This Privacy Statement highlights how we use the data collected through our website and associated online services.

This Privacy Statement explains what data Commiss.io collects about you, why, and what we do with that data.It also explains the choices available to you regarding our use of your personal data, as well as how you can access and update it.We respect your privacy and believe strongly in providing a safe and secure environment for our users.. If you have any questions,you can contact us at any time.

Quick versions,

Summaries are here for your convenience, but you should still read the full statement.

This Privacy Statement applies to the Commiss.io services, including the website, any associated web services, and any nativeapplications we may offer in the future. By registering or using Commiss.io services, you consent to the collection policies outlined in thisPrivacy Statement.

As the online landscape changes, we may need to make changes to this Privacy Statement. Any changes will be indicated by anupdate to the effective date listed above. If we make material changes to this statement, we will provide additional notice. This can includesending you an email notification and/or a notification banner on our homepage dashboards and login screens. You should regularly review thisstatement to ensure you understand our practices.

If at any point you no longer wish to consent to this Privacy Statement, or you do not consent to material changes upon notice, you must notifyus and take steps to deactivate your account(s) as outlined below. You can also exercise your rights under the EU General Data Protection Regulation as outlined below.

IN SHORT,

This statement applies to our website and other services. We will notify you if we make substantial changes. You need to deactivate your accountif you no longer agree with this statement.

We collect certain types of personal data in order to provide you with the use of Commiss.io services, and to help us personalize and improveyour experience.

Account / Profile Data:We collect data about you when you register for an account, create/modify your profile, make purchases, access, or interact with the Commiss.ioservices. Data we collect includes:

• Contact data such as name, email address, and phone number
• Profile data such as username, profile photo, and biography
• Preferences data such as site settings, marketing preferences, and notification preferences
• Billing data such as credit card details and billing address

For creators, additional data may be collected, including:

• Payment data such as bank account, Venmo account, or Paypal account
• Additional contact data for support and identity verification
• For creators earning over a certain threshold, tax data such as social security number

In general, you provide this data directly to Commiss.io. In the case of billing data and credit card data, this data is provideddirectly to our payment processor and kept secure. In the case of creator data, this data is immediately encrypted and sent to our payment processorto be kept secure. See "Security" below for more data.

Listings, Projects, and other content:We collect and store content that you create, input, submit, post, upload, transmit, store, or display in the process of using our website. Such contentmay include listings, projects, sample images, final assets, as well as the content of your project comments. This also includes any other sensitive or personaldata you include, but were not asked for by Commiss.io.

Other submissions:We also collect other data that you submit to our websites or as you participate in interactive features of the Commiss.io services. This can include participatingin a survey, contest, promotion, activity or event, as well as requesting customer support. This Privacy Statement also applies to any interactions with us viathird party social media sites.

IN SHORT,

Through your ordinary use of the site, you'll probably provide us with some data. This includes the types of personal data to the left. We'll keep it safeas outlined in this document.

Creators need to provide us more data so we can verify their identity and get them paid.

Log Files:As is true with most websites and services delivered over the web, we collect certain data and store it in log files when you interact with the Commiss.io services.This data can include IP addresses, browser data, internet access provider, URLs of referring/exit pages, operating system, date/time stamp, device ID, mobilecarrier, and similar data. Some URLs may include data such as username, page titles, and other view data. In general, we attempt to strip out personaldata before use. Any non-anonymized use is treated in accordance with this privacy statement.

Analytics:We use Google Analytics, which automatically helps us collect anonymous usage data in order to help us improve our products and services. This service collectsdata in a way similar to our automatic logging. As above, we attempt to remove any personal data whenever possible from this data.

Authentication and Fraud Detection:In order to help protect you from fraud, we may collect data about you and your interactions with our services. This is done through our paymentsprovider in order to help identify potentially fraudulent activity.

IN SHORT,

We automatically collect anonymous data related to the usage of the site. This helps us track engagement, errors, and make improvements to the site. We try to scrubany personal data we incidentally collect here.

Our primary purpose in collecting personal data is to provide you with a secure, efficient, and customized experience when buying or selling custom artwork.As such, we may use your personal data to:

• Provide, operate, maintain, improve, and promote Commiss.io services
• Enable you to access and use our services
• Process transactions through our payment provider and send notices about your transactions
• Send transactional messages, such as sending replies to customer support messages, notifying you of activity on your projects, and updating you on important changes to our services
• Send promotional communications such as providing data about promotions, service improvements, newsletters, contests, and other updates. You can opt out of receiving thesecommunications as outlined later under "Your Choices"
• Monitor and analyze trends, usage, and activities in connection with our services and for marketing purposes
• Verify your identity with our payment processor and partners when you start selling on our platform
• Investigate and prevent fraudulent transactions, unauthorized access, and activities that are illegal or violate our Terms of Use, Client Agreement, or Creator Agreement
• Personalize our services, such as providing content and features that match your interests and preferences
• Enable you to share and promote content you submit through the site, including promoting your creator account
• For other purposes with your consent.

As outlined above, personal data appearing in our analytics or web logs will not be used for any purpose.

Aggregate analytics data:We may use aggregate data, including log and configuration data, to understand how our services are being used. We may generate usage data from web logs, analytics logs, andother content provided to us. Any use of data for this purpose will be anonymized prior.

IN SHORT,

We may use your personal data internally for a variety of purposes. Often this relates to providing better services, and sending you notices when you need them.

We also take steps to verify identities to help prevent fraud, impersonation, and misappropriation.

When you access our services, we (including our partners) may place small data files on your computer or other device. These may be in the form of cookies, pixel tags, e-tags,or HTML5 local storage. We use these technologies to recognize you, keep you logged in to your account, customize our services, measure performance, mitigate risk and prevent fraud,and to promote trust and safety across our services.

Your browser may include the option to disable cookies or other tracking technologies. You are permitted to do so, but doing so may interfere with your ability to use our servicesproperly.

Do Not Track:Do Not Track is an optional browser setting that allows you to express preferences regarding third-party tracking. We do not currently respond to browser "do not track" signals.We are currently monitoring developments with this technology and may respond to these signals in the future.

Advertising:We may elect to partner with advertisers who use online behavioral advertising ("OBA"). Companies who are members of the Network Advertising Initiative, or who subscribe to theDigital Advertising Alliance's Self-Regulatory Principles for Online Behavioral Advertising may allow you to opt-out of personalized advertisements. For more data, includingopt-out tools, please visit: http://www.aboutads.info/ and http://www.networkadvertising.org/choices/.If you are within the European Union, please visit http://www.youronlinechoices.eu/.

IN SHORT,

We use tracking technologies in order to provide a personalized experience and log you into your account. Our partners use them to help us provide our services, and in some cases to provideadvertising.

You can opt-out of online behavioral advertising at the links provided to the left.

We do not share or disclose any of your Personal Data or submitted content with third parties except as described in this statement. We do not sell your data.

We may share your data under the following circumstances:

Other Commiss.io Users:We may share certain data with other Commiss.io users. This includes data you make publicly accessible, such as your username, profile image, and listings.We may also share data with Commiss.io users you have agreed to interact with, such as when you engage in a project. This may include project assets, comments,and the amount currently paid toward a project. At no point do we reveal payment data to the other party without your explicit consent or we are legally required todo so, such as to comply with a subpoena or payment processor rules.

IN SHORT,

We share some data with other users, like things you publish publicly, or when you and the other user are engaged in a project together.

Third Parties:We may share your personal data with third parties in limited circumstances. This includes:

• Service Providers:We work with third party service providers to provide hosting, maintenance, back-up, storage, payment processing, analytics, and other services for us. We may providethese service providers with your personal data for the purposes of providing those services for us. These providers are authorized to use this dataonly for the purpose of providing us with these services. Some of our pages, such as support pages, may use white-labeling techniques to serve content from our serviceproviders while maintaining the look and feel of our site. You are providing your data to these third parties acting on our behalf.
• Fraud prevention and risk management:We may share data with firms that help detect and mitigate the risk of fraudulent activities. This is done through our payment processors, and is only for the purposeof protecting our users and services.
• Social media widgets:Our services may contain social media features, such as the Twitter "tweet" button. These features may collect your IP address, which page you are visiting, and may set a cookieto enable the feature to function properly. These widgets are hosted by a third party. Your interactions with these services are governed by the privacy policy of the companyproviding it.
• Compliance with laws, law enforcement requests, and protecting our rights:We may disclose your personal data to a third party if we believe it is necessary pursuant to a subpoena, court order, or other legal process or requirement, when we needto do so to comply with any applicable law, regulation, or credit card rules; or when we believe, in our discretion, that the disclosure is necessary to prevent physical harm,financial loss, to report suspected illegal activity, or to investigate suspected violations of our Terms of Service, Client Agreement, or Creator Agreement.
• Business Transfers:We may share or transfer your personal data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portionof our business to another company. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal data, as wellas any choices you may have.
• Anonymized and aggregated data:We may share aggregated or anonymized data that does not identify you with the parties described above.
• With your consent:We will share your personal data with other third parties when we have your consent to do so.

We do not sharepersonal data about you with third parties for their marketing purposes without your permission.

IN SHORT,

We share your data with service providers, but they can only do as we ask. We also share data to help detect and prevent fraud, and when we are legally required to do so.We may also share your data in relation to a potential sale or acquisition of our company.

You can opt out of receiving promotional communications by using the unsubscribe link within each email or updating your email preferences on our website. You can also contact ususing the data listed at the end of this document. Though the opt-out is usually processed quickly, please allow up to 10 business days for removal.

Opting out of promotional communications does not opt you out of receiving transactional messages. You can opt out from some transactional messages in your settings, but many notificationsrelated to your account are required, such as support responses, payment invoices, or Terms of Service updates.

You may be able to opt-out of online behavioral advertising as outlined under the tracking technologies section of this document.

IN SHORT,

You can opt out of promotional emails, such as newsletters, but not transactional emails, such as invoices and receipts.

You can review and edit your personal data at any time by logging into your account and reviewing your account settings and profile. You can also contact us using the dataat the bottom of this document.

You can edit and remove public content using the editing tools associated with that content. In general, you cannot remove posts or content made on current or previous projects.You can contact us to remove personal data from projects and comments. We will let you know if we cannot comply with that request, and why.

You can deactivate your account by contacting us. If you deactivate your account, we will mark it as such and remove publicly facing data,however some data related to previous projects may be retained, and remain available to the other party on your prior projects. This may include personal data associatedwith content you submitted, such as your display name or a signature on a submitted asset.

We will retain your account data as long as your account is active, or as reasonably useful for commercial purposes, or as necessary to comply with legal obligations, resolvedisputes, and enforce our agreements.

IN SHORT,

You can edit your personal data in your settings. You can also edit public data through the editing tools associated with that content. We can usually remove personal datafrom projects and project comment.

You can deactivate your account in your settings, but project content will be retained for the benefit of the other party. We may need to retain some account data under certain circumstances.

We may host data with hosting providers in numerous countries. In general, most of our hosting takes place in the United States. The servers on which personal data is stored are kept in asecure environment. We take reasonable efforts to guard your personal data, including data encryption, firewalls, and data access authorization controls. However, nosecurity is impermeable. We cannot guarantee that all data will be absolutely safe from intrusion by others. In addition, if you provide personal data through comments, descriptions,or outside of situations where you are directly asked, we cannot guarantee that we will be able to meet all obligations you may have related to that data.

All data transmitted to and from our websites and services are encrypted using the industry standard SSL/TLS (https).

To safeguard payment data, and payee data, we transmit this directly to our payment processor. This data is encrypted in transit and not stored on our servers at any point.This data includes payment data (credit card numbers, billing addresses, etc.) as well as creator data (address, bank account data, etc.). Our payment providers holdworld-class security certifications. You can view their security statement:Stripe Security.

IN SHORT,

We take industry standard steps to ensure your personal data is secure. We require secure connections with our services. Access to personal data is restricted amongst our staff.

Payment data, including credit card numbers and creator data, are not stored on our servers. We store this data directly with our payment processors for safety.

If you have any questions or concerns regarding this privacy statement, please contact us at:privacyobf@commiss.uscateio

You can also send us postal mail:

IN SHORT,

Contact us if you have any questions, we love to hear from you!

You can also send us a letter, but it might take us longer to respond.