Effective Date: November 20, 2023

Last Updated: Last Updated: May 6, 2025

Gesso Labs, Inc. d/b/a CO:CREATE (“CO:CREATE”, “we”, “our”, or “us”) cares about your privacy. Thank you for taking the time to read our privacy policy (“Privacy Policy”). This Privacy Policy covers all personal data processed by the CO:CREATE website (www.cocreate.ink) and our services (“Services”). If our privacy practices for certain services differ from those explained in this Privacy Policy, we will let you know at the time we ask for or collect your information.

‍
It is our policy to comply with all applicable privacy and data protection laws, including the California Consumer Privacy Act of 2018 (“CCPA”) and its subsequent amendments and the General Data Protection Regulation, Regulation (EU) No. 2016/279 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”). This commitment reflects the value we place on earning and keeping the trust of our customers, business partners, and others who share their data with us.

‍

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. We may make changes to the Privacy Policy from time to time. We, therefore, encourage you to check the Privacy Policy

periodically for updates.

‍

We cover a lot of ground in this Privacy Policy. Please use the links below to navigate to later sections of the Privacy Policy of interest to you.
‍
• Data Controller
• What Data We Collect About You
• Reason for Processing Your Personal Data
• How We Collect Your Personal Data
• How We Use Your Personal Data
• Disclosure of Your Personal Data
• Cookies and Automatic Data Collection Technologies
• Third-Party Links
• Retention
• Children
• Your Rights and Choices
• International Transfers
• Data Security
• Changes to This Privacy Policy
• Contact Us

1. Data Controller

CO:CREATE is the data controller responsible for your personal data. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us from the Contact Us section.

2. What Data We Collect About You

Personal data means any information about an individual from which that person can be identified, directly or indirectly. It does not include data where the identity has been removed (anonymized data), which we can use for any purpose. Some jurisdictions may consider your Internet Protocol (IP) address to be personal data. We may collect different kinds of personal data about you which we have grouped together as follows:

‍

A. Information You Provide Us (for Client Accounts). We collect certain types of information from you when you create a Client profile or make a purchase using the Service.

Client Information: Your first name and last name, email address, phone number, third-party user/handle name, Internet Protocol (IP) address or similar identifiers, and information regarding your desired tattoo, such as photos you provide, concepts you desire, or styles you express interest in.
Client Payment Information: Your billing address and billing information (such as your credit card number, expiration date, and CVV, or banking information.)
External Wallet Data includes the public address of any blockchain wallet you connect to our service.
Communication Data includes your feedback that you communicate to us (such as via email).

Information You Provide Us (for Artist Accounts). We collect certain types of information from you when you create an Artist profile using the Service.

Artist Information: Your name, valid identification, email address, country of residence, date of birth, taxpayer information, artist name, and information about your tattoo style, including images of your past work.
Artist payment information: Your bank country, bank account details, country of residence, billing address, and other payment information (e.g. credit or debit card details).
Business/Tax Information: Your tax and government issued identification numbers and licenses.‍
Regional Information: Your country, preferred language, and currency.

Artist Public Profile Information. As an Artist on CO:CREATE, you must provide certain information for your artist page. You can also choose to share other personal information (such as birthday, gender or location) in connection with your account and activity. Other people will be able to see your profile information. You can edit, remove, or limit this information through your account settings.

Artist name
Your name
Birthday
Gender
Location and/or business address (if applicable)
Profile photo
Your bio, story, story headline, shop photos, and shop
links
Policies (e.g., no-show, returns)

‍

Transaction Information. When you buy or sell tattoos on CO:CREATE, we collect information about the order as part of your transaction history.

Information about the transactions made on our Services, such as the artist name, items purchased, Buyer's name, purchase price, and date of the transaction.

Promotion Information. From time to time, CO:CREATE runs promotional offers, contests and sweepstakes.

The types of information we collect will be governed by the terms of the relevant promotion, which can be viewed on our Legal page. However, in general, we will collect the following information about entrants:
- Email address
- Social handle (if social promotion)

Survey Responses and Market Research. You may choose to provide certain information in connection with surveys, research and other feedback mechanisms.

Demographic information, including your age, gender, work status, region and neighborhood type (e.g., rural suburban, or urban) and, your income, education and race/ethnicity
Any additional information you may provide

B. Information Automatically Collected by Technology:

In addition, to the information you provide us, we may automatically collect certain information about your equipment, software, and browser to provide you with an efficient and personalized experience. This information includes:

‍

Browser and Device Data: The device’s hardware information, operating system, platform information, browser type, language information, browser plugin types.
Usage Data: Information about how you use our website and our Services.
General location information: IP addresses and other information like your zip or postal code, to estimate your general location (e.g., country, state, or city) The general location you set in your regional preferences on the Service
Cookie Information: For more information about these online tools and how we use them, see our Cookies and Automatic Data Collection Technologies disclosure.

‍

C. Information Collected from Third-Parties:

We may collect personal or anonymized information about you from third party companies that provide products and services that are used in together with our website or our Services.

Information from our Payment Processors: We receive certain information about Clients from our third-party payment processors, such as Stripe, who help us to process transactions, provide our Services and prevent fraudulent or illegal activity. This information includes:

Your first and last name
Your billing address
Your email address
Your phone number

‍

Analytics Information: We use data analytics software to ensure functionality and to improve the Services. For more information, see Cookies & Similar Technologies Policy and Cookies & Similar Technologies Disclosures.

We use third-party software to record information such as how often you use the Service, what happens within the Service (e.g., how you interact with our Services), aggregated usage, performance data, app errors and debugging information, and, in the case of Apps, and where the Apps were downloaded from

‍

D. Aggregated Data:

We may also collect, use and share aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data could be derived from your personal data but is not considered personal data as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing our websites and Services. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

‍

We do not collect any special categories of sensitive personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data, and precise geolocation data). Nor do we collect any information about criminal convictions and offenses.

‍

3. Reason for Processing Your Personal Data

We may process the personal data you provide for the following reasons and legal bases:
‍

To allow you to create a profile, list a tattoo, or complete a purchase

To enable a transaction between a Client and an Artist

To allow you to interact with a CO:CREATE Artist

To enable you to use the Services

To interact with the CO:CREATE Service

To enable you to use the Services

To receive your feedback that you provide us on our Contact Us page.

Legitimate interest to manage our website.

To respond to your requests and inquiries for technical support and general questions.

Legitimate interest to manage our website.

To engage in marketing with its customers.

Our legitimate interest based upon balancing your rights and freedoms against our interest of engaging in marketing.

To receive your comments on our social media accounts.

Legitimate interest to manage our website.

To allow you to exercise your data privacy rights.

Necessary to comply with our legal obligation.

In addition, we may process your personal data for the following reasons:
‍
• To carry out our obligations and enforce our rights.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.

We may use information that is not personal data for any purpose. For example, we may aggregate usage data from many people in a way that does not identify any individuals to calculate the percentage of users accessing our website.

4. How we collect your personal data

We use different methods to collect information from and about you including through:

‍

Direct interactions. You may give us information about you by interacting with our website or Service, by communicating with us via email or contact us page. This includes information you provide by emailing us about our website or Services or leaving your contact information to be part of the CO:CREATE’s beta partner program.
Third-party or publicly available sources. We may receive information about you from third parties. The information we receive includes analytics information for improvement of our website and Services.‍
Technical and Communication Data from the following parties: We may collect information from third-parties providers such as Twitter, Medium, GitHub, Discord, LinkedIn, and Google Analytics. The information we may collect includes your feedback about our Services on our Twitter account, Medium, and GitHub.

5. How We Use Your Personal Data

The Company may use your personal data to:

Communicate with you. This may include: (i) informing you of our new services and promotional activities that may be of interest to you; (ii) providing information about our Services; (iii) responding to your feedback about our website and Services, including, for example, technical support and service improvements to our website and Services; (iv) responding to your questions or inquiries, including technical questions and troubleshooting using our Services; (v) responding to your general inquiries; (vi) responding to your inquiries for a demo request; (vii) responding to your privacy inquiries; and (viii) inviting you to participate in our partnership programs.

Develop and manage our relationships with you, our brand partners and our service providers. This may include: (i) delivering services or carrying out transactions you, our brand partners or our business partners have requested; (ii) providing information about our Services and advertisements, that may be of interest to you; (iii) providing you with a more consistent experience in interacting with us, including by learning more about you and how you use and interact with our website and Services; and (iv) planning, managing, and performing our contractual relationships with our service providers.

Improve our website and Services. This may include: (i) customizing our website and services to your preferences or interests, (ii) making them more compatible with your devices and browsers, or otherwise making our website and Services easier to use; (iii) maintaining the security of our website and Services and otherwise protecting them; and (iv) improving our website and Services; and (v) developing new services and features on the website.

Address legal issues. This may include: (i) complying with our obligations to retain certain business records for minimum retention periods; (ii) establishing, exercising, or defending legal claims; (iii) complying with laws, regulations, court orders, or other legal processes; (iv) detecting, preventing, fraud or intellectual property infringement claims, violations of our contracts or agreements, violations of law, or other misuse of our website or Services; and (v) protecting the our rights or property, or yours or other health, safety, welfare, rights, or property.

We may also use your personal data for other uses consistent with the context in which the data was collected or with your consent or lawful purposes. If we believe the purpose for which we use your personal data for other purposes go beyond the scope of your consent you provide during the personal data collection, we will communicate with you to obtain your consent.

‍

We may anonymize or aggregate any of the data we collect and use it for any purpose, including research and product development. Such anonymized or aggregated data will not identify you individually.

‍

6. Disclosure of Your Personal Data

We may share your personal data with third parties when we have a good faith belief that disclosure is necessary:
- (i) to comply with a law, regulation, court order, or other legal processes;
- (ii) to detect, prevent, and respond to fraud or intellectual property infringement claims, violations of our contracts or agreements, violations of law, or other misuse of our website or Services;
- (iii) to protect our rights or property or yours or others ’health, safety, welfare, rights, or property; or
- (iv) under similar circumstances. If such an event occurs, we will take appropriate steps to protect your personal data.
We may disclose your personal data with third parties in connection with the sale, purchase, merger, reorganization, liquidation, or dissolution of CO:CREATE, or under similar circumstances. If such an event occurs, we will take appropriate steps to protect your personal data.
We may share your data with your consent or at your request.
We may share anonymized or Aggregated Data internally and with third parties for any purpose. Such information will not identify you individually.

‍

7. Cookies and Automatic Data Collection Technologies

Our website may use automatic data collection technologies to distinguish you from other website users. This helps us deliver a better and more personalized experience when you browse our website. It also allows us to improve our website by enabling us to:

Estimate our audience size and usage patterns.
Store your preferences, so we may customize our website according to your individual interests.
Recognize you when you return to our website.

The technologies we use for this automatic data collection may include:

Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. For information about managing browser settings to refuse cookies, see Your Rights and Choices.

Most web browsers include a Do-Not-Track (“DNT”) signal or similar mechanisms for your privacy preference. At this time, there is no technology standard for recognizing and implementing DNT signals has been finalized. Given the state of technology, we do not respond to DNT signals or any other mechanism that automatically communicates your preference not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

‍

8. Third-Party Links

Some content or applications on our website may be served by third parties, content providers and application providers including the following:
‍
‍Plugins. Our website may make available the option for you to use “plugins” that are operated by social media/networking companies. If you choose to use one of these plugins, then it may collect information about you and send it back to the social media company that owns it. This may happen even if you do not click on the plugin, if you are logged into the social media/networking website that owns the plugin when you visit our website. Data collected by a plugin is subject to the privacy policy and terms of the social media company that makes it. If you do not want the social media company that owns a plugin to collect information about you when you visit our website, sign out of the social media network before visiting. By interacting with a plugin when you are on our website (for example, clicking the Facebook “Like” button), you are intentionally transferring information to that social media/networking company. Further, if you are logged into a social media website when you visit our website, then you are directing us to share your data with the social media company that owns the plugin.

‍Third-party links. Our website may contain links to other sites, which we do not control. Those website have their own privacy policies and terms, and we encourage you to read those terms before interacting with third-party sites.

9.Retention

We will take reasonable steps to avoid collecting personal data that is not necessary. We will only retain your personal data for the period necessary to achieve the purposes described in this privacy policy. Your express agreement may permit us to retain your personal data for a longer period. Furthermore, legal requirements may require us to retain portions or all of the personal data we hold for a longer period of time. For example, we may be required to retain your information for regulatory compliance reasons. When we are no longer required to retain your personal data, we will delete, erase, or anonymize your personal data as required by applicable law and regulations.

10. Children

Our website and Services are not intended for children under 18 years of age. We will not knowingly solicit or collect personal data from children under 18, or the relevant minimum age under applicable local legal requirements, except as permitted under applicable law. If we learn that we have received information directly from a child under 18 without his or her parent’s or legal guardian’s consent, we will make commercially reasonable efforts to delete such information.

11. Your Rights and Choices

Your rights may vary depending on where you are located. We have created mechanisms to provide you with the following control over your information.
‍
• Accessing, Updating, and Deleting Your Information. You can contact us as set forth in the Contact Us section below to request access to, correction of, or deletion of personal data that you have provided to us. We may also ask you to verify your identity before we respond to your request. Depending on your request, we may not accommodate your request to change information if we believe the change would violate any law or legal requirement or negatively affect the information’s accuracy.
‍
• Cookies and Automatic Data Collection Technologies. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. However, if you disable or refuse cookies, please note that some parts of these websites may become inaccessible or not function properly. For more information, please see our cookie policy, below.
‍
• California Residents. If you are a California resident, you may have additional personal rights and choices with regard to your personal data. Please see Your California Privacy Rights for more information. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. At this time, we do not engage in this type of disclosure.
‍
• EU Residents. If you are a resident of the European Union, you have the right to:o request access to your personal data, commonly known as a “data subject access request,” which allows you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
      o Request a correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
      o Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
      o Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may
demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
      o Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
            ▪ If you want us to establish the data’s accuracy.
            ▪ Where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims.
            ▪ You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
      o Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
      o Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain Services to you. We will advise you if this is
the case at the time you withdraw your consent.
      o We may make automated decisions about you based on your personal data that may affect your access or Services provided to you. You have the right not to be subject the automated decision making so long as the decision is not necessary for the performance of the contract with you or required by legal obligation. If the
decision making is necessary, you may contest the decision and request human intervention in the decision-making process.
      o You also have a right to lodge a complaint with the data protection authority where you live.

12. International Transfers

We are an international company, and we maintain the information collected and generated in the United States that may have privacy laws that offer different levels of protection from the privacy laws of where you live. If you visit our site or use our Services, you consent to our collection, transfer, processing and use of your personal data in the United States. We will ensure that your personal data is adequately protected by this Privacy Policy and the relevant legal and regulatory requirements, for example, by using model contractual clauses ensuring appropriate data protection safeguards can be used as a ground for data transfers from the EU to third countries.

If you are located in the EEA, we have put in place appropriate measures to comply with the laws and regulations to ensure that the transfer of personal data to countries outside of the EEA provides an adequate level of data protection.

13. Data Security

The security of your personal data is very important to us. We use physical, electronic, and administrative safeguards designed to protect your personal data from loss, misuse and unauthorized access, use, alteration, or disclosure. We will only retain your personal data for as long as reasonably necessary to fulfill the purpose of collecting it.

We also require our service providers and business partners to whom we disclose the information to do the same. When you use certain types of information, for example, we encrypt the transmission of certain sensitive or financial information using secure socket layer technology (SSL). We will continue to improve our physical, electronic, and administrative safeguards. However, the Internet environment is not 100% secure, and we cannot guarantee that information we collect will never be accessed in an unauthorized way.

Changes To This Privacy Policy

Changes to this Privacy Policy will be posted on this site, along with information on any material changes. The Company reserves the right to update or modify this Privacy Policy at any time and without prior notice. If the changes made to our Privacy Policy are substantial, we will contact you before the changes take place.

If you have any questions about this Privacy Policy or our use of your personal data, please contact us by email: help@cocreate.ink.

Cookie Policy

Effective Date: November 20, 2023

Last Updated: May 6, 2025

Gesso Labs, Inc. d/b/a CO:CREATE (“CO:CREATE”, “we”, “our”, or “us”) cares about your privacy. Thank you for taking the time to read our cookie policy (“Cookie Policy”). This Cookie Policy explains what cookies we use in addition to when and why we use cookies and similar tracking technologies on CO:CREATE’s website: https://www.cocreate.ink (“Website”).

‍

What is a cookie?

‍

A cookie is a small text file that we store on your browser or your device (computer, tablet, smartphone, etc.) if you agree. Cookies contain information that is transferred to your device’s memory or computer’s hard drive. There are three main types of cookies:

‍

Session cookies: specific to a particular visit and limited to sending session identifiers (random numbers generated by the server) so you don’t have to re-enter information when you navigate to a new page or check out. Session cookies are not permanently stored on your device and are deleted when the browser is closed;
‍
‍Persistent cookies: record information about your preferences and are stored in your browser cache or mobile device; and
‍
First and third-party cookies: whether a cookie is ‘first’ or ‘third’ party refers to the website or domain placing the cookie. First-party cookies, in basic terms, are cookies set by a website visited by the user (the website displayed in the URL window), i.e., cookies set by the Website. Third-party cookies are cookies that are set by a domain other than the one being visited by the user: i.e., cookies which are set by websites other than the Website. If a user visits our Website and a separate company sets a cookie through it, this would be a third-party cookie.

Purpose of cookies

Some cookies are strictly necessary for the use of our Website. Others make it possible to optimize the use of the Website and personalize the contents displayed. Cookies make it possible to (1) measure and analyze the frequency and use of our Website sections and services so that we can improve the functionality of the Website, and (2) measure safety and performance.

‍

We use the following cookies:

‍

Strictly necessary cookies. These are cookies that are required for the operation of our Website. For example, strictly necessary cookies track your session so you do not need to re-login to our Website.
‍
Analytical or performance cookies. These allow us to recognize and count the number of visitors and to see how visitors move around our Website when they are using them. This helps us to improve the way our Website work, for example, by ensuring that users are finding what they are looking for easily.
‍
Functionality cookies. These are used to recognize you when you return to our Website. These cookies enable us to personalize our content for you and remember your preferences (for example, your choice of language or region).
‍
Marketing cookies. These cookies record your visits to our Website, the pages you have visited, and the links you have followed. We will use this information to make our Website more relevant to your interests. We may also share this information with third parties for this purpose.

Other Information Storing Technologies

IP Addresses. Internet Protocol (IP) address is a specific identifier with which the electronic devices can identify and communicate with each other online. We may see our visitors’ IP addresses and use this information to comprehend where our visitors come from to improve our service.
‍
Web Beacons. Our Website may contain web beacons. Such instruments enable third parties to have immediate specific information, such as the IP address of the computer that downloaded the page with the beacon, the URL of the page where it appears, the time in which the page with the beacon was viewed and the type of browser used to view the page.
‍
Embedded Scripts. An embedded script is a programming code that is designed to collect information about the links you click on and your interactions with our Website. The code is temporarily downloaded onto your device from our web server or a third-party service provider and is active only while you are connected to our Website and is deactivated or deleted thereafter.
‍
Other Means. Your browser or device may utilize local shared objects or local storage, such as flash cookies, HTML 5 cookies, and other web application software methods. These instruments may operate through all the browsers, and in certain cases, they may not be managed by your browser or may require it to be managed through your installed applications directly. We do not use these technologies for storing information to target advertising to you on or off our Website.

How Long Will Cookies Stay on My Device?

Some of the cookies we use are deleted after termination of the browser session, i.e., after your browser window is closed (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser on your next visit (persistent cookies).

Consent

When you access our Website, you will have a choice to consent to all cookies, reject all cookies (except for strictly necessary cookies) or accept the use of certain cookies. If you consent to the use of cookies, a consent cookie will be placed on your computer.
‍
If you reject the use of cookies, a rejection cookie will be placed on your computer so that we can record that you have rejected using certain cookies on our Website. If the rejection cookie is deleted, we will not be able to identify whether you have rejected the use of cookies.
‍
In addition, you may withdraw your consent. However, your withdrawal will not retroactively affect the lawfulness of the processing of data before you withdrew your consent.

How Do I Change My Cookie Settings?

Most web browsers allow some control of most cookies through the browser settings. You can configure your browser so that you are informed when cookies are set, or you can decide on an individual basis whether to accept cookies or reject the acceptance of cookies in general. Every browser differs in the management of cookie settings. They are available for the different browsers at the following links:
‍
• Microsoft Windows Explorer
• Google Chrome
• Mozilla Firefox
• Apple Safari
‍
You can find more information about cookies (including how to disable them) at http://www.allabout cookies.org/. Not accepting cookies can result in the limited functionality of our Website. You can also search in your cookie folders to find our cookies and the Google Analytics cookie if you wish to delete them.

Who Controls and Accesses Cookies?

Not all cookies are set by us. Some cookies may be set through third-party services appearing on our pages. Third-party cookies are not in our control but are under the control of a third party.

Any other processing of your data will take place only if you have allowed Google to link your web and app browser history to your Google account and to use information from your Google account to personalize ads that you see on the web. In this case, if you are logged in to your Google account during your visit to our Website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google will temporarily link your personal information with Google Analytics data to create target groups.

If you do not want Google Analytics to be used in your browser, Google Analytics provides an opt-out tool which can be found here.

Additional Information for our Visitors from the European Economic Area (“EEA”)

If you are a visitor from the EEA, you will be shown a banner requesting that you accept the placement of cookies before cookies are placed on your computer or device. By accepting the placement of cookies, you are enabling us to provide the best possible experience and service to you. You may, if you wish, decline the placement of cookies unless those cookies are strictly necessary.

Your Rights

The GDPR provides you with rights to access, correct, erase the data, and object to the processing of data. In addition, you have the right to data portability. Please see our Privacy Policy above for further details.

Complaints

You (Data Subject) may lodge a complaint with the relevant data protection authority in the data subject’s jurisdiction.

Changes

We may update this Cookie Policy from time to time. We reserve the right to revise our Cookie Policy at any time, and any changes will be effective upon being posted unless we advise otherwise. We encourage you to periodically review this Cookie Policy for the latest information about the use of cookies on our Website.

Our Details

For questions or concerns about our privacy policy and practices, you can contact us at help@cocreate.ink

California Consumer Privacy Act Privacy Notice

Effective Date: November 20, 2023

Last Updated: May 6, 2024

Gesso Labs, Inc. d/b/a CO:CREATE (“CO:CREATE”, “we”, “our”, or “us”) cares about your privacy. Thank you for taking the time to read our California Consumer Privacy Act (“CCPA”) privacy notice (“Privacy Notice”). This Privacy Notice covers all personal data processed by our website (https://www.cocreate.ink) and our services (“Services”).
‍
If you are a California resident, you may have additional rights and choices about your Personal Information. Please note that the CCPA provides certain exceptions with respect to the Personal Information of California employees, job applicants, owners, directors, vendors, suppliers and contractors.

Information we collect

The categories of personal information we have collected about California residents in the last 12 months are described below:
‍

A. Identifiers

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

Yes

B. Personal
Information
categories listed in the California Customer Records statute (Cal. Civ. Code §
1798.80(e))

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some Personal Information included in this category may overlap with other categories.

Yes

C. Protected
classification
characteristics
under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Yes

D. Commercial
information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

E. Biometric
information

Genetic, physiological, behavioral, and biological
characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

Yes

G. Geolocation
data

Physical location or movements.

Yes

H. Sensory data

Audio, electronic, visual, thermal, olfactory, or similar information.

I. Professional or employment-related information

Current or past job history or performance evaluations.

J. Non-public
education
information (per the Family
Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

K. Inferences
drawn from other Personal
Information

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

B. Use of personal information

In the last 12 months, we have used your personal information for the business and commercial purposes described below.
‍
Category A: Identifiers
Category B: Personal Information categories listed in the California Customer Records statute
Category C: Protected classification characteristics under California or federal law.
Category F: Internet or other similar network activity
Category G: Geolocation data.

C. Sharing of personal information

The business and commercial purposes that we have shared your personal information in the last 12 months are as follows:
‍
Sharing your personal information for business purposes. We have shared the following categories of personal information with our affiliated companies and service providers for our business purposes:

Category A: Identifiers
Category B: Personal Information categories listed in the California Customer Records statute
Category C: Protected classification characteristics under California or federal law.
Category F: Internet or other similar network activity
Category G: Geolocation data.

As described above, examples of business purposes include performing transactions, registering accounts, managing our relationship with you, and monitoring for security threats and fraud.
‍
• Sharing your personal information for commercial or other purposes: We have shared the following categories of your personal information with co-sponsors, service providers and other third parties in a manner that is likely to be considered to be a “sale” or “sharing” for commercial purposes under the CCPA:
o None.
‍
• Sharing your sensitive personal information as defined by Cal. Civ. Code § 1798.140(ae). Sensitive personal information means personal information that reveals (A) a consumer’s social security, driver’s license, state identification card, or passport number; (B) a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (C) a consumer’s precise geolocation; (D) a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (E) the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication (F) consumer’s genetic data; (G) biometric information for the purpose of uniquely identifying a consumer; (H) personal information collected and analyzed concerning a consumer’s health; (I) personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.
o None.

As described above, this information may be shared for personalization, analytics, marketing, retargeting, and sales. We do not sell or share personal information of consumers we actually know are less than 16 years of age.

D. Your right to know

You have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your personal information over the past 12 months. Once we verify your request, we will disclose to you:
‍
• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: sales, identifying the personal information categories that each category of recipient purchased; and disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

We do not provide access rights to business to business (“B2B”) information.

E. Your right to obtain a copy of your personal information

You have a right to obtain a copy of the specific pieces of personal information we collected about you (also called a data portability request). Once we verify your request, we will provide you a copy of your personal information that is responsive to your request.

We do not provide portability rights to B2B information.

F. Your right to delete your personal information

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We do not provide deletion rights to B2B information.

G. Your right to opt-out of sale of your information

We do not sell or share personal information with third parties that would be considered a “sale” under the CCPA.

H. How to exercise your CCPA rights

To exercise your right to know, right to obtain a copy, or right to delete your personal information as described above, please submit your request to us by contacting us at help@cocreate.ink.

I. How we verify requests and respond to requests

Before fulfilling your request, we take steps to verify you are who you say you are or that you have the authority to act on someone else’s behalf. Therefore, upon receipt of your request, we will request additional information that we need to verify you and, if you are submitting a request on behalf of someone else, to verify that you are permitted to act on that person’s behalf.

When we contact you to request verification information, please respond and provide the information that we have requested. Depending on the nature of the request you make, we may require you to verify your identity to either a reasonable degree of certainty or high degree of certainty. This may mean that we need to match two or three pieces of information that we hold about you with information that you provide to us. In some cases, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request or that you are authorized to make the request on behalf of someone else.

In addition to providing the information we need to verify you or your authority, you must provide us with enough information so that we can understand, evaluate, and respond to your request. We cannot respond to your request or provide you with personal information if we cannot confirm the personal information relates to you.

We will only use personal information provided in a verifiable consumer request to verify your identity or authority to make the request and to locate relevant information. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and to understand, evaluate, and respond to your request.

We cannot delete personal information in those situations where our retention is required for our own internal business purposes or otherwise permitted by the CCPA (such as fraud prevention or legal compliance). In these situations, we will retain your information in accordance with our records retention program and securely delete it at the end of the retention period.

J. Who may submit requests?

Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. You may also make request on behalf of your minor child. You may designate an authorized agent to make a request on your behalf by registering such person or entity with the California Secretary of State.

K. How often you can submit requests?

You may make a CCPA consumer request twice within a 12-month period.

L. Response timing and format

We make every attempt to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. When you request a copy of your personal information, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity easily.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

M. Non-discrimination

We will not discriminate against you for exercising any of your CCPA rights. You have a right not to receive discriminatory treatment by us for exercising your privacy rights.

N. Changes To This Privacy Notice

Changes to this Privacy Notice will be posted on this site, along with information on any material changes. The Company reserves the right to update or modify this Privacy Notice at any time and without prior notice. If the changes made to our Privacy Notice are substantial, we will contact you before the changes take place.

O. Contact Us

If you have any questions about this Privacy Notice or our use of your personal data, please contact us by sending an email to: help@cocreate.ink

legal