For the best experianceDownload the Mobile App
App Store Play Store

Privacy Policy

Privacy Policy

PRIVACY POLICY (GENERAL)

Effective Date: March 31, 2022

To review material modifications and their effective dates scroll to the bottom of the page.

Underweigh Adventures, LLC dba Sonoma Connect™ ("Sonoma Connect") owns and operates this www.Sonomaconnectapp.com website business. All references to "we", "us", this "website" or this "site" shall be construed to mean Sonoma Connect™.

HOW WE MODIFY THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time, and without prior notice, by posting an amended Privacy Policy that is always accessible by clicking on the "Privacy Policy" link on this site's home page. Your continued use of this site indicates your acceptance of the amended Privacy Policy.

Regarding Personal Information (defined below), if any modifications are materially less restrictive on our use or disclosure of the Personal Information previously disclosed by you, we will obtain your consent before implementing such revisions with respect to such information.

THE TYPES OF INFORMATION WE COLLECT

Personal Information. "Personal Information" includes any information regarding a natural person that may be used directly to identify the person. Personal Information that we collect may vary with each separate purpose for which you provide it, and it may include one or more of the following categories: name, physical address, an email address, phone number, credit card information including credit card number, expiration date, and billing address, UUID mobile device information, and location data.

Usage Data. We reserve the right to collect information based on your usage of this site which is information collected automatically from this site (or third party services employed in this site ), which can include: the IP addresses or domain names of the computers utilized by the users who use this site, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the user, the various time details per visit (e.g., the time spent on each page within the site) and the details about the path followed within the site with special reference to the sequence of pages visited, other parameters about the device operating system and/or the user's IT environment, and data, conversion rates, marketing and conversion data and statistics, reports, analytics data, reviews and surveys ("Usage Data"). Usage Data is essentially anonymous when collected, but could be used indirectly to identify a person.

HOW AND WHEN WE COLLECT INFORMATION

Personal Information. We collect Personal Information at the time you provide it to us. We collect Personal Information through sign-up forms and as part of your registration for an account, product, or service, promotion, or contest from this website. Personal Information that we collect may vary with the each sign-up or registration. In addition, we collect personal information from all communications with site visitors including without limitation, text messages, faxes, telephone calls, and regular "snail mail", as well as from third-party outside sources including database vendors. We provide the option to share your device’s phone contacts for use of providing an advanced user experience and creating connections with real life contacts via the app.

Your Communications With Us. We collect Personal Information that we receive from you as you communicate with us. If you complete a signup form subscribing to information from our site or to participate in our mailing list activities, we will receive your Personal Information from our email services and/or autoresponder service.

Usage Data. We reserve the right to monitor your use of this site. As you navigate through this site, Usage Data may be passively collected (that is, gathered without your actively providing the information) using various analytics, Bluetooth beacons, and reporting technologies, such as cookies and web pixels.

HOW WE USE YOUR INFORMATION

We may use your Personal Information for the performance of the services or transaction for which it was given, and in connection with other products, services, promotions, or contests we may offer, and our private, internal reporting for this site, and security assessments for this site.

We reserve the right to make full use of Usage Data. For example, we may use Usage Data to provide better service to site visitors, customize the site based on your preferences, compile and analyze statistics and trends about the use of this site, and otherwise administer and improve this site for your use. Specific uses are described below.

INFORMATION SHARING AND DISCLOSURE

General Disclosure Policy. We reserve the right to disclose your Personal Information as described below. We reserve the right to disclose Usage Data without restriction.

Affiliated Entities. We reserve the right to provide your Personal Information and Usage Data to any affiliated entities we may have, including our subsidiaries. Affiliated entities are entities that we legally control (by voting rights) or that control us.

Service Providers. We reserve the right to provide access to your Personal Information and Usage Data to our trusted service providers that assist us with the operation and maintenance of this site. For example, we may contract with third parties to process payments, host our servers, provide security, and provide production, fulfillment, optimization, analytics, and reporting services. Our service providers will be given access to your information only as is reasonably necessary to provide the services for which they are contracted.

Successors. If we sell or otherwise transfer part or all of our business or assets to another organization, such as in the course of an acquisition, merger, bankruptcy or liquidation, we may transfer your Personal Information and Usage Data. In such an event, we will require the buyer or transferee to agree to our commitments provided in this Privacy Policy.

Legal Process, Enforcement and Security Notice. We reserve the right to disclose your Personal Information and Usage Data if we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary (i) to satisfy any applicable law, regulation, legal process or enforceable governmental request (such as for example, to comply with a subpoena or court order), (ii) to detect, prevent, and address fraud or other illegal activity, and (iii) to investigate, respond to, or enforce violations of our rights or the security of this site.

When We Participate In a Joint Venture With Marketing Partners. We may participate with another company or individual for purposes of jointly promoting our products, services, promotions or contests or their products, services, promotions, or contests. We reserve the right to disclose your Personal Information to them for purposes of (i) compensation, transaction processing, fulfillment, and support, and (ii) for purposes of offering you other products, services, promotions, and contests. These joint venture marketing partners may also contact you regarding other products, services, promotions, or contests.

Disclosures of Personal Information In Our Discretion. If we believe, in our sole discretion, that it's reasonable to disclose Personal Information and any information regarding your use of this site and/or any product, service, promotion, or contest offered through this site, including any information regarding other websites that are accessible through this site, we reserve the unqualified right to do so.

Your California Privacy Rights. Under California Law SB 27, California residents have the right to receive, once a year, information about third parties with whom we have shared information about you or your family for their marketing purposes during the previous calendar year, and a description of the categories of personal information shared. To make such a request, please send an email to the email address provided in our contact information below and include the phrase "California Privacy Request" in the subject line, the domain name of the Web site you are inquiring about, along with your name, address and email address. We will respond to you within thirty days of receiving such a request.

SPECIFIC INFORMATION ABOUT COOKIES, BLUETOOTH BEACONS,  AND WEB PIXELS

In order to provide better service for our site, we may use Cookies and Web Pixels to collect Usage Data to store your preferences and information about what pages you visit and past activity at our site. We may also employ Web Pixels from third parties in order to help us compile aggregated statistics regarding the effectiveness of our promotional campaigns or other operations of our site.

"Cookies" are tiny pieces of information stored by your browser on your computer's hard drive. Cookies are also used to customize content based on your browser. Most browsers are initially set to accept cookies. If you want to disable cookies, there is a simple procedure in most browsers that allows you to turn off cookies. Please remember, however, that cookies may be required to allow you to use certain features of our site.

Flash Cookies - third party cookies that use an Adobe Flash Media Player local shared object (LSO) - may be used along with other third party cookies for purposes of crediting any purchase you may make on this site to one of our joint venture marketing partners that may have referred you to us. These cookies will be used for purposes of crediting sales to the referring joint venture marketing partner. Flash cookies are not the same as "browser cookies". The Adobe Flash Media Player is software that enables users to view content on their computers. Flash cookies are also accompanied by a browser cookie. If you delete the browser cookie, the Flash cookie may automatically create (or re-spawn) a replacement for the browser cookie.

Bluetooth Beacons - enabled with Bluetooth connectivity to personal devices may sometimes be used to give relevant promotions from third party sources within our mobile application and/or our website.

Web Pixels - sometimes called single-pixel gifs or clear gifs - are used to assist in delivering cookies, and they allow us to count users who have visited pages of our site. We may include Web Pixels in promotional e-mail messages or other communications in order to determine whether messages have been opened and acted upon.

ANALYTICS

We reserve the right to participate with third party analytics partners to monitor and analyze Web traffic and can be used to keep track of user behavior on this site.

Google Analytics (Google) - Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google utilizes the data collected to track and examine the use of this site, to prepare reports on its activities, and to share them with other Google services. Information collected: cookie and Usage Data. Visit Privacy Policy at https://www.google.com/intl/en/policies/?fg=1 You may optout of the Google Analytics service with the Google's Browser Add-on that's available at https://tools.google.com/dlpage/gaoptout/Clicky Web Analytics (Clicky) - Clicky Web Analytics is a web analysis service provided by Roxr Software, Ltd. ("Clicky"). Clicky utilizes the data collected to track and examine the use of this site, to prepare reports on its activities, and to share them with other Clicky services. Information collected: cookie and Usage Data. Visit Privacy Policy at http://clicky.com/terms

SOCIAL MEDIA INTERACTIONS

We invite you to socialize and share your participation with this site and purchases. If you choose to use social media platforms such as Facebook, Twitter, Pinterest, and Instagram, you will be allowing interaction with these platforms or other external platforms directly from this site, and in the process you may be sharing certain profile elements, including your comments. This sharing is subject to each social media program's privacy policies.

 

SWEEPSTAKES

 

NO PURCHASE IS NECESSARY FOR SWEEPSTAKES INVOLVEMENT. User understands that Apple nor Google nor any of its subsidiaries are in any way involved in any Sweepstakes, or Giveaways, or Contests that may or may not be offered within this platform. When you choose to enter a sweepstakes, contest, or other promotion, and in accordance with the terms and conditions of the promotions, your Personal Information and Usage Data may be disclosed to our sponsors and to third parties who help administer the promotion, including in connection with winner selection prize fulfillment and aggregated data analysis. Your Personal Information and Usage Data also may be disclosed as required by law, such as on a winners list. Further, by entering a promotion, you are agreeing to the official rules that govern that promotion, including allowing our sponsors to use your name, voice, and likeness in advertising and marketing associated with the promotion in accordance with applicable law. All terms applicable to the particular promotion will be made available to you at the time you enter the promotion.


DO NOT TRACK REQUESTS

Some Web browsers incorporate a "Do Not Track" feature that signals to websites that you visit that you do not want to have your online activity tracked. Each browser communicates "Do Not Track" signals to websites differently, making it unworkable to honor each and every request correctly. In order to alleviate any communication error between browsers and website, we do not respond to "Do Not Track" signals at this time. As the technology and communication between browser and website improves, we will reevaluate the ability to honor "Do Not Track" signals and may make changes to our policy.

DATA SECURITY

We will implement reasonable and appropriate security procedures consistent with prevailing industry standards to protect data from unauthorized access by physical and electronic intrusion. Unfortunately, no data transmission over the Internet or method of data storage can be guaranteed 100% secure. Therefore, while we strive to protect your Personal Information by following generally accepted industry standards, we cannot ensure or warrant the absolute security of any information you transmit to us or archive at this site.

When you transmit Personal Information through our registration process or if you purchase products or services, we encrypt that information in transit using secure socket layer technology (SSL).

After the secure transfer of your Personal Information, the information is maintained and stored with 128-bit encryption.

ONWARD TRANSFER OUTSIDE YOUR COUNTRY OF RESIDENCE

Any Personal Information which we may collect on this site may be stored and processed in our servers located in the United States or in any other country in which we, or our affiliates, subsidiaries, or agents maintain facilities. By using this site, you consent to any such transfer of Personal Information outside your country of residence to any such location.

UPDATING PERSONAL INFORMATION

Upon request, we will permit you to request or make changes or updates to your Personal Information for legitimate purposes. We request identification prior to approving such requests. We reserve the right to decline any requests that are unreasonably repetitive or systematic, require unreasonable time or effort of our technical or administrative personnel, or undermine the privacy rights of others. We reserve the right to permit you to access your Personal Information in any account you establish with this site for purposes of making your own changes or updates, and in such case, instructions for making such changes or updates will be provided where necessary.

LINKS TO JOINT VENTURE MARKETING PARTNER SITES

This site may contain links to other websites operated by our joint venture marketing partners. If you do click on any of the links to their websites or accept any of their promotional offers, your click-through information and any information that you provide in the process of registration or purchase will be transferred to these sites. We have no responsibility or liability for the policies and practices of these sites. You should be careful to review any privacy policies posted on any of these sites before providing information to them.

CHILDREN'S ONLINE POLICY

We are committed to preserving online privacy for all of its website visitors, including children. This site is a general audience site. Consistent with the Children's Online Privacy Protection Act (COPPA), we will not knowingly collect any information from, or sell to, children under the age of 13. If you are a parent or guardian who has discovered that your child under the age of 13 has submitted his or her personally identifiable information without your permission or consent, we will remove the information from our active list, at your request. To request the removal of your child's information, please contact our site as provided below under "Contact Us", and be sure to include in your message the same login information that your child submitted.

CONTACT US

If you have any questions regarding this Privacy Policy, please contact the owner and operator of this website business at:

Underweigh Adventures, LLC dba Sonoma Connect™
Attn: Privacy Policy Officer
222 Weller Street, Ste. 2, Petaluma, California 94952
Email: support-at-Sonomaconnectapp.com

 

 

PRIVACY POLICY (VIA OUR MOBILE APP & WEBSITES)

Effective Date: March 31, 2022

To review material modifications and their effective dates scroll to the bottom of the page.

This Privacy Policy governs the collection, use, and sharing of information, including Personal Information (defined below), collected through the mobile software application Sonoma Connect™, and all other Sonoma Connect™ owned COMMUNITY APPS, and any/all Sonoma Connect™ PRIVATE LABEL CREATED APPS ("App") owned by Underweigh Adventures, LLC dba Sonoma Connect™ ("Sonoma Connect"). By using the App you are accepting the practices described in this Privacy Policy. All references to "we" or "us' shall be construed to mean Sonoma Connect™.

HOW WE MODIFY THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time, and without prior notice, by posting an amended Privacy Policy on this page. Your continued use of this App indicates your acceptance of the amended Privacy Policy.

Regarding Personal Information (defined below), if any modifications are materially less restrictive on our use or disclosure of the Personal Information previously disclosed by you, we will obtain your consent before implementing such revisions with respect to such information.

THE TYPES OF INFORMATION WE COLLECT

Personal Information. We collect information from you that is protected for purposes of privacy and data security ("Personal Information"). Personal Information that we collect may vary with each separate purpose for which you provide it, and it may include one or more of the following categories: name, physical address, an email address, phone number, credit card information including credit card number, expiration date, and billing address, UUID mobile device data, and precise geo-location data.

Precise Geo-Location Information. We may collect your precise geo-location information only with your prior consent that you provide through your mobile device. Your continued use of our App acknowledges your consent to collect this information.. You are able to withdraw your consent for us to acquire your precise geo-location information from your device through your device settings, although we are not in control of this process.

External Personal Information About Others. We provide the option to share your device’s phone contacts for use of providing an advanced user experience and creating connections with real life contacts via the app.

Financial Information. We may collect your financial information only with your prior consent that you provide through your mobile device. Your continued use of our App acknowledges your consent to collect this information.

Medical Information. We may collect your medical information only with your prior consent that you provide through your mobile device. Your continued use of our App acknowledges your consent to collect this information.

Non-Personal Information. We reserve the right to collect anonymous information such as your mobile browser type, the type of your mobile device, your mobile device ID, the IP address of your mobile device, and the dates and times that you may access this App and specific pages ("Non-Personal Information"). Non-Personal Information is essentially anonymous when collected.

Termination of Information Collection. App users may terminate the collection of all information by deleting this App from their mobile device.

HOW AND WHEN WE COLLECT INFORMATION

Personal Information. We collect Personal Information at the time you provide it to us. We collect Personal Information through sign-up forms and as part of your registration for the App. Personal Information that we collect may vary with the each sign-up or registration.

Precise Geo-Location Information. We collect precise geo-location information when you access the App through technologies like GPS, Wi-Fi, or cell tower proximity.

Financial Information. We collect financial information when you provide it to us through sign-up forms and as part of your registration for the App.

Medical Information. We collect medical information when you provide it to us through sign-up forms and as part of your registration for the App.

Passive and Analytical Information. We reserve the right to monitor your use of this App. As you navigate through the App, Non-Personal Information may be passively collected (that is, gathered without your actively providing the information) using various analytics, Bluetooth enabled beacons, and reporting technologies, such as cookies and web pixels.

HOW WE USE YOUR INFORMATION

Personal Information. We use your Personal Information for the performance of the features provided by the App, our private, internal reporting for the App, and security assessments for the App. If you have first provided consent through your mobile device, we may use your Personal Information together with a push notification token (not your native manufacturer ID) to send you push notifications regarding services specified in the App. You may manage push notifications in your device settings.

Precise Geo-Location Information. We use your precise geo-location information only for the location-based tools provided in our App.

Financial Information. We will use your financial information only for the purpose it was given, and no other.

Medical Information. We will use your medical information only for the purpose it was given, and no other.

Non-Personal Information. We reserve the right to make full use of Non-Personal Information. For example, we may use Non-Personal Information to provide better service to App visitors, customize the App based on your preferences, compile and analyze statistics and trends about the use of this App, and otherwise administer and improve this App for your use.

INFORMATION SHARING AND DISCLOSURE

General Disclosure Policy. Our general policy is that we will not share, sell, rent, or provide access to your Personal Information to others. The only exceptions to this general policy: (i) are described in the subsections below, and (ii) if you explicitly approve through our site. We reserve the right to disclose Non-Personal Information without restriction.

Affiliated Entities. We reserve the right to provide your Personal Information and Non-Personal Information to any affiliated entities we may have, including our subsidiaries. Affiliated entities are entities that we legally control (by voting rights) or that control us.

Service Providers. We reserve the right to provide access to your Personal Information and Non-Personal Information to our trusted service providers that assist us with the operation and maintenance of this site. For example, we may contract with third parties to process payments, host our servers, provide security, and provide production, fulfillment, optimization, analytics, and reporting services. Our service providers will be given access to your information only as is reasonably necessary to provide the services for which they are contracted.

Successors. If we sell or otherwise transfer part or all of our business or assets to another organization, such as in the course of an acquisition, merger, bankruptcy or liquidation, we may transfer your Personal Information and Non-Personal Information. In such an event, we will require the buyer or transferee to agree to our commitments provided in this Privacy Policy.

Legal Process, Enforcement and Security Notice. We reserve the right to disclose your Personal Information and Non-Personal Information if we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary (i) to satisfy any applicable law, regulation, legal process or enforceable governmental request (such as for example, to comply with a subpoena or court order), (ii) to detect, prevent, and address fraud or other illegal activity, and (iii) to investigate, respond to, or enforce violations of our rights or the security of this site. If we believe that the security of your Personal Information may have been compromised, we may notify you of the relevant facts as promptly as possible under the circumstances, and if you have provided us your email address, we may notify you by email. You consent to our use of your email address for this purpose.

Marketing Affiliates, Consultants,  and Resellers. We reserve the right to disclose your Personal Information to any of our (i) marketing affiliates that referred you to our App, and (ii) resellers (Consultants") that may re-sell our products or services to you. We may also disclose your Personal Information to any marketing partners that may participate in the offer or related fulfillment. Understand that you originated with these marketing affiliates and resellers, and that the information you may provide to them is subject to their privacy policies also.

When We Act as a Marketing Affiliate or Reseller for Others. We may act as a marketing affiliate or reseller for certain of our marketing partners for purposes of selling their products or services to you, and we reserve the right to right to disclose your Personal Information to them for purposes of transaction processing, fulfillment, and support. These marketing partners may also email you regarding complimentary products or services, however, you have two ways to opt out of receiving these emails - (i) contact us (as provided below under the Contact Us heading) with a request to opt out, or (ii) wait until you receive an email from them and then unsubscribe.

Third Parties For Direct Marketing Subject to Opt-In. We may provide you with the opportunity to receive promotional offers from specifically identified third-parties through their direct marketing efforts, but only if you explicitly consent (opt-in) to receive each offer. If you explicitly consent (opt-in), your Personal Information will be shared only with the specifically identified third-party to enable them to provide you with the offer you have requested, and then only in connection with that specific promotion and not on a continual basis. Any information that you provide in the process of registration or purchase will be transferred to these sites. We have no responsibility or liability for the policies and practices of these sites. You should review any privacy policies posted on any of these sites before providing information to them.

Your California Privacy Rights. As described above, from time to time, we make your Personal Information available to third parties. If you do not want us to share your Personal Information with other companies or organizations, you may request opt-out of this information sharing by making a request at the following email address: compliance.officer-at-Sonomaconnectapp.com. This notice is designed to comply with California's "Shine the Light" law, but the opt-out option is available to all of our users.

Third-Party Advertising Partners. We reserve the right to share Non-Personal Information with third party advertising partners with which we have relationships. We will display behavioral ads which will be targeted to your specific interests based on your browsing history on our App or activities on third party websites. These third party ad servers or ad networks may also use cookies to track your activities on our App to measure advertisement effectiveness and other reasons that will be provided in their own privacy policies, and we have no access or control over these cookies that may be used by third party advertisers. We may participate in Google's Adsense program, which uses DART cookies to enable serving their behavioral ads. To opt out of the DART cookies you may visit the Google ad and content network privacy policy at the following url: http://www.google.com/privacy_ads.html Tracking of users through the DART cookie mechanisms are subject to Google's own privacy policies. We may also display contextual ads which will be based solely on the context of our App, and not will not be targeted based on your browsing history on our App or activities on third party websites. Any information that you provide in the process of registration or purchase will be transferred to these sites. We have no responsibility or liability for the policies and practices of these sites. You should review any privacy policies posted on any of these sites before providing information to them.

SPECIFIC INFORMATION ABOUT COOKIES, BLUETOOTH ENABLED BEACONS, AND WEB PIXELS

In order to provide better service for our App, we may use Bluetooth Beacons, Cookies and Web Pixels to collect Non-Personal Information to store your preferences and information about what pages you visit and past activity at our App. We may also employ Web Pixels from third parties in order to help us compile aggregated statistics regarding the effectiveness of our promotional campaigns or other operations of our App.

"Cookies" are tiny pieces of information stored by your browser on your mobile device. Cookies are also used to customize content based on your browser. Most browsers are initially set to accept cookies. If you want to disable cookies, there is a simple procedure in most browsers that allows you to turn off cookies. Please remember, however, that cookies may be required to allow you to use certain features of our App. We reserve the right to use third party web analytics services that use third party cookies (cookies passed by them, not by us) to collect Non-Personal Information about your use of our App. These web analytics services may also transfer this information to third parties where required to do so by law, or where such third parties process the information on the service's behalf.

Flash Cookies - third party cookies that use an Adobe Flash Media Player local shared object (LSO) - may be used along with other third party cookies for purposes of crediting any purchase you may make on our website to one of our affiliate marketing partners that may have referred you to us. These cookies will only be used for purposes of crediting sales to the referring affiliate and not for other purposes such as serving behavioral ads. Flash cookies are not the same as "browser cookies". The Adobe Flash Media Player is software that enables users to view content on their computers. Flash cookies are also accompanied by a browser cookie. If you delete the browser cookie, the Flash cookie may automatically create (or re-spawn) a replacement for the browser cookie.

Web Pixels - sometimes called single-pixel gifs or clear gifs - are used to assist in delivering cookies, and they allow us to count users who have visited pages of our App. We may include Web Pixels in promotional e-mail messages or our newsletters in order to determine whether messages have been opened and acted upon.

DO NOT TRACK REQUESTS

Some Web browsers incorporate a "Do Not Track" feature that signals to websites that you visit that you do not want to have your online activity tracked. Each browser communicates "Do Not Track" signals to websites differently, making it unworkable to honor each and every request correctly. In order to alleviate any communication error between browsers and website, we do not respond to "Do Not Track" signals at this time. As the technology and communication between browser and website improves, we will reevaluate the ability to honor "Do Not Track" signals and may make changes to our policy.

DATA SECURITY

We will implement reasonable and appropriate security procedures consistent with prevailing industry standards to protect data from unauthorized access by physical and electronic intrusion. Unfortunately, no data transmission over the Internet or method of data storage can be guaranteed 100% secure. Therefore, while we strive to protect your Personal Information by following generally accepted industry standards, we cannot ensure or warrant the absolute security of any information you transmit to us or archive through our App.

When you transmit Personal Information through our registration process or if you purchase products or services, we encrypt that information in transit using secure socket layer technology (SSL).

After the secure transfer of your Personal Information, the information is maintained and stored with 128-bit encryption.

 

SWEEPSTAKES OR GIVE-AWAYS

 

NO PURCHASE IS NECESSARY FOR SWEEPSTAKES INVOLVEMENT. User understands that Apple nor Google nor any of its subsidiaries are in any way involved in any Sweepstakes, or Giveaways, or Contests that may or may not be offered within this platform. When you choose to enter a sweepstakes, contest, or other promotion, and in accordance with the terms and conditions of the promotions, your Personal Information and Usage Data may be disclosed to our sponsors and to third parties who help administer the promotion, including in connection with winner selection prize fulfillment and aggregated data analysis. Your Personal Information and Usage Data also may be disclosed as required by law, such as on a winners list. Further, by entering a promotion, you are agreeing to the official rules that govern that promotion, including allowing our sponsors to use your name, voice, and likeness in advertising and marketing associated with the promotion in accordance with applicable law. All terms applicable to the particular promotion will be made available to you at the time you enter the promotion.

ONWARD TRANSFER OUTSIDE YOUR COUNTRY OF RESIDENCE

Any Personal Information which we may collect through this App will be stored and processed in our servers located only in the United States. By using this site, if you reside outside the United States, you consent to the transfer of Personal Information outside your country of residence to the United States.

UPDATING PERSONAL INFORMATION

Upon request, we will permit you to request or make changes or updates to your Personal Information for legitimate purposes. We request identification prior to approving such requests. We reserve the right to decline any requests that are unreasonably repetitive or systematic, require unreasonable time or effort of our technical or administrative personnel, or undermine the privacy rights of others. We reserve the right to permit you to access your Personal Information in any account you establish with this site for purposes of making your own changes or updates, and in such case, instructions for making such changes or updates will be provided where necessary.

LINKS TO THIRD PARTY WEBSITES

The App may contain links to third party websites with whom we have a business relationship. These links may include online advertisements that we deem to be appropriate. If you do click on any of the links to their websites or accept any of their promotional offers, your click-through information and any information that you provide in the process of registration or purchase will be transferred to these sites. We have no responsibility or liability for the policies and practices of these sites; however, we have entered into agreements with these websites which provide that unless you specifically agree otherwise, they will use and share your Personal Information only for the purpose of providing or fulfilling your request for products or services. You should be careful to review any privacy policies posted on any of these sites before providing information to them.

CHILDREN'S ONLINE POLICY

We are committed to preserving online privacy for children. This App is a general audience App. Consistent with the Children's Online Privacy Protection Act (COPPA), we will not knowingly collect any information from, or sell to, children under the age of 13. If you are a parent or guardian who has discovered that your child under the age of 13 has submitted his or her personally identifiable information without your permission or consent, we will remove the information from our active list, at your request. To request the removal of your child's information, please contact us as provided below under "Contact Us".

CONTACT US

If you have any questions regarding this Privacy Policy, please contact the owner and operator of this website business at:

Underweigh Adventures, LLC dba Sonoma Connect™
Attn: Privacy Policy Officer
222 Weller Street, Ste. 2, Petaluma, California 94952
Email: compliance-at-Sonomaconnectapp.com

--
No modifications since March 31, 2022:

 

 

PRIVACY POLICY (RE-TARGETED ADVERTISING)

Effective Date: March 31, 2022

To review material modifications and their effective dates scroll to the bottom of the page.

Underweigh Adventures, LLC dba Sonoma Connect™ ("Sonoma Connect") owns and operates this www.Sonomaconnectapp.com website business. All references to "we", "us", this "website" or this "site" shall be construed to mean Sonoma Connect™.

This Privacy Policy describes our collection, use, and sharing of information, including the sharing of information with our marketing partners for purposes of serving personalized ads based on your interests. Our marketing partners include third party service providers, advertisers, advertising networks and platforms, advertising agencies, and data brokers and aggregators. (See below, PERSONALIZED ADS.)

Our Privacy Policy applies to all of the services offered by us and our affiliated entities, including services accessed by mobile devices and application programming interface (API), but excludes services that have separate privacy policies which do not incorporate this Privacy Policy.

Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our services, our Bluetooth beacons to send their own informational services, and who may use cookies, web pixels (pixel tags), and other methodologies to serve personalized ads.

HOW WE MODIFY THIS PRIVACY POLICY

We may modify this Privacy Policy at any time, and without prior notice, by posting an amended Privacy Policy that is always accessible by clicking on the "Privacy Policy" link on this site's home page. Your continued use of this site indicates your acceptance of the amended Privacy Policy.

Regarding Personal Information (defined below), if any modifications are materially less restrictive on our use or disclosure of the Personal Information previously disclosed by you, we will obtain your consent before implementing such revisions with respect to such information.

THE TYPES OF INFORMATION WE COLLECT

Personal Information. "Personal Information" includes any information regarding a natural person that may be used directly to identify the person.

Personal Information that we collect may vary with each separate purpose for which you provide it, and it may include one or more of the following categories: name, physical address, an email address, phone number, credit card information including credit card number, expiration date, and billing address, UUID mobile device data, MAC address, and location data.

We also may collect publicly available Personal Information posted on social media platforms and profiles. When you engage with our content on or through social media platforms or other third party platforms, plug-ins, integrations or applications, you may allow us to have access to certain Personal Information in your profile that you have added to these platforms. This may include your name, e-mail address, photo, gender, birthday, location, an ID associated with the applicable third-party platform or social media account user files, "like" photos and videos, your list of friends or connections, people you follow and/or who follow you, or your posts or "likes."

Passively or Automatically Collected Data ("Usage Data").

We, our affiliated entities, and our marketing partners including third party service providers, advertisers, advertising networks and platforms, advertising agencies, and data brokers and aggregators may use automated means to collect various types of information about you, your computer or other device used to access this site or its services. This information is based on your usage of this site, including information collected automatically from this site (or by our marketing partners employed in this site).

A representative, non-exhaustive list of the types of passively or automatically collected information may include: network or Internet protocol address and type of browser you are using (e.g., Chrome, Safari, Firefox, Internet Explorer), the type of operating system you are using, (e.g., Microsoft Windows or Mac OS), the name of your Internet service provider (e.g., Comcast, Verizon or AT&T) and domains used by such providers, mobile network, device identifiers (such as an Apple IDFA or an Android Advertising ID), device settings, browser settings, the web pages of this site you have visited, pages or service visited before and after you visit a page or service, the type of handheld or mobile device used to view the page or service (e.g., iOS, Android), location information, and the content and advertisements you have accessed, seen, forwarded and/or clicked on, the various time details per visit (e.g., the time spent on each page or service within the site) and the details about the path followed within the site with special reference to the sequence of pages visited, other parameters about the device operating system and/or the user's IT environment, and conversion rates and marketing and conversion data and statistics, reports and analytics, including without limitation your interactions to emails we send, and reviews and surveys regarding this site or any products listed on this site. Usage Data is essentially anonymous when collected, but could be used indirectly to identify a person.

Geo-Location Data. If you are accessing a page or service from a computer or a mobile device, you may be asked to share your precise (GPS level) geo-location information with us so we can customize your experience on our services or on other services when we work with a marketing partner such as a third party service provider, advertiser, advertising network and platform, advertising agency, and a data broker or aggregator. If you agree to the collection of location data, in most cases, you will be able to turn off such data collection at any time by accessing the privacy settings of your mobile device.

Data Collected Via Social Media Platforms and Other Third-Party Sources. When we interact with you through our content on social media platforms, third-party platforms, third-party websites, applications, integrations, and services of our marketing partners, we may obtain any information regarding your interaction with that content, such as content you have viewed, your game performance, high scores, and information about advertisements within the content you have been shown or may have clicked on. For a description on how social media services and other third party platforms, plug-ins, integrations or applications handle your information, please refer to their respective privacy policies and terms of use, which may permit you to modify your privacy settings.

HOW AND WHEN WE COLLECT INFORMATION

Personal information. We collect Personal Information at the time you provide it to us. We collect Personal Information through sign-up forms and as part of your registration for an account, product, or service, promotion, or contest from this website. Personal Information that we collect may vary with the each sign-up or registration. In addition, we collect personal information from all communications with site visitors including without limitation, text messages, faxes, telephone calls, and regular "snail mail", as well as from third-party outside sources including data brokers and aggregators. As indicated above, we may collect publicly available Personal Information posted on social media profile information including photos both directly and through the use of contact management applications.

Your Communications With Us. We collect Personal Information that we receive from you as you communicate with us. If you complete a signup form subscribing to information from our site or to participate in our mailing list activities, we will receive your Personal Information from our email services and/or autoresponder service.

Usage Data. We collect Usage Data as you use this site, including your interactions with emails we send, and via social media platforms, third-party platforms, third-party websites, applications, integrations, and services of our marketing partners. This data may be passively or automatically collected (that is, gathered without your actively providing the information) using various analytics and reporting technologies, such as cookies, Bluetooth Beacons, web pixels, locally stored objects, and mobile device identifiers and SDKs, and other similar methodologies as well as similar technologies developed in the future. (See below, SPECIFIC INFORMATION ABOUT COOKIES AND WEB PIXELS.)

HOW WE USE YOUR INFORMATION

We may use your Personal Information and Usage Data for the performance of the services or transaction for which it was given and for the basic purpose of this site. We may use your Personal Information in connection with other products, services, promotions, personalized ads, or contests we may offer, and our private, internal reporting for this site, and security assessments for this site. We may also send you messages related to certain features or your activity on this site. We may also send you news or updates about changes to our site or services. By default, you will receive these messages via email.

We may use publicly available Personal Information posted on social media profile information including photos for purposes of assisting us, and our marketing partners with marketing and advertising activities and with contact management.

We may make full, unrestricted use of Usage Data for any purpose in our sole discretion, including without limitation, to customize or personalize ads, offers and content made available to you based on your visits to and/or usage of this site or its services, and to analyze the performance of those ads, offers and content, as well as your interaction with them.

We may combine and use the Personal Information and Usage Data we collect from all services and products offered by us and our affiliated entities over various websites to provide, protect, and improve them, and to develop and offer new services and products. We will treat you as a single user of these combined services and products. We may also use this information to provide you personalized ads.

INFORMATION SHARING AND DISCLOSURE

General Disclosure Policy. We may share and disclose your Personal Information as described below. We may share and disclose Usage Data without restriction, including without limitation, as described below.

Affiliated Entities. We may provide your Personal Information and Usage Data to any affiliated entities we may have, including our subsidiaries. Affiliated entities are entities that we legally control (by voting rights) or that control us.

Service Providers. We may provide access to your Personal Information and Usage Data to our trusted service providers that assist us with the operation and maintenance of this site. For example, we may contract with third parties to finance purchases from this site, process payments, host our servers, provide security, and provide production, fulfillment, optimization, analytics, reporting, and software maintenance and development services. In addition, our service providers will be given access to your information only as is reasonably necessary to provide the services for which they are contracted.

Successors. If we sell or otherwise transfer part or all of our business or assets to another organization, such as in the course of an acquisition, merger, bankruptcy or liquidation, we may transfer your Personal Information and Usage Data. In such an event, we will require the buyer or transferee to agree to our commitments provided in this Privacy Policy.

Legal Process, Enforcement and Security Notice. We may disclose your Personal Information and Usage Data if we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary (i) to satisfy any applicable law, regulation, legal process or enforceable governmental request (such as for example, to comply with a subpoena or court order), (ii) to detect, prevent, and address fraud or other illegal activity, and (iii) to investigate, respond to, or enforce violations of our rights or the security of this site.

Joint Venture Partners. We may participate with another company or individual for purposes of jointly promoting our products, services, promotions or contests or their products, services, promotions, or contests. We may disclose your Personal Information and Usage Data to them for purposes of (i) compensation, transaction processing, fulfillment, and support, and (ii) for purposes of offering you other products, services, promotions, and contests. These joint venture marketing partners may also contact you regarding other products, services, promotions, or contests.

Marketing Partners. We may share your Usage Data with our marketing partners including third party service providers, advertisers, advertising networks and platforms, advertising agencies, and data brokers and aggregators to serve and offer personalized ads. We may share Personal Information with our marketing partners to correlate and match our list with our marketing partners' lists for purposes of creating an "audience" for serving personalized ads.

NO PURCHASE IS NECESSARY FOR SWEEPSTAKES INVOLVEMENT. User understands that Apple nor Google nor any of its subsidiaries are in any way involved in any Sweepstakes, or Giveaways, or Contests that may or may not be offered within this platform. When you choose to enter a sweepstakes, contest, or other promotion, and in accordance with the terms and conditions of the promotions, your Personal Information and Usage Data may be disclosed to our sponsors and to third parties who help administer the promotion, including in connection with winner selection prize fulfillment and aggregated data analysis. Your Personal Information and Usage Data also may be disclosed as required by law, such as on a winners list. Further, by entering a promotion, you are agreeing to the official rules that govern that promotion, including allowing our sponsors to use your name, voice, and likeness in advertising and marketing associated with the promotion in accordance with applicable law. All terms applicable to the particular promotion will be made available to you at the time you enter the promotion.

With Your Consent. We may share your Personal Information with other parties with your consent.

Your California Privacy Rights. Under California Law SB 27, California residents have the right to receive, once a year, information about third parties with whom we have shared information about you or your family for their marketing purposes during the previous calendar year, and a description of the categories of personal information shared. To make such a request, please send an email to the email address provided in our contact information below and include the phrase "California Privacy Request" in the subject line, the domain name of the Web site you are inquiring about, along with your name, address and email address. We will respond to you within thirty days of receiving such a request.

SPECIFIC INFORMATION ABOUT COOKIES BLUETOOTH BEACONS AND WEB PIXELS

"Cookies" are tiny pieces of information stored by your browser on your computer's hard drive. Cookies are also used to customize content based on your browser. Most browsers are initially set to accept cookies. If you want to disable cookies, there is a simple procedure in most browsers that allows you to turn off cookies. Please remember, however, that cookies may be required to allow you to use certain features of our site.

Flash Cookies - third party cookies that use an Adobe Flash Media Player local shared object (LSO) - may be used along with other third party cookies for purposes of crediting any purchase you may make on this site to one of our joint venture partners that may have referred you to us. These cookies will be used for purposes of crediting sales to the referring joint venture marketing partner. Flash cookies are not the same as "browser cookies". The Adobe Flash Media Player is software that enables users to view content on their computers. Flash cookies are also accompanied by a browser cookie. If you delete the browser cookie, the Flash cookie may automatically create (or re-spawn) a replacement for the browser cookie.

Web Pixels (sometimes called single-pixel gifs or clear gifs) are used to assist in delivering cookies, and they allow us to count users who have visited pages of our site. We may include Web Pixels in promotional e-mail messages or our newsletters in order to determine whether messages have been opened and acted upon.

Locally Stored Objects – we may employ locally stored objects ("LSOs") and other client-side storage tracking technologies in certain situations where they help to provide a better user experience, such as to remember settings, preferences and usage similar to browser cookies, or in order to target or help our Partners target ads, analyze ad performance, or perform user, website or market analytics. For LSOs utilized by Adobe Flash you can access Flash management tools from Adobe's website: --> http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html . In addition, some, but not all browsers, provide the ability to remove LSOs, sometimes within cookie and privacy settings.

PERSONALIZED ADS

We may participate with our marketing partners for purposes of providing personalized ads based on your interests. This activity is performed by collecting Usage Data and by using cookies and other tracking and data collection methodologies discussed above to transfer information to our marketing partners which manage advertising activities, and may be transmitted using our Bluetooth Beacons.

Our marketing partners may also use cookies and other tracking and data collection methodologies discussed above to measure advertisement effectiveness and for other purposes that are disclosed in their own privacy policies. We have no access or control over these cookies and other tracking and data collection methodologies that may be used by our marketing partners, and we have no responsibility or liability for the privacy policies and practices of these sites.
AdWords (Google) - We may participate in AdWords program which is a personalized ad service provided by Google Inc. that connects the activity of this site with the Adwords advertising network and the Doubleclick cookie. Information collected: cookie and Usage Data. For the opt-out, visit --> https://support.google.com/ads/answer/2662922?hl=en

Google Analytics for Display Advertising (Google) - We may participate in any and all of the following Google Analytics Advertising Features provided by Google: Google Analytics, Google Display Network Impression Reporting, the DoubleClick Campaign Manager integration, and Google Analytics Demographics and Interest Reporting. These features use first party cookies (such as the Google Analytics cookie) for connecting the tracking activity performed by Google Analytics and its cookies with the Adwords advertising network and the DoubleClick cookie (a third-party cookie). Information collected: cookie and Usage Data, including audience data such as age, gender, and interests. For the opt-out, visit --> https://support.google.com/ads/answer/2662922?hl=en You may opt-out of the Google Analytics service with the Google's Browser Add-on that's available at --> https://tools.google.com/dlpage/gaoptout

For information in general about Google's personalized ad campaigns, and specifically about information regarding DoubleClick cookies and how to control and manage Google's advertising cookies for these campaigns, visit --> http://www.google.com/policies/technologies/ads/

For another Google resource for opting out of Google's use of cookies, visit --> http://www.google.com/settings/ads

For information regarding how Google uses data when you use Google's partners' sites or apps, visit --> http://www.google.com/policies/privacy/partners/

For an additional resource recommended by Google for opting out of a third party vendor's use of cookies, visit --> http://www.networkadvertising.org/managing/opt_out.asp

Custom Audience (Facebook). We may participate in Facebook.com's Custom Audience program which enables us to display personalized ads to persons on our email lists when they visit Facebook.com. We provide Personal Information such as your email address and phone number to Facebook to enable Facebook to determine if you are a registered account holder with Facebook. You may opt-out of participation in our Facebook Custom Audience by sending an email, from the email address you are opting out of, to the email address provided in our contact information below. For your opt-out to be effective, you must: (i) place the following text in the subject line of the email - "Opting Out of Facebook.com Website Custom Audience Ads", and (ii) in the body of the email, include your name and email address. We will forward your name and email address to Facebook.com with a request to delete you from all of our Facebook Custom Audience Ads.

Tailored Audiences/Conversion Tracking Programs (Twitter). We may participate in Twitter.com's Tailored Audiences/Conversion Tracking Programs which enable us to display personalized ads. You may opt-out of participation in these programs by visiting https://support.twitter.com/articles/20170405 .

Other Personalized And Behavioral Advertising Services. We may participate in additional retargeting and behavioral advertising services that will be similar to the services described above.

Managing Personalized Ads. You can control the placement of cookies and other data collection methodologies for purposes of opting out.

Managing Cookies Via Your Browser. You should note that although most browsers are initially set up to accept cookies, you may be able to change your browser settings to cause your browser to refuse first party or third-party cookies or to indicate when a third-party cookie is being sent. However, disabling or limiting cookies may cause certain features of this website to not function properly or optimally. Check your browser's "Help" files or other similar resources to learn more about handling cookies on your browser. In addition, visit --> http://www.allaboutcookies.org/manage-cookies/

Managing Flash Cookies. Flash cookies, also called local shared objects (LSOs), function similarly to standard cookies except that they are often larger and are downloaded to a computer or mobile device by the Adobe Flash Player. In some cases, these Flash cookies can be managed through browser settings. Adobe also provides a means of controlling Flash cookies on its Flash Player: Setting Manager page.

Network Advertising Initiative (NAI). A number companies that use cookies to collect information about your online activities are members of NAI, which offers a single location to opt out of receiving personalized ads from member companies. To opt out of information collection by NAI member companies, or to obtain information about the technologies they use or their own privacy policies, please visit the NAI consumer opt-out page: --> http://www.networkadvertising.org/choices/ .

Digital Advertising Alliance (DAA). DAA member advertising associations have developed an industry self-regulatory program to give consumers a better understanding of and greater control over ads that are customized based on their online behavior across different websites. To make choices about interest-based ads from participating third parties, please visit DAA Consumer Opt-Out page --> http://www.aboutads.info/consumers .

Opting Out With Ad Choices For Mobile Devices. When using mobile applications you may receive personalized in-application advertisements. Depending on your device, you may be able to reset your mobile device's advertising identifier at any time by accessing the privacy settings on your mobile device. In addition, each operating system (iOS for Apple phones, Android for Android devices and Windows for Microsoft devices) provides its own instructions on how to prevent the delivery of personalized in-application advertisements. You may review the support materials and/or the privacy settings for the respective operating systems in order to opt-out of these advertisements. For any other devices and/or operating systems, please visit the privacy settings for the applicable device or contact (or review the applicable privacy web page of) the applicable platform operator.

ANALYTICS

We may participate with third party analytics partners to monitor and analyze Web traffic and to keep track of user behavior on this site.

Google Analytics (Google) - Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google utilizes the data collected to track and examine the use of this site, to prepare reports on its activities, and to share them with other Google services. Information collected: cookie and Usage Data. Visit Privacy Policy at --> https://www.google.com/intl/en/policies/?fg=1 You may opt-out of the Google Analytics service with the Google's Browser Add-on that's available at --> https://tools.google.com/dlpage/gaoptout .

DO NOT TRACK REQUESTS

Some Web browsers incorporate a "Do Not Track" feature that signals to websites that you visit that you do not want to have your online activity tracked. Each browser communicates "Do Not Track" signals to websites differently, making it unworkable to honor each and every request correctly. In order to alleviate any communication error between browsers and website, we do not respond to "Do Not Track" signals at this time. As the technology and communication between browser and website improves, we will reevaluate the ability to honor "Do Not Track" signals and may make changes to our policy.

DATA SECURITY

We will implement reasonable and appropriate security procedures consistent with prevailing industry standards to protect data from unauthorized access by physical and electronic intrusion. Unfortunately, no data transmission over the Internet or method of data storage can be guaranteed 100% secure. Therefore, while we strive to protect your Personal Information by following generally accepted industry standards, we cannot ensure or warrant the absolute security of any information you transmit to us or archive at this site.

When you transmit Personal Information through our registration process or if you purchase products or services, we encrypt that information in transit using secure socket layer technology (SSL).

After the secure transfer of your Personal Information, the information is maintained and stored with 128-bit encryption.

ONWARD TRANSFER OUTSIDE YOUR COUNTRY OF RESIDENCE

Any Personal Information which we may collect on this site will be stored and processed in our servers located only in the United States. By using this site, if you reside outside the United States, you consent to the transfer of Personal Information outside your country of residence to the United States.

UPDATING PERSONAL INFORMATION

Upon request, we will permit you to request or make changes or updates to your Personal Information for legitimate purposes. We request identification prior to approving such requests. We reserve the right to decline any requests that are unreasonably repetitive or systematic, require unreasonable time or effort of our technical or administrative personnel, or undermine the privacy rights of others. We reserve the right to permit you to access your Personal Information in any account you establish with this site for purposes of making your own changes or updates, and in such case, instructions for making such changes or updates will be provided where necessary.

LINKS TO JOINT VENTURE MARKETING PARTNER SITES

This site may contain links to other websites operated by our joint venture marketing partners. If you do click on any of the links to their websites or accept any of their promotional offers, your click-through information and any information that you provide in the process of registration or purchase will be transferred to these sites. We have no responsibility or liability for the policies and practices of these sites. You should be careful to review any privacy policies posted on any of these sites before providing information to them.

CHILDREN'S ONLINE POLICY

We are committed to preserving online privacy for all of its website visitors, including children. This site is a general audience site. Consistent with the Children's Online Privacy Protection Act (COPPA), we will not knowingly collect any information from, or sell to, children under the age of 13. If you are a parent or guardian who has discovered that your child under the age of 13 has submitted his or her personally identifiable information without your permission or consent, we will remove the information from our active list, at your request. To request the removal of your child's information, please contact our site as provided below under "Contact Us", and be sure to include in your message the same login information that your child submitted.

 

 

MOBILE USER GENERATED CONTENT

  1. Definition. “User Content” means any content that users upload, post or transmit (collectively, “Post”) to or through the Service including, without limitation, any text, comments and other works subject to protection under the laws of the United States or any other jurisdiction, including, but not limited to, patent, trademark, trade secret, and copyright laws, and excludes any and all Sonoma Connect Content.
  2. Screening User Content. Sonoma Connect offers end users the ability to submit User Content to or transmit User Content through the Service. Sonoma Connect does not pre-screen any User Content, but reserves the right to remove, disallow, block, or delete any User Content in its sole discretion. Sonoma Connect does not guarantee the accuracy, integrity, appropriateness, availability, or quality of any User Content, and under no circumstances will Sonoma Connect be liable in any way for any User Content.
  3. Licenses to User Content. While you retain ownership of any rights you may have in your User Content, you hereby grant Sonoma Connect an unrestricted, assignable, sublicensable, revocable, royalty-free license throughout the universe to reproduce, distribute, publicly display, communicate to the public, publicly perform (including by means of digital audio transmissions and on a through-to-the-audience basis), make available, create derivative works from, retransmit from External Sites, and otherwise exploit and use (collectively, “ Use”) all or any part of all User Content you Post to or through the Service by any means and through any media and formats now known or hereafter developed, for the purposes of (i) advertising, marketing, and promoting Sonoma Connect and the Service; (ii) displaying and sharing your User Content to other users of the Service; and (iii) providing the Service as authorized by this EULA. You further grant Sonoma Connect a royalty-free license to use your user name, image, voice, and likeness to identify you as the source of any of your User Content. Any User Content posted by you to or through the Service or transmitted to Sonoma Connect will be considered non-confidential and non-proprietary, and treated as such by Sonoma Connect, and may be used by Sonoma Connect in accordance with this EULA without notice to you and without any liability to Sonoma Connect.
  4. You Must Have Rights to the Content You Post. You represent and warrant that: (i) you own the User Content Posted by you on or through the Service or otherwise have the right to grant the license set forth in this EULA; (ii) the Posting and Use of your User Content on or through the Service does not violate the privacy rights, publicity rights, copyrights, contract rights, intellectual property rights, or any other rights of any person, including, but not limited to, the rights of any person visible in any of your User Content; (iii) the Posting of your User Content on the Service will not require us to obtain any further licenses from or pay any royalties, fees, compensation, or other amounts or provide any attribution to any third parties; and (iv) the Posting of your User Content on the Service does not result in a breach of contract between you and a third party. You agree to pay all monies owing to any person as a result of your Posting your User Content on the Service.
  5. Waiver of Rights to User Content. By Posting User Content to or through the Service, you waive any rights to prior inspection or approval of any marketing or promotional materials related to such User Content. You also waive any and all rights of privacy, publicity, or any other rights of a similar nature in connection with your User Content, or any portion thereof. To the extent any moral rights are not transferable or assignable, you hereby waive and agree never to assert any and all moral rights, or to support, maintain, or permit any action based on any moral rights that you may have in or with respect to any User Content you Post to or through the Service.
  6. Objectionable Content. You agree not to Post any User Content to the Service that is or could be interpreted to be (i) abusive, bullying, defamatory, harassing, harmful, hateful, inaccurate, infringing, libelous, objectionable, obscene, offensive, pornographic, shocking, threatening, unlawful, violent, vulgar, or in violation of any applicable laws (including laws related to speech); or (ii) promoting any product, good, or service, or bigotry, discrimination, hatred, intolerance, racism, or inciting violence (including suicide) (collectively, “Objectionable Content”). The Posting of any Objectionable Content may subject you to third party claims and none of the rights granted to you in this EULA may be raised as a defense against such third party claims. If you encounter any Objectionable Content on the Service, then please immediately email Support at Sonoma Connect .com. Sonoma Connect in its sole discretion may take any actions it deems necessary and/or appropriate against any User who Posts Objectionable Content on the Service.

 

 

EULA “End User License Agreement”

This copy of Sonoma Connect ("the Software Product") and accompanying documentation is licensed and not sold. This Software Product is protected by copyright laws and treaties, as well as laws and treaties related to other forms of intellectual property. Underweigh Adventures, LLC dba Sonoma Connect or its subsidiaries, affiliates, and suppliers (collectively "Sonoma Connect") own intellectual property rights in the Software Product. The Licensee's ("you" or "your") license to download, use, copy, or change the Software Product is subject to these rights and to all the terms and conditions of this End User License Agreement ("Agreement").

 

Acceptance

YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS AGREEMENT BY SELECTING THE "ACCEPT" OPTION AND DOWNLOADING THE MOBILE APPLICATION PRODUCT OR BY INSTALLING, USING THE ONLINE SOFTWARE PRODUCT. YOU MUST AGREE TO ALL OF THE TERMS OF THIS AGREEMENT BEFORE YOU WILL BE ALLOWED TO DOWNLOAD THE MOBILE APPLICATION SOFTWARE PRODUCT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, YOU MUST SELECT "DECLINE" AND YOU MUST NOT INSTALL, OR USE THE MOBILE APPLICATION SOFTWARE PRODUCT.

 

License Grant

This Agreement entitles you to install and use one copy of the Software Product. In addition, you may make one archival copy of the Software Product. The archival copy must be on a storage medium other than a hard drive, and may only be used for the reinstallation of the Software Product. This Agreement does not permit the installation or use of multiple copies of the Software Product, or the installation of the Software Product on more than one computer at any given time, on a system that allows shared used of applications, on a multi-user network, or on any configuration or system of computers that allows multiple users. Multiple copy use or installation is only allowed if you obtain an appropriate licensing agreement for each user and each copy of the Software Product.

 

Restrictions on Transfer

Without first obtaining the express written consent of Sonoma Connect, you may not assign your rights and obligations under this Agreement, or redistribute, encumber, sell, rent, lease, sublicense, or otherwise transfer your rights to the Software Product.

 

Restrictions on Use

You may not use, copy, or install the Software Product on any system with more than one computer, or permit the use, copying, or installation of the Software Product by more than one user or on more than one computer. If you hold multiple, validly licensed copies, you may not use, copy, or install the Software Product on any system with more than the number of computers permitted by license, or permit the use, copying, or installation by more users, or on more computers than the number permitted by license.

 

You may not decompile, "reverse-engineer", disassemble, or otherwise attempt to derive the source code for the Software Product.

 

You may not use the database portion of the Software Product in connection with any software other than the Software Product.

 

Restrictions on Alteration

You may not modify the Software Product or create any derivative work of the Software Product or its accompanying documentation. Derivative works include but are not limited to translations. You may not alter any files or libraries in any portion of the Software Product. You may not reproduce the database portion or create any tables or reports relating to the database portion.

 

Restrictions on Copying

You may not copy any part of the Software Product except to the extent that licensed use inherently demands the creation of a temporary copy stored in computer memory and not permanently affixed on storage medium. You may make one archival copy which must be stored on a medium other than a computer hard drive.

 

Limited Software Product Warranty

For a period of 30 days from the date of shipment or from the date that you download the Software Product, as applicable, Sonoma Connect warrants that when properly installed and used under normal conditions, the Software Product will perform substantially as advertised.

 

Disclaimer of Warranties and Limitation of Liability

UNLESS OTHERWISE EXPLICITLY AGREED TO IN WRITING BY SONOMA CONNECT, SONOMA CONNECT MAKES NO OTHER WARRANTIES, EXPRESS OR IMPLIED, IN FACT OR IN LAW, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OTHER THAN AS SET FORTH IN THIS AGREEMENT OR IN THE LIMITED WARRANTY DOCUMENTS PROVIDED WITH THE SOFTWARE PRODUCT.

 

Sonoma Connect makes no warranty that the Software Product will meet your requirements or operate under your specific conditions of use. Sonoma Connect makes no warranty that operation of the Software Product will be secure, error free, or free from interruption. YOU MUST DETERMINE WHETHER THE SOFTWARE PRODUCT SUFFICIENTLY MEETS YOUR REQUIREMENTS FOR SECURITY AND UNINTERRUPTABILITY. YOU BEAR SOLE RESPONSIBILITY AND ALL LIABILITY FOR ANY LOSS INCURRED DUE TO FAILURE OF THE SOFTWARE PRODUCT TO MEET YOUR REQUIREMENTS. SONOMA CONNECT WILL NOT, UNDER ANY CIRCUMSTANCES, BE RESPONSIBLE OR LIABLE FOR THE LOSS OF DATA ON ANY COMPUTER OR INFORMATION STORAGE DEVICE.

 

UNDER NO CIRCUMSTANCES SHALL SONOMA CONNECT, ITS DIRECTORS, OFFICERS, EMPLOYEES OR AGENTS BE LIABLE TO YOU OR ANY OTHER PARTY FOR INDIRECT, CONSEQUENTIAL, SPECIAL, INCIDENTAL, PUNITIVE, OR EXEMPLARY DAMAGES OF ANY KIND (INCLUDING LOST REVENUES OR PROFITS OR LOSS OF BUSINESS) RESULTING FROM THIS AGREEMENT, OR FROM THE FURNISHING, PERFORMANCE, INSTALLATION, OR USE OF THE SOFTWARE PRODUCT, WHETHER DUE TO A BREACH OF CONTRACT, BREACH OF WARRANTY, OR THE NEGLIGENCE OF SONOMA CONNECT OR ANY OTHER PARTY, EVEN IF SONOMA CONNECT IS ADVISED BEFOREHAND OF THE POSSIBILITY OF SUCH DAMAGES. TO THE EXTENT THAT THE APPLICABLE JURISDICTION LIMITS SONOMA CONNECT'S ABILITY TO DISCLAIM ANY IMPLIED WARRANTIES, THIS DISCLAIMER SHALL BE EFFECTIVE TO THE MAXIMUM EXTENT PERMITTED.

 

Limitation of Remedies and Damages

Your remedy for a breach of this Agreement or of any warranty included in this Agreement is the correction or replacement of the Software Product. Selection of whether to correct or replace shall be solely at the discretion of Sonoma Connect. Sonoma Connect reserves the right to substitute a functionally equivalent copy of the Software Product as a replacement. If Sonoma Connect is unable to provide a replacement or substitute Software Product or corrections to the Software Product, your sole alternate remedy shall be a refund of the purchase price for the Software Product exclusive of any costs for shipping and handling.

 

Any claim must be made within the applicable warranty period. All warranties cover only defects arising under normal use and do not include malfunctions or failure resulting from misuse, abuse, neglect, alteration, problems with electrical power, acts of nature, unusual temperatures or humidity, improper installation, or damage determined by Sonoma Connect to have been caused by you. All limited warranties on the Software Product are granted only to you and are non-transferable. You agree to indemnify and hold Sonoma Connect harmless from all claims, judgments, liabilities, expenses, or costs arising from your breach of this Agreement and/or acts or omissions.

 

Governing Law, Jurisdiction and Costs

This Agreement is governed by the laws of California, without regard to California's conflict or choice of law provisions.

 

Severability

If any provision of this Agreement shall be held to be invalid or unenforceable, the remainder of this Agreement shall remain in full force and effect. To the extent any express or implied restrictions are not permitted by applicable laws, these express or implied restrictions shall remain in force and effect to the maximum extent permitted by such applicable laws.

 

 

 

INFORMATION SECURITY POLICY

Underweigh Adventures, LLC dba Sonoma Connect™ handles sensitive cardholder information daily.  Sensitive Information must have adequate safeguards in place to protect the cardholder data, cardholder privacy, and to ensure compliance with various regulations, along with guarding the future of the organisation.
Underweigh Adventures, LLC dba Sonoma Connect™ commits to respecting the privacy of all its customers and to protecting any customer data from outside parties.  To this end management are committed to maintaining a secure environment in which to process cardholder information so that we can meet these promises.
Employees handling sensitive cardholder data should ensure:

l    Handle Company and cardholder information in a manner that fits with their sensitivity and classification;
l    Limit personal use of Underweigh Adventures, LLC dba Sonoma Connect™ information and telecommunication systems and ensure it doesn’t interfere with your job performance;
l    Underweigh Adventures, LLC dba Sonoma Connect™ reserves the right to monitor, access, review, audit, copy, store, or delete any electronic communications, equipment, systems and network traffic for any purpose;
l    Do not use e-mail, internet and other Company resources to engage in any action that is offensive, threatening, discriminatory, defamatory, slanderous, pornographic, obscene, harassing or illegal;
l    Do not disclose personnel information unless authorized;
l    Protect sensitive cardholder information;
l    Keep passwords and accounts secure;
l    Request approval from management prior to establishing any new software or hardware, third party connections, etc.; 
l    Do not install unauthorized software or hardware, including modems and wireless access unless you have explicit management approval;
l    Always leave desks clear of sensitive cardholder data and lock computer screens when unattended;
l    Information security incidents must be reported, without delay, to the individual responsible for incident response locally – Please find out who this is.
We each have a responsibility for ensuring our company’s systems and data are protected from unauthorized access and improper use.  If you are unclear about any of the policies detailed herein you should seek advice and guidance from your line manager.

1.    Network Security

A high-level network diagram of the network is maintained and reviewed on a yearly basis.  The network diagram provides a high level overview of the cardholder data environment (CDE), which at a minimum shows the connections in and out of the CDE.  Critical system components within the CDE, such as POS devices, databases, web servers, etc., and any other necessary payment components, as applicable should also be illustrated. 
 
In addition, ASV should be performed and completed by a PCI SSC Approved Scanning Vendor, where applicable.  Evidence of these scans should be maintained for a period of 18 months.

2.    Acceptable Use Policy

Management’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Underweigh Adventures, LLC dba Sonoma Connect™’s established culture of openness, trust and integrity. Management is committed to protecting the employees, partners and Underweigh Adventures, LLC dba Sonoma Connect™ from illegal or damaging actions, either knowingly or unknowingly by individuals. Underweigh Adventures, LLC dba Sonoma Connect™ will maintain an approved list of technologies and devices and personnel with access to such devices as detailed in Appendix B.

•    Employees are responsible for exercising good judgment regarding the reasonableness of personal use.
•    Employees should take all necessary steps to prevent unauthorized access to confidential data which includes card holder data. 
•    Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts. 
•    All PCs, laptops and workstations should be secured with a password-protected screensaver with the automatic activation feature. 
•    All POS and PIN entry devices should be appropriately protected and secured so they cannot be tampered or altered.
•    The List of Devices in Appendix B will be regularly updated when devices are modified, added or decommissioned.  A stocktake of devices will be regularly performed and devices inspected to identify any potential tampering or substitution of devices.  
•    Users should be trained in the ability to identify any suspicious behaviour where any tampering or substitution may be performed.  Any suspicious behaviour will be reported accordingly.
•    Information contained on portable computers is especially vulnerable, special care should be exercised. 
•    Postings by employees from a Company email address to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of Underweigh Adventures, LLC dba Sonoma Connect™, unless posting is in the course of business duties. 
•    Employees must use extreme caution when opening e-mail attachments received from unknown senders, which may contain viruses, e-mail bombs, or Trojan horse code. 

3.    Protect Stored Data  

•    All sensitive cardholder data stored and handled by Underweigh Adventures, LLC dba Sonoma Connect™ and its employees must be securely protected against unauthorized use at all times. Any sensitive card data that is no longer required by Underweigh Adventures, LLC dba Sonoma Connect™ for business reasons must be discarded in a secure and irrecoverable manner.
•    If there is no specific need to see the full PAN (Permanent Account Number), it has to be masked when displayed.
•    PAN'S which are not protected as stated above should not be sent to the outside network via end user messaging technologies like chats, ICQ messenger etc.,

It is strictly prohibited to store: 
1.    The contents of the payment card magnetic stripe (track data) on any media whatsoever.  
2.    The CVV/CVC (the 3 or 4 digit number on the signature panel on the reverse of the payment card) on any media whatsoever.  
3.    The PIN or the encrypted PIN Block under any circumstance.

4.    Information Classification

Data and media containing data must always be labelled to indicate sensitivity level.

•    Confidential data might include information assets for which there are legal requirements for preventing disclosure or financial penalties for disclosure, or data that would cause severe damage to Underweigh Adventures, LLC dba Sonoma Connect™ if disclosed or modified.  Confidential data includes cardholder data.
•    Internal Use data might include information that the data owner feels should be protected to prevent unauthorized disclosure. 
•    Public data is information that may be freely disseminated.

5.    Access to the Sensitive Cardholder Data

All Access to sensitive cardholder should be controlled and authorized. Any job functions that require access to cardholder data should be clearly defined.
•    Any display of the card holder should be restricted at a minimum to the first 6 and the last 4 digits of the cardholder data.
•    Access to sensitive cardholder information such as PAN’s, personal information and business data is restricted to employees that have a legitimate need to view such information. 
•    No other employees should have access to this confidential data unless they have a genuine business need. 
•    If cardholder data is shared with a Service Provider (3rd party) then a list of such Service Providers will be maintained as detailed in Appendix C.
•    Underweigh Adventures, LLC dba Sonoma Connect™ will ensure a written agreement that includes an acknowledgement is in place that the Service Provider will be responsible for the cardholder data that the Service Provider possess.
•    Underweigh Adventures, LLC dba Sonoma Connect™ will ensure that there is an established process, including proper due diligence is in place, before engaging with a Service provider.
•    Underweigh Adventures, LLC dba Sonoma Connect™ will have a process in place to monitor the PCI DSS compliance status of the Service provider.

6.    Physical Security  

Access to sensitive information in both hard and soft media format must be physically restricted to prevent unauthorized individuals from obtaining sensitive data. 
 
•    Media is defined as any printed or handwritten paper, received faxes, floppy disks, back-up tapes, computer hard drive, etc.  
•    Media containing sensitive cardholder information must be handled and distributed in a secure manner by trusted individuals.  
•    Visitors must always be escorted by a trusted employee when in areas that hold sensitive cardholder information. 
•    Procedures must be in place to help all personnel easily distinguish between employees and visitors, especially in areas where cardholder data is accessible. “Employee” refers to full-time and part-time employees, temporary employees and personnel, and consultants who are “resident” on Sonoma Connect™ sites. A “visitor” is defined as a vendor, guest of an employee, service personnel, or anyone who needs to physically enter the premises for a short duration, usually not more than one day.
•    A list of devices that accept payment card data should be maintained.
•    The list should include make, model and location of the device.
•    The list should have the serial number or a unique identifier of the device
•    The list should be updated when devices are added, removed or relocated
•    POS devices surfaces are periodically inspected to detect tampering or substitution. 
•    Personnel using the devices should be trained and aware of handling the POS devices
•    Personnel using the devices should verify the identity of and=y third party personnel claiming to repair or run maintenance tasks on the devices, install new devices or replace devices.
•    Personnel using the devices should be trained to report suspicious behaviour and indications of tampering of the devices to the appropriate personnel. Underweigh Adventures, LLC dba Sonoma Connect™ sites. A “visitor” is defined as a vendor, guest of an employee, service personnel, or anyone who needs to enter the premises for a short duration, usually not more than one day.
•    Strict control is maintained over the external or internal distribution of any media containing card holder data and has to be approved by management
•    Strict control is maintained over the storage and accessibility of media
•    All computer that store sensitive cardholder data must have a password protected screensaver enabled to prevent unauthorized use. 

7.    Protect Data in Transit  

All sensitive cardholder data must be protected securely if it is to be transported physically or electronically. 
 
•    Card holder data (PAN, track data, etc.) must never be sent over the internet via email, instant chat or any other end user technologies.
•    If there is a business justification to send cardholder data via email or by any other mode then it should be done after authorization and by using a strong encryption mechanism (i.e. – AES encryption, PGP encryption, IPSEC, etc.).    
•    The transportation of media containing sensitive cardholder data to another location must be authorized by management, logged and inventoried before leaving the premises. Only secure courier services may be used for the transportation of such media. The status of the shipment should be monitored until it has been delivered to its new location. 

8.    Disposal of Stored Data

•    All data must be securely disposed of when no longer required by Underweigh Adventures, LLC dba Sonoma Connect™, regardless of the media or application type on which it is stored.
•    An automatic process must exist to permanently delete on-line data, when no longer required.
•    All hard copies of cardholder data must be manually destroyed when no longer required for valid and justified business reasons. A quarterly process must be in place to confirm that all non-electronic cardholder data has been appropriately disposed of in a timely manner.
•    Underweigh Adventures, LLC dba Sonoma Connect™ will have procedures for the destruction of hardcopy (paper) materials. These will require that all hardcopy materials are crosscut shredded, incinerated or pulped so they cannot be reconstructed.
•    Underweigh Adventures, LLC dba Sonoma Connect™ will have documented procedures for the destruction of electronic media. These will require:
o    All cardholder data on electronic media must be rendered unrecoverable when deleted e.g. through degaussing or electronically wiped using military grade secure deletion processes or the physical destruction of the media;
o    If secure wipe programs are used, the process must define the industry accepted standards followed for secure deletion.
•    All cardholder information awaiting destruction must be held in lockable storage containers clearly marked “To Be Shredded” - access to these containers must be restricted.


9.    Security Awareness and Procedures  

The policies and procedures outlined below must be incorporated into company practice to maintain a high level of security awareness. The protection of sensitive data demands regular training of all employees and contractors. 
 
•    Review handling procedures for sensitive information and hold periodic security awareness meetings to incorporate these procedures into day to day company practice. 
•    Distribute this security policy document to all company employees to read. It is required that all employees confirm that they understand the content of this security policy document by signing an acknowledgement form (see Appendix A). 
•    All employees that handle sensitive information will undergo background checks (such as criminal and credit record checks, within the limits of the local law) before they commence their employment with Underweigh Adventures, LLC dba Sonoma Connect™. 
•    All third parties with access to credit card account numbers are contractually obligated to comply with card association security standards (PCI/DSS).  
•    Company security policies must be reviewed annually and updated as needed.  
 

10.    Credit Card (PCI) Security Incident Response Plan

•    Underweigh Adventures, LLC dba Sonoma Connect™ PCI Security Incident Response Team (PCI Response Team) is comprised of the Information Security Officer and Merchant Services. Underweigh Adventures, LLC dba Sonoma Connect™ PCI security incident response plan is as follows:

1.    Each department must report an incident to the Information Security Officer (preferably) or to another member of the PCI Response Team. 
2.    That member of the team receiving the report will advise the PCI Response Team of the incident. 
3.    The PCI Response Team will investigate the incident and assist the potentially compromised department in limiting the exposure of cardholder data and in mitigating the risks associated with the incident. 
4.    The PCI Response Team will resolve the problem to the satisfaction of all parties involved, including reporting the incident and findings to the appropriate parties (credit card associations, credit card processors, etc.) as necessary. 
5.    The PCI Response Team will determine if policies and processes need to be updated to avoid a similar incident in the future, and whether additional safeguards are required in the environment where the incident occurred, or for the institution. 

Underweigh Adventures, LLC dba Sonoma Connect™ PCI Security Incident Response Team:

CIO            
Communications Director        
Compliance Officer            
Counsel            
Information Security Officer            
Collections & Merchant Services            
Risk Manager            

Information Security PCI Incident Response Procedures:

•    A department that reasonably believes it may have an account breach, or a breach of cardholder information or of systems related to the PCI environment in general, must inform Underweigh Adventures, LLC dba Sonoma Connect™ PCI Incident Response Team. After being notified of a compromise, the PCI Response Team, along with other designated staff, will implement the PCI Incident Response Plan to assist and augment departments’ response plans.

Incident Response Notification

Escalation Members:

Escalation – First Level:
Information Security Officer Controller
Executive Project Director for Credit Collections and Merchant Services Legal Counsel
Risk Manager

Director of Underweigh Adventures, LLC dba Sonoma Connect™ Communications

Escalation – Second Level:
Underweigh Adventures, LLC dba Sonoma Connect™ President
Executive Cabinet

Internal Audit
Auxiliary members as needed

      External Contacts (as needed)
Merchant Provider Card Brands
Internet Service Provider (if applicable)
Internet Service Provider of Intruder (if applicable) Communication Carriers (local and long distance) Business Partners
Insurance Carrier
External Response Team as applicable (CERT Coordination Center 1, etc) Law Enforcement Agencies as applicable inn local jurisdiction

In response to a systems compromise, the PCI Response Team and designees will:

1.    Ensure compromised system/s is isolated on/from the network. 
2.    Gather, review and analyze the logs and related information from various central and local safeguards and security controls 
3.    Conduct appropriate forensic analysis of compromised system. 
4.    Contact internal and external departments and entities as appropriate. 
5.    Make forensic and log analysis available to appropriate law enforcement or card industry security personnel, as required. 
6.    Assist law enforcement and card industry security personnel in investigative processes, including in prosecutions.

The credit card companies have individually specific requirements that the Response Team must address in reporting suspected or confirmed breaches of cardholder data. See below for these requirements.

Incident Response notifications to various card schemes  

1.    In the event of a suspected security breach, alert the information security officer or your line manager immediately.  
2.    The security officer will carry out an initial investigation of the suspected security breach.  
3.    Upon confirmation that a security breach has occurred, the security officer will alert management and begin informing all relevant parties that may be affected by the compromise.   

 VISA Steps

If the data security compromise involves credit card account numbers, implement the following procedure: 

•    Shut down any systems or processes involved in the breach to limit the extent, and prevent further exposure.  
•    Alert all affected parties and authorities such as the Merchant Bank (your Bank), Visa Fraud Control, and the law enforcement. 
•    Provide details of all compromised or potentially compromised card numbers to Visa Fraud Control within 24 hrs.  
•    For more Information visit: http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp_if_ compromised.html  

Visa Incident Report Template

This report must be provided to VISA within 14 days after initial report of incident to VISA. The following report content and standards must be followed when completing the incident report. Incident report must be securely distributed to VISA and Merchant Bank. Visa will classify the report as “VISA Secret”*.
I.    Executive Summary 

a.    Include overview of the incident 
b.    Include RISK Level(High, Medium, Low) 
c.    Determine if compromise has been contained 
II.    Background 
III.    Initial Analysis 
IV.    Investigative Procedures

a.    Include forensic tools used during investigation 
V.    Findings 
a.    Number of accounts at risk, identify those stores and compromised 

b.    Type of account information at risk 
c.    Identify ALL systems analyzed. Include the following: 

•    Domain Name System (DNS) names 

•    Internet Protocol (IP) addresses 

•    Operating System (OS) version 

•    Function of system(s) 

d.    Identify ALL compromised systems. Include the following: 

•    DNS names 

•    IP addresses 

•    OS version 

•    Function of System(s) 
e.    Timeframe of compromise 

f.    Any data exported by intruder 
g.    Establish how and source of compromise 
h.    Check all potential database locations to ensure that no CVV2, Track 1 or Track 2 data is stored anywhere, whether encrypted or unencrypted (e.g., duplicate or backup tables or databases, databases used in development, stage or testing environments, data on software engineers’ machines, etc.) 
i.    If applicable, review VisaNet endpoint security and determine risk 
VI.    Compromised Entity Action
VII.    Recommendations

VIII.    Contact(s) at entity and security assessor performing investigation

*This classification applies to the most sensitive business information, which is intended for use within VISA. Its unauthorized disclosure could seriously and adversely impact VISA, its employees, member banks, business partners, and/or the Brand.

MasterCard Steps:

I.    Within 24 hours of an account compromise event, notify the MasterCard Compromised Account Team via phone at 1-636-722-4100. 
II.    Provide a detailed written statement of fact about the account compromise (including the contributing circumstances) via secured e-mail to  compromised_account_team-at-mastercard.com. 

III.    Provide the MasterCard Merchant Fraud Control Department with a complete list of all known compromised account numbers. 
IV.    Within 72 hours of knowledge of a suspected account compromise, engage the services of a data security firm acceptable to MasterCard to assess the vulnerability of the compromised data and related systems (such as a detailed forensics evaluation). 

V.    Provide weekly written status reports to MasterCard, addressing open questions and issues until the audit is complete to the satisfaction of MasterCard. 
VI.    Promptly furnish updated lists of potential or known compromised account numbers, additional documentation, and other information that MasterCard may request. 

VII.    Provide finding of all audits and investigations to the MasterCard Merchant Fraud Control department within the required time frame and continue to address any outstanding exposure or recommendation until resolved to the satisfaction of MasterCard. 


Once MasterCard obtains the details of the account data compromise and the list of compromised account numbers, MasterCard will:

1.    Identify the issuers of the accounts that were suspected to have been compromised and group all known accounts under the respective parent member IDs. 

2.    Distribute the account number data to its respective issuers.

Employees of Underweigh Adventures, LLC dba Sonoma Connect™ will be expected to report to the security officer for any security related issues. The role of the security officer is to effectively communicate all security policies and procedures to employees within Underweigh Adventures, LLC dba Sonoma Connect™ and contractors. In addition to this, the security officer will oversee the scheduling of security training sessions, monitor and enforce the security policies outlined in both this document and at the training sessions and finally, oversee the implantation of the incident response plan in the event of a sensitive data compromise. 


Discover Card Steps

I.    Within 24 hours of an account compromise event, notify Discover Fraud Prevention at (800) 347-3102 
II.    Prepare a detailed written statement of fact about the account compromise including the contributing circumstances 
III.    Prepare a list of all known compromised account numbers 

IV.    Obtain additional specific requirements from Discover Card 


American Express Steps

I.    Within 24 hours of an account compromise event, notify American Express Merchant Services at (800) 528-5200 in the U.S. 
II.    Prepare a detailed written statement of fact about the account compromise including the contributing circumstances 
III.    Prepare a list of all known compromised account numbers Obtain additional specific requirements from American Express

11.    Transfer of Sensitive Information Policy

•    All third-party companies providing critical services to Underweigh Adventures, LLC dba Sonoma Connect™ must provide an agreed Service Level Agreement.
•    All third-party companies providing hosting facilities must comply with Underweigh Adventures, LLC dba Sonoma Connect™’s Physical Security and Access Control Policy.
•    All third-party companies which have access to Card Holder information must
1.    Adhere to the PCI DSS security requirements.
2.    Acknowledge their responsibility for securing the Card Holder data.
3.    Acknowledge that the Card Holder data must only be used for assisting the completion of a transaction, supporting a loyalty program, providing a fraud control service or for uses specifically required by law.
4.    Have appropriate provisions for business continuity in the event of a major disruption, disaster or failure.
5.    Provide full cooperation and access to conduct a thorough security review after a security intrusion by a Payment Card industry representative, or a Payment Card industry approved third party.

12.    User Access Management

•    Access to Sonoma Connect™ site(s) is controlled through a formal user registration process beginning with a formal notification from HR or from a line manager. 
•    Each user is identified by a unique user ID so that users can be linked to and made responsible for their actions. The use of group IDs is only permitted where they are suitable for the work carried out.


13.    Access Control Policy

•    Access Control systems are in place to protect the interests of all users of Underweigh Adventures, LLC dba Sonoma Connect™ computer systems by providing a safe, secure and readily accessible environment in which to work.
•    Underweigh Adventures, LLC dba Sonoma Connect™ will provide all employees and other users with the information they need to carry out their responsibilities in an as effective and efficient manner as possible.
•    Generic or group IDs shall not normally be permitted, but may be granted under exceptional circumstances if sufficient other controls on access are in place.
•    The allocation of privilege rights (e.g. local administrator, domain administrator, super-user, root access) shall be restricted and controlled, and authorization provided jointly by the system owner and IT Services. Technical teams shall guard against issuing privilege rights to entire teams to prevent loss of confidentiality.
•    Access rights will be accorded following the principles of least privilege and need to know.
•    Every user should attempt to maintain the security of data at its classified level even if technical security mechanisms fail or are absent.
•    Users electing to place information on digital media or storage devices or maintaining a separate database must only do so where such an action is in accord with the data’s classification.
•    Users are obligated to report instances of non-compliance to Underweigh Adventures, LLC dba Sonoma Connect™ CISO.
•    Access to Underweigh Adventures, LLC dba Sonoma Connect™ IT resources and services will be given through the provision of a unique Active Directory account and complex password.
•    No access to any Underweigh Adventures, LLC dba Sonoma Connect™ IT resources and services will be provided without prior authentication and authorization of a user’s Underweigh Adventures, LLC dba Sonoma Connect™ Windows Active Directory account.
•    Password issuing, strength requirements, changing and control will be managed through formal processes. Password length, complexity and expiration times will be controlled through Windows Active Directory Group Policy Objects. 
•    Access to Confidential, Restricted and Protected information will be limited to authorized persons whose job responsibilities require it, as determined by the data owner or their designated representative. Requests for access permission to be granted, changed or revoked must be made in writing.
•    Users are expected to become familiar with and abide by Underweigh Adventures, LLC dba Sonoma Connect™ policies, standards and guidelines for appropriate and acceptable usage of the networks and systems.
•    Access for remote users shall be subject to authorization by IT Services and be provided in accordance with the Remote Access Policy and the Information Security Policy. No uncontrolled external access shall be permitted to any network device or networked system.
•    Access to data is variously and appropriately controlled according to the data classification levels described in the Information Security Management Policy.
•    Access control methods include logon access rights, Windows share and NTFS permissions, user account privileges, server and workstation access rights, firewall permissions, IIS intranet/extranet authentication rights, SQL database rights, isolated networks and other methods as necessary.
•    A formal process shall be conducted at regular intervals by system owners and data owners in conjunction with IT Services to review users’ access rights. The review shall be logged and IT Services shall sign off the review to give authority for users’ continued access rights.

 

 

DISCLAIMERS

  1.  Subjective Subject Matter Disclaimer For Single Author; No Obligation to Update Information.

    The information presented herein represents the view of the author as of the date of publication. Because of the rate with which conditions change, the author reserves the right to alter and/or update his opinion based on the new conditions, and the author is not obligated to update this information.

    2.    Subjective Subject Matter Disclaimer For 3rd Party Author;  No Obligation to Update Information.

    Everything posted on this site are views of others and have either been submitted to us, or found on the Internet and published as a fair use.  The views expressed on this site are solely those of 3rd party authors and do not in any way reflect our views. This site is solely a provider of useful articles and hereby disclaims all liability for any damages or injury or other harm arising from this website.  We are not obligated to update any information attributable to 3rd party authors.

    3.    Securities Disclaimer; No Investment Advice or Recommendations.

    This site and the information provided herein is for informational purposes only, and no investment, tax, legal, insurance advice is intended or given.  Nothing on this site should be construed to be (i) an offer to sell or a solicitation to purchase a security, or (ii) a recommendation regarding any security.  Information in videos, articles, and blog posts on this site that discuss specific securities is general in nature, is not tailored to the investment needs of any particular person, and should not be relied upon without independent verification.  Information in videos, articles, and blog posts on this site may affect the market prices of the securities discussed.  Investment decisions are subject to certain risk factors that may not be discussed completely, or at all, on this site.  We believe that any performance data provided on this site is provided from sources we deem to be reliable; however, we do not guarantee the accuracy or completeness of any such data.  You should verify any such data through your own sources.
    Your Investment decisions and strategies should be determined solely by you in the exercise of your own judgment based on your unique investment objectives and financial circumstances.  If you need professional advice, you should consult your own professional advisors.

    4.    Disclaimer Re Investment in Penny Stocks.

    We are in the business of marketing and advertising high risk companies known as "penny stocks" or "micro-caps" through the internet and other media for monetary compensation.  This compensation may be provided by the companies themselves who are profiled or by third party entities who are promoting the companies that are profiled. As such, our opinion about companies that we profile is neither unbiased nor independent and you should consider that fact when evaluating any of the companies profiled.  Do not base any investment decision upon any materials found on this website or in our email or other marketing/advertising materials. We are not registered as a securities broker-dealer or an investment adviser either with the U.S. Securities and Exchange Commission (the "SEC") or with any state or provincial securities regulatory authority. We are neither licensed nor qualified to provide investment advice.

    5.    Disclaimer; No Obligation For Tax Preparation Software.

    When using and applying the information generated by our software, you alone are responsible for ensuring that you comply with the applicable requirements of federal and state law.  You are solely responsible for the content and accuracy of all reports and documents prepared in whole or in part by using our software.  You acknowledge that your use of using our software does not release you of your obligations concerning the preparation and review of such reports and documents.  You acknowledge that you do not rely upon our software for any advice or guidance regarding compliance with federal and state laws or the appropriate tax treatment of items reflected on such reports or documents.  You acknowledge that you will review any calculations made by using our software and satisfy yourself that all calculations are correct.

    6.    Disclaimer; Information Is Not a Consumer Report.

    We are not a consumer reporting agency and data provided by us does not constitute a consumer report as that term is defined in the Fair Credit Reporting Act (FCRA), 15 U.S.C.A. sec 1681 et seq.  Before using any data obtained from any source as a factor in establishing a consumer's eligibility for credit, insurance or employment, you should consult with your attorney for uses that might be regulated by FCRA. 

    7.    Disclaimer For No Legal Representation.

    This site is not intended to create an attorney-client relationship, and no attorney-client relationship will be created or legal advice given through your use of this site, its services and content.  No special relationship or privilege exists between you and this site.  You will be representing yourself in any legal matter you undertake as a result of your use of this site, its services and content. This site provides (i) articles, newsletters, and content for informational purposes only, and (ii) an automated software system using rule-based document assembly technology as a tool for persons to prepare their own legal documents.  In the process of providing this information, this site is engaged in the publication of information regarding legal issues commonly encountered.  This site is not a substitute for the advice of an attorney. This site does not review any of your answers to questions for sufficiency, provide legal advice, or analyze applicable law and apply it to your specific requirements. Accordingly, if you need legal advice for a specific issue, or if your specific matter is too complex to be addressed by our automated software tool, you are advised to seek the advice of an attorney.

    8.    Disclaimer By Website Developer; No Responsibility For Website Legal Compliance.

    You agree to assume sole responsibility for website legal compliance.  Your responsibility is to employ an attorney to represent you to in connection with legal compliance for your website and to manage your exposure to legal liability.  We will work with your attorney to incorporate your advertising claims, legal notices, disclaimers, and agreements into your website, but we are not responsible for, and will not provide you with advertising claims, legal notices, disclaimers, or agreements, or any advice in the nature of legal advice. 

    9.    Disclaimer For Licensing For Auctions.

    You assume sole responsibility for compliance, any and all required licensing, education, bonding and other requirements regulating auctions.  We assume no responsibility for compliance with any laws or regulations regarding auctions.

    10.    Disclaimer For Blog Posts by Others. 

    We do not independently verify, nor do we seek independent verification of comments and statements that may be posted by others in blog posts on this site regarding our website, its products or services. For this reason, if others post "success story" or "best-case" scenario testimonials (as distinguished from subjective opinions), you should assume that their results are NOT typical.

    11.    Disclaimer Regarding Diets and Restaurant Recommendations.

    We do not guarantee that any recommendation will meet your diet requirements, or that any reference to any food, beverage, or restaurant will match the description provided by us.  We do not assume any liability for any adverse reactions to food or beverages, or restaurants recommended.  Each user is solely responsible for determining his/her food and beverage choices.

    12.    Disclaimer Re Health and Rehabilitation

    We provide guidance and clarification for rehabilitation prescriptions provided over the Internet and by other materials available on our website.  This information and these materials are intended only to assist a licensed physician, chiropractor, physical therapist, certified athletic trainer, or other appropriately certified professional's physical rehabilitation recommendation efforts.   We are not a medical organization and cannot give you medical advice or diagnosis conditions.  If you experience any pain or discomfort,  or if you have  a change in medical condition, you should immediately seek appropriate medical attention.

    13.    Exercise Disclaimer

    Not all exercise is suitable for everyone.  To reduce the risk of injury, consult your doctor before beginning this or any exercise program.  The instruction presented herein is in no way intended as a substitute for medical counseling.  If you have had a joint replacement or if you have osteoporosis, or any other special medical condition, follow all precautions.

    14.    Diet Disclaimer

    This website is not a substitute for medical advice.  If you are beginning a health or weight control program, consult your physician before using products or services discussed on this website, or making any other dietary changes.  All of the information provided in and through this website is intended solely for general information and should not be relied upon for any particular diagnosis, treatment, or care.  Statements made on this website have not been evaluated by the U.S. Food and Drug Administration or any other government regulatory body. 

    15.    Disclaimer For Dietary Supplements.

    The products sold on this site are not intended to diagnose, treat, cure, or prevent any disease.  Although available as a dietary supplements, our products have not been approved by the food and drug administration (FDA) for human or veterinary use at this time.

    16.    Disclaimer For Real Estate Listings By Real Estate Broker or Sales Person.

    The information provided on this website is deemed reliable but not guaranteed. You should verify all information through personal inspection and appropriate professionals.  Information regarding real estate for sale on this website is provided in part from a cooperative data exchange program of the pertaining county(s) herein,  and the applicable multiple listing service(s).  The information is for the personal, non-commercial use of the customers and/or clients of this website and may not be used for any purpose other than to identify prospective properties for possible purchase.  All other use is strictly prohibited and may violate relevant federal and state law.  Listings displayed on this website may be subject to prior sale or removal from sale; availability of any listing should always be independently verified.

 

 

LEGAL NOTICES

Copyright 2020 Underweigh Adventures, LLC dba Sonoma Connect™ All rights reserved worldwide.

SONOMA CONNECT™ is a registered mark of Underweigh Adventures, LLC dba Sonoma Connect™ - all other trademarks are the property of their respective owners.

Special Disclaimer: UNDERWEIGH ADVENTURES, LLC DBA SONOMA CONNECT™ IS NOT RESPONSIBLE FOR CONTENT POSTED BY BUSINESS'S OR CONSUMERS TO ANY MARKETING MATERIAL WHETHER DIGITALLY DELIVERED OR PRINTED.


Sonoma Connect™ is a product of Underweigh Adventures, LLC dba Sonoma Connect and is a United States corporation physically located at 222 Weller Street, Ste. 2, Petaluma, California 94952, United States

Our email for all support questions and concerns is support-at-Sonomaconnectapp.com.

 

AFFILIATE COMPENSATION DISCLOSURE 

From time to time, we promote, endorse, or suggest products or services of others. In most cases, we will be compensated, either as an affiliate/consultant with a commission based on sales. Our recommendations are always based on (i) our personal belief in the high quality and value of the product or service, and (ii) our review of the product or service, or a prior relationship or positive experience with the sponsoring person or organization. One of our participating merchants is the Amazon Services LLC affiliate program. It is important to note that prices change quickly on Amazon, so you will need to confirm that the price we share in the post is the price you pay prior to finalizing your purchase.

 

 

TESTIMONIALS AND RESULTS DISCLOSURE

  1. Compensation And Benefits To Testimonialists. Some of the testimonialists on this site receive affiliate commissions based on sales of products or services for which they give testimonials. Other testimonialists receive free promotional materials or free products or services to review. To the best of our knowledge we believe these testimonials represent the honest opinions of the testimonialists.

    Generally Expected Results From Our Products/Services. For Testimonials we post on our site that are in the nature of "success story" or "best-case" scenario testimonials (as distinguished from subjective opinions), we have data that will substantiate the results and also provide statements of expected typical results we believe consumers will generally achieve with our product or service, and we will provide this information upon request - email compliance.officer-at-Sonomaconnectapp.com. If you do not request substantiation data from us, you should assume that the results achieved by these testimonialists are the exception and not the rule, and for this reason, you should not expect to achieve the same level of results, or any positive results at all.

    3. Subjective Opinion Testimonials We Post. For Testimonials we post on our site that are in the nature of subjective opinions, we do not independently verify, nor do we seek independent verification; however, to the best of our knowledge we believe the testimonialists are giving their honest opinions. If you're not sure regarding whether a particular testimonial is a "success story"/"best-case" scenario testimonial or a subjective opinion testimonial, email our compliance officer at the email address provided above and request clarification.

    4. Blog Posts by Others. We do not independently verify, nor do we seek independent verification of comments and statements that may be posted by others in blog posts on this site regarding our website, its products or services. For this reason, if others post "success story" or "best-case" scenario testimonials or positive comments (as distinguished from subjective opinions), you should assume that the results achieved by these testimonialists are the exception and not the rule, and for this reason, you should not expect to achieve the same level of results, or any positive results at all.

 

 

EARNINGS DISCLAIMER

1.Although we make every effort to accurately represent the services and/or products presented on this website, we make no assurance, representation or promise regarding future earnings, revenue, or income, or that you will make any specific amount of money, or any money at all, or that you will not lose money.

2.Earnings or income statements, or examples of earnings or income, represent estimates of what you may earn; however, there is no promise or guarantee that you may experience the same level of earnings or income.

3.There is no assurance that any prior success or past results regarding earnings or income may be an indication of your future success or results.

4.Statements or examples of actual earnings on this website that are attributed to a specified individual or business are true and correct, and we will verify them upon request and also provide statements of expected typical results (email compliance-at-Sonomaconnectapp.com); however, these statements or examples should not be viewed as promises or guarantees of earnings or income. Earnings and income potential are affected by a number of factors over which we have no control, including but not limited to your financial condition, talent, skills, level of effort, motivation, past experience and education, your competition, and changes within the market.

5.Operating a business on the Internet involves unknown risks. You should make decisions based on information provided through services and/or products presented on this website with the understanding that an Internet business may not be suitable for you, and that you could experience significant losses or fail to generate any earnings or income at all.

6.You should undertake your own due diligence regarding your evaluation of any services and/or products presented on this website, and this includes relying on qualified professional advisors to assist you with your evaluation.

7.For the foregoing reasons, you agree that we are not responsible for any decision you may make regarding any information presented on this website or any of the services and/or products presented on this website.

 

CONTACT US

If you have any questions regarding this Privacy Policy, please contact the owner and operator of this website business at:
Underweigh Adventures, LLC dba Sonoma Connect™
Attn: Privacy Policy Officer
222 Weller Street, Ste. 2, Petaluma, California 94952
Email: support-at-Sonomaconnectapp.com