Privacy Policy

1. Introduction

This Privacy Policy (this “Policy”) is issued by VocaTales, Inc. (“Company,” “we,” or “us”), a Delaware C Corporation and the owner of Uptales. This Policy governs the collection, use, disclosure, and protection of personal information when you (“User” or “you”) access or use the Uptales Platform (the “Platform”), including our website, integrated scheduling tools, and any related services provided by the Company.

Uptales is built as a trusted, scam-free environment where storytellers can confidently connect with vetted experts. We know how personal and sensitive the creative process can be, and we take the privacy of our users — both experts and storyseekers — extremely seriously.

By using the Platform, you acknowledge that you have read, understood, and agreed to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, you should not use the Platform.

For clarity, when we refer to the “Platform” in this Privacy Policy, we mean the Uptales marketplace (operated under VocaTales, Inc.) and all its subdomains, integrations, and related services. References to “Users” include:

• Experts (Sellers): Professionals who offer services, mentorship, or guidance through the Platform.
• Storyseekers (Buyers): Individuals or organizations who book consultations, purchase services, or otherwise engage with Experts on the Platform.

We recognize the trust you place in us when you share your personal information, and we take that responsibility seriously. Uptales was designed not only to support creative work but also to protect the people behind it. Unless otherwise defined in this Privacy Policy, terms used herein have the same meanings as those set forth in our Terms of Service. This Privacy Policy is designed to help you understand:

• The types of personal information we collect: including information you provide directly, information collected automatically, and information obtained from third parties.
• The purposes for which we collect and use your information: such as to provide and improve the Platform, personalize your experience, communicate with you, and comply with legal obligations.
• How we share your information with third parties: including service providers, business partners, and in compliance with legal requirements.
• Your choices and rights regarding your personal information: including how you can access, update, export, or delete your data.
• The security measures we implement: to protect your personal information from unauthorized access, disclosure, alteration, or destruction.
• Fraud Prevention & Compliance: To the best of our abilities, we monitor user activity to detect and prevent fraudulent transactions, unauthorized access, and violations of our Terms of Service — maintaining a marketplace where trust is the norm, not the exception.

By continuing to use the Platform, you consent to the collection, use, and sharing of your personal information as described in this Privacy Policy. If you have any questions or concerns, please contact us at privacy@vocatales.com

2. Important Information and Who We Are

2.1 Scope of Data Collection

Uptales, operated by VocaTales, Inc., collects only the personal information necessary to operate and deliver our services effectively. We focus on transparency and data minimization. Information is collected to:

• Facilitate interactions between Experts (“Sellers”) and Storyseekers (“Buyers”).
• Display accurate and updated details on User dashboards.
• Enable smooth booking, scheduling, and payment processes.
• Provide account management, customer support, and dispute resolution.
• Improve security, performance, and the overall Platform experience.

This may include payment-related details (billing addresses, transaction history, bank or Stripe identifiers) as required to process payouts or purchases. We do not collect unnecessary information beyond what is needed for these specific purposes.

2.2 Third-Party Platforms and Liability Disclaimer

Uptales integrates with trusted third-party services (such as Zoom for calls, Google Meet for scheduling, Stripe for payments, and Zapier for workflow automation). These services are independent entities, governed by their own privacy policies and terms. While Uptales enables and facilitates these integrations, we do not control, endorse, or assume responsibility for:

• Technical failures, outages, or downtime.
• Security vulnerabilities, breaches, or unauthorized access on third-party platforms.
• Data misuse or loss arising from their systems.
• Any disputes, errors, or issues occurring directly within these services.

By using Uptales, you acknowledge that reliance on third-party tools is at your own discretion and governed by the terms of those providers.

###2.3 Platform Responsibilities and Data Transfers

Uptales’ role is strictly facilitative:

• We connect Experts and Buyers.
• We securely process payments through Stripe.
• We ensure bookings, schedules, and listings are accurate and accessible.
• We transmit only the minimum data necessary for functionality to integrated providers (e.g., names and email addresses for scheduling a Zoom call).

We do not sell, rent, or exploit your personal data for advertising. Data transfers are limited to operational necessity and follow appropriate safeguards under U.S. and international data protection laws.

2.4 Legal Compliance and Data Disclosure

We may disclose your personal data only when required to do so under applicable law or regulation. Examples include:

• Responding to lawful government requests or legal processes.
• Enforcing our Terms of Service.
• Protecting the rights, property, or safety of VocaTales, Inc., our Users, or the public.
• Detecting, investigating, and preventing fraud, abuse, or security incidents.

Disclosures are made minimally and only to the extent legally necessary.

2.5 User Acknowledgment

By using Uptales, you agree and understand:

• Third-party services operate independently, and Uptales cannot be held liable for their failures, disputes, or misconduct.
• Use of such services is at your own risk and governed by their respective agreements.
• Uptales’ responsibility is limited to facilitating secure connections and payment processes.
• In certain circumstances, Uptales may be legally required to share your information (e.g., for regulatory compliance).

2.6 User Authentication Options and Third-Party Responsibility

Users can sign into Uptales in two ways:

• Traditional Login: By creating an account with an email and password. Credentials are stored using industry-standard encryption (e.g., salted hashing) and secured with access control protocols.
• Single Sign-On (SSO): By using providers like Google SSO. When you authenticate via Google, Uptales receives certain basic details (e.g., name, email address, profile image) under Google’s privacy and consent process.

Uptales does not control how Google (or any other SSO provider) collects or handles your information. Any incidents (such as data breaches or service errors) in their systems fall outside Uptales’ liability. Users are encouraged to review the privacy terms of SSO providers before using them.

3. Information We Collect

3.1 Personal Information

We collect personal information that you provide directly when using our Platform. This information is necessary to create and manage your account, facilitate interactions, and enable secure transactions. The types of personal information we collect include, but are not limited to:

• Account Information: First name, last name, email address.
• Profile Information: Profile image (optional), phone number, and LinkedIn URL.
• Expert-Specific Details: Headline text, advice list, About Me section, Social Media links, preferred industry categories, and time availability.
• Payment Information: If necessary for payment processing, we securely collect and store all relevant Stripe account information, bank account numbers and routing numbers to facilitate transactions.

We collect only the information required to operate our Platform effectively and do not request or store unnecessary personal data.

3.2 Automatically Collected Personal Information

When you interact with our Platform, we automatically collect certain technical and usage information to enhance security, improve functionality, and optimize user experience. This data is gathered through cookies, log files, and other tracking technologies. The types of information we collect include, but are not limited to:

• Device and Technical Information: Your IP address, browser type and version, operating system, time zone setting, language preferences, screen resolution, and device type (e.g., desktop, mobile, or tablet).
• Usage and Interaction Data: The URLs of pages you visit, the date and time of your access, time spent on pages, navigation patterns, clicks, scrolls, and interactions with Platform features.
• Performance and Diagnostic Data: Error logs, loading times, and crash reports to help us identify and resolve technical issues.
• Location Data: Approximate geolocation based on your IP address to tailor content and services based on regional availability, where permitted by law.

4. Information We Use

We use the information we collect to provide and improve our Platform, personalize your experience, communicate with you, and comply with legal obligations. The specific purposes for which we use your information include:

• Account Management: To create and manage your account, facilitate interactions, and enable secure transactions.
• Platform Improvement: To enhance security, improve functionality, and optimize user experience.
• Communication: To communicate with you, including responding to your inquiries and providing updates about the Platform.
• Legal Compliance: To comply with legal obligations and respond to legal claims.

5. Information We Share

5.1 Third-Party Service Providers

We may share your information with third-party service providers who assist us in providing and operating our Platform. These providers are contractually obligated to protect your information and are prohibited from using it for any other purpose.

5.2 Business Partners

We may share your information with business partners who assist us in providing and operating our Platform. These partners are contractually obligated to protect your information and are prohibited from using it for any other purpose.

5.3 Legal Compliance

We may disclose your information if required by law, legal process, or governmental request.

5.4 Payment Processing

Stripe – We use Stripe as our payment processor to securely handle transactions. Stripe processes payment details such as credit card information, billing address, and payment history in order to facilitate secure payment transactions for Consultation Calls and Subscription-based Services.

Stripe's privacy practices are governed by its own privacy policy, which Users can review for more details on how their payment information is processed and stored. We only share the minimum necessary data with third-party providers to ensure Platform functionality. Our integrations comply with relevant data protection laws, and we take measures to ensure that external services meet industry security standards. For more information on how these providers handle your data, please review their respective privacy policies.

6. Data Security

We take the security of your personal information seriously and have implemented robust security measures to safeguard against unauthorized access, use, alteration, or destruction of your data. These measures include, but are not limited to:

• Encryption: We utilize industry-standard encryption protocols (including TLS) to protect data in transit and encryption at rest to secure your data when it is stored.
• Access Control: We apply strict access controls to ensure that only authorized personnel have access to personal information. These controls are regularly reviewed and updated.
• Security Monitoring: We employ continuous security monitoring to detect and respond to potential security incidents. This includes the use of automated tools to detect vulnerabilities and suspicious activities.
• Regular Security Audits: We conduct periodic security assessments and audits to identify potential weaknesses and improve our security posture, ensuring compliance with industry best practices and data protection regulations.
• Data Minimization: We ensure that only the minimum necessary personal data is collected, stored, and processed to reduce the risks associated with data exposure.

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we have established incident response procedures to manage and mitigate the breach. We will notify affected Users without undue delay and, where feasible, provide information regarding the nature of the breach, the data affected, and the measures we are taking to address it. Our commitment is to ensure transparency and take swift action to protect your information.

We also review and update our security practices regularly in line with evolving threats and technological advancements.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with our legal, contractual, and operational obligations. Our data retention practices are guided by the following principles:

• Purpose of Data Collection: We retain personal information only as long as it is required to provide our services, fulfill contractual obligations, and meet the specific purposes for which the information was collected.
• Legal and Regulatory Requirements: We retain data to comply with applicable laws and regulations, including tax, financial, and legal obligations. Retention periods may vary depending on the specific regulatory requirements for the services we offer.
• Statutes of Limitations: We retain personal data for the duration of any applicable statutes of limitations for legal claims, disputes, or investigations, which may vary by jurisdiction.
• Legitimate Business Interests: We retain information where it is necessary for the pursuit of our legitimate business interests, such as maintaining accurate records, ensuring compliance with legal obligations, and improving our Platform.

8. Cookies and Tracking Technologies

We use cookies and other tracking technologies to enhance your experience on our Platform. Cookies allow us to collect information about your usage patterns, preferences, and device information to improve our services and deliver personalized content. You can control or disable cookies through your browser settings, but please note that some features of our Platform may not function as intended if cookies are disabled.

9. Children's Privacy

Our Platform is not intended for users under the age of 18 and we do not knowingly collect or process personal data from children. If we become aware that we have inadvertently collected personal information from a child, we will take immediate steps to delete that information. If you are a parent or guardian and believe that we have collected data from a child, please contact us immediately.

10. Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify users of any material changes to this Privacy Policy by posting a notice on our Platform or by sending an email to the address associated with your account. Please review this Privacy Policy periodically to stay informed about how we are protecting your personal information.

11. Your Privacy Rights and Choices

11.1 Access and Control

You have significant rights regarding your personal information under applicable data protection laws, including:

• Access: You may request access to the personal information we hold about you.
• Correction: If any of your personal information is inaccurate or incomplete, you may request it be updated or corrected.
• Erasure or Restriction: In certain circumstances, you have the right to request the deletion or restriction of the processing of your personal information.
• Data Portability: You may request a copy of your personal information in a structured, commonly used, and machine-readable format for transfer to another service provider.

11.2 Data Subject Rights (for California Residents)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA), including:

• Right to Access: You have the right to request access to your personal information.
• Right to Deletion: You have the right to request that we delete your personal information.
• Right to Opt-Out: You have the right to opt-out of the sale of your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights.

11.3 GDPR Data Subject Rights (for EU Residents)

If you are an individual located in the European Union (EU) or European Economic Area (EEA), you have specific rights under the General Data Protection Regulation (GDPR), including:

• Right to Access: You have the right to request a copy of your personal information.
• Right to Rectification: You have the right to correct any inaccurate information.
• Right to Erasure: You have the right to request deletion of your personal information.
• Right to Restriction: You have the right to request restriction of processing.
• Right to Data Portability: You have the right to receive your data in a portable format.
• Right to Object: You have the right to object to certain processing activities.

11.4 Exercising Your Rights

To exercise any of your privacy rights, please contact us at privacy@uptales.com . We will respond to your request within the applicable timeframe required by law.

11.5 Cross-Border Data Transfers

Your personal information may be transferred to, stored, and processed in countries outside your country of residence, including the United States. We take appropriate steps to ensure that your personal information remains protected, including implementing safeguards for international transfers as required by applicable data protection laws.

Contact Information

If you have any questions or concerns about this Privacy Policy or wish to exercise any of your data subject rights, please contact us at:

VocaTales, Inc. Operating the Uptales Platform 230 E Ohio St, Suite 410-1276, Chicago IL United States Email: info@vocatales.com