1 Interpretation and Definitions

1.1 Interpretation

Capitalized words have the meanings defined below. These definitions apply whether the terms appear in singular or plural form.

1.2 Definitions

• Affiliate means any entity that controls, is controlled by, or is under common control with the Company, where “control” means ownership of 50% or more of voting securities.
• Business Partner means a company or organization that has contracted with Melted Crayons LLC to deploy HTE within its customer hold queue environment.
• CCPA/CPRA refers to the California Consumer Privacy Act as amended by the California Privacy Rights Act of 2020.
• Company refers to Melted Crayons LLC, a California limited liability company.
• Consumer, for CCPA/CPRA purposes, means a natural person who is a California resident.
• Data Controller, for GDPR purposes, refers to the Company as the entity that determines the purposes and means of processing Personal Data.
• Device means any device used to access the Service, including mobile phones, tablets, or computers.
• End-User means any individual who receives an SMS message from the Service while on hold with a Business Partner.
• GDPR refers to the EU General Data Protection Regulation.
• Personal Data means any information that relates to an identified or identifiable individual.
• Service refers to the Hold Time Entertainment platform, including SMS delivery, interactive game links, and related web interfaces accessible through holdtimemedia.com.
• Service Provider means any third-party that processes data on behalf of the Company to facilitate the Service.
• SMS Message means a text message sent to an End-User’s mobile phone number containing a link to an interactive game or entertainment experience.
• Usage Data refers to data collected automatically through use of the Service, such as device type, interaction time, and game session data.
• You means the individual accessing or using the Service, or the Business Partner entity on whose behalf such individual acts.

2 How End-Users Receive Messages and Provide Consent

Hold Time Entertainment delivers SMS messages to individuals who are on hold with a Business Partner that has licensed the HTE platform. Prior to any SMS being sent, End-Users are notified via a pre-recorded audio message that a text containing an interactive experience will be sent to their mobile number during the hold period.

By remaining on the line after this notification, End-Users provide implied consent to receive the SMS message. Every SMS message sent through the Service includes opt-out instructions. End-Users may reply STOP at any time to unsubscribe and will receive a confirmation message. Standard message and data rates may apply.

Business Partners are responsible for ensuring their use of the HTE platform complies with applicable laws, including the Telephone Consumer Protection Act (TCPA) and any applicable state regulations governing SMS communications.

3 Types of Data Collected

3.1 Personal Data

Depending on how the Service is configured by a Business Partner, we may collect the following personally identifiable information:

• Mobile phone number (required to deliver the SMS message)
• First name (if provided by the Business Partner’s system)
• Email address (if voluntarily submitted through the Service interface)

3.2 Usage Data

Usage Data is collected automatically when an End-User interacts with the Service. This may include:

• Mobile device type and operating system
• IP address
• Browser type and version
• Game session data (start time, duration, score)
• Pages or screens visited within the HTE interface
• Unique device identifiers

3.3 Data We Do Not Collect

We do not collect Social Security numbers, financial account numbers, credit card information, biometric data, health or medical information, or protected classification characteristics such as race, religion, or sexual orientation.

4 How We Use Your Data

The Company uses collected data for the following purposes:

• To deliver SMS messages and interactive game experiences to End-Users during hold queues
• To maintain and improve the functionality and performance of the Service
• To monitor usage patterns and analyze engagement for Business Partners
• To provide customer support and respond to inquiries
• To comply with legal obligations and enforce our agreements
• To detect and prevent fraud, abuse, or unauthorized access
• To evaluate the effectiveness of the Service and develop new features

We do not use End-User data for third-party advertising or sell End-User personal information to data brokers.

5 Sharing of Your Personal Data

5.1 With Business Partners

Aggregate and anonymized usage data may be shared with the Business Partner that deployed the HTE experience. Individually identifiable data is only shared as required to deliver the Service or as authorized by the End-User.

5.2 With Service Providers

We work with third-party Service Providers to operate and improve the Service. These include:

• Twilio Inc. — SMS delivery infrastructure. See Twilio’s Privacy Policy.
• Supabase — Database and backend infrastructure
• Google Analytics / Firebase — Usage analytics and performance monitoring

All Service Providers are contractually required to protect your data and may only use it to perform services on our behalf.

5.3 For Business Transfers

In the event of a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your data becomes subject to a different Privacy Policy.

5.4 For Legal Requirements

We may disclose your Personal Data if required by law or in response to valid requests by public authorities, including courts and government agencies.

6 SMS Messaging Compliance

Hold Time Entertainment is registered under the A2P 10DLC framework as required by U.S. mobile carriers. All SMS communications sent through the Service:

• Are sent only to End-Users who have been notified and provided consent as described in Section 2
• Include opt-out instructions in every message (reply STOP to unsubscribe)
• Include help instructions upon request (reply HELP for assistance)
• Are not sent to End-Users who have previously opted out
• Comply with the CTIA Messaging Principles and Best Practices

7 Retention of Your Personal Data

We retain Personal Data only for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

Mobile phone numbers used for SMS delivery are retained only for the duration of the hold session and any applicable opt-out record keeping required by law. Usage Data is generally stored for no longer than 24 months unless a longer period is required by law.

8 Security of Your Personal Data

We implement commercially reasonable technical and organizational measures to protect your data, including encrypted data transmission, access controls, and regular security reviews.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9 Children’s Privacy

The Service is not directed at individuals under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us immediately and we will take steps to remove that information from our systems.

10 GDPR Privacy Rights (EU Users)

If you are located in the European Economic Area (EEA), you have the following rights under GDPR:

• Right to access, update, or delete the information we hold about you
• Right to rectification of inaccurate or incomplete data
• Right to object to processing based on legitimate interests
• Right to erasure (“right to be forgotten”) where no legal basis exists for continued processing
• Right to data portability in a structured, machine-readable format
• Right to withdraw consent at any time without affecting prior lawful processing

To exercise any of these rights, please contact us using the information in Section 13. You also have the right to lodge a complaint with your local data protection authority.

11 CCPA/CPRA Privacy Rights (California Residents)

If you are a California resident, you have the following rights under CCPA/CPRA:

• Right to know what personal information we collect, use, disclose, or sell
• Right to delete your personal information, subject to certain exceptions
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of your personal information
• Right to limit the use or disclosure of sensitive personal information
• Right to non-discrimination for exercising your privacy rights

11.1 Categories of Personal Information Collected

• Category A — Identifiers: mobile phone numbers, IP addresses, device identifiers
• Category B — California Customer Records: phone numbers
• Category F — Internet/network activity: game session data, interaction data
• Category G — Geolocation data: approximate location derived from IP address

11.2 We Do Not Sell Personal Information

We do not sell personal information as that term is commonly understood. We do not share personal information with third parties for their direct marketing purposes.

11.3 Exercising Your California Rights

To submit a verifiable consumer request, contact us using the information in Section 13. We will respond within 45 days of receipt.

12 Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy at holdtimemedia.com/privacy-policy/ and updating the “Last Updated” date at the top of this document. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

13 Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our data practices, please contact us: