Jump to:

Privacy Policy

Last Updated: February 18, 2026

1. Introduction

Permission.io, Inc. (“Permission,” “we,” “us,” or “our”) operates a technology platform that provides tools and services to help individuals and families manage digital experiences, make informed choices about data use, and participate in optional features and programs offered through the Permission platform.

Our Services may include parent-directed family safety tools, child-linked features configured and managed by parents or legal guardians, reward-related functionality, digital wallet features, browser-based tools or extensions, and related household management services.

Depending on the features enabled and how you interact with the Services (for example, as a parent account holder, an eligible adult user, or through a child profile under parent control), the categories of information collected and the purposes for which it is processed may vary.

Permission respects the privacy of our users (“user,” “you,” or “your”). This Privacy Policy (“Privacy Policy” or “Policy”) explains how we collect, use, disclose, retain, and safeguard personal information when you access or use our websites, applications, browser-based tools, extensions, and related services (collectively, the “Services”), and describes certain rights and choices available to you under applicable law.

Unless otherwise specified in a product-specific disclosure, this Policy applies to all consumer-facing Services operated by Permission.

2. Definitions

For purposes of this Privacy Policy:

“Account Owner” means the individual who creates and controls a Permission account. For household use cases, the Account Owner is typically a parent or legal guardian.
“Child Profile” means a dependent profile created and managed under an Account Owner’s account for a child. Children do not create accounts and are not independent users of the Services.
“Family” or “Your Family” refers to individuals associated with an account, including any Child Profiles and any other authorized adult users permitted by an Account Owner.
“Personal Information” means information that identifies, relates to, describes, or could reasonably be linked with an identifiable individual, such as name, contact information, account identifiers, device information, wallet addresses, or other similar data.
“Child Data” means Personal Information associated with a Child Profile or otherwise collected from or about a child through child-facing features of the Services.
“Services” refers collectively to our websites, applications, browser-based tools, extensions, wallet and reward features, and other services we own or control that link to this Privacy Policy.

Some Services are designed for use by families and include child-facing features that operate only under an Account Owner’s authority and consent. Other Services are available to eligible individual users. This Privacy Policy explains how Personal Information is handled depending on how the Services are used.

3. Our Products and Account Types

We collect personal information in connection with providing and operating the Services. The types of information we collect depend on how you interact with the Services, whether you are an Account Owner, a Child Profile associated with an account, or an eligible individual user, and which features you choose to use. Permission provides different products and experiences depending on how you use our Services. While these offerings share common infrastructure and privacy safeguards, they operate under different account models and configurations.

Permission for Families
This is our parent-directed household product. A parent or legal guardian creates and manages the account, configures child-facing features, and oversees household settings. Child profiles exist solely under a parent’s account and do not independently create accounts, subscribe to Services, or initiate financial transactions.

Permission Rewards and Related Experiences
Certain Permission services are available to eligible individual users who independently create and manage their own accounts. These services may include rewards programs, wallet functionality, and opt-in promotional experiences.

Some features (including rewards or wallet functionality) may be available in different contexts depending on the account type and configuration. However, child-linked profiles do not independently control wallets, private keys, subscriptions, or withdrawals.

Throughout this Policy, references to “child-facing features” apply only to parent-directed household accounts. References to “eligible users” apply to adult users acting independently under their own accounts.

The categories of personal information collected and the purposes for which it is processed may vary depending on which product, account type, and features you use.

4. Data Collection Overview by Product

Permission provides different products and experiences depending on how you use our Services. While these offerings share common infrastructure and privacy safeguards, they operate under different account models and configurations.

The categories of personal information collected and the purposes for which it is processed may vary depending on which product, account type, and features you use.

The types of personal information collected vary depending on the product and account type you use. The summaries below provide a high-level overview. More detailed descriptions appear in the sections that follow.

Parent Web Platform (Parent-Directed Configuration)
Used by parents or legal guardians to create and manage accounts, configure household settings, manage subscriptions, review insights, and administer rewards or wallet features.

May collect: account information, subscription status, settings, support communications, wallet and rewards records, and related administrative data.
Does not collect: child communications content. Child browsing signals (e.g., domain-level access events) are collected only through child-facing features under parent configuration, as described below.

Child Mobile Application (Parent-Configured Child Profile)
Used within a parent-managed household account to apply controls and provide parent-facing insights.

May collect: privacy-filtered domain-level site access events, timestamps or time-based usage signals necessary to enforce schedules or controls, limited page metadata, and an app-scoped identifier used solely for secure pairing with the parent account.
Does not collect: passwords, message content, form field entries, keystrokes, precise geolocation (GPS coordinates), payment information, or advertising IDs used for cross-app/cross-site tracking (e.g., IDFA/GAID).

Child Browser Extension (Parent-Configured Child Profile)
Applies parent-configured controls within a supported browser environment.

May collect: privacy-filtered domain-level URLs, timestamps, and enforcement events necessary to support parental controls.
Does not collect: keystrokes, form field entries, message content, passwords, passcodes, or similar login secrets, or advertising IDs used for cross-app/cross-site tracking.

Although these products share underlying infrastructure, we apply access controls and data separation so child-linked data collected for parent-directed household features is not used for advertising/marketing or adult opt-in rewards contexts.

All child-facing surfaces operate solely under parent authority and are subject to the safeguards described in the “Children’s Data and Parental Consent” section below.

5. Personal Information We Collect

We do not require children to create accounts, and children may only use limited child-facing features under a parent or legal guardian’s account and authority.

A. Information You Provide Directly

Account and Profile Information

When you create an account or otherwise use the Services, you may provide personal information such as your name, email address, username, password, and other contact or account-related details.

For household accounts, a parent or legal guardian may also provide information needed to create and manage child profiles, such as a child’s nickname or age band. Parents are responsible for ensuring that the information they provide is accurate and up to date.

Children do not create accounts and do not provide information independently. Any information associated with a child profile is provided by, and managed under the authority of, a parent account holder.

Communications and Support Information

You may choose to contact us through the Services, by email, or through other support channels for product inquiries, customer support requests, sales questions, or other communications. When you do so, we collect the information you choose to provide, which may include your name, email address, phone number, job title, company name, and the content of your message or attachments. We use this information to respond to your request, provide support, maintain records of our communications, and improve our Services.

Participation in surveys, events, feedback programs, or requests for materials such as whitepapers is voluntary. You may choose whether or not to provide requested information, though declining to do so may limit our ability to respond or provide certain materials.

Payment and Subscription Information

If you purchase a subscription or otherwise engage in paid features through the Services, you may be asked to provide billing contact information and payment method details necessary to process your transaction. Payment processing is handled by third-party payment processors or app marketplaces (such as the Apple App Store, Google Play, or other payment providers), and Permission does not store full payment card numbers or sensitive payment credentials.

We may receive limited transaction-related information from payment processors, such as payment confirmation, subscription status, billing region, transaction identifiers, or renewal status. We use this information to provide access to subscription features, manage billing, prevent fraud, and comply with legal obligations.

Financial information provided for payment purposes is processed in accordance with the applicable payment processor’s privacy policy and security standards. You may review and manage your subscription or billing information through your account settings or the platform through which you made your purchase.

Wallet and Rewards-Related Information

Certain features of the Services allow eligible users to create or connect a digital wallet to manage rewards, including ASK. When you create an account and subscribe to certain features, we may provision a hosted Permission wallet address to support rewards functionality. In other features, including certain legacy or optional experiences, you may choose to connect a compatible third-party wallet address.

To comply with applicable laws, prevent fraud, and support regulated digital asset activity, we or our service providers may require identity verification in connection with wallet creation, withdrawals, or other regulated activities. This may include submitting a photo of yourself, a government-issued identification document, or other information required under applicable law. Identity verification information is used solely for compliance, security, and fraud-prevention purposes.

If you use wallet functionality or transact in digital assets through the Services, we may collect information necessary to create and manage your hosted wallet, validate rewards eligibility, process withdrawals, and comply with applicable legal obligations. This may include:

Wallet addresses (hosted or third-party)
Rewards accrual and ledger records
Transfers, redemptions, and associated transaction references or hashes
Identity verification status
Related account and compliance information

When you initiate a withdrawal or transfer of digital assets, certain transaction details (including wallet addresses and transaction metadata) may be recorded on supported blockchain networks. Blockchain networks operate independently of Permission and may maintain public, immutable records of transactions. Additional information about blockchain-related processing is described in “How We Share Personal Information: Blockchain and Digital Asset Networks.”

If you connect a third-party wallet, your use of that wallet is subject to the third-party provider’s privacy policy and terms. Permission does not control and is not responsible for how third-party wallet providers collect, use, or store your information.

Child profiles do not independently create wallets, control private keys, or initiate transactions. Any child-related rewards are managed solely under parent-controlled custody, as described in our Terms of Use.

Social Media Login Information

We may allow you to register for or access the Services using a third-party social media account, such as Facebook, LinkedIn, X (formerly Twitter), or similar providers. If you choose to use this option, we will receive certain profile information from the social media provider, which may include your name, email address, profile photo, and other information you have made available through that service.

We use this information only for purposes described in this Privacy Policy or otherwise disclosed to you at the time of collection. We do not control how third-party social media providers use your personal information, and their practices are governed by their own privacy policies. We encourage you to review those policies and adjust your privacy settings as appropriate.

Advertising and Opt-In Campaign Interactions

In limited circumstances, you may choose to participate in explicit opt-in campaigns, promotions, or offers presented through the Services. If you voluntarily provide information in connection with such campaigns, we will process that information in accordance with this Privacy Policy and the disclosures provided at the time of collection.

Where an opt-in involves a third party, that party’s collection and use of your information is governed by its own privacy policy. Permission processes any additional account-level information under this Privacy Policy once you create or use a Permission account.

B. Information Collected Automatically

When you access or use the Services, we may automatically collect certain information to operate the platform, maintain security, and improve performance. This information is collected through standard technical means and is used in a manner consistent with this Privacy Policy and applicable law.

Device and Technical Information: We may automatically collect technical information about the device or software you use to access the Services. This may include device type, operating system, browser type, application version, IP address, and general location information such as city, state, or timezone. We may also collect language preferences and regional settings to support functionality, localization, and troubleshooting.

Usage and Interaction Data: We collect information about how the Services are accessed and used, such as pages or screens viewed, features used, settings changes, session duration, navigation paths, and interaction patterns. We also collect logs related to system performance, error detection, and security events. This information helps us operate the Services reliably, diagnose issues, prevent misuse, and improve overall user experience.

Child-Facing Feature Data (Limited and Purpose-Bound): When child-facing features are enabled by a parent or legal guardian, limited activity-related information may be collected to support parent-configured controls and household functionality. This may include domain-level site access events (such as whether a request was allowed or blocked), time-based usage signals needed to apply schedules or controls, and request or approval actions initiated under parental settings.

This information is collected solely to support parent-configured features and parent-facing insights. It is not used for advertising, marketing, behavioral profiling, or commercial personalization, and it is subject to additional access restrictions and safeguards.

Additional information about our treatment of children’s data is described in the ‘Children’s Data and Parental Consent’ section below.

Logs, Diagnostics, and Security Monitoring: We may automatically collect diagnostic and security-related information, including system logs, audit records, and related metadata, to maintain the security and integrity of the Services. This information may be used to detect, investigate, and prevent fraud, abuse, or unauthorized activity, and to comply with legal and regulatory obligations. Where feasible, we limit logging of sensitive content and apply controls designed to reduce unnecessary data exposure.

C. Information We Collect from Third Parties

We may receive certain personal information from third parties in connection with your use of the Services. The information we receive depends on the features you use, the choices you make, and the third parties involved. We process this information in accordance with this Privacy Policy and applicable law.

Service Providers and Platform Partners

We work with third-party service providers to support core functionality of the Services, such as authentication, payment processing, identity verification, customer support, analytics, security monitoring, and infrastructure hosting. These providers may supply us with information necessary to operate the Services, such as account status, transaction confirmations, verification results, or technical signals related to performance and security.

We require service providers to process personal information only on our behalf and in accordance with contractual obligations designed to protect privacy and security.

Payment Processors and App Marketplaces

If you purchase subscriptions or other paid features through the Services, payment processing is handled by third-party processors or app marketplaces (such as Apple App Store, Google Play, or payment processors). These entities may provide us with limited information about your transaction, such as payment confirmation, subscription status, billing region, or transaction identifiers. We do not receive or store full payment card numbers or sensitive financial credentials.

Identity Verification Providers

For certain features, including wallet creation, withdrawals, or other regulated activities, we may rely on third-party identity verification providers. These providers may collect and verify information such as government-issued identification, facial images, or other verification data in accordance with applicable law. We receive verification results or reference identifiers, rather than raw identity documents, unless otherwise required for compliance or security purposes.

Identity verification is required only where legally necessary and is not used for advertising or marketing purposes.

Blockchain Networks and Wallet Providers

Some features of the Services involve interactions with public blockchain networks or third-party wallet providers. When you use these features, information such as wallet addresses, transaction hashes, and public blockchain metadata may be recorded on a distributed ledger that is not controlled by Permission. Blockchain records are public, decentralized, and immutable by design.

Your use of any third-party wallet services is governed by the privacy policies and terms of those providers. Permission does not control how third-party wallets or blockchain networks process personal information.

Social Media and Third-Party Account Providers

If you choose to register or sign in using a third-party account (such as a social media platform), we may receive profile information made available by that provider, such as your name, email address, or profile image. The information we receive depends on the provider and your account settings. We use this information only for purposes described in this Privacy Policy.

Analytics and Measurement Partners

We may receive aggregated or event-level analytics information from analytics and measurement partners that help us understand how the Services are accessed and used, evaluate performance, and maintain security. These analytics are used primarily in connection with our websites, parent-facing experiences, and general service operations. Child-facing features are subject to additional limitations and are not used for advertising, marketing, or commercial profiling.

Opt-In Campaign and Partner Interactions

If you voluntarily participate in explicit opt-in campaigns, promotions, or offers involving third-party partners, those partners may share information with us in connection with your participation. Any collection and use of information by third-party partners is governed by their own privacy policies. Permission processes any information it receives in accordance with this Privacy Policy and the disclosures provided at the time of participation.

D. Children’s Data and Parental Consent

Our Parent-Directed Model

Permission’s Services are designed to be parent-directed and parent-controlled. Parents or legal guardians create and manage accounts, configure household settings, enable or disable child-facing features, and oversee any associated permissions or rewards.

Children do not independently create accounts, enter into contracts, subscribe to Services, or manage digital assets. Any child profile exists solely within a parent-managed account and operates under the authority of that parent or legal guardian.

Children Under 13

For children under the age of 13, we collect and process personal information only with verifiable parental consent, as required by the Children’s Online Privacy Protection Act (COPPA).

When establishing a child profile, a parent or legal guardian must create the account on the child’s behalf and represent that they have authority to do so. Where required, we obtain verifiable parental consent before collecting personal information from or about a child.

If we become aware that personal information has been collected from a child under 13 without appropriate parental consent, we will take steps to delete such information as required by applicable law.

No Independent Child Accounts

Children do not register for accounts, agree to terms, subscribe to Services, or provide personal information independently. Child profiles exist solely as dependent profiles under a parent or legal guardian account and are created, configured, and managed entirely by that parent or legal guardian.

All decisions regarding data collection, feature access, permissions, controls, rewards, and settings are made by the parent account holder.

What Information Is Collected About Children

Child-related information is limited and purpose-bound. It is collected solely to support parent-configured functionality and household management features.

Depending on the features enabled by a parent, this may include:

A nickname or identifier selected by the parent
An age band or approximate age range
Device or application assignments
Parent-configured controls, schedules, goals, or reward settings
Limited activity signals necessary to operate those controls (for example, domain-level access events or schedule-based usage data)

We do not require children to provide personal information directly to create or manage accounts.

We do not obtain Child Data from data brokers or third parties for independent use; Child Data is provided by the parent/guardian or generated through parent-configured child-facing features.

Information We Do Not Collect from Children

We are committed to data minimization, particularly with respect to children. We do not knowingly collect from children:

Payment card or banking information
Account passwords, authentication secrets, or login credentials
Keystrokes or form field contents
Communications content such as emails, text messages, or private messages
Photos, microphone, or camera data
Precise geolocation data (such as GPS coordinates)
Screen recordings/session replay from child devices
Biometric identifiers (such as fingerprints, facial recognition data, or voiceprints)
Audio or video recordings from a child’s device
Contact Lists
Sensitive personal information such as health or medical data

No Fingerprinting or Advertising to Children

The child application uses an app-scoped identifier and secure authentication token solely to associate activity with the correct parent-managed profile. This identifier is not used for cross-app tracking, advertising, or fingerprinting.

We do not use child-linked data for advertising, marketing, or commercial profiling. Child-facing features are not supported by third-party advertising networks, and we do not serve targeted advertisements to children. Marketing communications and promotional materials are directed only to parents or eligible adult users.

Technical Guardrails for Child-Facing Features

Advertising pixels, retargeting technologies, cross-context behavioral advertising tools, and third-party advertising SDKs are not deployed within authenticated child-facing portions of the Services or within the child application. We implement technical safeguards to prevent third-party advertising networks from collecting persistent identifiers or other personal information from child devices or child-linked profiles.

Any advertising or retargeting technologies used by Permission are limited to public-facing marketing pages and adult contexts and are not connected to child profile data.

No Conditioning or Incentivization

We do not condition a child’s access to features on the disclosure of additional personal information beyond what is reasonably necessary to support parent-configured functionality.

Children are not prompted, encouraged, or incentivized to provide personal information in exchange for rewards, benefits, or access. Any reward-related features are configured and controlled by parents.

Parental Rights and Controls

Parents maintain control over child-linked information and may review, modify, restrict, or delete child profiles at any time through their account settings or by contacting us.

Parents may disable child-facing features, remove child profiles, or close their account entirely, subject to applicable legal and recordkeeping requirements.

Rewards and Financial Features

If reward features are enabled, any associated digital assets or wallet functionality are controlled exclusively by the parent account holder. Children cannot independently initiate withdrawals, transfers, or financial transactions.

Retention and Deletion of Child Data

Parents may request deletion of child profile data at any time. Upon deletion or account closure, child-related personal information will be deleted or de-identified unless retention is required or permitted by law for purposes such as security, fraud prevention, dispute resolution, or regulatory compliance.

Transition to Adulthood

If a child reaches the age of majority, we may require updated consent, revised account status, or transition to an independent account structure, consistent with applicable law and product design at that time.

6. Analytics, Cookies, and Similar Technologies

We use analytics tools, cookies, pixels, SDKs, and similar technologies (“Technologies”) on our public-facing marketing websites and, in limited cases, in parent-facing authenticated experiences to measure performance, improve functionality, and maintain the security and integrity of our Services.

These Technologies may collect information such as device and browser characteristics, IP address, interaction data (e.g., pages viewed and links clicked), and general usage information.

Marketing and retargeting. We may use advertising pixels and similar Technologies on our public-facing marketing websites to support user acquisition and retargeting (which may constitute “cross-context behavioral advertising”). Under certain state laws, including California law, this activity may constitute “sharing.” You may opt out of such sharing as described in the “Your Rights and Choices” section. We honor legally recognized browser-based opt-out signals, including Global Privacy Control (GPC), where required by law.

Child-facing exclusions. We do not deploy advertising or retargeting Technologies in authenticated child-facing portions of the Services, within the child application, or in connection with Child Profile data. The child application is ad-free and does not include third-party advertising SDKs.

In-product analytics. Analytics used within our products (including parent-facing authenticated experiences) are limited to service operation, functionality, performance, and security purposes and are not used for advertising, marketing, or commercial profiling of children.

We do not permit third-party advertising networks to collect data from child-facing features.

Categories of Cookies and Similar Technologies

We use the following categories of Technologies:

Strictly Necessary Technologies.
These are required for the Services to function properly. They enable core features such as authentication, security, account access, and system stability. Because they are essential to the operation of the Services, they cannot be disabled through our consent tools, although you can configure your browser settings to block cookies (which may affect functionality).

Functional Technologies.
These enable enhanced functionality and personalization, such as remembering preferences or supporting integrated features. If disabled through your browser settings, certain features of the Services may not function properly.

Analytics and Performance Technologies.
These help us understand how users interact with the Services so we can improve usability, diagnose issues, and maintain security. We may use first-party or third-party analytics providers for these purposes.

Advertising and Marketing Technologies.
Where permitted by law and applicable settings, we may use first-party or third-party Technologies to measure marketing performance, deliver relevant content, or support remarketing efforts. We do not use advertising or marketing Technologies in child-facing features.

Third-Party Analytics Providers

We may use third-party analytics and measurement providers, such as Google Analytics, Posthog, or similar services, to understand usage patterns and improve the Services. These providers may collect information about your interaction with our Services in accordance with their own privacy policies.

You can learn more about how these providers use data and how to opt out through their respective privacy policies and tools. We do not control how third-party providers process information collected through their Technologies.

Session Replay and Interaction Monitoring

We use analytics and diagnostic tools (such as PostHog and similar services) to understand how our Services are used, to monitor performance, and to improve functionality and security.

We do not currently enable continuous session replay or screen recording features for general users. In limited circumstances, we may activate enhanced diagnostic tools for specific accounts or testing environments to investigate technical issues, evaluate usability, or improve product performance. Such tools are used solely for internal testing, troubleshooting, and quality assurance purposes and are not used for advertising or marketing.

Child-facing features are not subject to session replay or behavioral recording for advertising or profiling purposes.

Email Tracking and Communications

Emails or newsletters sent by or on behalf of Permission may contain tracking pixels or similar Technologies that allow us to determine whether an email was opened and whether links within the email were clicked. We use this information to measure engagement, improve communications, and refine content relevance.

You may opt out of marketing emails at any time by using the unsubscribe link included in the message. Transactional or account-related communications may still be sent as necessary to provide the Services. You may review and update most account information directly within your account settings.

Managing Cookies and Tracking Technologies

You may manage certain cookie preferences through your browser settings or device controls. You may also use privacy tools or browser features to limit certain tracking technologies. Please note that blocking or deleting cookies may affect how some parts of the Services function.

If you change devices, install a new browser, clear cookies, or modify your browser settings, previously selected preferences may need to be reset.

Additional information about your privacy rights and opt-out options is described in the “Your Rights and Choices” section below.

7. How We Use Personal Information

Having accurate information about you helps us provide a smooth, efficient, and customized experience. Generally speaking, we use any information we collect to provide services to you, keep our Services running smoothly, and protect us legally. More specifically, we may use information collected about you in the following instances:

To Provide and Operate the Services

Create, manage, and administer accounts and household profiles
Authenticate users and maintain account security
Enable parent-configured controls and child-linked functionality
Process rewards, wallet transactions, and redemption requests
Provide access to optional features, including automated or AI-enabled tools such as the Permission Agent, in accordance with user settings and permissions

To Communicate With You

Respond to your comments, questions, and support requests
Send service-related communications, including technical notices, updates, security alerts, and administrative messages
Send newsletters or informational communications you choose to subscribe to
Contact you regarding your account, subscriptions, billing, rewards, or service updates

You may opt out of marketing communications at any time using the unsubscribe link included in such communications.

To Improve, Maintain, and Secure the Services

Operate, maintain, and enhance our websites, applications, and features
Monitor and analyze usage trends and performance metrics
Debug, troubleshoot, and detect errors or security incidents
Detect, prevent, and investigate fraud, misuse, or unauthorized activity
Develop new features and improve existing functionality
Generate aggregated or de-identified insights for internal research, analytics, and product improvement

To Support Marketing and Business Operations

Send you information about products, services, features, or promotions that may be relevant to you
Conduct direct marketing communications where permitted by law
Measure the effectiveness of marketing campaigns
Facilitate referral programs, promotional campaigns, contests, or rewards initiatives
Use cookies and similar technologies on our websites to understand user engagement and improve marketing performance

Where required by law, we obtain consent before sending marketing communications or using cookies for advertising or analytics purposes.

We do not use child-facing activity data for advertising, marketing, or commercial profiling purposes.

To Support Optional Features and User Choices

Enable user-authorized automated actions and preference management
Facilitate opt-in campaigns where users voluntarily provide information to receive rewards or offers
Process wallet-related transactions and verify identity where required by applicable law
Enable integrations or connections with third-party services at your direction

To Comply with Legal and Regulatory Obligations

Verify identity in connection with cryptocurrency rewards or financial transactions
Maintain records required for accounting, auditing, and compliance
Respond to lawful requests from courts, regulators, or law enforcement
Enforce our Terms of Use and protect our rights, users, and platform

8. Automated Processing and Profiling

We may use automated systems, including AI-enabled tools such as the Permission Agent, to support functionality within the Services. These systems may help organize content, surface relevant opportunities, personalize features, manage reward eligibility, detect fraud, or improve overall performance and security.

Automated processing may rely on information such as your account activity, interaction patterns, stated preferences, subscription status, or engagement with features of the Services. These processes are designed to enhance usability, improve service delivery, and maintain platform integrity.

We do not use automated decision-making to make decisions that produce legal or similarly significant effects about you without appropriate safeguards. Where required by applicable law, automated processing will occur only:

As necessary to perform a contract with you;
With your consent; or
As otherwise permitted by applicable law.

Child profiles are not subject to automated profiling for advertising, marketing, or commercial personalization purposes.

Where applicable law provides rights related to automated processing, you may request additional information, seek human review of certain decisions, or object to certain processing by contacting us as described in the “Your Rights and Choices” section below.

Chatbot and AI-Assisted Support Features

Certain features of the Services may include chatbot or AI-assisted support tools that allow users to obtain information, manage preferences, or receive assistance.

When you use these features, we and our service providers may access and process the information you submit through the chat interface; interaction data, device data, and usage signals may be recorded to enable the feature; chat interactions may be reviewed for quality assurance, troubleshooting, security, and service improvement purposes.

In some cases, de-identified or aggregated interaction data may be used to improve AI-assisted features and service quality. We do not use child-linked data to train advertising models, and we apply additional safeguards to child-facing functionality consistent with our parent-directed model.

Where required by law, we provide appropriate disclosures and obtain consent before enabling such features.

9. How We Share Personal Information

We share personal information only in the circumstances described below and only to the extent reasonably necessary to operate, secure, and improve our Services.

Permission does not sell children’s personal information. We do not share child-linked data with advertisers or third parties for their independent marketing or commercial purposes.

Service Providers and Infrastructure Partners

We engage trusted third-party service providers to help us operate the Services. These providers process personal information on our behalf and only for the purposes we specify.

Depending on the features you use, these providers may include:

Cloud hosting and infrastructure providers
Payment processors and subscription billing platforms
Identity verification providers (for wallet or rewards compliance)
Analytics and performance monitoring services
Customer support platforms
Security, fraud prevention, and compliance vendors

We maintain a current list of key subprocessors that process personal information on our behalf. That list is available here and may be updated from time to time to reflect changes in our operations.

These service providers are contractually restricted from using personal information for their own independent purposes.

Wallet, Blockchain, and Digital Asset Networks

Certain features of the Services involve blockchain technology and digital assets, including wallet functionality and ASK token transfers. Blockchain networks are decentralized, distributed systems that record transactions on a public ledger. Transactions recorded on a blockchain are generally immutable, meaning they cannot be modified or deleted once confirmed.

If you choose to use wallet features or transact in digital assets:

Your wallet address and transaction details may be recorded on a public blockchain.
Blockchain transactions are not controlled by Permission and may be publicly accessible.
Once recorded, blockchain data cannot typically be altered or erased.

We do not control blockchain networks and cannot delete or modify information that has been recorded on a blockchain by you or by operation of the network protocol. Where blockchain functionality is used, we process associated personal information only to facilitate the requested transaction, comply with applicable law, and operate wallet-related features.

Because blockchain networks are public by design, you should carefully consider what information you associate with your wallet address.

Legal Compliance and Protection

We may disclose personal information if we believe in good faith that disclosure is reasonably necessary to:

Comply with applicable law, regulation, subpoena, or legal process
Respond to lawful requests from public authorities
Enforce our Terms or other agreements
Detect, prevent, or address fraud, security, or technical issues
Protect the rights, safety, or property of Permission, our users, children, or the public

Business Transfers

If Permission is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred as part of that transaction, subject to applicable legal requirements.

We will take reasonable steps to ensure that any successor entity honors the commitments made in this Privacy Policy.

Advertising and Marketing (Parent or Adult Users Only)

We do not disclose personal information for cross-context behavioral advertising within authenticated portions of the Services, including the child application or child-linked profiles.

We may use advertising pixels and similar Technologies on our public-facing marketing websites to support user acquisition, campaign measurement, and retargeting. Under certain state privacy laws, including California law, this activity may constitute “sharing” for cross-context behavioral advertising.

We do not permit third-party advertising networks to collect personal information from child-facing portions of the Services, and the child application does not include advertising SDKs or retargeting Technologies.

If, in the future, we introduce features that allow eligible adult users or parents to connect with advertisers, brands, or partners, any such sharing would occur only:
● With explicit, informed opt-in consent;
● Under clear disclosures at the time of participation; and
● In accordance with an updated Privacy Policy.

We will never permit child-linked data to be shared for advertising purposes.

Public Content and Third-Party Integrations

Some areas of the Services may include publicly accessible features, such as blogs, forums, or social interaction tools. Information you voluntarily post in public-facing areas may be visible to other users or the public.

We may also provide social media features or third-party integrations, such as share buttons or sign-in services. These features may collect information such as your IP address or page visit and may set cookies to function properly. Your interactions with these features are governed by the privacy policies of the respective third-party platforms.

Aggregated and De-Identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify an individual. This information may be used for research, analytics, business reporting, or product improvement purposes.

10. Data Retention

We implement a structured data retention program designed to ensure that personal information is retained only for as long as necessary and disposed of in accordance with applicable law and our internal governance policies.

We retain personal information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including to provide the Services, maintain account functionality, comply with legal obligations, resolve disputes, enforce our agreements, and protect the security and integrity of the platform.

Retention periods vary depending on the type of information, the nature of the Services provided, and applicable legal or regulatory requirements. In determining appropriate retention periods, we consider:

The purpose for which the information was collected;
The sensitivity of the information;
Whether the information is necessary to maintain active accounts or provide requested features;
Applicable legal, tax, accounting, anti-money laundering, or regulatory requirements;
Security, fraud prevention, and dispute resolution needs.

Account and Profile Information

We generally retain parent account information, household records, consent records, and child profile data for the duration of the account. When an account is closed, we delete or de-identify such information within a commercially reasonable period, unless retention is required for legal, security, compliance, or dispute-related purposes.

Child-Linked Data

Child-facing activity data collected under parent-configured features is retained only as long as necessary to support account functionality, generate parent-facing insights, maintain audit records of controls, or comply with legal obligations. We apply additional safeguards to child-linked data and limit access consistent with our parent-directed model.

Wallet, Rewards, and Digital Asset Information

Wallet addresses, rewards ledger records, transaction references, and related compliance information may be retained for longer periods where necessary to:

Comply with financial, tax, anti-money laundering, or recordkeeping obligations;
Maintain accurate audit trails;
Resolve disputes related to rewards or withdrawals;
Prevent fraud or abuse.

Blockchain transaction records are maintained on public, decentralized networks that are not controlled by Permission. Such records are immutable and cannot be deleted or modified by us.

Identity Verification Data

Where identity verification is required for wallet functionality or other regulated activities, we retain verification status, reference identifiers, and related compliance records as required by applicable law and regulatory guidance.

Billing and Subscription Information

Transaction confirmations, subscription status, and related accounting records may be retained as necessary to comply with tax, accounting, audit, and regulatory obligations.

Analytics, Logs, and Security Records

System logs, diagnostics, and security-related records are retained in accordance with internal retention schedules designed to support platform integrity, incident investigation, and fraud prevention.

Account Closure and Deletion Requests

If you request deletion of your personal information or close your account, we will delete or de-identify personal information that is no longer necessary for the purposes described above, subject to legal, security, compliance, or dispute-related retention requirements.

Deletion may not be immediate and may require time to propagate across active systems and backup environments. In certain circumstances, we may be required to retain information to comply with legal obligations, respond to valid legal processes, investigate violations of our Terms, or protect the rights, safety, and integrity of our Services and users.

Backup Systems and Legal Holds

Certain information may be retained in secure backup systems for a limited period consistent with our disaster recovery and business continuity practices. In addition, if we receive valid legal process, regulatory requests, or credible reports of misuse or fraud, we may suspend deletion of relevant information as required to comply with applicable law.

11. Your Privacy Rights and Choices

Permission respects your privacy rights and provides mechanisms for you to access, manage, and control your personal information in accordance with applicable law.

Your rights may vary depending on your location and the nature of your relationship with us (for example, whether you are a parent account holder, an adult user, or acting on behalf of a child profile). Where required by law, we will honor the rights described below.

Right to Access and Data Portability: You may request confirmation of whether we process your personal information and request access to that information. Where applicable, you may also request a copy of personal information you have provided to us in a structured, commonly used, and machine-readable format, or request that we transmit that information to another provider where technically feasible.
Right to Correction: You may request that we correct inaccurate or incomplete personal information. In many cases, you may update your information directly through your account settings.
Right to Deletion/Erasure: You may request deletion of your personal information, subject to applicable legal exceptions. For example, we may retain certain information where necessary to:

Comply with legal obligations
Complete transactions
Detect or prevent fraud or abuse
Enforce our agreements
Protect the security and integrity of the Services

Deletion of blockchain-recorded transaction data may not be possible due to the immutable nature of decentralized networks, as described elsewhere in this Privacy Policy.

Parents may request deletion of child profile information at any time, subject to legal and compliance-related retention requirements.

Right to Restrict or Object to Processing of your Personal Information: Depending on your jurisdiction, you may have the right to restrict or object to certain types of processing, including processing based on legitimate interests or for direct marketing purposes.

You may opt out of marketing communications at any time by using the unsubscribe link in our emails or adjusting your account settings. Even if you opt out of marketing messages, we may continue to send service-related communications.

Right to Withdrawal of Consent: Where we rely on your consent to process personal information, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.
Automated Decision-Making: We may use automated systems, including AI-driven features such as the Permission Agent, to personalize content, match you with offers, manage rewards eligibility, and improve user experience.

Where required by law, you may request information about the logic involved in certain automated processing and, where applicable, request human review of decisions that produce legal or similarly significant effects.

You may also adjust personalization settings within your account.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. However, certain features of the Services may require the processing of personal information to function. If you choose not to provide required information, some features may be unavailable.
Right to Lodge a Complaint: If you reside in the European Economic Area (EEA), United Kingdom, or another jurisdiction that provides a supervisory authority, you have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so that we may attempt to resolve your concerns directly.
Right to Appeal Denied Requests: If we decline to take action on your request, you may appeal our decision by contacting us using the information provided below. We will review and respond to appeals in accordance with applicable law.

Exercising Your Rights

You may submit a privacy request by logging into your account (where self-service tools are available) or by contacting us using the information provided in the “Contact Us” section.

To protect your privacy and security, we may take reasonable steps to verify your identity before fulfilling a request. In some cases, we may need additional information to confirm your identity or authority. We may decline a request where permitted by law, including where we cannot verify your identity or where an exception applies.

We will respond to requests within the timeframe required by applicable law.

Cookies, Tracking Technologies, and Opt-Out Tools

You can limit or control certain online tracking technologies used on our websites and parent-facing experiences in several ways:

Browser Controls. Most web browsers allow you to remove or reject cookies through their settings. You can usually find these controls in your browser’s “Settings” or “Preferences” menu. Please note that blocking certain cookies may affect the functionality of some parts of the Services.

Global Privacy Control (GPC). If you enable a browser-based Global Privacy Control signal, we will recognize it where required by applicable law as a request to opt out of the sale or sharing of personal information for cross-context behavioral advertising. Where we engage in activity that may constitute "sharing" for cross-context behavioral advertising (for example, through advertising pixels on our public-facing marketing websites), we will treat a valid GPC signal an as opt-out request where required by law.

Advertising Industry Opt-Out Tools. You may also use industry opt-out mechanisms such as those provided by the Digital Advertising Alliance (aboutads.info) or the Network Advertising Initiative (networkadvertising.org) to limit interest-based advertising from participating companies.

Please note that opt-out mechanisms are browser- and device-specific. If you access the Services from multiple devices or browsers, you may need to adjust your settings separately for each one.

We do not currently respond to legacy “Do Not Track” browser signals that do not constitute legally recognized opt-out signals.

Sale, Sharing, and Targeted Advertising Disclosures (California Residents)

Under certain state privacy laws, including the California Consumer Privacy Act as amended by the CPRA, “sale” and “sharing” are broadly defined and may include certain disclosures of personal information in exchange for valuable consideration or for cross-context behavioral advertising.

We do not sell personal information.

We may use advertising pixels and similar Technologies on our public-facing marketing websites to support user acquisition and retargeting campaigns. Under certain state laws, including California law, this activity may constitute “sharing” for cross-context behavioral advertising. You may exercise your right to opt out of such sharing as described in the “Your Privacy Rights and Choices” section above.

We do not sell or share children’s personal information. We do not permit third-party advertising networks to collect personal information from child-facing portions of the Services, and the child application does not include advertising SDKs or retargeting Technologies.

In limited circumstances, we may facilitate value-exchange interactions where eligible adult users or parents explicitly choose to share information with a brand, advertiser, or partner in exchange for rewards or participation in a program. Any such sharing occurs only with clear, affirmative opt-in consent and under disclosures provided at the time of participation.

To the extent any such activity is deemed a “sale,” “sharing,” or “targeted advertising” under applicable state law, you may exercise your right to opt out as described in the “Your Privacy Rights and Choices” section above.

We do not knowingly sell or share the personal information of minors under 16 years of age.

California residents may request information regarding disclosures of personal information to third parties for their direct marketing purposes pursuant to California Civil Code Section 1798.83 by contacting us as described below.

12. Additional U.S. State Privacy Disclosures (Including California)

This section supplements the information provided elsewhere in this Privacy Policy and applies to residents of California and other U.S. states with applicable comprehensive privacy laws.

For purposes of this section, “personal information” has the meaning provided under applicable state law, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CPRA”).

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information, depending on how you interact with the Services:

Identifiers, such as name, email address, account name, IP address, online identifiers, wallet addresses, and similar identifiers.
Commercial information, such as subscription status, rewards activity, transaction confirmations, and records of services obtained.
Internet or other electronic network activity information, such as interaction data, browsing activity within the Services, device information, and usage logs.
Geolocation data (general location only), such as city, state, or timezone derived from IP address. We do not collect precise GPS location from children.
Professional or employment-related information, where voluntarily provided (for example, job title or company name in communications).
Inferences, such as preferences or interest indicators derived from your interactions with the Services, including personalization settings.

We may also collect Sensitive Personal Information in limited circumstances, such as:

Government-issued identification information for identity verification (where required for wallet or regulated digital asset features);
Account access credentials;
Limited identity verification data required for compliance with applicable law.

We use Sensitive Personal Information only for purposes permitted by applicable law, including identity verification, fraud prevention, security, and compliance. We do not use Sensitive Personal Information to infer characteristics for advertising purposes.

Categories of Personal Information Disclosed for a Business Purpose

We may disclose personal information to the following categories of recipients for business purposes:

Service providers and infrastructure partners (such as hosting providers, payment processors, analytics providers, identity verification vendors, and customer support platforms);
Blockchain networks and wallet infrastructure providers, where you choose to use wallet functionality;
Regulatory authorities or law enforcement where required by law;
Professional advisors in connection with legal, accounting, or compliance obligations;
Successor entities in the event of a merger, acquisition, or business transfer.

We require service providers to process personal information only on our behalf and pursuant to contractual protections consistent with applicable law.

Sale or Sharing of Personal Information

As described above in “Sale, Sharing, and Targeted Advertising Disclosures (California Residents),” we do not sell children’s personal information and do not sell personal information for monetary compensation.

Targeted Advertising and Opt-Out Rights

Residents of certain U.S. states have the right to opt out of:

Targeted advertising;
The sale of personal data (as defined under applicable law);
Certain profiling in furtherance of decisions that produce legal or similarly significant effects.

You may exercise these rights by contacting us as described in the “Your Privacy Rights” section or by using available account controls and preference tools.

Sensitive Personal Information Rights (California)

California residents have the right to limit the use and disclosure of Sensitive Personal Information to purposes permitted by law.

Permission does not use Sensitive Personal Information for purposes that would require offering a “Limit the Use of My Sensitive Personal Information” link beyond what is described in this Privacy Policy.

Notice of Financial Incentives

Permission may offer rewards, incentives, or other benefits (including ASK tokens) in connection with participation in certain programs, promotions, or opt-in campaigns.

These incentives may be considered “financial incentives” or “price or service differences” under California law because they involve the collection and use of personal information.

Participation in such programs is voluntary. By choosing to participate in a rewards program or opt-in campaign, you consent to the collection and use of your personal information as described at the time of participation and in this Privacy Policy.

You can determine the number of ASK tokens earned for a specific activity by reviewing the action associated with that activity or by reviewing your wallet transaction history. The number of ASK tokens, and therefore the value of the incentive for certain activities (including activities that may involve sharing personal information), varies based on a variety of factors (including, but not limited to, token velocity and the specific ASK-rewarded action you take). These factors are subject to change at Permission’s sole discretion.

The value of any financial incentive is reasonably related to the value of your participation, taking into account the costs of operating the program, providing rewards, supporting related services, and maintaining platform infrastructure.

You may withdraw from a financial incentive program at any time by discontinuing participation, adjusting your settings, or contacting us. Withdrawal will not affect personal information previously collected, subject to your deletion rights and applicable legal retention obligations.

Authorized Agents

Where permitted by law, you may designate an authorized agent to submit requests on your behalf. We may require verification of both your identity and the agent’s authority to act on your behalf.

For information regarding how long we retain personal information, please see “Data Retention” above.

13. International Data Transfers

Permission is based in the United States. Our primary infrastructure (including child-related activity data) is hosted, stored and processed in the United States on cloud infrastructure operated by service providers acting solely on our behalf.

These jurisdictions may have data protection laws that differ from those in your country of residence. Where required by applicable law, we implement appropriate safeguards to protect personal information transferred across borders, including contractual protections, security measures, and other legally recognized transfer mechanisms.

By using the Services, you acknowledge that your information may be processed in jurisdictions outside your place of residence, subject to the safeguards described in this Privacy Policy.

Additional information about cross-border data protections is available upon request as described in the “Contact Us” section below.

14. Third-Party Services and Links

The Services may contain links to third-party websites, applications, wallet providers, marketplaces, advertising partners, or other external services. In some cases, third-party content may be embedded or integrated into our Services while maintaining the appearance of our platform.

If you choose to access or interact with third-party services, any information you provide directly to those third parties is governed by their respective privacy policies and terms of service — not this Privacy Policy. We do not control, and are not responsible for, the privacy, security, or data practices of third-party services.

We encourage you to review the privacy policies of any third-party services before providing personal information.

15. How We Protect Personal Information

Permission maintains administrative, technical, and physical safeguards designed to protect personal information from loss, theft, misuse, and unauthorized access, disclosure, alteration, or destruction. These safeguards include measures such as encryption in transit, access controls based on role and necessity, vendor oversight, and security monitoring designed to protect the integrity of our systems.

We take into account the nature of the personal information processed — including child-linked data and identity verification information — and the risks associated with processing when implementing our security practices. We require service providers to implement appropriate safeguards consistent with applicable law.

While we implement reasonable security measures, no system or transmission of data over the Internet can be guaranteed to be completely secure. If you believe your account or interaction with us is no longer secure, please contact us promptly at security@permission.ai.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, or data practices. When we make material changes, we will update the effective date at the top of this Policy and, where required by applicable law, provide additional notice, such as through the Services or by email.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

This Privacy Policy uses industry-standard technologies and was developed in line with the World Wide Web Consortium’s Web Content Accessibility Guidelines, version 2.1. If you wish to print this policy, please do so from your web browser or by saving the page as a PDF.

17. How Can You Contact us About This Policy

If you have questions about this Privacy Policy or our privacy practices, or if you would like to exercise your privacy rights, you may contact us at:

Email: dpo@permission.ai
Mail: 888 Prospect Street, Suite 200, La Jolla, CA 92037

If you are contacting us regarding a privacy request, please include sufficient information for us to verify your identity and process your request.

Products

About

Company