1. INTRODUCTION

This Privacy Policy describes how Blue Orange Labs, Inc., a Delaware corporation headquartered in California ("Blue Orange Labs," "we," "us," or "our"), collects, uses, stores, and protects personal information when you use our AI-powered applications and services. We operate three distinct AI-based applications: Contract Guard AI (contract review and risk assessment), Better Will AI (automated will creation with state-specific legal compliance), and Event PixHive (event photo and video aggregation platform).

We are committed to protecting your privacy and being transparent about our data practices. This Privacy Policy applies to all personal information collected through our websites, applications, and services (collectively, the "Services").

Blue Orange Labs, Inc.

California, United States

Email: privacy@blueorangelabs.com

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us when using our Services, including:

• Account information: Name, email address, phone number, billing address

• Payment information: Credit card details and billing information (processed through Stripe)

• Support communications: Information you provide when contacting customer support

• Feedback and surveys: Responses to surveys, feedback forms, and user research

2.2 Application-Specific Data Collection

Contract Guard AI:

• Uploaded contracts and legal documents (may contain confidential business information)

• Generated risk assessments and analysis results

• Negotiation recommendations and contract review outputs

• Document metadata and usage analytics

Better Will AI:

• Estate planning details including assets, beneficiaries, and family information

• Personal identification information required for legal document creation

• State-specific legal requirement responses

• Responses to legal questionnaires and forms

• Generated wills and estate planning documents

Event PixHive:

• User-generated media content (photos and videos)

• Metadata associated with media files (timestamps, location data if provided)

• Event organization data and contributor information

• User-uploaded content from multiple contributors per event

2.3 Automatically Collected Information

• Device information: IP address, browser type, operating system, device identifiers

• Usage information: Pages visited, features used, time spent on Services

• Log data: Access times, error logs, performance metrics

• Cookies and tracking technologies: As described in Section 7

2.4 Information from Third Parties

• Payment processing information from Stripe (limited to transaction-necessary data)

• Cloud storage and infrastructure data from our service providers

• AI processing results from third-party API services

3. HOW WE USE YOUR INFORMATION

3.1 General Use Purposes

We use your personal information for the following purposes:

• Provide, maintain, and improve our Services

• Process payments and manage subscriptions

• Respond to your inquiries and provide customer support

• Send important notices about your account or changes to our policies

• Detect, prevent, and address fraud, security issues, and violations of our terms

• Comply with legal obligations and enforce our agreements

3.2 AI Processing and Analysis

We use AI technology to:

• Analyze contracts and generate risk assessments (Contract Guard AI)

• Create state-compliant wills and estate planning documents (Better Will AI)

• Process and organize event media content (Event PixHive)

• Improve our AI models and service quality (with opt-out options available)

3.3 Marketing Communications

With your consent, we may use your information to send promotional emails about our Services. You can opt out at any time using the unsubscribe link in our emails or by contacting us.

4. INFORMATION SHARING AND DISCLOSURE

4.1 Third-Party Service Providers

We share personal information with trusted third-party service providers who assist us in operating our Services. All third-party processors are contractually bound by appropriate data protection agreements and security requirements:

Stripe (Payment Processing):

• Data shared: Payment card details, billing address, transaction amounts

• Purpose: Process payments and manage subscriptions

• Privacy policy: https://stripe.com/privacy

• Security: PCI DSS compliant

• Limitation: Stripe acts as an independent data processor and we disclaim liability for their processing activities

Cloud Storage Providers:

• Data shared: Encrypted user data necessary for service delivery

• Purpose: Data hosting, storage, and backup services

• Access: Limited to encrypted data; geographic location [specify data center locations]

• Security: Enterprise-grade encryption and access controls

• Limitation: We maintain contracts with providers but disclaim liability for their security practices beyond our contractual requirements

AI API Services:

• Data shared: Processing-necessary information only (contract text, will-related data, media files)

• Purpose: Contract analysis, will generation, content processing

• Data retention: [Specify AI provider data retention policies]

• Training data: User data is NOT used for AI model training unless explicitly opted in

• Disclaimer: AI service providers operate independently and we disclaim responsibility for their data handling beyond our contractual requirements

4.1.1 Subprocessor Changes

We reserve the right to add or change subprocessors with appropriate notice. Continued use of our Services after notice constitutes consent to such changes. We maintain an updated list of subprocessors available upon request.

4.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, including:

• Compliance with subpoenas, court orders, or other legal obligations

• Protection of our rights, property, and safety

• Investigation of suspected fraud or violations of our terms

4.3 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your information may be transferred to the acquiring entity.

5. DATA RETENTION

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy:

• Account information: Retained while your account is active and for a reasonable period thereafter

• Contract Guard AI data: [Specify retention period]

• Better Will AI data: [Specify retention period] - retained longer due to legal document nature

• Event PixHive data: [Specify retention period]

• Financial records: Retained as required by law

• Legal and compliance records: Retained as required by applicable law

You may request deletion of your personal information subject to legal retention requirements.

6. DATA SECURITY

We implement comprehensive technical, administrative, and physical security measures to protect your personal information:

• Encryption: All data is encrypted in transit and at rest

• Access controls: Role-based access with multi-factor authentication

• Network security: Firewalls, intrusion detection, and monitoring

• Employee training: Regular security training and confidentiality agreements

• Third-party audits: Regular security assessments and compliance reviews

Despite our security measures, no system is completely secure. If you become aware of any security vulnerability, please contact us immediately.

7. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to enhance your experience:

• Essential cookies: Required for basic website functionality

• Analytics cookies: Help us understand how you use our Services

• Preference cookies: Remember your settings and preferences

You can control cookies through your browser settings, though disabling certain cookies may affect functionality.

8. YOUR PRIVACY RIGHTS

8.1 General Rights

You have the following rights regarding your personal information:

• Access: Request copies of your personal information

• Correction: Request correction of inaccurate information

• Deletion: Request deletion of your personal information

• Portability: Request your data in a machine-readable format

• Objection: Object to processing based on legitimate interests

8.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know: Detailed information about personal information collection and use

• Right to delete: Request deletion of personal information

• Right to correct: Request correction of inaccurate information

• Right to opt-out: Opt out of the sale/sharing of personal information

• Right to limit: Limit use of sensitive personal information

• Non-discrimination: No discrimination for exercising privacy rights

We do not sell personal information and have not sold personal information in the past 12 months.

8.3 Other State Privacy Rights

Residents of other states with comprehensive privacy laws (Virginia, Colorado, Connecticut, etc.) may have similar rights. Contact us to exercise your rights.

8.4 Exercising Your Rights

To exercise your privacy rights:

• Email: privacy@blueorangelabs.com

We will verify your identity before processing requests and respond within the timeframe required by applicable law.

9. CHILDREN'S PRIVACY

Our Services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected information from a child under 13, we will delete it promptly.

10. INTERNATIONAL DATA TRANSFERS

Our Services are based in the United States. If you access our Services from outside the United States, your information may be transferred to and processed in the United States, which may have different privacy laws than your jurisdiction.

11. STATE-SPECIFIC PROVISIONS

11.1 Multi-State Compliance

Our Services operate across all 50 US states. We comply with applicable state privacy laws and regulations, including but not limited to:

• California Consumer Privacy Act (CCPA/CPRA)

• Virginia Consumer Data Protection Act (VCDPA)

• Colorado Privacy Act (CPA)

• Connecticut Data Privacy Act (CTDPA)

11.2 Better Will AI State Compliance

Better Will AI creates legal documents that must comply with state-specific probate and estate planning laws. Users are responsible for ensuring their estate planning documents comply with their state's legal requirements and should consult with a licensed attorney in their state.

12. AI-SPECIFIC PRIVACY CONSIDERATIONS

12.1 AI Model Training

• By default, your data is NOT used to train AI models

• You may opt in to contribute anonymized data for model improvement

• You can opt out at any time through your account settings

• AI training uses only anonymized, aggregated data with all personal identifiers removed

12.2 AI Output Accuracy and Liability

• AI-generated outputs may contain errors or inaccuracies

• Users should review all AI-generated content

• We disclaim liability for AI-generated content accuracy

• AI outputs are provided "as is" without warranties of any kind

12.3 Third-Party AI Services Disclaimer

We use third-party AI services to provide certain functionalities. We disclaim liability for:

• Third-party AI service performance or availability

• Data processing by third-party AI providers beyond our contractual controls

• AI model bias or discrimination in third-party services

• Intellectual property claims related to AI-generated content

12.4 Data Processing Transparency

For transparency regarding AI processing:

• Contract analysis uses automated risk assessment algorithms

• Will generation uses state-specific legal templates and AI customization

• Event media processing uses computer vision and metadata extraction

• All processing is conducted in secure, controlled environments

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Email notification to your registered email address

• Prominent notice on our website

• In-app notifications

Continued use of our Services after changes become effective constitutes acceptance of the updated policy.

14. DATA BREACH NOTIFICATION

In the event of a data breach that may affect your personal information, we will:

• Notify affected users without unreasonable delay

• Comply with applicable state breach notification laws

• Provide information about the breach and steps taken to address it

15. CONTACT INFORMATION

For privacy-related questions or concerns:

Blue Orange Labs, Inc.

Email: privacy@blueorangelabs.com

16. LIMITATION OF LIABILITY FOR DATA PROCESSING

TO THE MAXIMUM EXTENT PERMITTED BY LAW, BLUE ORANGE LABS SHALL NOT BE LIABLE FOR:

• Third-party data breaches or security incidents outside our direct control

• Data processing errors by third-party service providers

• Loss or corruption of data due to internet transmission failures

• Consequences of user-provided inaccurate or incomplete data

• Decisions made by users based on AI-generated outputs or data analysis

• Economic losses resulting from data processing delays or interruptions

17. REGULATORY AND COMPLIANCE DISCLAIMERS

17.1 Financial Services Disclaimer

Our Services are not subject to financial services regulations. Users in regulated industries are responsible for ensuring compliance with applicable regulations including but not limited to:

• Gramm-Leach-Bliley Act (GLBA)

• Sarbanes-Oxley Act (SOX)

• Financial Industry Regulatory Authority (FINRA) requirements

17.2 Healthcare Data Disclaimer

Our Services are not HIPAA-compliant and should not be used to process protected health information (PHI). Users are responsible for ensuring compliance with healthcare privacy regulations.

17.3 Legal Services Disclaimer

We are not a law firm and do not provide legal services. Our AI tools do not replace professional legal counsel or create attorney-client relationships.

18. CROSS-BORDER DATA TRANSFER ADDITIONAL PROTECTIONS

When personal information is transferred internationally, we implement additional safeguards including:

• Standard Contractual Clauses (SCCs) where applicable

• Adequacy decisions recognition where available

• Additional security measures for international transfers

• Regular assessments of international data protection frameworks

19. DATA SUBJECT COMPLAINT PROCEDURES

If you believe we have not properly handled your personal information:

• Contact our Privacy Officer first: privacy@blueorangelabs.com

• If unsatisfied, contact relevant state authorities

• Maintain records of your complaint for regulatory purposes

• We will investigate and respond to complaints within legally required timeframes

20. EFFECTIVE DATE AND VERSION CONTROL

This Privacy Policy was last updated on 11/12/2025 and is effective as of 11/12/2025.

Version: 1.0

Previous versions are available upon request.