MERCURY PRIVACY STATEMENT

Last updated: February 13, 2025

This Mercury Privacy Statement (the “Statement”) explains how Shoestring Valley Holdings Inc. (“Shoestring Valley,” “us,” "our," and "we")‎ collects, stores, uses, and discloses personal information to operate Mercury, our digital collaboration platform, and provide Mercury-related sites and applications (together, the “Services”). This Statement addresses specific disclosure requirements from various privacy laws and also serves as our ‘notice at collection.’ Capitalized terms not defined herein have the meanings set forth in the <Mercury Service Agreement>.

1. Personal Information We Process

We collect personal information in a number of way when operating the Services. For example, we collect information:

· Directly from you, such as when you create an Account or upload Content to the Services.

· Automatically from you using <Cookies and Similar Technologies>; and

· From Services’ users.

We may also infer information about you, such as the type of work you do or the market areas you service. This personal information includes:

· Your name and identifiers such as your first and last name, email address, postal address, unique online identifiers, IP address, or other similar identifiers.

· Credentials, including authentication information you provide to gain access to your Account.

· Demographic information, such as your market area (e.g., Portland Metropolitan Area).

· Professional and employment-related information, such as your current employer and job title.

· Commercial information, including information about your Company and your Projects.

· Content, which is all data, including text, video, or image files, that you provide to us through your use of the Services.

· Your preferences and settings, such as how you like to receive notifications.

· Communications, such as when you send us email requesting support, respond to our surveys, or engage with us on social media platforms.

· Audio, visual, or similar information, including images you include in your communications.

· Interactions, including data about your use of our Services. Your interactions may include information you provide, such as your search queries or inputs, and analytics or usage information we generate, such as time stamps, when you access the Services. Interactions may also include:

o Device data, such as information about the hardware or browser you use to access the Services.

o Browse history, such as the help documents you reviewed on the Services.

o Connectivity data, such as your IP address.

o Usage data and other information we automatically through the use of <Cookies and Similar Technologies> which give you a unique identifier. Such information may include information about the features of the Service you use or the insights about the performance of our apps.

To learn more about information automatically collected, please see <Cookie and Similar Technologies> section below.

Shoestring Valley may also process de-identified personal information for various purposes, including to improve its offerings. Data in this state cannot be used to infer information about, or otherwise be linked to, a particular individual. In those instances, and unless allowed under applicable law, we will maintain such information in a de-identified state and will not try to re-identify the individual.

While we do not intend to collect sensitive information, from time to time, we understand that we may process sensitive information to provide the Services. For example, depending on our interactions and how you choose to use the Services, you may upload Content which describes a job site incident containing information about an individual’s injuries.

2. How We Use Personal Information

We use personal information for a variety of purposes, including to provide our Services and operate our business. For example, we use your information for the following purposes:

Use	Personal Information Types Used
Provide, protect, and improve the Services. For example, · When you upload Content to the Services, we will make such Content available to others in your Project. · When we collect usage data, we may analyze that data to determine which features of the Service we can improve. · When you create an Account, we may use your email address to provide you important notifications.	· Your name and identifiers · Credentials · Demographic information · Professional and employment-related information · Commercial information · Content · Your preferences and settings · Interactions, including: o Device data o Browse history, o Connectivity data o Usage data.
Market the Services. For example, we may gather information, including through surveys, which helps us understand who may benefit most from using the Services, which can inform our marketing efforts.	· Your name and identifiers · Demographic information · Interactions, including: o Device data, o Browse history, o Connectivity data, and o Usage data.
Respond to you, such as when you reach out for support or to ask a question.	· Your name and identifiers · Communications
Notify you about planned downtime, incidents, new features and functionality, and requests for you to join a Project.	· Your name and identifiers
Tailor your experiences in the Services, for example, by remembering your preferences or making suggestions on help content that may be useful.	· Your name and identifiers · Demographic information · Commercial information · Your preferences and settings · Interactions, including: o Device data o Browse history, o Connectivity data o Usage data.
Develop new products and services. For example, we may (1) create de-identified and aggregated data that we can use for various purposes, including too refine and train our AI models; (2) process insights and analytics about Commercial information to develop new offerings that will help professionals in our industry; and (3) analyze Interactions to develop product ideas we have	· Identifiers · Demographic information · Professional and employment-related information · Commercial information · Content · Interactions, including: o Device data o Browse history, o Connectivity data o Usage data.
Protect our rights and property, as well as those of our users or others, and prevent harm by detecting abnormal interactions with or performance of the Services.	All categories of personal information
Enforce our Service Agreement and other policies. For example, we may remove your Content if we receive information from the copyright holder that you do not have permissions to use the Content.
Comply with law and regulations, or meet other legal, ethical, or professional requirements.

In carrying out these purposes, we combine information we collect from different contexts and sources to provide you a more seamless experience, to make informed business decisions, and for other legitimate business purposes.

As described above, depending on our interactions, some of the information we collect may qualify as “sensitive” under certain applicable privacy laws. We only collect such if you provide it or as necessary for legitimate purposes.

3. When We Share Your Personal Information

We share your information with others in a variety of circumstances, including to provide the Services, for other legitimate businesses purposes, and as necessary to comply with law.

We share or provide others with access to your information with your consent, at your direction, or to complete any transaction or request you have authorized as outlined in the chart below. Any Content you post, including comments and contributions to Projects, may be viewed by others, such as others engaged in your Projects.

See the table below for more information on the types of third parties we share all categories of personal information with and why.

Category of Recipient	Why
*Service Providers*	We share your information with third parties, such as our vendors, suppliers, or other professional services firms that provide us with services or work on our behalf. This includes our IT and cloud service providers. In such cases, these companies must abide by our requirements and are not allowed to use personal information they receive from us for any other purpose beyond providing us with their respective services.
*Other business in the event of a merger, acquisition, or sale*	We might transfer your information to a third party in the event of a merger, acquisition, sale, transfer of assets or any part of our business.
*Law enforcement, authorities, or others as necessary*	We might disclose your information to a third party, without your consent and without notice to you if we are required to do so by law. We may also disclose your information to a third party if we have a reasonable belief (1) we are legally or ethically obligated to do so, (2) such disclosure is necessary to protect, establish, or exercise our legal rights or defend against legal claims, or (3) disclosure is necessary to protect our / your / others’ rights, property, and/or safety.
*Other professionals*	We may share your information with attorneys, accountants, or other professionals as necessary for legitimate business purposes, for example to defend our rights or comply with our obligations.

4. Your Rights and Control of Your Personal Information

Privacy laws provide individuals with specific rights regarding their personal information. ‎Depending on the jurisdiction in which you reside you may have some or all of the following ‎rights and choices regarding your information.

· The right to be informed or to know what personal information we process and who we share it with.

The right to access. You may have the right to access or view the personal information we process about you.
The right of data portability. You may have the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another service.
The right to correct and delete. You have the right to request that we correct or delete any of your personal information.
The right to opt-out of certain types of data processing.
Right to not be discriminated against for exercising your rights. If you exercise your privacy rights, we will not discriminate against you.
The right to control the sale or sharing of your information. We do not sell or share your personal information.

You can exercise your rights, as well as make choices regarding Shoestring Valley’s collection and processing of your information by contacting us at <email address> You, or someone legally authorized to act on your behalf, may make a request to exercise your rights related to your personal information. We may ask that you:‎

Provide sufficient information that allows us to reasonably verify you or your authorized representative’s authority to act on your behalf. Where possible, we will attempt to verify your identity by only using we have previously collected from you, such as an e-mail address. DO NOT SEND US SENSITIVE PERSONAL INFORMATION, such as a social security number or picture of photo ID, in your initial request to exercise any rights.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and/or confirm the personal information relates to you.

We will confirm receipt of any request to exercise your rights within ten (10) days of receipt and will endeavor to respond to a verifiable consumer request within thirty (30) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.

The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personally information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

5. Cookies and Similar Technology

Our Services use cookies and similar technology to automatically collect personal information about your use and interactions. Cookies are small files placed on your device to store information, often consisting of a unique personal identifier, for a variety of purposes. An SDK, or software development kit, is a developer tool embedded in an application often used to collect information about your use of the application, as well as the device running the application.

We use cookies and similar technology to assist you with website navigation, to secure the Services, to analyze the use and performance of the Services, to measure our audience, to save your preferences, and to assist with marketing efforts. We may also hire others, such as those who provide analytics services, to gather information on our behalf using cookies, SDKs, and similar technologies.

6. Children’s and Teens’ Data.

Our Services are intended for adults in our industry. We do not knowingly collect or use personal information from children. If you're a parent or guardian of a child and become aware that your child has provided personal data to us, contact support@mercurybuild.com. If we learn that we've collected the personal information of a child, we'll take reasonable steps to delete the personal information.

7. Securing your Information

We will implement and maintain appropriate technical and organizational measures to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, and unauthorized access. ‎Unfortunately, no data storage system, or system of transmitting data over the Internet, can be ‎guaranteed to be 100% secure. As a result, we cannot guarantee the security of our network, the ‎means by which personally information is ‎transmitted between your computer and our network, or any personally information provided to us through or in ‎connection with the Services.‎

8. Retention and Storage

We consider the following factors when determining how long we retain and store your information:

· Our legal and contractual obligations,

· Our professional and ethical responsibilities,

· The purpose for which your information was collected or processed,

· Your requests to delete the information,

· Retention periods in applicable laws and regulation, and

· Our legitimate business purposes. We may retain your data to the extent it is necessary to prevent fraudulent activity, to protect ourselves against liability, and to allow us to enforce our contractual or other rights and to pursue available remedies and limit any damages we might sustain.

We store and process personal information in the United States and other jurisdictions where do business. We take steps to process the personal information that we collect in accordance with this Statement’s provisions and the requirements of applicable law, including those related to the cross-border data transfers.

9. Links to Third-Party Websites, Products, and Services

This Privacy Statement applies only to the information Shoestring Valley collects and processes. Our Services contains links to third-party websites and enable you to use or access third-party services. These third-party websites and services are governed by their own terms of use and privacy policies. We do not control, endorse, recommend, or otherwise accept responsibility for third-party websites or services. You are responsible for deciding if you want to access or use third-party websites or services and you accept the risk in doing so. If you have questions regarding the third-party websites or services, please direct them to the owner or operator. By using the Services, you release and hold us harmless from any and all liability arising from your use of any third-party website or service.

10. Updates

We may revise this Privacy Statement at any time to enhance transparency. We may also update the Statement, as necessary or as useful, in response to (1) changes in applicable laws, regulations, or standards (2) changes to our processing of personal information or (3) changes to our business operations. For example, we may modify the Statement if a new applicable law requires additional notices or if we intend to collect new categories of personal information. We will post any revised Privacy Statement here and provide a “Last Updated” date at the top of this Privacy Statement. In some cases, we might provide you with additional notice (such as by adding a statement to the homepage our Site). We encourage you to review this Statement regularly to stay informed about our processing of personal information, your rights, and your choices.

11. Contact Us

If you have any questions about this Statement or the use of your information, please contact us at velkin@shoestringvalley.com or:

Shoestring Valley Holdings Inc. | ATTN: Vicky Elkin | 6712 N. Cutter Circle | Portland, Oregon 97217.