, non-transferable, revocable license to use the app for your personal and professional development. You must not copy, distribute, or create derivative works from our content without permission. All trademarks and logos are our property (or our licensors'), and no rights in them are granted to you by your use of the app.

7. Use of Third-Party Services

TactiPath integrates third-party services to enhance functionality, including (but not limited to) OpenAI, Google Firebase/Firestore, Google AdMob, Mixpanel, and RevenueCat. By using TactiPath, you acknowledge and consent to these third-party services and agree to their respective terms and privacy policies. We are not responsible for any issues arising from third-party services, but please notify us if such issues occur so we can work to resolve them. Where generative responses are provided via OpenAI's API (e.g. for scenario coaching), user input may be transmitted to OpenAI for processing. We configure our AI providers so that API data is not used for model training or improvement. Limited short-term retention may occur for safety and abuse monitoring. You should avoid entering sensitive personal, financial, or health-related data in your interactions with the AI. OpenAI processes this data solely to return outputs in real-time and is bound by confidentiality and data protection terms.

8. Use of Service and Restrictions

You agree to use TactiPath only for lawful purposes. You will not misuse the services by engaging in any illegal, fraudulent, or harmful activity. Prohibited behaviors include attempting to reverse-engineer or hack the app, introducing malware, harassing other users, or violating any applicable laws. You also agree not to input or share any content through TactiPath that is defamatory, obscene, sensitive, or confidential (especially information about others) unless you have the right to do so. Any sensitive personal data or confidential business information that you voluntarily input into the app is at your own risk, and we cannot take responsibility for any consequences of you sharing such data. You should not input medical information or rely on TactiPath for medical advice. TactiPath is not a medical service, and any information you provide is not treated as a medical record.

9. Privacy and Data Protection

We value your privacy. Our Privacy Policy (see below) explains in detail how we collect, use, store, and share your personal information. By using TactiPath, you consent to the handling of your data as described in the Privacy Policy and in accordance with applicable privacy laws. In particular, we do not knowingly collect personal data from individuals under 18 years of age, and we do not actively solicit any sensitive personal data (such as biometric identifiers, health information, or financial account details). You should refrain from providing any highly sensitive information via the app. If you choose to do so, you acknowledge that you are responsible for that content, and we disclaim liability for any loss or exposure of such data resulting from your input. Please refer to the Privacy Policy for more information on data practices.

Marketing Communications: If you opt in to marketing, we may use your contact information (such as email) to send you updates, offers, or promotional content. You may withdraw consent at any time through your profile settings or by contacting us. If you do not opt in, you will not receive marketing communications, though you may still receive service or administrative notices.

10. Disclaimer of Liability (No Professional Advice)

You assume full responsibility for any decisions or actions you take in your business or professional activities based on our app. Please note that all content generated by TactiPath's scenario engine—including responses powered by AI models—is provided for educational and illustrative purposes only. It may include inaccuracies, biases, or inappropriate suggestions. We do not warrant that AI-generated content will be suitable or reliable for any particular purpose, and you should exercise your own professional judgment when interpreting it. TactiPath does not provide medical, mental-health, or other professional advice. Any content generated by the app is for educational or illustrative purposes only and should not be relied upon for medical or health decisions. TactiPath is not a medical service and information you provide is not treated as a medical record. If you require medical or professional advice, please consult a qualified professional.

11. No Warranties

TactiPath and all related services are provided "as is" and "as available" without any express or implied warranties. We specifically disclaim any implied warranties of merchantability, fitness for a particular purpose, and non-infringement. For example, we do not warrant that the app will be error-free, uninterrupted, or achieve particular results for you. However, nothing in these Terms excludes or limits warranties or guarantees which cannot be excluded by law, including any consumer guarantees provided by law (such as under Australian Consumer Law or analogous laws in other jurisdictions). In other words, these Terms will not override any rights you have under mandatory consumer protection statutes that apply to your use of TactiPath.

For users in the United States: Under the Uniform Commercial Code and applicable state laws, certain implied warranties may apply to the sale of goods or services. To the extent permitted by law, we disclaim all such warranties. However, some states do not allow limitations on implied warranties, so the above limitations may not apply to you. This warranty gives you specific legal rights, and you may also have other rights that vary from state to state.

12. Limitation of Liability

To the maximum extent permitted by law, Sagentivum Pty Ltd and its affiliates will not be liable for any indirect, incidental, consequential, or punitive damages arising out of or related to your use of (or inability to use) TactiPath. This includes, for example, damages for lost profits, loss of business opportunities, loss of data, or business interruption. These limitations apply even if we have been advised of the possibility of such damages. In jurisdictions that do not allow the exclusion of certain damages, we will be liable only to the minimal extent required by applicable law. In all cases, our total cumulative liability to you for any claims arising in a 12-month period will not exceed the amount you paid to us for your subscription in that period.

13. Indemnification

You agree to indemnify, defend, and hold harmless Sagentivum Pty Ltd, its directors, officers, employees, and affiliates from any claims, losses, liabilities, expenses, or damages (including legal fees) arising out of: (a) your breach of these Terms; (b) your misuse of the application; or (c) any content you upload or input into TactiPath. This means you will reimburse us for any cost or damage we suffer due to your violation of these Terms or misuse of the services.

14. Changes to the Services or Terms

We reserve the right to modify or discontinue any feature of the services, or to update these Terms, at any time. We will provide notice of material changes (for example, by posting within the app or via email). Continued use of TactiPath after changes to the Terms have been made constitutes your acceptance of the revised Terms. If you do not agree to the changes, you should stop using the service and may cancel your subscription (any prepaid fees for the term will remain subject to the original Terms). We encourage you to review the Terms periodically for any updates.

15. Termination

We may suspend or terminate your access to TactiPath immediately if you breach these Terms or if we are required to do so by law or court order. We may also terminate the service with reasonable notice if we decide to discontinue the app. If your account is terminated for violation of these Terms, you are not entitled to any refund of fees paid. You may terminate your own account or subscription at any time via the app or the platform you purchased through; termination will take effect as described in the Cancellation section above.

16. Governing Law and Jurisdiction

16A. For Users Outside the United States

These Terms are governed by the laws of Australia. By using TactiPath, you agree that any legal disputes (outside of arbitration as provided above) will be subject to the exclusive jurisdiction of the courts of New South Wales, Australia. This governing law provision does not override any protections you have under consumer protection laws in your country of residence that by law cannot be waived. In cases where the laws of your country provide you mandatory rights or venues that cannot be contracted away, those provisions will prevail to the extent applicable.

16B. For Users in the United States

If you are a resident of or located in the United States, these Terms are governed by the laws of the State of Delaware, United States, without regard to its conflict of law provisions. You agree that any legal disputes (outside of arbitration as provided in Section 5B above) will be subject to the exclusive jurisdiction of the state and federal courts located in Delaware.

This governing law provision does not override any protections you have under consumer protection laws in your state of residence that by law cannot be waived. In cases where the laws of your state provide you mandatory rights or venues that cannot be contracted away, those provisions will prevail to the extent applicable. Nothing in these Terms limits any rights you may have under applicable federal or state consumer protection statutes.

17. Contact Information

If you have any questions, concerns, or complaints about these Terms or the TactiPath service, please contact us at Tactipath@sagentivum.com. We will do our best to address your inquiry promptly. (Note: a mailing address for Sagentivum Pty Ltd may be provided here as required by law.)

By using TactiPath, you acknowledge that you have read, understood, and agree to these Terms of Service.

Privacy Policy

Effective Date: 1st January 2026

1. Introduction

Sagentivum Pty Ltd Ltd ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and manage your information in compliance with applicable privacy laws, including the Australian Privacy Act 1988, the New Zealand Privacy Act 2020, Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), the UK Data Protection Act 2018 (UK GDPR), and the European Union's General Data Protection Regulation (GDPR), and United States privacy laws including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), and other applicable state privacy laws. We implement practices to ensure we meet the strictest of these requirements across all the regions we serve.

2. Age Restrictions

Our services are intended for users 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If you are under 18, please do not use TactiPath or submit any personal information to us. In the event we discover that we have collected personal information from a minor under 18, we will delete that information without undue delay.

3. Information We Collect

We collect personal information directly from you when you interact with our application or related services. This includes:

Account Information: Name, email address, and contact details provided when you register an account.

Authentication Data: Account login credentials (which are stored in a secure manner, e.g. hashed passwords).

Subscription and Transaction Data: Records of your tips and/or subscription status, purchase history, and payments (e.g. transaction IDs from Apple, Google, or Stripe).

Device and Usage Data: Information about your device and how you use the app – for example, IP address, device type, operating system, browser type (for web access), pages or screens visited, and usage times. This helps us understand and improve app performance. Our use of Sentry for error tracking includes the capture of "breadcrumbs"—logs of recent user actions or screen transitions before an error occurs. These breadcrumbs may include contextual usage information (such as which feature was being used), but they are not used to identify users beyond what is necessary for technical support and troubleshooting.

Demographic Information (Optional): You may choose to provide demographic details such as your age range, industry, or professional role via your profile or surveys. We collect such information if provided, to help improve your experience and to tailor our services and marketing to our user base.

User Inputs: If you voluntarily input data into the app (for example, responses in scenario exercises or notes), that data may be stored on our systems. Please avoid submitting sensitive personal data or confidential business information in these inputs. We do not actively solicit any sensitive personal information (e.g. information about your health, biometrics, racial or ethnic origin, political opinions, etc.), and we do not collect biometric data through the app's features. Any sensitive information you do provide is at your discretion, and while we will treat it as personal data under this Policy, we disclaim responsibility for any harm you may incur from sharing it.

AI Interactions: If you engage with AI-powered features in the app (such as scenario coaching or draft generation), your inputs may be transmitted to OpenAI via API. These inputs are processed to generate real-time outputs and are not retained or used for training purposes. However, as with other user inputs, please do not submit sensitive personal information. We disclaim liability for any content you choose to provide or that is generated in response.

4. Purpose of Collection and Use

We collect and use your personal information for the following purposes:

Provide and Maintain the Service: To allow you to register and log into TactiPath, use the interactive scenario features, and generally to deliver the functionalities you expect from the app. This includes using your information to personalize your experience (for example, remembering your progress).

Subscription and Payment Management: To process payments for tips or subscriptions and manage your entitlements, including verifying purchases with the App Stores or payment processors and enforcing access rights.

Communication: To communicate with you about your account and the service. For example, we may send you service notifications, administrative emails, customer support responses, or security alerts. These are not marketing messages but essential notices about the service or your account.

Improvements and Analytics: To analyze usage trends and feedback in order to improve our content and features. Understanding how users interact with TactiPath (which features are popular, where users drop off, etc.) helps us refine the user experience. We may also use demographic and usage data in aggregate to research and innovate new features.

Marketing and Outreach (with consent): To send you updates, offers, or promotional content about TactiPath that may be relevant to you, but only if you have opted in to receive marketing communications. For example, with your consent, we might use your email to send a newsletter or use demographic insights to target advertisements to audiences with similar profiles as our users. You can withdraw consent to marketing at any time. (We do not sell your personal information to third-party advertisers, but we might use platforms like Google or Facebook to show ads to "lookalike" audiences — this involves providing data like hashed email or demographic segments, without directly sharing your identifying information with advertisers.)

Customer Support: To assist you when you contact us with questions, issues, or requests. We will use your contact information and any information you provide about your issue to help resolve it.

Legal Compliance: To comply with legal obligations to which we are subject. For instance, we may use or disclose data as required to fulfill tax and accounting requirements, respond to lawful requests by authorities, or to meet obligations under privacy laws (such as responding to user access requests or data breach notification rules).

Research, Analytics, and Commercial Use of Aggregated Data: We may use anonymised or aggregated information derived from user activity (for example, scenario choices, decision patterns, or usage statistics) for research, product development, or commercial purposes. Such information cannot reasonably identify you. We may also share or license aggregated insights or reports with third parties (for example, academic institutions, employers, or partners) for research or commercial use.

Protecting Vital Interests and Enforcement: In rare circumstances, we may process data to protect someone's vital interests (e.g. if we believe there is a risk of serious harm) or to enforce our Terms of Service (e.g. investigating misuse of the app, preventing fraud, or protecting our rights in the event of legal claims).

Sale or Sharing of Personal Information (US Users): We do not sell your personal information in the traditional sense. However, under certain US state privacy laws (including the CCPA/CPRA), "sale" or "sharing" may be defined broadly to include some forms of data sharing for analytics, advertising, or other purposes. When we share aggregated, anonymized, or hashed data with third-party platforms (such as advertising networks or analytics providers), this may be considered a "sale" or "sharing" under these definitions. California residents and residents of other applicable US states have the right to opt out of such sale or sharing (see Section 10A - US State-Specific Privacy Rights).

We will not use your personal information for purposes that are incompatible with the above without your consent. Where required by law, we will obtain your consent for certain processing activities (for example, sending direct marketing communications or processing certain sensitive data, if ever applicable).

5. Legal Bases for Processing (EU/UK users)

If you are located in the EU, EEA, or UK, we process personal data based on valid legal grounds, as permitted by GDPR/UK GDPR. This means: (a) Contract: Much of our processing (account data, subscription data, etc.) is to provide the service you requested, under our contract with you. (b) Legitimate Interests: We rely on legitimate interests to process data for improvements, analytics, and certain marketing related to our own services (we ensure our interests do not override your rights). (c) Consent: For optional uses such as sending promotional emails or using certain cookies/analytics, we will ask for your consent. You have the right to withdraw consent at any time. (d) Legal Obligation: Some processing is necessary to comply with laws (e.g. financial record-keeping, responding to legal processes). We provide this explanation to ensure transparency.

6. Data Sharing and Disclosure

We value your privacy and do not sell your personal information. We only share your data in the following circumstances:

Service Providers: We employ trusted third-party companies and providers to perform tasks on our behalf. These include payment processors (for subscriptions), cloud hosting providers (for data storage and backend infrastructure), analytics services, and customer communication tools. Examples of third parties we use are Apple, Google, Stripe, Firebase, Sentry, Mixpanel, RevenueCat, and OpenAI (for certain in-app AI features). These providers may process personal information as needed to provide their services to us. We ensure that each third-party is bound by appropriate confidentiality and data protection obligations, and we only provide the data necessary for them to fulfill their function. Some services (e.g. Mixpanel and Sentry) may correlate behavioral and technical data with your user ID or email address to support usage analytics, debugging, and personalized feature development.

Affiliates: We may share information with affiliates or subsidiaries of Sagentivum Pty Ltd (if any exist in the future) for business administration or integration of services, under the same privacy commitments.

Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities. For instance, if a law enforcement agency lawfully subpoenas certain user data, or if we need to disclose information to regulators or government bodies (for example, the Office of the Australian Information Commissioner, Privacy Commissioner of New Zealand, Privacy Commissioner of Canada, Data Protection Commission in Ireland, or UK Information Commissioner's Office) during a compliance investigation. We will only disclose what is necessary and will inform you of such requests when permitted by law.

Protection of Rights: We may disclose data if necessary to enforce our Terms of Service, protect the rights, property or safety of TactiPath, our users, or others. This could include sharing information with legal advisors or in connection with an investigation of fraud, security, or technical issues.

Business Transfers: If Sagentivum Pty Ltd is involved in a merger, acquisition, financing due diligence, restructuring, bankruptcy, or sale of assets, your information may be transferred to a successor or affiliate as part of that transaction. If this happens, we will ensure the new owner continues to honor this Privacy Policy or provides notice of any changes.

OpenAI (for generative AI features): We use OpenAI's API to process certain user interactions. Inputs are transmitted securely and are not stored by OpenAI for future use. OpenAI acts solely as a processor on our behalf, and no data is used for training purposes.

Importantly, any third parties with whom we share data are not permitted to use your data for their own marketing or other purposes unrelated to providing services to us.

7. International Data Transfers

TactiPath is operated from Australia, and the data we collect may be transferred to or stored in multiple countries (for example, where our service providers' servers are located). This means your personal information may be transferred outside of your home country or region. We recognise that different countries have different data protection laws, so we take steps to ensure that international transfers comply with all applicable requirements:

Adequacy and Safeguards (EU/UK): If we transfer personal data from the UK/EEA or other regions with data transfer restrictions, we will do so using lawful mechanisms. Typically, this means we rely on the European Commission's Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements with our service providers, or we transfer to countries that the authorities have deemed to have "adequate" data protection (note: the EU has recognized countries like New Zealand and Canada (commercial organizations) as providing adequate protection). We also assess on a case-by-case basis that the data will be protected. These measures ensure compliance with GDPR requirements for cross-border data flows.

Australia and New Zealand: When transferring personal info from Australia or New Zealand to other countries, we will take reasonable steps to ensure the recipient protects the information in line with our Privacy Policy and the Australian Privacy Principles and NZ Privacy Act's requirements (for example, ensuring the recipient is subject to comparable privacy laws or binding agreements).

United States: For users located in the United States, your data may be transferred to and processed in other countries where our service providers operate, including Australia. Some US state privacy laws restrict or require disclosure about international transfers, particularly for sensitive personal information. We take appropriate measures to ensure that international transfers comply with applicable US state requirements, including contractual safeguards with our service providers. If you are a resident of a state with such restrictions and have concerns about international data transfers, you may contact us for more information.

By using the app, you understand that your data may be processed in Australia or other countries where our infrastructure or third parties are located. Regardless of location, we will protect your information as described in this Policy. If you have questions about international data transfer, you can contact us (see Contact Us section).

8. Data Security

We implement industry-standard security measures to safeguard your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (e.g., SSL/TLS for network communications) and at rest where appropriate, use of firewalls and access controls, regular security assessments, and staff training on data protection. We also restrict access to personal data to employees and contractors who need it to operate or improve the app, and who are subject to confidentiality obligations. Keep in mind that no method of transmission over the Internet or electronic storage is 100% secure, so while we strive to protect your data, we cannot guarantee absolute security. If we detect a data breach that affects your personal information, we will notify you and the relevant authorities as required by law (for example, under Australia's Notifiable Data Breaches scheme, New Zealand's or Canada's breach notification rules, or GDPR/UK law, as applicable).

9. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. In practice, this means: as long as you have an active account or subscription, we will keep your profile and usage data. If you cancel your account or it becomes inactive, we may retain your data for a period of time in case you reactivate or for legitimate business purposes such as record-keeping (typically, we might archive basic account info for seven years for tax or legal compliance). We periodically review the data we have and delete or anonymize information that is no longer needed. For example, if you request account deletion, we will delete personal data associated with your account (except for data we are required to keep for legal reasons, such as transaction records). Aggregated data that cannot identify you may be kept longer for analytics. When disposing of personal data, we ensure it is done securely. Analytics data (e.g. event logs from Mixpanel and crash logs from Sentry) may be retained for up to 36 months to support product development, usage analysis, and debugging. Where possible, this data is aggregated or anonymized after your account is deleted.

California residents and residents of other US states with applicable privacy laws may request information about our data retention practices and how long specific categories of personal information are retained by contacting us.

10. Your Rights

Depending on your jurisdiction, you have certain rights regarding your personal information. We honor the rights of users as required by applicable law, which include:

Access and Portability: You have the right to request a copy of the personal information we hold about you. We will provide this in a structured, commonly used format. For EU/UK users, you can also request that we transmit this data to another controller where technically feasible (data portability). California and other US state residents have similar rights to access and data portability.

Correction: If any of your information is inaccurate or incomplete, you have the right to request that we correct or update it. You can also make certain changes directly via your account profile.

Deletion: You can request that we delete your personal information. Note that we may need to retain certain information for legal purposes or internal business purposes (which we will communicate to you if applicable). When you delete the app or your account, some data may remain in backups or logs for a short period but will be removed in the normal course of business.

Withdrawal of Consent: If we are processing your personal data based on your consent (for example, if you agreed to receive marketing emails), you have the right to withdraw that consent at any time. You can opt out of marketing emails by using the "unsubscribe" link in those emails or contacting us. Withdrawal of consent does not affect the lawfulness of processing that occurred before you withdrew consent.

Objection and Restriction: In certain situations, you have the right to object to or ask us to restrict the processing of your data. For instance, EU/UK users can object to processing based on legitimate interests or for direct marketing. If you feel our use of your data is not justified, you can request a restriction while your objection is resolved.

Opt-out of Targeted Advertising: If we use your data for targeted advertising (as mentioned above), you may have rights to opt out of such use (for example, Canada's laws allow individuals to opt out of targeted advertising profiling; in the EU/UK, you can object to processing for direct marketing). US state residents (including California, Virginia, Colorado, Connecticut, and Utah residents) have the right to opt out of the sale or sharing of personal information and targeted advertising. We will honor such opt-out requests.

Complaints: You have the right to lodge a complaint about our data practices with a supervisory authority or regulator in your country (see "Contact and Complaints" below).

Additional Rights for US Residents: If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or another US state with applicable privacy laws, you have additional rights as described in Section 10A below.

To exercise any of your rights, please contact us at the email address provided in Section 13. We will respond to your request within a reasonable timeframe and in accordance with applicable law (within 30 days for most non-US jurisdictions, and within 45 days for US state law requests, with possible extensions as permitted by law). We may need to verify your identity before fulfilling certain requests, to ensure we do not disclose data to the wrong person. There is no fee for making a request, but repeated or excessive requests may incur a reasonable fee as permitted by law.

Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights, including by denying goods or services, charging different prices or rates, providing a different level of quality, or suggesting you will receive a different price or quality of goods or services.

10A. US State-Specific Privacy Rights

This section applies only to residents of US states with comprehensive privacy laws.

California Residents (CCPA/CPRA Rights)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

1. Right to Know: You have the right to request that we disclose:

   • The categories of personal information we have collecte about you

   • The categories of sources from which we collected your personal information

   • Our business or commercial purpose for collecting, selling, or sharing personal information

   • The categories of third parties to whom we disclose personal information

   • The specific pieces of personal information we have collected about you

2. Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.

3. Right to Correct: You have the right to request correction of inaccurate personal information.

4. Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information. To exercise this right, email us at Tactipath@sagentivum.com with the subject line "Do Not Sell or Share My Personal Information" or use the "Do Not Sell or Share My Personal Information" link in the app settings.

5. Right to Limit Use of Sensitive Personal Information: If we use or disclose sensitive personal information for purposes beyond those permitted by CCPA, you have the right to limit such use. We do not actively collect sensitive personal information as defined by CCPA, but if you have provided such information, you may request we limit its use.

6. Right to Non-Discrimination: You have the right to not receive discriminatory treatment for exercising your CCPA rights.

Categories of Personal Information We Collect (CCPA Disclosure):

• Identifiers (name, email, IP address, device identifiers)

• Commercial information (subscription and transaction data)

• Internet or network activity (usage data, device information)

• Geolocation data (general location from IP address)

• Professional or employment information (if voluntarily provided)

• Inferences drawn from the above to create a profile

Sources of Personal Information: We collect this information directly from you, automatically through your use of the app, and from third-party platforms (payment processors, app stores).

Business Purposes for Collection: As described in Section 4 of this Privacy Policy.

Categories of Third Parties We Share With: Service providers (payment processors, cloud hosting providers, analytics services), affiliates, and as required by law (as detailed in Section 6).

Sale or Sharing: We do not sell personal information in the traditional sense. We may share aggregated or de-identified data with analytics and advertising partners, which may constitute "sharing" under CCPA definitions. In the past 12 months, we have shared the following categories for business purposes that may include cross-context behavioral advertising: identifiers, internet/network activity, and inferences.

Retention Period: We retain personal information as described in Section 9 of this Privacy Policy. Specific retention periods vary by data type but generally align with the duration of your active use plus applicable legal retention requirements (typically up to 7 years for financial records).

Sensitive Personal Information: We do not intentionally collect sensitive personal information as defined by CCPA (such as precise geolocation, social security numbers, driver's license numbers, passport numbers, account login credentials in combination with security codes, financial account information, precise geolocation, racial or ethnic origin, religious beliefs, health data, sex life or sexual orientation, citizenship or immigration status, genetic data, biometric data, or personal information from a known child). If you voluntarily provide such information, we do not use it for purposes other than those permitted under CCPA section 7027(m) without obtaining your consent to do so.

California "Shine the Light" Law: California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their own direct marketing purposes.

Authorized Agents: You may designate an authorized agent to make requests on your behalf. The authorized agent must provide:

• Written authorization signed by you

• Proof of their identity

• Verification of your identity

We may deny requests from agents that do not submit proper proof of authorization or if we cannot verify the identity of the requestor.

Minors Under 16: We do not sell or share personal information of consumers we know are under 16 years of age. Our services are restricted to users 18 and older.

Virginia, Colorado, Connecticut, and Utah Residents

If you are a resident of Virginia, Colorado, Connecticut, or Utah, you have rights under your state's privacy law, including:

• Right to Confirm and Access: Right to confirm whether we process your personal information and to access such information

• Right to Correct: Right to correct inaccuracies in your personal information

• Right to Delete: Right to delete personal information you have provided to us

• Right to Data Portability: Right to obtain a copy of your personal information in a portable and, to the extent technically feasible, readily usable format

• Right to Opt Out: Right to opt out of:

  • Targeted advertising (advertising based on your activities across different websites/apps)

  • Sale of personal information

  • Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you

How We Process Personal Information: As described throughout this Privacy Policy, particularly in Sections 3, 4, and 6.

Categories of Personal Information Processed: As listed in the California section above.

Purpose of Processing: As described in Section 4 of this Privacy Policy.

How to Exercise Your Rights: Contact us at Tactipath@sagentivum.com with "Privacy Rights Request - [Your State]" in the subject line.

Appeal Process:

If we decline to take action on your request, you have the right to appeal our decision:

1. To initiate an appeal, respond to our decision email or contact us at Tactipath@sagentivum.com with "Privacy Rights Appeal - [Your State]" in the subject line within a reasonable time after receiving our decision.

2. Include in your appeal:

   • Your name and contact information

   • Details of your original request

   • Reasons you believe our decision was incorrect

   • Any additional information supporting your position

3. We will respond to your appeal within 60 days of receipt (or within the timeframe required by your state's law). Our response will include:

   • Our decision on the appeal

   • Reasons for our decision

   • Instructions for contacting your state attorney general if you wish to lodge a complaint

4. If your appeal is denied and you wish to pursue the matter further, you may contact your state attorney general:

   • Virginia: Office of the Attorney General, Consumer Protection Section

   • Colorado: Colorado Attorney General's Office

   • Connecticut: Connecticut Attorney General's Office

   • Utah: Utah Division of Consumer Protection

Exercising Your US State Privacy Rights

To exercise any of the above rights:

1. Email us at: Tactipath@sagentivum.com

2. Subject line: "Privacy Rights Request - [Your State]"

3. Include:

   • Your full name

   • Email address associated with your account

   • State of residence

   • Specific request (access, deletion, correction, opt-out, etc.)

   • Any additional information we may need to verify your identity

Verification Process:

To protect your privacy and security, we will verify your identity before processing your request. The verification process may include:

• Matching the information you provide with information we have on file

• Requesting additional documentation if needed

• For sensitive requests (like deletion), we may require additional verification steps

Response Timeframe:

We will respond to your request within 45 days of receipt. If we need additional time (up to 45 additional days), we will notify you of the extension and the reason for it.

No Fee:

There is no fee to submit a privacy rights request. However, if your requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee or refuse to act on the request, as permitted by law.

Contact for US Privacy Questions:

For questions specific to US state privacy rights, contact us at Tactipath@sagentivum.com with "US Privacy Inquiry" in the subject line.

11. Cookies and Similar Technologies

TactiPath may use cookies or similar tracking technologies in our app or website to enhance functionality and analyze usage. (In a mobile app context, this may include local storage or analytics SDKs rather than browser cookies.) For example, we use analytics tools that might set identifiers to help us understand user behavior. We may also use cookies to remember your preferences or session info on our web portal. You have control over these technologies: if using our website, you can manage cookies through your browser settings (you can refuse or delete cookies). If using the mobile app, your device's operating system may offer options to limit tracking (such as resetting your advertising ID or using settings like "Limit Ad Tracking" on iOS/Android). Note that disabling certain tracking may affect functionality (e.g., we won't have accurate analytics). For any non-essential tracking (especially for users in jurisdictions with cookie consent requirements), we will obtain your consent. For instance, EU users will be presented with a cookie notice or settings to manage analytics cookies when using our web features. Our use of Google AdMob or similar for advertising within the app will comply with platform requirements for consent (we will ask for consent to personalized ads where required). Please see our Cookie Notice (if provided) for more details on specific cookies and how to opt out.

Do Not Track Signals (California): California law requires us to disclose how we respond to "Do Not Track" (DNT) signals. Currently, our services do not respond to DNT browser signals or similar mechanisms. However, California residents and residents of other applicable states may opt out of the sale or sharing of personal information and targeted advertising as described in Section 10A.

State-Specific Consent Requirements: Some US states require opt-in consent for the processing of sensitive personal information for certain purposes. We do not intentionally collect or process sensitive personal information as defined by these laws. If you are in a state with such requirements and believe we have collected your sensitive information, please contact us immediately to manage your preferences or request deletion.

Advertising and Analytics Partners: We may use third-party advertising and analytics services (such as Google AdMob, Mixpanel) that use cookies or similar technologies to collect information about your activity on our services and other websites/apps to provide you with relevant advertising and to analyze usage. For US residents, this may constitute "sharing" or "targeted advertising" under state privacy laws. You can opt out of this activity as described in Section 10A.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will notify you by updating the "Effective Date" at the top of the policy. For material changes, we will provide prominent notice within the app or via email at least 30 days before the changes take effect (or as otherwise required by applicable law). The notice period may be longer for certain jurisdictions:

• EU/UK users: 30 days minimum for material changes

• US users: 30 days minimum for material changes (or as required by state law)

• California users: Material changes to how we use personal information will be prominently disclosed, and opt-in consent will be obtained where required by CCPA

We encourage you to review the Privacy Policy periodically. Continued use of TactiPath after any changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you should discontinue use of the app and may request deletion of your data.

13. Contact and Complaints

If you have any questions about this Privacy Policy or our data handling practices, or if you wish to exercise your rights or raise a concern, please contact us at:

Sagentivum Pty Ltd Email: Tactipath@sagentivum.com

We will address your inquiry or complaint as soon as possible. If you are not satisfied with our response and believe we are not complying with our privacy obligations, you have the right to escalate your complaint to the relevant data protection authority or privacy regulator in your jurisdiction.

For users outside the United States, you may contact:

• Australia: Office of the Australian Information Commissioner (OAIC) - oaic.gov.au or 1300 363 992

• New Zealand: Office of the Privacy Commissioner - privacy.org.nz or 0800 803 909

• Canada: Office of the Privacy Commissioner of Canada (OPC) - priv.gc.ca or 1-800-282-1376

• Ireland (EU): Data Protection Commission - dataprotection.ie or +353 (0)761 104 800

• United Kingdom: Information Commissioner's Office (ICO) - ico.org.uk or 0303 123 1113

For users in the United States, you may contact:

• Federal Trade Commission: ftc.gov/complaint or 1-877-FTC-HELP (1-877-382-4357)

• California Attorney General (for California residents):

  • Website: oag.ca.gov/contact/consumer-complaint-against-business-or-company

  • Phone: 1-800-952-5225

  • Address: California Department of Justice, Attn: Public Inquiry Unit, P.O. Box 944255, Sacramento, CA 94244-2550

• Virginia Attorney General (for Virginia residents): oag.state.va.us or 1-800-552-9963

• Colorado Attorney General (for Colorado residents): coag.gov or 720-508-6000

• Connecticut Attorney General (for Connecticut residents): ct.gov/ag or 860-808-5318

• Utah Division of Consumer Protection (for Utah residents): consumerprotection.utah.gov or 801-530-6601

• Your state Attorney General's office (for residents of other states)

California residents: If you have an unresolved concern regarding your CCPA rights that we have not addressed satisfactorily, you may contact the California Attorney General's office using the contact information above.

We will cooperate with these authorities to resolve any issues.

14. Additional Disclosures for US Users

This section applies only to users located in the United States.

Children's Privacy (COPPA Compliance)

Our services are not directed to children under 18, and we do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). We have implemented age verification measures to prevent minors from creating accounts. If we learn we have collected personal information from a child under 13, we will delete that information immediately. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at Tactipath@sagentivum.com.

Financial Incentives (California)

We do not currently offer any financial incentive programs (such as rewards, discounts, or loyalty programs) in exchange for the collection, retention, sale, or sharing of personal information. If we establish such programs in the future, we will:

• Provide California residents with clear notice of the program terms

• Explain the material terms of the financial incentive

• Describe the categories of personal information involved

• Explain how the value of the incentive is reasonably related to the value of your personal information

• Provide instructions on how to opt-in to the program

• Allow you to withdraw from the program at any time

Such programs will be offered in accordance with CCPA requirements and will not constitute unlawful discrimination.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities in accordance with applicable US federal and state breach notification laws. Our notification procedures include:

• Timing: Notification will be provided without unreasonable delay and within the timeframe required by your state's law (typically ranging from immediately to 90 days, depending on the state)

• Method: Notification may be provided by email, postal mail, telephone, or substitute notice (such as conspicuous posting on our website or notification to major media outlets) if the cost of notification would exceed specified thresholds

• Content: Notifications will include:

  • Description of the incident

  • Types of personal information involved

  • Steps we have taken to address the breach

  • Steps you can take to protect yourself

  • Contact information for further inquiries

  • Whether law enforcement has determined that notification would impede a criminal investigation (if applicable)

We maintain incident response procedures designed to detect, respond to, and notify affected individuals of data breaches as required by law. We also maintain cybersecurity insurance and have implemented security measures as described in Section 8.

State-Specific Breach Notification: Different states have varying requirements:

• Some states require notification within specific timeframes (e.g., 30, 45, 60, or 90 days)

• Some states require notification to state authorities (e.g., state attorney general)

• Some states have specific requirements for substitute notice

• We will comply with the breach notification law applicable to your state of residence

Health Information and HIPAA

TactiPath is not a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA). We are not a healthcare provider, health plan, or healthcare clearinghouse, and we do not handle protected health information (PHI) on behalf of covered entities.

Any health-related information you voluntarily provide through the app is NOT protected by HIPAA and is instead handled under this Privacy Policy as personal information (or, in some states, as sensitive personal information). Key points:

• Not a Medical Service: TactiPath is not a medical service, and information you provide is not treated as a medical record

• No Doctor-Patient Relationship: Use of TactiPath does not create a doctor-patient or healthcare provider-patient relationship

• Do Not Share Sensitive Health Data: We strongly recommend you do not input sensitive health information, medical diagnoses, treatment details, or other protected health information into the app

• Voluntary Disclosure: Any health information you provide is voluntary and at your own risk

• Limited Protection: While we protect all personal information as described in this Privacy Policy, health information you share is not afforded HIPAA's specific protections

• No Medical Advice: TactiPath does not provide medical advice, and any information generated by the app should not be relied upon for medical decisions

If you require medical advice or have health concerns, please consult a qualified healthcare professional.

Biometric Information Privacy

We do not collect, capture, purchase, receive through trade, or otherwise obtain biometric information through TactiPath. "Biometric information" includes biometric identifiers such as:

• Fingerprints

• Voiceprints

• Retina or iris scans

• Face geometry or facial recognition data

• Hand or finger geometry

• Gait or typing patterns

• Other unique biological characteristics

If we implement any features in the future that would collect biometric information, we will:

• Obtain informed written consent before collection (as required by laws like Illinois BIPA and similar state laws)

• Provide clear disclosure about:

  • The specific purpose and length of time for which biometric information is being collected, stored, and used

  • Whether biometric information will be disclosed or shared with third parties

• Implement a publicly available retention schedule and destruction guidelines

• Comply with all applicable biometric privacy laws, including:

  • Illinois Biometric Information Privacy Act (BIPA)

  • Texas Capture or Use of Biometric Identifier Act

  • Washington biometric privacy law

  • California biometric information provisions under CCPA

  • Other state biometric privacy requirements

We will not sell, lease, trade, or otherwise profit from biometric information.

Equal Service and Non-Discrimination

We will not discriminate against you for exercising your privacy rights under applicable US state laws. This means we will not:

1. Deny goods or services to you

2. Charge different prices or rates for goods or services, including through the granting of discounts or other benefits, or the imposition of penalties

3. Provide a different level or quality of goods or services to you

4. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services

Permitted Differences: However, we may:

• Charge you a different price or rate, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your personal information

• Offer you financial incentives (with your opt-in consent) as permitted by law, provided the incentive is reasonably related to the value of your personal information

Price Differences Must Be Reasonable: Any price difference must be reasonably related to the value your data provides. We calculate this value based on:

• The marginal value to us of the sale, collection, or deletion of your personal information

• Method used to calculate the value

• Good-faith estimate of the value

• Consideration of technological feasibility and business practices

If we offer different prices or services based on whether you exercise your privacy rights, we will provide notice explaining the basis for the difference.

US State Law Compliance Statement

We are committed to complying with all applicable US state privacy laws, including but not limited to California, Virginia, Colorado, Connecticut, and Utah privacy laws. As additional states enact comprehensive privacy legislation, we will update our practices and this Privacy Policy to ensure continued compliance.

We regularly review our data practices to ensure alignment with evolving legal requirements and best practices in data protection. If you have questions about our compliance with your state's privacy laws, please contact us at Tactipath@sagentivum.com.

Nevada Residents

If you are a Nevada resident, you have the right to opt out of the sale of certain covered information we have collected or will collect about you. To exercise this right, please contact us at Tactipath@sagentivum.com with "Nevada Opt-Out" in the subject line. We do not currently sell covered information as defined by Nevada law, but we honor opt-out requests as required by Nevada Revised Statutes Chapter 603A.

By continuing to use TactiPath, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.