Terms of Use for Compass by Tabiya

Last updated: March 05, 2025

1. Introduction

1.1 Welcome to Compass

Welcome to Compass (the “Service”), an AI-driven platform designed to help individuals assess and articulate their skills. Compass is operated by Tabiya, a fiscally sponsored project of the Global Development Incubator (GDI), a 501(c)(3) nonprofit organization headquartered in the United States. While Tabiya runs the day-to-day operations of Compass, GDI is the legal entity responsible for the Service’s compliance and liability matters. References to “you,” “the user,” or “user” in these Terms refer to you as the user of Compass. References to “we,” “us,” “our,” or “Tabiya” in these Terms refer collectively to Tabiya and/or GDI acting on behalf of Tabiya.

1.2 Acceptance of Terms

These Terms of Use (“Terms”) govern your access to and use of Compass. By creating an account or otherwise using the Service, you agree to be bound by these Terms and all applicable laws and regulations. If you do not agree, you must discontinue use of the Service immediately.

Your use of Compass is also subject to our Privacy Policy, which explains how we collect, use, protect, and share your personal data. Please review the Privacy Policy carefully as it is incorporated into these Terms by reference.

Eligibility

2.1 Minimum Age

You must be at least 16 years old (or the age of majority in your jurisdiction if higher) to use Compass. If you are under the age of 18 (or the legal age of majority in your jurisdiction), you may use the Service only with the consent and active supervision of a parent or legal guardian who agrees to be bound by these Terms. We do not knowingly permit children under 16 to create accounts.

By using the Service, you represent that (a) all information you submit is truthful and accurate; (b) you will maintain the accuracy of such information; and (c) your use of the Service does not violate any applicable law or regulation, in both your country of residence and the United States, where GDI is based.

3. Description of the Service

3.1 Compass Overview

Compass uses artificial intelligence (AI) — including interactions with third-party AI models — to analyze user inputs and generate personalized skill insights, CV drafts, or related recommendations. The Service aims to empower individuals in their career or skill development journey.

3.2 No Guarantee of Results

While we strive to offer valuable insights, we do not guarantee any specific employment outcome, skill acquisition, or improvement in your professional profile. You remain solely responsible for verifying the accuracy of any AI-generated advice or content before relying on it.

4. User Accounts

4.1 Account Creation

Using certain features of Compass may require registering an account. You agree to provide and maintain true, accurate, and current information about yourself. You are responsible for keeping your login credentials (e.g., username, password) confidential.

4.2 Account Security

Account Sharing: Each account is personal to you. You agree not to share your account with others. Any activity that occurs under your account is your responsibility. If you suspect unauthorized use of your credentials, notify us immediately.

4.3 Account Termination

We may suspend or terminate your account, with or without notice, if we believe you have violated these Terms, engaged in fraudulent activity, or behaved in a manner harmful to other users, Tabiya, or GDI. You may also close your account at any time by contacting us.

5. Acceptable Use Policy

5.1 Prohibited Conduct

You agree not to:

  • Use Compass for any illegal or unauthorized purpose, or in violation of any applicable laws.
  • Submit content that is offensive, defamatory, infringing, obscene, or otherwise objectionable.
  • Introduce malware or engage in activities that disrupt or damage the Service or its users’ devices.
  • Circumvent or attempt to breach any security or authentication measures implemented in Compass.
  • Reverse engineer, decompile, or otherwise attempt to access or extract proprietary software or algorithms.
  • Use Compass to create false or misleading information about your professional background.
  • Use content generated by Compass to engage in fraudulent job application practices.

5.2 User Content

By uploading or inputting content (e.g., text, resumes, conversation details) into Compass, you represent and warrant that you own or have the necessary rights to do so and that the content does not infringe upon any third party’s rights or violate any applicable law.

6. AI Disclaimer

6.1 AI-Generated Outputs

Compass leverages AI models, including third-party APIs, to generate insights or recommendations based on your inputs. You acknowledge and agree that:

  • Potential Inaccuracies: AI-generated outputs may contain errors, omissions, or biases. Tabiya cannot guarantee their factual or contextual accuracy.
  • No Professional Advice: The information provided by the Service does not constitute legal, financial, or professional advice. Always use your own judgment and, if necessary, consult a qualified professional.
  • User Responsibility: You are solely responsible for the decisions or actions you take based on AI-generated content. Tabiya and GDI are not liable for any outcome arising from reliance on the Service.

6.2 Responsible Use

You agree to use AI outputs responsibly, including not using them to misrepresent your skills, credentials, or background. You also agree to refrain from prompting or instructing the AI to produce hateful, violent, or deceptive content. We reserve the right to monitor or review inputs and outputs to ensure compliance with these Terms and our internal policies.

6.3 Prohibited Activities and Security

You agree not to attempt to gain unauthorized access to any accounts, systems, or data, interfere with the security, availability or integrity of our services, or engage in any activity that compromises the confidentiality, availability, or security of user data or our platform.

7. Intellectual Property

7.1 Open Source Code

Some portions of the Compass source code are made available by Tabiya under the MIT License (“Open-Source Components”). You can find the Open-Source Components in our public GitHub repository. To the extent the MIT License (or another relevant open-source license referenced in our repository) conflicts with these Terms of Use, the open-source license terms will control solely for the specific Open-Source Components. For clarity, you are free to copy, modify, merge, publish, distribute, sublicense, and/or sell copies of those Open-Source Components under the terms of the MIT License.

7.2 Tabiya/GDI IP Rights

Except for the Open-Source Components described in Section 7.1, all other aspects of Compass—including, but not limited to, the user interface, designs, trademarks, logos, text, and any proprietary software or content not explicitly released under an open-source license—remain the exclusive property of Tabiya (fiscally sponsored by Global Development Incubator, GDI). You are granted a limited, non-exclusive, revocable license to access and use Compass for personal, non-commercial purposes in accordance with these Terms. Any commercial use or distribution of non-open-source portions of Compass requires prior written permission from Tabiya/GDI.

7.3 Trademarks and Branding

Tabiya,” “Compass,” and related names, logos, or slogans (collectively, “Marks”) are trademarks or service marks (whether registered or not) of Tabiya/GDI. Nothing in these Terms grants you a license to use these Marks. You agree not to use Tabiya’s or GDI’s Marks in a way that could mislead or imply our endorsement or sponsorship without explicit written consent.

7.4 User-Generated Content

You retain ownership of any content or data you submit to Compass, such as text prompts, resumes, or conversation logs. By submitting such content, you grant Tabiya/GDI a non-exclusive, worldwide, royalty-free license to use, store, process, and display your content as necessary to operate and improve the Service, as described in these Terms and our Privacy Policy.

7.5 Feedback

If you provide suggestions, ideas, or other feedback about Compass, Tabiya/GDI may use such feedback without any obligation to you. You hereby grant Tabiya/GDI a worldwide, royalty-free, perpetual, irrevocable license to use and incorporate that feedback in our products or services at our discretion.

8. Disclaimers

8.1 “As Is” and “As Available”

Compass is provided on an “AS IS” and “AS AVAILABLE” basis, without warranties of any kind. To the fullest extent permitted by law, we disclaim all express or implied warranties, including implied warranties of merchantability, fitness for a particular purpose, accuracy, and non-infringement. We do not warrant that the Service will meet your requirements or be uninterrupted, secure, error-free, or virus-free.

8.2 Third-Party Services

Compass may integrate with third-party providers (e.g., cloud hosts like Google Cloud, AI APIs like Google Gemini, database services like MongoDB Atlas, and analytics tools). We are not responsible for any acts or omissions of such third parties. You agree that Tabiya/GDI will not be liable for any damage or loss arising from your use of or reliance on services provided by third parties.

9. Limitation of Liability

To the maximum extent permitted by law:

  • No Indirect Damages: Tabiya/GDI shall not be liable for any indirect, incidental, special, or consequential damages (including lost profits, loss of data, or business interruption) arising from your use of or inability to use Compass.
  • Cap on Damages: In no event shall Tabiya/GDI’s total cumulative liability to you exceed USD $100 or the amount you paid us (if any) in the preceding 12 months, whichever is greater. Some jurisdictions do not allow limitations of liability for certain types of harm, so some or all of the above limitations may not apply to you if prohibited by law.

10. Dispute Resolution and Governing Law

10.1 Governing Law

These Terms and any dispute arising hereunder shall be governed by the laws of the United States of America, specifically the laws of Washington, DC, without regard to its conflict-of-law principles. If you access Compass from another country, you are responsible for compliance with that country’s laws.

10.2 Informal Resolution

Please contact us at hi@tabiya.org if you have any dispute or concern related to the Service. We will attempt in good faith to resolve it promptly.

10.3 Binding Arbitration and Class Action Waiver

Except for Exempt Claims (defined below), you agree that any dispute, claim, or controversy arising out of or relating to these Terms or your use of Compass that cannot be resolved informally shall be resolved by confidential, binding arbitration on an individual basis. You understand that by agreeing to arbitration, you are waiving the right to a trial by jury or to participate in a class or representative action.

  • Rules and Venue: Arbitration will be conducted by the American Arbitration Association (AAA) in Washington, DC, under its Commercial Arbitration Rules.
  • Exempt Claims: Either party may assert claims in small claims court if they qualify or seek injunctive relief for intellectual property issues.
  • Opt-Out: You may opt out of arbitration by sending a written notice to hi@tabiya.org within 60 days of first accepting these Terms, with your name, address, and an explicit statement you wish to opt out of arbitration.
  • Class Action Waiver: All disputes must be resolved on an individual basis. No class, consolidated, or representative actions are allowed. Please see the additional details in the arbitration section of the Tabiya.org Terms if you want more specifics on procedures. By continuing to use the Service, you agree to this binding arbitration clause unless you opt out.

11. Indemnification

You agree to indemnify and hold harmless Tabiya, GDI, their officers, employees, agents, and affiliates from any claims, liabilities, damages, losses, costs, or expenses (including legal fees) arising out of (a) your violation of these Terms, (b) your misuse of Compass, (c) your infringement of any third party’s intellectual property or other rights, or (d) any content you submit to Compass.

12. Modifications, Suspension, and Termination

12.1 Service Changes

We reserve the right to modify, suspend, or discontinue Compass (in whole or in part) at any time, with or without notice. We are not liable if all or part of the Service is unavailable for any reason.

12.2 Terminating Access

We may terminate or suspend your account if you violate these Terms or if we have reason to suspect any fraudulent or unlawful activity. Upon termination or discontinuation of the Service, your right to use Compass immediately ceases. You may request deletion of your account at any time.

12.3 Survival

Any provisions of these Terms that by their nature should survive termination will remain in effect (e.g., disclaimers, limitations of liability, indemnification, dispute resolution).

13. Miscellaneous

13.1 Severability

If any provision of these Terms is found invalid or unenforceable, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will remain in full force and effect.

13.2 No Waiver

Our failure to enforce any right or provision in these Terms shall not constitute a waiver of such right or provision unless acknowledged and agreed to by us in writing.

13.3 Entire Agreement

These Terms, together with our Privacy Policy, constitute the entire agreement between you and Tabiya/GDI regarding the use of Compass, superseding any prior agreements.

13.4 Assignment

You may not assign or transfer these Terms or any of your rights or obligations hereunder without our prior written consent. We may assign these Terms without restriction in connection with a reorganization, merger, or other transfer of assets.

13.5 Headings

Section headings are for convenience only and do not affect the interpretation of these Terms.

14. Contact Us

If you have any questions about these Terms or the Site, or if you wish to provide any notice under these Terms, please contact us:

  • By email: hi@tabiya.org
  • By mail: Global Development Incubator (attn: Tabiya), 1401 K St NW, Suite 900, Washington, DC 20005, USA

Privacy Policy for Compass by Tabiya

Last updated: March 03, 2025

1. Introduction

1.1 Purpose

Welcome to Compass (“Compass” or the “Service”), an AI-driven platform designed to help individuals assess and articulate their skills. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use Compass. We comply with the EU General Data Protection Regulation (GDPR), South Africa’s Protection of Personal Information Act (POPIA), and Kenya’s Data Protection Act, 2019 (DPA). In line with these laws, we ensure transparency, fairness, and security in all our data processing activities. For Kenyan users: We have appointed a Kenya-based representative to facilitate compliance with Kenya’s DPA, as detailed in the Contact section of this Policy.

1.2 Who We Are

Compass is operated by Tabiya, a fiscally sponsored project of the Global Development Incubator (GDI), a 501(c)(3) nonprofit organization based in the United States. While Tabiya manages day-to-day operations of Compass, GDI is the legal entity responsible for our compliance and liability matters. In this document, references to “we,” “us,” or “our” mean Tabiya and/or GDI acting on Tabiya’s behalf.

1.3 Additional References

Your use of Compass is also subject to our Compass Terms of Use (the “Terms”), which incorporate this Privacy Policy by reference. If you have any questions about how Compass works from a technical or usage standpoint, please see our documentation or Terms of Use.

2. Personal Data We Collect

When you use Compass, we may collect the following types of personal information:

  • Account Information: When you register or use Compass, you provide us with personal details such as your name and email address. This information is used to create your account and identify you on the platform.
  • Basic Demographics: You may be asked to provide or we may infer basic demographic information such as your age range, language preference, or general location. This helps us tailor the user experience and content (for example, selecting appropriate language models or content relevant to your region).
  • Usage Analytics: We collect data about how you interact with Compass. This includes details like the features you use, pages or screens you visit, time spent on the platform, and other usage statistics. We may also collect technical information such as your IP address, device type, browser type, and operating system. This data is typically collected through analytics tools or cookies to help us understand and improve how users use Compass.
  • Conversation Content: Compass is an AI-powered platform that may involve conversational interactions. We store the content of your conversations or queries and the AI-generated responses (“conversation contents”) when you use the service. This allows you to review past interactions and helps us ensure the service functions correctly.
  • Skill Outcomes and Results: If Compass provides assessments, recommendations, or skill-related outcomes, we record those results for your reference and to track your progress. For example, if Compass helps you with learning or decision-making tasks, the outcomes or feedback from those tasks may be saved.

We collect the above information either directly from you (when you input it into Compass) or automatically through your use of the platform (in the case of usage analytics and certain conversation data). Where we ask for personal information, you can choose not to provide it; however, some features (like account-related services) may not be available without the necessary data.

We do not collect or process any information considered sensitive personal data under Kenya’s DPA (and similar laws like GDPR or POPIA) unless you have provided explicit consent or it is otherwise permitted by law. This means we do not ask for data such as biometric identifiers, health information, or details about your race or ethnicity in the normal course of our services. By limiting our data collection in this way, we avoid processing data that would require explicit consent under Kenyan law or other regulations.

3. How We Use Your Personal Data

We use the collected personal data for various purposes consistent with this Privacy Policy:

  • Providing the Service: We use your account information to authenticate you and allow access to Compass. Conversation content and skill outcome data are used to operate the AI features, generate appropriate responses, and provide you with personalized or context-aware results.
  • Improving and Developing Compass: Usage analytics and conversation data help us understand user interactions and preferences. We analyze this information to fix bugs, improve AI accuracy, develop new features, and enhance the overall user experience. For instance, knowing which features are most popular or where users encounter difficulties helps us refine Compass.
  • Communication: We may use your email address to send service-related communications, such as account verification, notifications about important changes or updates to Compass, security alerts, or to respond to your inquiries. If you agree, we might also send occasional newsletters or tips on using Compass effectively. You can opt out of non-essential emails at any time.
  • Safety and Legal Compliance: We may monitor use of Compass to prevent abuse and keep the platform safe (for example, detecting use that violates our Terms of Use or could be harmful). We also process personal data as necessary to comply with legal obligations, such as keeping records required by law or responding to lawful requests by public authorities.
  • Third-Party Services Operation: Some of your data is used in conjunction with third-party services that enable Compass’s core functions (detailed below in “Third-Party Services”). For example, your conversation queries are sent securely to our AI provider (Google Gemini API) to generate responses, and your information may be stored in our database service (MongoDB Atlas).

Our processing of personal data is based on lawful grounds as required under GDPR, POPIA, and Kenya’s DPA:

  • Contractual Necessity: Much of our data processing is to fulfill our contract with you (for example, providing the services you signed up for).
  • Legitimate Interests: We may process data for our legitimate business interests, such as improving our services, understanding how users interact with our platform, and ensuring IT security. We will always consider your rights and objections in such cases.
  • Legal Obligation: Some processing is necessary for compliance with our legal obligations, such as maintaining records for tax purposes or responding to lawful requests by authorities.
  • Consent: Where we rely on your consent (for instance, for optional marketing communications), you have the right to withdraw that consent at any time.

Importantly, we do not process any sensitive personal data (also known as special personal information under POPIA or special category data under GDPR) that would require explicit consent under Kenyan law. By design, our services avoid collecting data like health details, biometric data, or information on your race/ethnicity. In the rare event we need to handle sensitive personal data, we will only do so in strict compliance with the law – meaning we would first obtain your explicit consent or ensure another authorized legal basis applies.

5. International Data Transfers

Compass is a global service, and your personal data may be transferred and stored across international borders. Kenyan user data, in particular, is stored and processed on Google Cloud servers located in the United States. This means your information is transferred outside of Kenya (and may also leave the EU/EEA and South Africa). We understand the importance of protecting your data during these transfers and implement appropriate safeguards in line with GDPR, POPIA, and Kenya’s DPA requirements:

  • We use Standard Contractual Clauses (SCCs) and similar legal agreements to ensure that any personal data transferred out of the EU or Kenya is afforded an equivalent level of data protection. These contractual safeguards bind our service providers (like Google Cloud) to protect your information and respect your privacy.
  • We have assessed that Google Cloud’s security measures (including encryption of data at rest and in transit, access controls, and regular security audits) provide robust protection for your data.
  • In compliance with Kenya’s DPA, we have provided proof of adequate data protection safeguards for transfers outside Kenya. We only transfer Kenyan personal data when we are satisfied that legal mechanisms and security measures are in place to protect it, or when you have given us consent where required by law.
  • Regardless of where your data is processed, we apply the same privacy protections described in this Policy. Our practices ensure that all international transfers of personal data are conducted securely and lawfully.

6. Your Data Protection Rights

We want you to be fully aware of your rights regarding your personal data. Compass respects and upholds the rights granted to individuals under GDPR, POPIA, and Kenya’s DPA. These rights include:

  • Right to Be Informed: You have the right to clear and transparent information about how your data is collected and used. This Privacy Policy, and any related privacy notices, are intended to keep you informed.
  • Right of Access: You can request a copy of the personal data we hold about you, as well as information on how we process it. We will provide this information, subject to some exceptions (for example, if providing certain data would infringe on someone else’s rights).
  • Right to Correction (Rectification): If any personal data we have about you is incorrect or outdated, you have the right to request that we correct or update it. We strive to ensure that all data is accurate and will promptly make corrections when notified.
  • Right to Deletion (Erasure): You may ask us to delete your personal data. For Kenyan users, the DPA specifically allows you to request deletion of any false or misleading data about you. Under GDPR and other laws, you can request erasure of data in certain circumstances (for instance, if the data is no longer needed for the purposes it was collected, or if you withdraw consent and no other legal basis for processing applies). We will honor valid deletion requests and inform you if any legal obligations prevent us from deleting certain data (e.g., statutory record-keeping requirements).
  • Right to Restrict Processing: You can request that we limit the processing of your personal data in certain situations. For example, if you contest the accuracy of your data or have objected to processing (pending our verification of those issues), you have the right to ask that we restrict processing your data (aside from simply storing it) until the matter is resolved.
  • Right to Object to Processing: You have the right to object to the processing of your personal data for particular purposes. For instance, Kenyan and EU users have the right to object to processing that is based on our legitimate interests, or to object at any time if data is used for direct marketing. If you raise an objection, we will consider it and stop or adjust processing unless we have a compelling legitimate ground to continue or if it’s needed for legal claims.
  • Right to Object to Automated Decision-Making: If we ever use automated decision-making (including profiling) that has legal or significant effects on you, you have the right not to be subject to such decisions without human intervention. Currently, Compass does not carry out any purely automated decisions that would significantly affect you. In the event this changes, we will notify you and ensure all safeguards required by GDPR and Kenya’s DPA (such as obtaining your consent or providing an opt-out) are in place.
  • Right to Data Portability: Where applicable (under GDPR), you have the right to request that we provide your personal data in a structured, commonly used, and machine-readable format, and you can ask us to transmit it to another data controller when technically feasible.
  • Right to Withdraw Consent: If we are processing your personal information based on consent, you have the right to withdraw that consent at any time. Once you withdraw consent, we will stop the specific processing that relied on consent. (Please note, withdrawing consent does not affect the lawfulness of processing we conducted prior to the withdrawal.)

To exercise any of these rights, please contact us using the information provided in the Contact section below. We will respond to all legitimate requests within the timeframe required by law (for example, within one month for most requests under GDPR). There is no fee for making such requests, but we may need to verify your identity to ensure we do not disclose data to the wrong person.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. This means:

  • If you have an account with us, we will keep your information for as long as your account is active and for a reasonable period thereafter in case you decide to return to our services. If you close your account or it becomes inactive, we will delete or anonymize your data after a defined retention period.
  • If we process your data for a specific campaign or based on your consent for a limited purpose (for example, a promotion you signed up for), we will delete the data after the campaign ends or if you withdraw consent, unless we need to retain it for another lawful reason.
  • In all cases, we review the necessity of keeping personal data. We follow the principle set by Kenya’s DPA and other laws that personal data should not be kept longer than is necessary. When data is no longer needed, we securely erase, anonymize, or destroy it.

Certain laws may require us to keep information for fixed periods. For instance, financial or transaction records might be kept for several years for tax or auditing purposes. Even if we keep data for these reasons, we will not use it for other purposes and will archive or secure it appropriately.

8. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to safeguard it:

  • Encryption & Access Control: We use industry-standard encryption to protect data during transmission (TLS/SSL) and at rest. Access to personal data is restricted to authorized personnel who require it for their job duties, and we employ strong authentication measures (such as secure passwords and two-factor authentication) to prevent unauthorized access.
  • Administrative Safeguards: Our staff are trained on data protection principles and are bound by confidentiality obligations. We have internal policies and procedures to handle data securely and to respond quickly to potential incidents.
  • Physical and Network Security: Our servers (including those hosted on Google Cloud in the U.S.) are protected in secure facilities with measures like firewalls, intrusion detection systems, and regular security monitoring. Google Cloud’s infrastructure is certified under internationally recognized security standards, which helps ensure that your data is stored safely.
  • Regular Audits and Testing: We periodically review our security practices and conduct risk assessments. We also maintain a data breach response plan. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the appropriate authorities as required by GDPR, POPIA, and Kenya’s DPA.

While we strive to protect your information, no method of transmission over the internet or method of electronic storage is 100% secure. However, we continuously update and improve our security measures to mitigate risks and protect your personal data.

9. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us. We are here to help and will respond to your inquiries promptly.

  • General Privacy Contact: You can reach our designated Privacy Officer for Compass via email at compass-privacy@tabiya.org. This is our primary contact for all data protection queries, including requests to exercise your rights or complaints about how we handle your information.
  • Kenya Data Protection Representative: In compliance with Kenya’s Data Protection Act, we have appointed a representative based in Kenya to act on our behalf regarding Kenyan data protection matters. Kenyan users (or the Office of the Data Protection Commissioner) may contact our Kenya representative by email at compass-privacy-kenya@tabiya.org.
  • Other Jurisdictions: If you are in the EU/EEA or South Africa, our general privacy contact above will also route your inquiry appropriately. We treat all region-specific requests with equal care and in accordance with applicable laws.

We value your privacy and encourage you to reach out if you have any questions or if you believe your personal data is not being handled in accordance with this Policy or applicable law. Additionally, you have the right to lodge a complaint with a supervisory authority or data protection regulator. For example, Kenyan users can contact the Office of the Data Protection Commissioner (ODPC) in Kenya, South African users can reach out to the Information Regulator (South Africa), and EU users can contact their local Data Protection Authority. We would, however, appreciate the chance to address your concerns directly before you approach a regulator, so please consider contacting us first.

10. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or to ensure compliance with legal requirements. When we make significant changes, we will notify you through appropriate channels (for example, via email or a notice on our website). The “last updated” date at the top of this Policy will always indicate when the latest changes were made.

By continuing to use our services after an update, you acknowledge the revised Policy. However, if the changes require your consent (e.g., if we start processing new categories of personal data), we will seek your consent as required.