Effective as of October 01, 2020.

Last updated October 01, 2020.

This Privacy Policy describes the privacy practices of Gradient in connection with the

Gradient mobile application (the “App”) and Gradient.photo website (the “Site”).

Welcome to Gradient’s Privacy Policy!

If you decide not to read this entire Privacy Policy, we want you to walk away with a

few key points about Gradient’s privacy practices:

• The App is a photo and video editor that allows users to edit portraits based on

neural network technology that automatically generates highly realistic facial

transformations.

• We use third-party cloud providers – specifically, Google Cloud Platform and

Amazon Web Services – to process and edit photographs.

• The App only uploads to the cloud the photographs that you specifically select

for editing.

• Photographs are temporarily cached on the cloud servers during the editing

process, and encrypted using a key stored locally on your mobile device.

• Photographs remain in the cloud for a limited period of 24-48 hours after you

have last edited the photograph, so that you can return to the image and make

additional changes if you so choose.

• We do not use the photographs you provide when you use the App for any

reason other than to provide you with the portrait editing functionality of the

App.

• Videos are edited locally on your device, so you don’t provide us with videos

when you use the App, and we don’t collect, use and share your video

information.

If you have any questions about our privacy practices, please

email privacy@gradient.photo.

Here’s more on our privacy practices. Individuals located in the European Economic

Area should also read our Notice to European Users below.

Personal Information We Collect

When you use the App, we may collect information about you, including:

• Photographs you provide when you use the App, via your camera or camera

roll (if you have granted us permission to access your camera or camera roll),

the in-App internet search functionality, or your social media account (if you

choose to connect your social media account). We obtain only the specific

images you chose to modify using the App; we do not collect your photo albums

even if you grant us your access to them. We encrypt each photograph that you

upload using the App. The encryption key is stored locally on your device. This

means that the only device that can view the photo is the device from which the

photograph was uploaded using the App – the user’s device. Please note that

while we do not require or request any metadata attached to the photographs

you upload, metadata (including, for example, geotags) may be associated with

your photographs by default. We take steps to delete any metadata that may be

associated with a photograph you provide when you use the App.

• App usage information, such as information about how you use the App and

interact with us, including your preferred language, the date and time when you

first installed the App and the date and time you last used the App.

• Purchase history, if you choose to purchase an App subscription, such as

confirmation that you are a paid subscriber to the App.

• Social media information, if you choose to login to the App via a third-party

platform or social media network (for example, Facebook), or otherwise connect

your account on the third-party platform or network to the App. We may collect

information from that platform or network, such as your social media alias, first

and last name, number of “friends” on the social media platform and, if

depending on your Facebook or other network settings, a list of your friends or

connections (though we do not use or store this information). Our collection and

processing of the information we obtain from social media platforms is governed

by the requirements these social media platforms impose on us in their relevant

terms and conditions.

• Device data, such as your computer and mobile device operating system type

and version number, manufacturer and model, device ID, push tokens, Google

Advertising ID, Apple ID for Advertising, browser type, screen resolution, IP

address (and the associated country in which you are located), the website you

visited before visiting our Site; and other information about the device you are

using to visit the App.

• Online activity data, such as information about your use of and actions on the

App and the Sites, including pages or screens you viewed, how long you spent

on a page or screen, navigation paths between pages or screens, information

about your activity on a page or screen, access times, and length of access. Our

service providers and certain third parties (e.g., online advertising networks and

their clients) also may collect this type of information over time and across third-

party websites and mobile applications. This information may be collected on

our Site using cookies, browser web storage (also known as locally stored

objects, or “LSOs”), web beacons, and similar technologies. We may collect this

information directly or through our use of third-party software development kits

(“SDKs”). SDKs may enable third parties to collect information directly from our

App.

How We Use Your Personal Information

We do not use the photographs you provide when you use the App for any reason

other than to provide you with the editing functionality of the App. We may use

information other than photographs for the following purposes:

To operate and improve the App:

• Enable you to use the App’s features;

• Establish and maintain your account, if you choose to login to the App using

your social media account;

• Communicate with you about the App, including by sending you

announcements, updates, and security alerts, which we may send through a

push notification, and responding to your requests, questions and feedback;

• Provide technical support and maintenance for the App; and

• Perform statistical analysis about use of the App (including throught the use

of Google Analytics).

To send you marketing and promotional communications. We may send you

marketing communications as permitted by law. You will have the ability to opt-out of

our marketing and promotional communications as described in the Opt-out of

marketing section below.

To display advertisements to you. If you use the free version of the App, we work

with advertising partners to display advertisements within the App. These

advertisements are delivered by our advertising partners and may be targeted based

on your use of the App or your activity elsewhere online. To learn more about your

choices in connection with advertisements, please see the section below titled

“Targeted online advertising.”

For compliance, fraud prevention, and safety. We may use your personal

information and disclose it to law enforcement, government authorities, and private

parties as we believe necessary or Appropriate to: (a) protect our, your or others’

rights, privacy, safety or property (including by making and defending legal claims); (b)

enforce the terms and conditions that govern the Service; and (c) protect, investigate

and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

With your consent. In some cases, we may specifically ask for your consent to collect,

use or share your personal information, such as when required by law.

To create anonymous, aggregated or de-identified data. We may create

anonymous, aggregated or de-identified data from your personal information and other

individuals whose personal information we collect. We make personal information into

anonymous, aggregated or de-identified data by removing information that makes the

data personally identifiable to you. We may use this anonymous, aggregated or de-

identified data and share it with third parties for our lawful business purposes.

How We Share Your Personal Information

We do not disclose user photographs or videos to third parties (with the exception of

uploading an encrypted image to our cloud providers Google Cloud Platform and

Amazon Web Services to provide the photo editing features of the App). We may share

your non-photograph and non-video information in the following circumstances:

Affiliates. We may share App usage information with our subsidiaries and affiliates, for

purposes consistent with this Privacy Policy.

Service providers. We may share your personal information with services providers

that perform services on our behalf or help us operate the App (such as customer

support, hosting, analytics, email delivery, marketing, and database management

services). These third parties may use your personal information only as directed or

authorized by us and in a manner consistent with this Privacy Policy, and are

prohibited from using or disclosing your information for any other purpose.

Advertising partners. When we use third-party cookies and other tracking tools, our

advertising partners may collect information from your device to help us analyze use of

the Site and the App, display advertisements on the App and advertise the Site and

App (and related content) elsewhere online.

Third-party platforms and social media networks. If you have enabled features or

functionality that connect the App to a third-party platform or social media network

(such as by logging into Gradient using your account with the third-party, providing

your API key or similar access token for the App to a third-party, or otherwise linking

your account with the App to a third-party’s services), we may disclose the personal

information that you authorized us to share (such as when you elect to upload a

photograph or video to your social media account). We do not control the third-party

platforms’ use of your personal information, which is governed by that third party’s

Professional advisors. We may disclose your personal information to professional

advisors, such as lawyers, bankers, auditors and insurers, where necessary in the

course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal

information for the compliance, fraud prevention and safety purposes described above.

Business transfers. We may sell, transfer or otherwise share some or all of our

business or assets, including your personal information, in connection with a business

transaction (or potential business transaction) such as a corporate divestiture, merger,

consolidation, acquisition, reorganization or sale of assets, or in the event of

bankruptcy or dissolution.

Compliance with Law

We may be required to use and share your personal information to comply with

applicable laws, lawful requests, and legal process, such as to respond to subpoenas

or requests from government authorities.

Your Choices

In this section, we describe the rights and choices available to all users. Users who are

located within European can find additional information about their rights below.

Opt out of marketing communications and other push notifications. You may opt

out of marketing-related communications and other notifications we may send you via

push notification by changing the settings on your mobile device.

Device permissions. You may revoke any permissions you previously granted to us,

such as permission to access your camera, camera roll, or microphone through the

settings on your mobile device.

Cloud processing. You may request that we remove your information, including

photographs, from the cloud before the 24-48 hour period after which Google Cloud

Platform or Amazon Web Services automatically deletes the information by clicking the

“Request cloud data removal” button in the “Support” section of the App Settings on

your mobile device.

Cookies & Browser Web Storage. Most browsers let you remove or reject cookies.

To do this, follow the instructions in your browser settings. Many browsers accept

cookies by default until you change your settings. Please note that if you set your

browser to disable cookies, the Site may not work properly. Similarly, your browser

settings may allow you to clear your browser web storage.

Targeted online advertising. Some of the business partners that collect information

about users’ activities on or through the Site or App may be members of organizations

or programs that provide choices to individuals regarding the use of their browsing

behavior or mobile application usage for purposes of targeted advertising.

Site users may opt out of receiving targeted advertising on websites through members

of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance

by clicking here. App users may opt out of receiving targeted advertising in mobile

apps through participating members of the Digital Advertising Alliance by installing the

AppChoices mobile app, available here, and selecting the user’s choices. Please note

that we also may work with companies that offer their own opt-out mechanisms and

may not participate in the opt-out mechanisms that we linked above.

In addition, your mobile device settings may provide functionality to limit our, or our

partners’, ability to engage in ad tracking or targeted advertising using the Google

Advertising ID or Apple ID for Advertising associated with your mobile device.

If you choose to opt-out of targeted advertisements, you will still see advertisements

online but they may not be relevant to you. Even if you do choose to opt out, not all

companies that serve online behavioral advertising are included in this list, so you may

still receive some cookies and tailored advertisements from companies that are not

listed.

Choosing not to share your personal information. Where we are required by law to

collect your personal information, or where we need your personal information in order

to provide the App to you, if you do not provide this information when requested (or

you later ask to delete it), we may not be able to provide you with our services. We will

tell you what information you must provide to use the App by designating it as required

at the time of collection or through other appropriate means.

Third-party platforms or social media networks. If you choose to connect to the

App via a third-party platform or social media network, such as by using Facebook

third-party at the time you login to the App using the third-party’s authentication

service or otherwise connect your account. Subsequently, you may be able to control

your settings through the third-party’s platform or service. For example, you may

access and change your settings through the Facebook settings page for Apps and

Websites. If you withdraw our ability to access certain information from a third-party

platform or social media network, that choice will not apply to information that we have

already received from that third party.

Other Sites, Mobile Applications and Services

The App may contain links to other websites, mobile applications, and other online

services operated by third parties. These links are not an endorsement of, or

representation that we are affiliated with, any third party. In addition, our content may

be included on web pages or in mobile applications or online services that are not

associated with us. We do not control third party websites, mobile applications or

online services, and we are not responsible for their actions. Other websites, mobile

applications and online services follow different rules regarding the collection, use and

sharing of your personal information. We encourage you to read the privacy policies of

the other websites, mobile applications and online services you use.

Security Practices

We use commercially reasonable security practices to help keep the information

collected through the App secure and take reasonable steps to verify your identity

before granting you access to your account (if you have an account with us). However,

Gradient cannot ensure the security of any information you transmit to Gradient or

guarantee that information on the App may not be accessed, disclosed, altered, or

destroyed.

Please do your part to help us. You are responsible for maintaining the confidentiality

of your login information and device identifiers, and for controlling access to

communications between you and Gradient, at all times. Your privacy settings may

also be affected by changes the social media services you connect to Gradient make

to their services. We are not responsible for the functionality, privacy, or security

measures of any other organization.

Retention

We configure Google Cloud Platform and Amazon Web Services to delete

photographs, and the information associated with the photographs within 24-48 hours

after the photograph was last edited using the App. This allows you to revisit the image

for additional modifications during that time.

With respect to non-photograph information that we may collect, we will retain such

information in a personally identifiable format only for as long as necessary to fulfill the

purposes we have set out in this Privacy Policy. You may also ask that we delete your

information using the “Request cloud data removal” button as described above or

by contacting us.

Cross-Border Data Transfers

We store the information we collect in connection with the App on Amazon Web

Services and Google Cloud Platform. For Amazon Web Services, we specify the US as

the data storage location, for Google Cloud Platform, we specify data storage at an

available location closest to you when you use the App. Your personal information may

be accessed by our service providers in other locations outside of your state, province,

or country. Your device ID (and general App usage information) may also be accessed

by the Company’s technical support team in other locations outside of your state,

province, or country. We rely on the Privacy Shield, as described below, for transfers of

data from the EU and Switzerland to Gradient in the United States.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

Ticket to the Moon, Inc. is the US entity that publishes and hosts the App. Ticket to the

Moon, Inc. complies with the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks

as set forth by the U.S. Department of Commerce regarding the collection, use, and

retention of personal information transferred from the European Union and Switzerland

to the United States. Ticket to the Moon, Inc. has submitted its certification to the

Department of Commerce that it adheres to the Privacy Shield Principles. If there is any

conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the

Privacy Shield Principles shall govern. To learn more about the Privacy Shield program,

and to view our certification, please visit www.privacyshield.gov.

Ticket to the Moon, Inc. may transfer your personal information to third parties as

described in this Privacy Policy. Ticket to the Moon, Inc. maintains contracts with its

third-party service providers restricting their access, use and disclosure of personal

information in compliance with our Privacy Shield obligations. Ticket to the Moon, Inc.

may be liable if these third parties fail to meet those obligations and we are responsible

for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, Ticket to the Moon, Inc. commits to

resolve complaints about our collection or use of your personal information. European

individuals with inquiries or complaints regarding our Privacy Policy should first contact

Ticket to the Moon, Inc. at privacy@gradient.photo. Ticket to the Moon, Inc. has further

committed to refer unresolved Privacy Shield complaints to JAMS, an alternative

dispute resolution provider located in the United States. If you do not receive timely

acknowledgment of your complaint from us, or if we have not resolved your complaint,

please visit www.jamsadr.com/eu-us-privacy-shield for more information or to file a

complaint. The services of JAMS are provided at no cost to you. If neither Ticket to the

Moon, Inc. nor JAMS resolves your complaint, you may have the ability to engage in

binding arbitration through the Privacy Shield Panel. Additional information on the

arbitration process is available on the Privacy Shield website

at www.privacyshield.gov.

Ticket to the Moon, Inc. may be required to disclose personal data in response to

lawful requests by public authorities, including to meet national security or law

enforcement requirements. The Federal Trade Commission has jurisdiction over Ticket

to the Moon, Inc.’s compliance with the Privacy Shield. Ticket to the Moon, Inc.’s

commitments under the Privacy Principles are subject to the investigatory and

enforcement powers of the Federal Trade Commission.

Children

The App is not directed at children under the age of 13, and our Terms of Use do not

allow children under 13 years of age to use the App. If we learn that we have collected

personal information of a child under the age of 13, we will delete it. We encourage

parents with concerns to contact us.

Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material

changes to this Privacy Policy, we will notify you by updating the date of this Privacy

Policy and posting it on the App. We may, and if required by law, will, provide

notification of changes in another way that we believe is reasonably likely to reach you,

such as through the App.

Any modifications to this Privacy Policy will be effective upon our posting the new

terms and/or upon implementation of the new changes on the App (or as otherwise

indicated at the time of posting). In all cases, your continued use of the App after the

posting of any modified Privacy Policy indicates your acceptance of the terms of the

modified Privacy Policy.

How to Contact Us

Please direct any questions or comments about this Policy or privacy practices

to privacy@gradient.photo. You may also write to us via postal mail at:

Ticket to the Moon, Inc.

Attn: Legal – Privacy

187 E. Warm Springs Rd., Suite B495, Las Vegas, Nevada, 89119, USA

Notice to European Users

The information provided in this “Notice to European Users” section applies only to

individuals who reside in Europe.

Personal information. References to “personal information” in this Privacy Policy are

equivalent to “personal data” governed by European data protection legislation.

Controller and EU Representative. Ticket to the Moon, Inc. is the controller of your

personal information covered by this Privacy Policy for purposes of European data

protection legislation.

We have appointed Legal Bridge as our representative in the European Union for data

protection matters, pursuant to Article 27 of the General Data Protection Regulation of

the European Union. To contact Legal Bridge, please visit https://legal-bridge.com.

Alternatively, you may call Legal Bridge at +420 775 700 329, or write to Legal Bridge

Сzech Republic, 110 00 Praha 1, ul. Havlickova 15/1682.

Legal bases for processing. We use your personal information only as permitted by

law. Our legal bases for processing the personal information described in this Privacy

Policy are described in the table below.

Processing purpose

Details regarding each processing purpose listed below

are provided in the section above titled “How we use

your personal information”.

Legal basis

To operate and improve the App

Processing is necessary to perform the contract

governing our provision of services in connection

with the App, or to take steps that you request

prior to signing up for the App. If we have not

entered into a contract with you, we process your

personal information based on our legitimate

interest in providing the services you access and

request in connection with the App.

To send you marketing and promotional communications

To display advertisements to you

For compliance, fraud prevention and safety

To create anonymous, aggregated or de-identified data

These activities constitute our legitimate

interests. We do not use your personal

information for these activities where our

interests are overridden by the impact on you

(unless we have your consent or are otherwise

required or permitted to by law).

Compliance with Law

Processing is necessary to comply with our legal

obligations.

With your consent

Processing is based on your consent. Where we

rely on your consent you have the right to

withdraw it any time in the manner indicated

when you consent or in the App.

Your rights

European data protection laws give you certain rights regarding your personal

information. If you are located within the European Union, you may ask us to take the

following actions in relation to your personal information that we hold:

• Access. Provide you with information about our processing of your personal

information and give you access to your personal information.

• Correct. Update or correct inaccuracies in your personal information.

• Delete. Delete your personal information.

• Transfer. Transfer a machine-readable copy of your personal information to you

or a third party of your choice.

• Restrict. Restrict the processing of your personal information.

• Object. Object to our reliance on our legitimate interests as the basis of our

processing of your personal information that impacts your rights.

You may submit these requests by email to privacy@gradient.photo or our postal

address provided above.

If you would like to submit a complaint about our use of your personal information or

our response to your requests regarding your personal information, you may contact

us or submit a complaint to the data protection regulator in your jurisdiction. You can

find your data protection regulator here.

Notice to California Residents

We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide to

California residents an explanation of how we collect, use and share their personal

information, and of the rights and choices we offer California residents regarding our

handling of their personal information.

We do not sell personal information. As we explain in this Privacy Policy, we use

cookies and other tracking technologies to analyze Site and App traffic and use, and to

facilitate advertising. If you would like to opt out of our (and our third party advertising

partners’) use of cookies and other tracking technologies, please review the

instructions provided in the Online Tracking Opt-out Guide.

In addition to disclosures of personal information to our service providers and

professional advisors, for compliance, fraud prevention and safety, and in connection

with a business transfer, as described in the “How We Share Your Personal

Information” section of the Privacy Policy, the following chart further describes our

privacy practices with respect to the personal information of our California consumers.

Personal

information

we collect

CCPA-defined