Abstract Class Consulting Inc. ("we", "our", "us") operates the ta8er platform, including the ta8er mobile application and website at ta8er.com (collectively, the "Service"). We are committed to protecting your privacy and handling your personal data in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

The data controller for the purposes of the GDPR and other applicable data protection laws is:

We process your personal data under the following legal bases:

• Consent — when you create an account and agree to our terms
• Contract performance — to provide the Service you signed up for
• Legitimate interest — to improve the Service and ensure security

• Email address — provided during sign-in via hello.coop (our authentication provider)
• Display name and profile photo — from your OAuth provider (Google, Apple)
• Activity data — artists you follow, content you download or share, bump history
• Device information — device type and OS version for app compatibility

We do not collect or process any special categories of personal data (e.g., health data, biometric data, political opinions).

We use hello.coop as our authentication provider. We do not store your password. Authentication is handled entirely through your chosen OAuth provider (Google or Apple).

We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not use third-party analytics, advertising, or tracking services. The only third-party services that process your data are:

• hello.coop — authentication (processes email and OAuth tokens)
• Supabase — database hosting (stores account and activity data, hosted in the US)

Your data is stored on servers located in the United States. If you are accessing the Service from the European Economic Area (EEA), your data is transferred to the US under standard contractual clauses approved by the European Commission.

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Aggregated, anonymized data may be retained for service improvement.

Regardless of where you are located, you have the following rights over your personal data:

• Right of access — request a copy of your personal data
• Right to rectification — correct inaccurate personal data
• Right to erasure ("right to be forgotten") — request deletion of your personal data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to restrict processing — limit how we use your data
• Right to object — object to processing of your personal data
• Right to withdraw consent — withdraw your consent at any time without affecting the lawfulness of prior processing

For EU/EEA residents (GDPR): You also have the right to lodge a complaint with your local supervisory authority.

For California residents (CCPA): You have the right to know what personal information is collected, request its deletion, and opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at privacy@ta8er.com. We will respond within 30 days.

ta8er does not use AI or automated systems to make decisions that produce legal or similarly significant effects on users. For details on our approach to AI, see our Safe AI Policy.

We implement industry-standard security measures to protect your data, including encryption in transit (TLS 1.3) and at rest (AES-256). We conduct regular security reviews and follow the principle of least privilege for data access. However, no method of electronic storage is 100% secure.

The Service is not intended for children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide notice through the Service or via email.

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: