Last Updated September 9, 2022

This privacy policy (the “Privacy Policy”) explains how Atalaya Inc. (“Atalaya”, “we”, “us”, or “our”) collects, uses, discloses, and applies the information collected when you use or access our online website and any of our related websites, services, and applications that link to this Privacy Policy (the “Services”). 


By using the Services or interacting with us, you are agreeing to this Privacy Policy. Please read the following carefully to understand how we collect, use, disclose, and maintain the information that can be associated with, or which relates to you and/or could be used to identify you (“Personal Data”) In addition, this Privacy Policy describes your choices for use, access, and correction of your Personal Data. If you do not agree to be bound by this Privacy Policy, please stop using the Services.


1. Changes to this Privacy Policy. We may change this Privacy Policy from time to time. In the event we make changes, we will notify you by revising the “Last Updated” date at the top of this Privacy Policy. If there are significant changes to this Privacy Policy, we will attempt to notify you directly by email or provide information via our home page prior to such changes becoming effective. We encourage you to review our Privacy Policy whenever you use the Services to stay informed of ways you can protect your privacy.


2. Information We Collect and Receive. We collect Personal Data from you from various sources and through various methods. Below are the types of Personal Data we may collect and from where we may collect it.


2.1 Information You Provided to Us. We collect information that you decide to share with us. At times, we may require you to provide certain information in order to use certain parts of our Services, fulfill your requests, or provide you with certain services. 


2.1.1 Account Information. When you create an account, you may provide us with your name, email address, and any other information you choose to upload to your account. 


2.1.2 Social Media Data. We have pages on social media services such as YouTube, Instagram, and LinkedIn (“Social Media Pages”). When you interact with our Social Media Pages, we will collect Personal Data that you elect to provide to us, such as your contact details and messages sent. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.


2.1.3 Contacting Us. You may interact with us through our Services, including through an online contact form, email, or any other communication mechanism. When using these channels, you typically provide your account information and any other information you choose to provide to us at your option.


2.1.4 Bento Metadata. When you push your Bento, you may choose to annotate the Bento with identifying information. 


2.2 Information We Automatically Collect. We automatically collect certain information from you when you use the Services, including internet or other network activity information such as your Internet Protocol (“IP”) address, unique device identifiers, browsing and search history within the Services, and cookies and other technologies. 


2.2.1 Log Information. We retain information about you when you access and use the Services. This information can include the following: IP address, timestamps, browser information, Internet Service Provider “ISP”, webpages visited, and the URL of the webpage you visited before navigating to our Services. 


2.2.2 Device Information. We monitor user activity in connection with the Services and may collect information about the applications and features you use, websites you visit, as well as types and amount of Services you use.


2.2.3 Crash and Error Information. If the Services crash or return an error, we may collect data to determine the cause of the error using first- or third-party services. The crash or error information collected may include the following: Device IP address, device name, operating system version, application configurations(s), the time and date, and other statistics.


2.2.4 Cookies. Like many online services, we use “cookies” to collect technical information. Cookies are small pieces of information that a website sends to your computer's hard drive while you are viewing the website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) for authentication and session information. We may also use analytics service providers such as Google Analytics to help analyze how people use our Services (“Analytics Companies”). Analytics Companies use cookies and similar technologies to collect information pertaining to how people use our Services, what pages they visit, and what other sites they may have used prior to using our Services. To learn more about how Google Analytics uses your information, please review Google’s Privacy Policy.


2.3  Information That Passes Through Our Services. Atalaya customers and prospective customers may use the Services to process customer data, such as training data, that includes Personal Data of individuals with whom Atalaya has no direct relationship. This data will not be stored within the Services, and is governed by the Privacy Policies of the sites and services on which it is hosted. 


3. How We Use Your Information. 


3.1 We may use your Personal Data for our legitimate interests and the limited purpose of providing the Services and related functionality and services, as described in this Privacy Policy, and as permitted by applicable laws. These purposes include circumstances where it is necessary to provide or fulfill the Services requested by or for you or where you have given us your express consent. We may use your Personal Data as follows:


3.1.1 To provide the information, products, and services you request;


3.1.2 To provide you, if you have an active account, with effective customer service;


3.1.3 To contact you with information and notices related to your use of the Services;


3.1.4 To invite you to participate in surveys and provide feedback to us (in accordance with any privacy preferences you have expressed to us);


3.1.5 To better understand your needs and interests;


3.1.6 To improve our products and services and develop new products and services;


3.1.7 To improve our marketing and promotional efforts;


3.1.8 To improve the content, functionality, and usability of the Services;


3.1.9 To enforce our policies or other agreements;


3.1.10 To promote security; to protect against and prevent fraud, claims, and other liabilities;


3.1.11 To use for any other purpose for which we provide notice at the time of collection; and


3.1.12 To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.


3.2 In an effort to understand and serve our users better, we may conduct research on our customer demographics, interests, and behaviors using aggregated and/or de-identified information collected through the Services and from other sources so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). 


4. How We Share and Disclose Information.


4.1 Service Providers and Third-Parties. We may share your Personal Data with third-party vendors that perform tasks on our behalf and under our instruction. These third-party vendors may use your Personal Data only in connection with the services they perform on our behalf, and they are bound to protect your Personal Data in a manner consistent with our own policies and practices. In addition, you may choose to use certain features on our website for which we partner with other entities. These features are operated by third parties that are not affiliated with us. These third parties may use your Personal Data in accordance with their own privacy policies. On websites on which these features are offered, the relevant third parties are identified. We strongly suggest you review the third parties’ privacy policies if you use the relevant features.


4.2 Aggregate/De-Identified Data. From time to time, we may share Aggregate/De-Identified Information about use of the Services, such as by publishing a report on usage trends. The sharing of such data is unrestricted.


4.3 Legal Reasons. We may also disclose your Personal Data when we, in good faith, believe disclosure is appropriate to comply with the law, a court order, or a subpoena. We may also disclose your Personal Data to prevent or investigate a possible crime, such as fraud or identity theft, to protect the security of our Services, to enforce or apply our policies or other agreements, or to protect our own rights or property or the rights, property or safety of our users or others. We will attempt to notify our users about legal demands for their Personal Data when appropriate in our judgment unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague, or lack proper authority.


4.4 Sale, Merger, or Other Business Transfer. As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions (including in contemplation of such transactions), Personal Data may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third-party, your Personal Data would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.


5. Your Choices.


5.1 If you have registered for an account, you may access, review, update, or delete certain Personal Data that you have provided to us by logging into your account and using available features and functionalities or by contacting us in accordance with the “Contact Us” section below. You may also contact us to delete your account. Please note that we will need to verify that you have the authority to delete the account and certain activity generated prior to deletion may remain stored by us and may be shared with third parties as detailed in this Privacy Policy.


5.2 Most web browsers are set to accept cookies by default. If you prefer, you can usually set your browser to remove or reject cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services. In addition to adjusting the appropriate settings in your browser, many advertising companies that may collect information for targeted advertising purposes are also members of the Digital Advertising Alliance or the Network Advertising Initiative. Both of these organizations provide directions on how individuals can opt-out from targeted advertising by their members. You can find more information on these opt-out capabilities on and  


5.3 You may opt out of having cookies placed for purposes of Google Analytics by downloading this opt-out browser add on.


5.4 In certain circumstances providing Personal Data is optional. However, if you choose not to provide Personal Data that is needed to use some features of our Services, you may be unable to use those features. We will tell you what Personal Data that you must provide in order to receive the Services.


5.5 Some browsers offer a “do not track” (“DNT”) option. Since no common industry or legal standard for DNT has been adopted by industry groups, technology companies, or regulators, we do not respond to DNT signals. We will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.


6. Retention of Personal Data. We will retain Personal Data required to comply with privacy requests, to manage active accounts, as required by law, in order to resolve disputes, or to enforce our agreements. We will retain the Personal Data we process on behalf of our users as directed by them. We may also retain copies of your Personal Data for disaster recovery purposes, to prevent fraud or future abuse, or for legitimate business purposes.


7. Information Security. The security of your information is important to us. We use reasonable administrative, technical, and physical procedures, practices, and safeguards designed to protect Personal Data we collect from unauthorized access, use, alteration, exfiltration, or destruction. Although we work hard to ensure the integrity and security of our systems, it must be recognized that no information system is 100% secure and, therefore, we cannot guarantee the security of such information. Outages, attacks, human error, system failure, unauthorized use, or other factors may compromise the security of user information at any time.


8. International Users. The Services are hosted in the United States and are intended for and directed to users in the United States. If you are a user accessing the Services from the European Union, Asia, or any other region with laws or regulations governing Personal Data collection, use, and disclosure that differ from United States laws, please be advised that through your continued use of the Services, which are governed by U.S. law, this notice and our other policies that govern your use of the Services, you are transferring your Personal Data to the United States and you consent to that transfer. The Services are not intended to subject us to the laws or jurisdiction of any state, country, or territory other than those of the United States. Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers and, by using the Services, you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have different data protection rules than those of your country.


9. Links to Third-Party Websites. The Services may contain links to other websites not operated or controlled by us, including social media services (“Third-Party Websites”). The information that you share with Third-Party Websites will be governed by the specific privacy policies and terms of service of the Third-Party Websites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these websites. Please contact the Third-Party Websites directly for information on their privacy practices and policies.


10. Children’s Information. The Services are directed to individuals at the age of 13 and over. We do not knowingly collect Personal Data from individuals under the age of 13. If we become aware of individuals who have provided us with Personal Data and are under the age of 13, we will take steps to deactivate the account and delete the Personal Data. If you become aware of information from individuals under the age of 13 which has been provided to us, please contact us in accordance with the “Contact Us” section below.


11. Contact Us. If you have any questions or concerns about our Privacy Policy, please contact us via email at    


12.  Jurisdiction-Specific Notices. Certain jurisdictions may provide additional rights to individuals with respect to the collection and use of Personal Data that we have collected. For example, you may have the right to request that we: (i) disclose to you any Personal Data that we have about you; (ii) correct or delete Personal Data that we have about you (subject to certain exceptions); or (iii) not disclose or sell your information to a third party (excluding qualified service providers). 


  1. California. The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of information about them, as well as rights to know/access, delete, and limit sharing of Personal Data. You have the right to be free from discrimination based on your exercise of your CCPA rights.

12.1.1 Notice at Collection Regarding the Categories of Personal Data Collected. You have the right to receive notice of the categories of Personal Data we collect, and the purposes for which those categories of Personal Data will be used. The categories we use below to describe the information are those enumerated in the CCPA. The following chart describes information we collect when you act as a customer or prospective customer of our products and services or visit our website. The sources of this Data are described in the “Information we collect and receive” section above. We collect this Personal Data for the purposes described in the “How We Use Your Information” section above.



Sold to

Disclosed to

Personal Identifiers

first and last name, email address, username, basic account information, unique identifiers (such as those assigned in cookies)

Not sold

Service Providers


Commercial information

transaction information, billing records, payment records, order history, auditing, accounting

Not sold

Service Providers


Electronic, or similar information

customer support services

Not sold

Service Providers


Internet or other similar network activity

unique numerical identifier, cookie or tracking pixel information, device ID, browsing history, search history, IP address, interaction with a website, interaction with an application, or interaction with advertisement, analytics, security, data storage, email and mailing services

Not sold

Service Providers


Geolocation data

coarse information (e.g., ZIP code, IP address), device location

Not sold

Service Providers


Inferences drawn from other Personal Data

interests, preferences 

Not sold

Service Providers 

12.1.2     Right to Know and Request Access to and Deletion of Personal Data. You have the right to request access to Personal Data collected about you and information regarding the source of that Personal Data, the purposes for which we collect it, and the third parties and service providers with whom we share it. You also have the right to request in certain circumstances that we delete Personal Data that we have collected directly from you.  Please note that any disclosures will only cover the 12-month period preceding the receipt of your request.  We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

12.1.3    How to Submit a Request You may submit a request to exercise your rights to know/access or delete your Personal Data by sending an email to Upon submission of your request, we will contact you via the email address provided in your request.  To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information.  In some instances, such as a request for  data deletion, we may first verify the request, after which we will check our records for matching information.  With all requests, we will aim to complete requests as soon as reasonably practicable and consistent with any applicable laws. You may authorize another individual or a business registered with the California Secretary of State, or designate an authorized agent, to make requests on your behalf through these means. 
EEA, Switzerland, or the UK. If you are located in the European Economic Area (EEA), Switzerland, or the UK, you are entitled to certain rights, subject to applicable exceptions, under the GDPR, Swiss, and UK data protection laws. Please note that, in order to verify your identity, we may require you to provide us with information prior to accessing any records containing information about you. We typically will process your information pursuant to the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide Services to you; or (3) as necessary for our legitimate interests in providing the Services where those interests do not override your fundamental rights and freedoms related to data privacy. We also may process your information where it is necessary to comply with a legal obligation to which we are subject. To submit a request to exercise your rights, please request via email to  We may have a reason under the law why we do not have to comply with your request, or may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Right of Access: You have the right to obtain confirmation as to whether we are processing personal data about you, and if so, request a copy of the personal data.

Right to Correction: You have the right to correct any inaccuracies in the personal data that we hold about you and, where applicable, to complete any incomplete personal data that we hold.

Right to Erasure: You have the right to request that we erase the personal data that we hold about you if one of the conditions in Article 17 of the GDPR applies. The right to erasure does not apply in certain circumstances, including where the processing is necessary for the establishment, exercise, or defense of legal claims.

Right to Restriction of Processing: You have the right to restrict our processing of your personal data if one of the conditions in Article 18 of the GDPR applies.

Right to Data Portability: You have the right to receive personal data concerning you in a structured, common, and machine-readable format or request transmission of the data to a third party, if the conditions in Article 20 of the GDPR are met.

Right to Object: You have the right to object to the processing of your personal data based on our legitimate interests at any time. We will no longer process the data, unless there are compelling legitimate grounds for our processing that override the interests, rights, and freedoms of the data subject, or the processing serves the purpose of asserting, exercising, or defending legal claims. You also have the right to object at any time to the use of your data for direct marketing.

Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time.

Lodging a Complaint: Users that reside in the EEA, Switzerland, or the UK have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned.

13.    International Transfers. Atalaya is located in the United States. If you use our Services outside of the United States, you understand that we may collect, store, or process your Personal Data in the United States and other countries. The laws in the United States regarding Personal Data may be different from the laws of your jurisdiction or country.  Any international transfers, collection, storage, or processing of your Personal Data will comply with safeguards as required by relevant law.