Scope and Definitions

Tough Day Corp. (“Tough Day”, the “Company” or “we”) has developed this privacy policy out of respect for the privacy of our customers, users, and visitors (collectively, “User” or “Users”) to our website www.tough.day (“Website”) and our User platforms. This policy describes the personal information we collect, use, and disclose about Users who visit, use, or interact with this website, purchase or inquire about any of our products or services, contract with us to provide services, or otherwise interact or do business with us.

Whenever you visit our Website, we will collect some information from you automatically simply by you visiting and navigating through this site. Through this website, we will collect information that can identify you and/or your activity in accordance with our cookie policy outlined in the section below titled “Use of Cookies, Pixels, and Other Tracking Technologies.”

Additionally, whenever you communicate, interact, or do business with us or otherwise use any of our services (including Tuffy), we will be collecting personal information from you or about you in the course of our interaction or dealings with you.

The meaning of “personal information” may be defined based on your state or country of residence: in this policy, it means any information that can reasonably be used to identify an individual. The meaning of “Consumers” may be defined based on your state or country of residence.

Collection of Personal Information and Sensitive Personal Information

Based on your specific transactions and interactions with us or our website, we will or may collect, and we have in the last 12 months collected, the following categories of personal information about you. For each category of information, the categories of third parties and service providers to whom we have disclosed the information in the last 12 months are referenced below. The examples provided for each category are not intended to be an exhaustive list or an indication of all specific pieces of information we collect from or about you in each category, but rather the examples are to provide you a meaningful understanding of the types of information that may be collected within each category.

Categories of Sensitive Personal Information Collected or Processed

Of the above categories of Personal Information, the following are categories of Sensitive Personal Information the Company may collect from or about Users:

1. Personal Identifiers (social security number, driver’s license or state identification card number, passport number)
2. Account Information (your Tough Day account log-in, in combination with any required security or access code, password, or credentials allowing access to the account)
3. Protected Classifications (racial or ethnic origin, religious or philosophical beliefs, union membership, or sexual orientation)
4. Geolocation Data (IP address and/or GPS location, latitude & longitude)

Personal information does not include:

• Publicly available information from government records.
• Information that a business has a reasonable basis to believe is lawfully made available to the general public by the User or from widely distributed media.
• Information made available by a person to whom the User has disclosed the information if the User has not restricted the information to a specific audience.
• Deidentified or aggregated information.

Retention of Data Collected or Processed

Unless otherwise specified above, we retain personal information no longer than necessary for the purposes for which it was collected unless a longer period is required to comply with laws or regulation or for other legal reasons. Retention periods may vary depending on the purpose for which the personal information was collected and used, which may differ depending on the nature of the personal information and the length and of time you remain a customer or maintain a business relationship with us.

In deciding how long to retain each category of personal information that we collect or process, we consider many criteria, including, but not limited to: the business purposes for which the personal information was collected; relevant federal, state, local, and international recordkeeping laws; applicable statutes of limitations for claims to which the information may be relevant; and legal preservation of evidence obligations.

We will retain each category of personal information based on either: (1) the date the record or data was collected, created, or last modified; (2) the date of the particular transaction to which the record or data pertains; or (3) another triggering event that is determined to be reasonable and appropriate based on the nature of the data and the legal/business needs for its continued use.

Sources of Personal Information

We may collect your personal information from the following sources:

• You the User when you visit the Website or register for an account with Tough Day, use any of our services (including Tuffy), and voluntarily submit information through forms, or other method of communication, when you purchase or inquire about any of our products or services, when you chat with Tough Day, or when you enter into a contract to perform services for us.
• Our vendors, suppliers, guests, visitors, other consumers, and corporate customers based on your interactions with them (if any)
• Our corporate customers that provide their employees with access to Tough Day products and services and sponsor their employees’ subscription with Tough Day
• We utilize cookies to automatically collect information about our Website visitors
• During customer support contact
• Company systems, networks, software applications, and databases you log into or use

To Whom We Disclose Personal Information

We may disclose, sell, or share your personal information to/with the following categories of service providers, contractors, or third parties:

• Financial institutions
• Promotional or other fulfillment vendors
• Marketing support vendors and vendors that support managing or hosting the Website or User Platforms
• Communication providers/vendors that facilitate, manage, and send/receive communications on our behalf via email, or text/SMS or phone
• Transaction support vendors (e.g., credit card payment processors)
• Data analytics vendors
• Security and risk management vendors, including IT, cybersecurity, and privacy vendors and consultants
• Insurance carriers, administrators, and brokers
• Corporate customers (meaning an entity, as opposed to a natural person, that purchases, leases, or finances any of our products or services)

Why We Collect, Use, and Disclose Personal Information

We may collect and disclose your personal information for any of the following business purposes:

1. To fulfill or meet the purpose for which you provided the information.
2. To process, complete, and maintain records on transactions and account subscriptions and renewals.
3. To process, complete, and maintain records on transactions.
4. To provide warranty coverage on products and services.
5. To retain your selection for text opt in/opt out to ensure customers who opted out are not sent any text messages.
6. To provide and communicate with Users about our services and products.
7. To respond to consumer inquiries, including requests for information, customer support online, phone calls, and other inquiries.
8. To contact you by email, telephone calls, mail, SMS, or other equivalent forms of communication regarding updates or informative communications related to the functionalities, services, or other information you requested or asked Tough Day to provide to you.
9. To improve User experience on our Website and User Platforms.
10. To detect security incidents.
11. To maintain records of when customers decline a service or sale.
12. To debug, identify, and repair errors that impair existing intended functionality of our Website, apps, and AI tools.
13. To improve the overall performance and capabilities of our AI models.
14. To protect against malicious or illegal activity and prosecute those responsible.
15. To verify and respond to consumer requests.
16. To prevent identity theft.

We do NOT and will not sell your personal information in exchange for monetary or other valuable consideration. We do not share your personal information for cross-context behavioral advertising.

We do and will not use or disclose your sensitive personal information for purposes other than the following:

1. To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
2. To detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information.
3. To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions.
4. To ensure the physical safety of natural persons.
5. For short-term, transient use.
6. To perform services on behalf of the Company.
7. To verify or maintain the quality or safety of a product, service or device that is owned, manufactured, manufactured for, or controlled by the Company, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the Company.
8. For purposes that do not involve inferring characteristics about consumers.

U.S. Consumer Privacy Rights

Under applicable U.S. privacy laws, depending on state of residence, Consumers may have the following rights, which can be exercised directly or, in certain cases, through an authorized agent:

Right to Know. You have the right to request, (1) the categories of personal information we have collected about you, (2) the categories of sources from which the personal information was collected, (3) the business or commercial purpose for collecting, selling, or sharing this information, (4) the categories of third parties with whom we share or have shared your personal information, (5) as applicable, the categories of personal information that we have sold or shared about you and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared, and (6) the categories of personal information that we have disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose;

Right to Access. You may, depending on your state of residency, have the right to request that we disclose to you, free of charge, the specific pieces of personal information we have collected about you.

Right to Portability. You may, depending on your state of residency, have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal information to another person.

Right to Confirm. You may, depending on your state of residency, have the right to confirm if we are processing your Personal Information and to access your Personal Information, as just stated above.

Right to Delete. You may, depending on your state of residency, have the right to request that we delete personal information that we collected from you, subject to certain exceptions.

Right to Correct. You may, depending on your state of residency, have the right to request we correct inaccurate personal information (to the extent such an inaccuracy exists) that we maintain about you.

Right to Opt-Out. You may, depending on your state of residency, have the right to opt-out of certain uses of your personal information. To learn more about this right and how to exercise it, please refer to the detailed discussion in the section below.

Right to Limit Sensitive Personal Information Processing. You may, depending on your state of residency, have the right to direct businesses to limit their use and disclosure of Sensitive Personal Information if we use or disclose it beyond certain internal business purposes. Where applicable, we will treat such a request as a revocation of any consent that you may have provided to your processing of Sensitive Personal Information.

Right to Appeal. You may, depending on your state of residency, have the right to appeal a decision regarding a privacy request, including appealing our refusal to take action on a request.

Right to Non-Discrimination. You have the right to not be discriminated or retaliated against for exercising any of the above rights.

Submitting a Consumer Request

You can submit any of the above types of consumer requests through the option below:

1. Submit an online request by email to: consumer-report@tough.day

How We Will Verify That It Is Really You Submitting The Request:

When you submit certain consumer requests through one of the methods provided above, we will need to confirm your state of residence to determine which rights apply and then we will need to verify your identity.

In order to verify your identity, we will ask you to provide some information in order to verify your identity and respond to your request. Specifically, we will ask you to verify information that can be used to link your identity to particular records in our possession, which depends on the nature of your relationship and interaction with us. This process may require us to request additional personal information from you, including, but not limited to, your first name, last name, email address, phone number, state/province of residence, and/or country. During verification, we will only request the minimum personal information necessary to correctly identify you for the purpose of fulfilling your request.

In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with your request.

Designated Authorized Agent:

You may, depending on your state of residency, have the right to designate an authorized agent to submit one of the above requests on your behalf. To do so, you must either (a) execute a valid, verifiable, and notarized power of attorney or (b) provide other written, signed authorization that we can then verify.

Notice of Right to Opt-Out

Residents of certain U.S. states have the right to opt-out of specific uses or disclosures of their personal information under applicable U.S. privacy laws, as outlined below. You may exercise these opt-outs rights without fear of discrimination for doing so.

Right to Opt-out of the Selling or Sharing of Your Information

We do not sell or share your personal information to any third parties. Accordingly, under applicable data privacy laws, there is no right to opt-out of the sale of personal information as no such sales occur.

Third Party Vendors

We may use other companies and individuals to perform certain functions on our behalf. Examples include administering e-mail services and running special promotions. Such parties only have access to the personal information needed to perform these functions and may not use or store the information for any other purpose.

Business Transfers

In the event we sell or transfer a particular portion of its business assets, information of consumers, contractors and applicants may be one of the business assets transferred as part of the transaction. If substantially all of our assets are acquired, information of consumers, contractors and applicants may be transferred as part of the acquisition.

Compliance with Law and Safety

We may disclose specific personal and/or Sensitive Personal Information based on a good faith belief that such disclosure is necessary to comply with or conform to the law or that such disclosure is necessary to protect our employees or the public.

Use of Cookies, Pixels, and Other Tracking Technologies

Our website may store or retrieve information on your browser, mostly in the form of cookies. A cookie is a small piece of data (text file) that a website – when visited by a User – places on the User’s device to remember information about the User, such as the User’s language preference or login information.

This type of cookie is set by us and is referred to as a “first-party cookies.” Our website uses first-party cookies primarily to make the website work as you expect it to. For example, we use the information we collect through first-party cookies to allow you to navigate between pages efficiently, analyze how well our website is performing, and understand the content that you spent the most time reviewing. In some cases, we use first-party cookies to store information that we use for targeted advertising.

We also incorporate cookies and similar technologies, such as pixels, tags, and web beacons, from outside our website’s domain (“third-party cookies”). Third-party cookies gather information to enable our vendors to provide a range of services to us, including targeted advertising and measuring the success of our advertising campaigns.

Below is a detailed list of the categories of first- and third-party cookies we use on our website. You can prevent the collection of data by non-essential performance, functional, and marketing cookies by clicking on “Your Privacy Choices” in our website footer and toggling off the related functionality.

How we use cookies

We make use of cookies under the following circumstances and for the following reasons:

• - Provide you with services available through the website and to enable you to use some of its features
• - Authenticate users and prevent fraudulent use of user accounts
• - Identify if users have accepted the use of cookies on the website
• - Compile data about website traffic and how users use the website to offer a better website experience
• - Understand and save visitor preferences for future visits, such as remembering your login details or language preference, to provide you with a more personal experience, or to avoid you having to re-enter your preferences every time you use the website

Essential Cookies

Essential cookies are necessary for the website to function properly and cannot be switched off in our systems. They are usually only set in response to a site visitor’s request for services, such as a visitor setting their privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but blocking these cookies will prevent the website from working correctly or might prevent the Website from working at all.

Non-Essential Cookies

Non-Essential cookies are not essential to the website functionality but serve some other unique purpose in three subcategories:

1. “Performance” cookies (sometimes referred to as static cookies) collect information about the user’s behavior on the website without collecting personal information, for example:
   • Pages the user visits.
   • Ads the user views.
   • Ads or site features that the user clicks.
2. “Functional” cookies (sometimes called preference cookies) track and remember the user’s preferences and past choices on the website to provide a personalized user experience. For example, functional cookies can collect:
   • Usernames
   • Passwords
   • Regions
3. “Marketing” cookies (sometimes called tracking or advertising cookies) can track:
   • Content the user views
   • Links the user follows
   • The user’s browser and device information and IP address

Please note: Organizations can use marketing cookies to track and influence users by building user profiles or displaying advertisements.

Cookie Management

You can control and manage cookies associated with your browser. If you are interested in controlling and managing cookies from your browser including any set by our Website, please refer to http://www.allaboutcookies.org/manage-cookies/index.html for information on different ways to configure your browser’s cookie settings.

If you want to clear all cookies left behind by the websites you have visited, here are links where you can download three third party programs that clean out tracking cookies.

• http://www.lavasoftusa.com/products/ad-aware_se_personal.php
• http://www.spybot.info/en/download/index.html
• http://www.webroot.com/consumer/products/spysweeper/

You may delete cookies from your web browser at any time or block cookies on your equipment, but this may affect the functioning of or even block the website. You can prevent saving of cookies (disable and delete them) by changing your browser settings accordingly at any time. It is possible that some functions will not be available on our website when use of cookies is deactivated. Check the settings of your browser. Below you can find some guidance:

• Safari
• Opera
• Internet Explorer
• Google Chrome
• Mozilla

Do Not Track (DNT) is a privacy preference that users can set if they do not want web services to collect information about their online activity. We do not respond to DNT signals, with the exception of Global Privacy Controls.

External Links

Our website contains links to other sites. We are not responsible for the privacy practices or the content of such websites. To help ensure the protection of your privacy, we recommend that you review the Privacy Policy of any site you visit via a link from our website.

Passwords

The personal data record created through your registration with our website, products, or services, can only be accessed with the unique password associated with that record. To protect the integrity of the information contained in this record, you should not disclose or otherwise reveal your password to third parties.

Children Under the Age of 16

We do not knowingly sell or share the personal information of consumers under 16 years of age.

How We Protect the Information that We Collect

The protection of the information that we collect about visitors to this website is of the utmost importance to us and we take every reasonable measure to ensure that protection, including:

- We use commercially reasonable tools and techniques to protect against unauthorized access to our systems.

- We restrict access to private information to those who need such access in the course of their duties for us.

Consent to Terms and Conditions

By using this website, you consent to all terms and conditions expressed in this Privacy Policy.

Changes to Our Privacy Policy

As our services evolve and we perceive the need or desirability of using information collected in other ways, we may from time to time amend this Privacy Policy. We encourage you to check our website frequently to see the current Privacy Policy in effect and any changes that may have been made to them. If we make material changes to this Privacy Policy, we will post the revised Privacy Policy and the revised effective date on this website. Please check back here periodically or contact us at the address listed at the end of this Privacy Policy.

Consumers With Disabilities

This policy is in a form that is accessible to consumers with disabilities.

Questions About the Policy

This website is owned and operated by Tough Day Corp. If you have any questions about this Privacy Policy, please contact us by email at privacy@tough.day.

**This policy was last updated November 25, 2024.