Privacy Policy

Information We Collect

For the purposes of this Policy, “personal information” is any information that identifies, relates to, or can be used to contact a particular individual. We collect and process different types of information when individuals interact with and use our Software:

• Business Information: Company name, business address, industry, and contact details.
• Account Information: User first name and last name, employer, position, user contact information, user credentials, account settings, and preferences (applicable only to SaaS customers).
• Communication Data: Emails, support requests, and other interactions with our team.
• Customer Data: Information you upload or process within our software, subject to contractual agreements (applicable only to SaaS customers).
• Technical Information: Log information or other technical details regarding usage of our Software.

Please note that we may aggregate or anonymize the foregoing types of data such that they are no longer capable of identifying you, in which case they are no longer considered “personal information.”

How We Use Information

We use collected information to:

• Provide, maintain, and enhance our Software.
• Facilitate customer support and respond to inquiries.
• Ensure security, prevent fraud, and comply with legal obligations.
• Communicate with our clients about updates, promotions, and relevant service changes.

Information Sharing and Disclosure

We disclose personal information to the following types of individuals or entities:

• Service Providers: Trusted vendors assisting in service delivery (e.g., hosting, analytics, customer support). This includes our professional advisors, such as lawyers, accountants, and other similar advisors.
• Related Entities: Affiliates, related entities, and business partners who may offer products or services that are relevant to you.
• Legal Requirements: Regulatory and governmental authorities, law enforcement agencies, and courts, as necessary to comply with applicable laws and regulations, respond to a subpoena, search warrant, or other lawful request for information, or to otherwise protect our rights.
• Business Transfers: Buyers or other successors prior to or in the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as a part of bankruptcy, liquidation, or similar proceeding, where the information is among the assets being transferred.

Data Security

We use appropriate administrative, technical, and physical measures to protect your personal information from loss, theft, and unauthorized use, disclosure, or modification. Please be aware that no data transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot ensure or warranty the security of any information you transmit to us and you do so at your own risk.

Data Retention

We retain information for as long as necessary to fulfill contractual obligations, comply with legal requirements, and improve our services. Clients may request data deletion in accordance with applicable laws and agreements.

Additional Disclosures for EU/UK/Swiss Residents

The European Union’s General Data Protection Regulation and the United Kingdom’s and Switzerland’s versions of the same (collectively, the “GDPR”) afford certain rights to individuals in the European Economic Area (including Switzerland, Gibraltar, United Kingdom and similar, the “EEA”). If you are in the EEA, you have the following rights. Note, however, that not all rights apply in all circumstances.

• Right of access: subject to certain exceptions, you have the right of access to your personal information that we hold. If you are requesting access to your data in order to protect the rights of others, we may require you to validate your identity before we can release that information to you.
• Right to rectify your personal information: if you discover that the information we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e., corrected).
• Right to be forgotten: you may ask us to delete information we hold about you in certain circumstances. This right is not absolute, and it may not be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations.
• Right to restriction of processing: in some cases, you may have the right to have the processing of your personal information restricted. For example, where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified.
• Right to object to processing: you may object to the processing of your personal information (including profiling) when it is based upon our legitimate interests. You may also object to the processing of your personal information for the purposes of direct marketing and for the purposes of statistical analysis.
• Right to data portability: you have the right to receive, move, copy, or transfer your personal information to another controller when we are processing your personal information based on consent or on a contract and the processing is carried out by automated means.

With regard to the personal information discussed in this Policy, we are typically the “data controller” for such information under the GDPR. As a result, if you wish to exercise one of the rights discussed above, you may do so by submitting a written request to the email address below with the subject line, “GDPR Request.” This is normally free, unless this process is unduly difficult or is clearly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or decline to respond. Once we have received your request, we will review it and contact you within thirty (30) days of receipt of your request, will notify you of any delay in processing your request and, in any event, will respond to the request within three (3) months. Please note that we may need to request specific information from you to help us confirm your identity. If you are located in the EEA or UK and have a concern about our processing of your data, you may have the right to make a complaint to the appropriate data protection authority in the EEA or UK.

Lawful Basis under GDPR

We will process different types of information under different lawful bases under the GDPR depending on the nature of the information and your relationship with us. The following table describes how we plan to use your personal information and our lawful basis for doing so. We may process your personal information on more than one basis depending on the specific purpose for which we have collected or are otherwise using your information. Please note, we do not process personal information for automated-decision-making purposes.

To enter into and subsequently to manage our business relationship with you or your company, including:

• Negotiating, entering into, and performing agreements with you or your company
• Responding to inquiries and providing customer support and service
• Communicating with you and responding to your inquiries
• Business Information
• Account information
• Communication Data
• Technical Information
• Necessary for our legitimate interests (to manage our business relationships and administer our operations including through the keeping of appropriate records)
• Performance of a contract with you
• Necessary to comply with legal obligations regarding our services, agreements with you or your company, and other issues

To administer and protect our business and services including:

• Maintaining business records for legal purposes and to comply with tax requirements
• Defending and advancing legal claims
• Enforcing our rights under any agreements
• Ensuring effective security for our Software
• Identifying and addressing security risks and unlawful activity
• Business Information
• Account information
• Communication Data
• Customer Data
• Technical Information
• Necessary for our legitimate interests (running our business, facilitating administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
• Necessary to comply with legal obligations

Transfers from EEA, Switzerland, or UK

If we transfer personal information from the EEA, Switzerland, or UK to the United States or any other country, we will implement appropriate legal mechanisms to ensure an adequate level of personal data protection consistent with the GDPR’s requirements. For example, if the recipient country has not received an Adequacy Decision from the European Commission (such as the United States), we will rely on Standard Contractual Clauses (SCC) that have been approved by the European Commission as the lawful mechanisms for such transfers. Further, we will enter into appropriate data processing agreements with all non-EU (sub)processors that contain SCCs and define data protection standards to be employed by each (sub)processor.

Client Responsibilities

Your employer is ultimately responsible for its handling of the personal information it collects and processes in the context of its relationship with you. If you have questions about how your employer handles your information, please contact the appropriate resources at your company.

Your Rights and Choices

Clients and their users may have rights regarding their data, including:

• Accessing, updating, or deleting certain information.
• Opting out of non-essential communications.

Requests can be submitted through our support channels.

Changes to This Policy

We may update this Privacy Policy periodically. Clients will be notified of significant changes through our website or direct communications.

Contacting us