Comera requires certain information about you to operate, improve, customize, and support its services effectively. By accessing and registering to use our app, you consent to the collection, processing, and transfer of your data necessary for delivering the app’s intended services and fulfilling legal obligations. This may include data collected directly from you, from third parties, or otherwise.

For details on how we collect, store, process and transfer your personal data, please refer to the sections below.

You have the right to withdraw your consent at any time by deleting your account from Comera. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. For more information on deleting your account, please see the Managing Your Information section of this policy.

The information we receive and collect depends on your use of our Services. Certain information is essential for us to deliver our Services effectively; without it, we cannot provide you with our Services. For instance, creating an account requires you to provide your mobile phone number.

Additionally, our Services offer optional features that may necessitate collecting additional information to function. You will be informed about such collection when relevant. If you opt not to provide the required information, you will not be able to use that feature. For instance, accessing your contact list is necessary to display which of your contacts are using Comera, sharing your location with other contacts requires us to collect your location data from your device. You can manage permissions through your Settings menu on both Android and iOS devices.

We may collect, use, store, and transfer distinct kinds of personal data about you, the details of which are as follows:

Information you provide

• Your Account Information: You must provide your mobile phone number and user profile name or a nickname of your choice to create an account in Comera. You can also add other optional information to your account, such as a profile picture and “Status” information.
• Messages:Once your messages are delivered, they are deleted from our servers except for the following scenarios where messages are retained in end-to-end encrypted form:
  1. Undelivered Messages:When a message is not promptly delivered, such as when the recipient is offline, we securely store it in encrypted form on our servers for a maximum of 30 days while attempting delivery. If a message remains undelivered after this 30-day period, we proceed to remove it.
  2. Media Files Forwarding: Upon a user forwarding media within a message, we securely store that media in encrypted form on our servers for 30 days. This storage facilitates more efficient delivery of subsequent forwards. All media files are deleted from our server after 30 days.
  3. Reported Users: If you report any user, we collect last 5 messages sent by that user to you to validate the claim and take necessary action such as blocking the user permanently from Comera.

Your messages are stored on your device, giving you complete control. We strongly advise making regular backups of your messages to your private cloud storage, like Google Drive or iCloud. This ensures you can recover your messages when switching mobile devices or reinstalling Comera on your existing phone for any reason.

• Location Data:We capture your current location if you choose to share it with your connections through chat, but only with your explicit permission. We do not track your location in the background. Once captured, your location is encrypted along with other information before being shared with your contacts.
• Your Phonebook Contacts:Granting access to your phonebook contact list allows us to display which of your phonebook contacts are using Comera. For users who do not currently use our services, we handle this data in a way that prevents their identification by us.
• Permanent Contacts Feature:Within your Account settings, you have the option to designate your Comera contacts as "Permanent." This feature ensures that your Comera contacts remain easily accessible when you install Comera on a new device. To support this feature, we securely store these contacts in encrypted form on our servers until you choose to disable it from the same settings page.
• Last Seen & Online Status: You have the option to display or restrict your last seen and online status. It's important to note that if you choose to restrict your online status, you will also be unable to view the online status of others.
• Customer Support and Other Communications: When contacting us for customer support or engaging in other communications with us, you may provide information regarding your use of our Services. This includes messages, relevant details, and contact information like your email address. For example, you might email our customer support team at help@mycomera.com about any technical issue you encounter.

Information collected automatically:

Usage And Log Information: We collect log files, diagnostic, crash reports and performance logs for diagnostic and performance improvement purposes.

• Device And Connection Information: We collect information about your device and connection whenever you install, access, or use our Services. This includes details such as the hardware model, operating system, battery level, app version, browser information, mobile network, connection details (including phone number, mobile operator, or ISP), language, time zone, and IP address.
• Site Preferences and Cookies: We collect information about your preferences to make your use of the Platform more productive using cookies. Cookies are intended to make using our Platform easier by, among other things, saving your preferences for you. For details of how we use cookies for this purpose, please review Clause 9 of this Policy.

Comera Explore is a platform within the Comera app that provides access to a variety of services offered by third-party providers. These services are integrated into Comera through iframes and APIs integration, allowing for a seamless user experience.

Iframe Integrations: Certain services within Comera Explore are accessed via iframes. An iframe is an HTML element that allows for embedding another webpage within the Comera app. This means you can interact with the third-party service without leaving the Comera interface.

API Integrations: Some services are accessed through API (Application Programming Interface) integrations. APIs allow different software applications to communicate with each other, enabling Comera to offer additional functionalities from third-party providers within the app.

Data Collection and Use

When you use any third-party service within Comera Explore, you may be required to enter personal data specific to that service. This data is collected by the third-party service provider and is subject to their privacy policies. It is important to note that information is collected only when you go to Comera Explore and use the services. Otherwise, no information is transferred to these third-party providers. We encourage you to review the privacy policies of these third-party providers before using their services.

Payment Processing

For services requiring payments, Comera currently provides the third-party managed payment gateway. Your payment information will be processed securely in accordance with our privacy policy. Should there be any changes to the payment gateway, we will notify users promptly to ensure transparency and continued security of your payment data.

Should you have any questions or concerns related to the processing of your personal data within Comera explore, please send an email to our Data Protection Office – privacy@mycomera.com.

Information Provided by Others: We receive information about you from other users. For instance, when your contacts use our Services, they might share your phone number, name, and other details (such as information from their mobile address book), just as you may share theirs. They might also send you messages, add you to group chats, or call you. We require all users to have lawful rights to collect, use, and share your information before providing it to us.

User Reports: Just as you can report other users, they or third parties may also report your interactions and messages with them or others on our Services, for example, to report possible violations of our Terms or policies. When a report is made, we collect information on both the reporting user and the reported user along with the last 5 messages.

We use the information we collect (in accordance with your preferences and applicable laws) for the following purposes:

We do not sell, exchange, or give to any other person your Personal Data, whether public or private, for any reason whatsoever, without your consent, other than for the express purpose of providing our Services to you and the scenarios mentioned under INFORMATION SHARING section below.

We collect, process, and use Personal Data about you for the following purposes:

• Allowing you to use our services;
• Managing the user access;
• Notifying you about changes to our app;
• Detecting, preventing, and addressing technical issues;
• Communications about our services and our terms, policies, and other important updates;
• To respond to you when you contact us.
• To maintain back-ups of our databases and to keep the records in accordance with our internal policies and procedures and the applicable law;
• To establish, exercise or defend legal claims, whether in court proceedings or in an administrative or out-of-court procedure for the protection and assertion of our legal rights, your legal rights, and the legal rights of others;
• To comply with our obligations either required by law or by written agreements with third parties; and
• In order to: (i) protect our rights or property, or the security or integrity of our Services; (ii) enforce the terms of our Terms and Conditions or other applicable agreements or policies; (iii) verify your identity; (iv) investigate, detect, and prevent fraud, security breaches, and other potentially prohibited or illegal activities; (v) comply with any applicable law, regulation, or legal process.

As you interact through our Services, you share your information with us. We use and share this information to operate, provide, enhance, understand, personalize, support, and promote our Services.

Information You Share with Others

• You share your information through messages with those you choose to communicate with. When you share your phone number with others, they can also see your profile name, photo, "status" information and last seen details. You can adjust your Privacy settings to control what information is visible to other users.
• Users you communicate with can save or share your information, including your phone number and messages, with others both on and off our Services. You can use your Privacy settings and the “Block Contacts” feature in Comera to manage your contacts and control the information you share.
• When you or others use third-party services integrated with Comera, these services may receive information about what you share with them. For instance, if you use a data backup service connected to our app (such as iCloud or Google Account), that service will access information you provide, including your chat messages. Similarly, when you use Comera Explore and access services provided by third parties, these services will require certain data to process your requests. Please be aware that when using third-party services or other Meta Company Products, their own terms and privacy policies will apply.

Information We Share with Third parties

• Third-Party Service Providers: We collaborate with third-party service providers and our affiliate companies to help us operate, enhance, understand, personalize, support, and promote our Services. These third parties assist us with various functions, such as providing technical infrastructure, managing delivery systems, marketing our Services, conducting surveys and research, ensuring user safety and security, and supporting customer service. When we share information with these third parties and affiliates, we mandate that they handle your information according to our instructions and terms.

When We Disclose the Information

• When we are legally required to do so, to comply with applicable law, regulatory authorities such as “Telecommunications and Digital Government Regulatory Authority (TDRA)”, judicial bodies, law enforcement agencies, or other representatives for compliance with legal obligations to which we are subject or for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. Such information may be shared even without your prior consent.
• In connection with, or during negotiations of, any merger, sale of the Company’s assets, financing, acquisition of all or a portion of our business to another company, any dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, your Personal Data may also be transferred as a business asset forming part of our goodwill. If another company acquires us, our business, or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations held by us regarding your Personal Data, as described in this Policy.

• For the purpose of high availability, our hosting services are located in 2 different locations – (a) United Arab Emirates, and (b) Ireland. Your Personal Data may be stored in any of these 2 regions and transferred in compliance with the applicable regulations such as Personal Data Protection Law of the UAE (PDPL) and/or EU General Data Protection Regulations (GDPR).
• User’s data privacy and protection are of utmost importance to us, and we are committed to ensuring compliance with the relevant data protection laws based on their location, in the UAE or cross-border.
• Some of the international organizations and countries to which your Personal Data may be transferred do not benefit from an appropriate data protection regulatory framework. For such international organizations and countries, we shall transfer your Personal Data, only upon ensuring that a suitable degree of protection is afforded to it through the implementation of the necessary safeguards, such as an adequacy decision by the relevant authority, adequate binding corporate rules or through the inclusion of standard contractual clauses in our agreements with such organizations and countries. We may also transfer your personal data to recipients outside the UAE based on your express consent; or if such transfer is necessary for judicial processes; or if such transfer is necessary for entering into or performing a contract between the Company and you or between the Company and a third party for your interests, or if such transfer is necessary for an act relating to international judicial cooperation; or if the transfer is necessary for protection of public interest. We shall notify you with regards to the specific safeguard we shall adopt in transferring your Personal Data to such an international organization and/or country if you require such data.
• If you choose to proceed with a service that requires the involvement of a third-party service provider, then your Personal Data may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. For these providers, we recommend that you read their privacy policies, so you can understand the manner in which your Personal Data will be handled by these providers.
• If you are based in the European Economic Area (EEA), the processing of your personal data by our external third parties will involve the transfer of your data outside the EEA, as some of them are based outside that region.
• Whenever we transfer your personal data out of the country of your residence, we ensure a similar degree of protection is afforded to it by ensuring that such service providers give us a written undertaking that they will give personal data the same protection it has in the EEA and in this privacy policy.

Your Personal Data is retained until such time as it no longer than as required for the purposes it was collected for, for the purposes of using our services, and for meeting any legal, accounting, reporting, government, regulatory or law enforcement requirements.

All personal data collected as a part of this app and its services may be deleted upon verified request from Data Subjects or their authorized agents. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at: privacy@mycomera.com.

We use appropriate technical, organizational, and administrative security measures to protect any information we hold in our records from loss, misuse and unauthorized access, disclosure, alteration, and destruction. Since our App deals extensively with the exchange of information, we understand how vital it is to safeguard that information. For that, we have placed the best security protocols in the structure of the App, including end-to-end encryption for your messages. End-to-end encryption means that nobody, except the generator of the message and the intended receiver, will have access to your private conversations. The protocol also covers end-to-end encrypted one-on-one calls so that no unintended third party can eavesdrop.

All information you provide to us or collected automatically are stored on our secure servers. When we send you a One-Time Password (OTP), which is a temporary password that is valid only for a limited time, it is your responsibility to keep the OTP confidential. We ask you not to share this temporary OTP with anyone.

Once we have received your information, we will use reasonable procedures and security features to try to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.

Please note that no transmission over the internet or any method of electronic storage can be guaranteed to be absolutely 100% secure, however, our best endeavours will be made to secure data and the ability to access your Personal Data.

If you do receive any suspicious communication of any kind or request, do not provide your information and report it to us via application. Please also immediately notify us if you become aware of any unauthorized access to or use of your account by sending an email to help@mycomera.com.

As a Comera user, you are free to control, alter, delete, or manage your information, whenever you want. More details regarding your account information are provided below:

• Privacy Settings: Your information such as profile name, photo, online status, status message, recently viewed items, or phone number may be accessible to someone who uses our services. You can go to the Privacy settings to manage who can see, store, or share your personal information.
• Changing Your Mobile Phone Number: If you change your mobile phone number, you must update it using our in-app change number feature and transfer your account to your new mobile phone number.
• • Account Deletion: If you choose to delete your account, your messages will also be erased, including undelivered ones. We will also delete any other data that is not required by law for retention. Even the messages that remain undelivered will be erased from our systems within a period of 30 days. However, there might be laws that require us to keep certain basic information about our customers including contact, identity, etc. In such cases, we are bound to comply with laws and if we do so, we will keep the minimum possible data for the shortest possible time in a secure manner as prescribed by law.

You have certain rights in relation to the personal data we retain about you as described below.

Right to Access to Information

You have the right to request and obtain the following information: (a) The categories of Personal Data processed, (b) The purpose of the processing, (c) Automated decision making on your Personal Data, (d) Target sectors or enterprises with whom your Personal Data is shared, (e) Controls or standards relating to storage of your Personal Data, (f) Actions for rectification, restriction, or erasure of your Personal Data which have been taken upon your request, (g) Safeguards in case of cross border Personal Data transfer, (h) Actions to be taken in case of personal data breach where such breach affects you; and (i) Procedure to lodge a complaint with the UAE Data Office.

We may refuse your demand if request is excessively repeated, is in contravention of judicial proceeding or investigations, negatively impacts our endeavours to maintain information security, or relates to the privacy of a third party.

Right to Rectification

You have the right to rectify any inaccurate Personal Data about you and to complete any incomplete Personal Data about you.

Right to Erasure

You have the right to demand erasure of your Personal Data with us if: (a) the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, (b) you withdraw consent to consent-based processing, (c) you object to the processing of your Personal Data under the applicable law, (d) your Personal Data has been unlawfully processed, and € your Personal Data must be erased for compliance with legislation.

We may refuse your demand if your Personal Data is processed for compliance with a legal obligation, or establishment or exercise or defence of legal claims.

Right to Stop Processing

You have the right to object to our processing of your Personal Data and stop the processing of said Personal Data in the following cases: (a) if such processing was done for direct marketing purposes, (b) if such processing was done for statistical survey purposes, unless such processing is necessary for public interest, and (c) where such processing is in contravention of personal data protection controls as envisaged by the PDPL and mentioned under Clause 4 (Personal data protection principles).

Right to Restrict Processing

You have the right to restrict processing of your Personal Data if: (a) you contest the accuracy of the Personal Data, (b) processing is unlawful, (c) we no longer need the Personal Data for the purposes of our processing, but you require Personal Data for the establishment, exercise, or defence of legal claims, and (d) you have objected to processing, pending the verification of that objection, in which case we may continue to store your Personal Data, but we will only otherwise process it: (i) where aforementioned processing is restricted only to storage of said Personal Data; (ii) with your consent; (iii) for the establishment, exercise or defence of legal claims; (iv) for the protection of the rights of another natural or legal person; or (v) for reasons of important public interest.

Right to Personal Data portability

You have the right to Personal Data portability to the extent that: (a) the legal basis for our processing of your Personal Data is your consent or is a necessity to perform a contract to which you are party, or (b) such processing is carried out by automated means.

You have the right to receive your Personal Data from us in a structured, commonly used and machine- readable format. Where technically feasible, you may also request us to transmit your Personal Data directly to another entity.

Right to Object to Automated Decision Making

You have the right to object to automated decision making (if any) if it has legal or serious consequences that affect you. Such requests may be refused by us if such automated processing is performed in accordance with any contract between you and us, is necessary for compliance with other legislation, or you have specifically provided consent for such practices.

Right to Lodge a Complaint With the Supervisory Authority

In the UAE, you have the right to lodge a complaint with the UAE Data Office (if you have UAE domicile or place of business) or the Consumer Protection Department at CBUAE.

We aim to respond to all legitimate requests without undue delay and within 1 calendar month of receipt of any request from you. Occasionally it may take us longer than 1 calendar month, if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).

If you wish to exercise any of the rights mentioned under Clause 17 (Your rights in relation to your Personal Data), please contact us at privacy@mycomera.com. We may need to request specific information from you to help us confirm your identity and ensure your entitlement to such rights. This security measure is to ensure that your Personal Data is not disclosed to any person who has no right to receive it.

While our application is not focused on any specific age group, we do not knowingly attempt to solicit or receive information from children. Parents are advised to monitor the online activity of their children. If they suspect that a child has created an account without their knowledge, they can request us to delete it by sending an email to our data privacy office at privacy@mycomera.com.

From time to time, we may revise, amend, or supplement this Policy to reflect necessary changes in law, our Personal Data collection and usage practices, the features of our offerings, or advances in technology. If any material changes are made to this Policy, the changes may be prominently posted on our application. However, the onus is also on you to occasionally familiarize yourself with the contents of this Policy, for your own information. Changes to this Policy are effective when they are published in our application.

If you have questions, concerns or complaints, please contact us at:

Company Name: COMERA TECHNOLOGIES L.L.C

Address: Masdar City, Abu Dhabi, United Arab Emirates, P.O. Box: 130666

Email: privacy@mycomera.com