When you use the Services, you may provide information that could be Personal Information, such as your email address. You acknowledge that this information may be personal to you, and you allow others, including us, to identify you and therefore may not be anonymous. We may use your contact information to send you information about our Services, but only rarely when we feel such information is important. You may unsubscribe from these messages by emailing us at email@example.com although we, regardless, reserve the right to contact you when we believe it is necessary.
We automatically receive and record information from your web browser when you interact with the Services, including your IP address and cookie information. This information is used for fighting spam/malware and also to facilitate collection of data concerning your interaction with the Services (e.g., what links you have clicked on).
Generally, the Services automatically collect usage information, such as the number and frequency of visitors to the Site. We may use this data in aggregate form, that is, as a statistical measure, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorized by us to figure out how often individuals use parts of the Services so that we can analyze and improve them.
We may collect some device-specific information if you access the Services using a mobile device. Device information may include but is not limited to unique device identifiers, network information, and hardware model, as well as information about how the device interacts with our Services.
We may receive a confirmation when you open an email from us. We use this confirmation to improve our customer service.
Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. We strongly recommend that you leave cookies active, because they enable you to take advantage the most attractive features of the Services.
To support and enhance the Services, we may serve advertisements, and also allow third parties advertisements, through the Services. These advertisements are sometimes targeted and served to particular users and may come from third party companies called “ad networks.” Ad networks include third party ad servers, ad agencies, ad technology vendors and research firms.
Advertisements served through the Services may be targeted to users who fit a certain general profile category and may be based on anonymized information inferred from information provided to us by a user, including Personal Information (e.g., gender or age), may be based on the Services usage patterns of particular users, or may be based on your activity on Third Party Services. We do not provide Personal Information to any ad networks for use outside of the Services.
To increase the effectiveness of ad delivery, we may deliver a file (known as a “web beacon”) from an ad network to you through the Services. Web beacons allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Because your web browser must request these advertisements and web beacons from the ad network’s servers, these companies can view, edit or set their own cookies, just as if you had requested a web page from their site.
We collect statistical information about how users, collectively, use the Services (“Aggregate Information”). Some of this information is derived from Personal Information. This statistical information is not Personal Information and cannot be tied back to you or your web browser.
Occasionally, you can use our Services to interact with your accounts on other services, such as Facebook or Twitter. In addition to using your third party account credentials to sign in to the Services, you can access posting and sharing tools on the Services, including a “share” button that allows you to post information to your social networks outside of the Services (“Share”). For example, after making a reservation on the Services, you can Share information about that reservation with your Facebook friends or Twitter followers. Please note that these tools may be operated by Third Party Services.
The Services are designed to help you share information with others. As a result, some of the information generated through the Services is shared publicly or with third parties.
Some of your activity on and through the Services is public by default. This may include, but is not limited to, content you have posted publicly on the Site or otherwise through the Services.
Please also remember that if you choose to provide Personal Information using certain public features of the Services, then that information is governed by the privacy settings of those particular features and may be publicly available. Individuals reading such information may use or disclose it to other individuals or entities without our control and without your knowledge, and search engines may index that information. We therefore urge you to think carefully about including any specific information you may deem private in content that you create or information that you submit through the Services.
We share Aggregate Information with our partners, service providers and other persons with whom we conduct business. We share this type of statistical data so that our partners can understand how and how often people use our Services and their services or websites, which facilitates improving both their services and how our Services interface with them. In addition, these third parties may share with us non-private, aggregated or otherwise non Personal Information about you that they have independently developed or acquired.
As part of the Services, you may occasionally receive email and other communications from us, such as communications relating to your use of the Services. Communications relating to the Services will only be sent for purposes important to the Services, such as password recovery.
We employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control (our “Agents”). We may need to share Personal Information with our Agents in order to provide products or services to you. Unless we tell you differently, our Agents do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Information with our Agents.
In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Information as set forth in this policy.
Except as set forth above, you will be notified when your Personal Information may be shared with third parties, and will be able to prevent the sharing of this information.
We seek to protect Personal Information to ensure that it is kept private; however, we cannot guarantee the security of any Personal Information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
We otherwise store all of our information, including your IP address information, using industry-standard techniques. We do not guarantee or warrant that such techniques will prevent unauthorized access to information about you that we store, Personal Information or otherwise.
Users can access and delete cookies through their web browser settings.
California Privacy Rights: Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit an electronic request to firstname.lastname@example.org.
You can always opt not to disclose certain information to us, even though it may be needed to take advantage of some of our features.
If you have any questions or concerns regarding privacy using the Services, please send us a detailed message to email@example.com. We will make every effort to resolve your concerns.
Company considers protection of Customer Data a top priority. As further described in this Company Information Security Policy, Company uses commercially reasonable organizational and technical measures designed to prevent unauthorized access, use, alteration or disclosure of Customer Data stored on systems under Company’s control.
Access to Customer Data. Company limits its personnel’s access to Customer Data as follows: Requires unique user access authorization through secure logins and passwords, including multi-factor authentication for Cloud Hosting administrator access and individually-assigned Secure Socket Shell (SSH) keys for external engineer access; Limits the Customer Data available to Company personnel on a “need to know” basis; Restricts access to Company’s production environment by Company personnel on the basis of business need; and Encrypts user security credentials for production access.
Data Encryption. Company provides industry-standard encryption for Customer Data both in flight and at rest as follows: Implements End-to-End Transport Layer Security (TLS) across the platform; Uses strong encryption methodologies to protect Customer Data, such as AES-256 or equivalent encryption for Customer Data stored in Company’s production environment; and Encrypts all Customer Data stored on cloud or electronic portable storage devices such as computer laptops, portable drives and other similar devices while at rest.
Data Management Company creates an audit trail for key verification with each integration, with user-specific integration key generation alert controls. Company logically separates each of its customers’ data and maintains measures designed to prevent Customer Data from being exposed to or accessed by other customers.
Network Security, Physical Security and Environmental Controls Company uses a variety of techniques designed to detect and/or prevent unauthorized access to systems processing Customer Data, including firewalls, network access controls, and architectural compartmentalization. Company maintains measures designed to assess, test and apply security patches to all relevant systems and applications used to provide the Service. Company monitors privileged access to applications that process Customer Data, including cloud services. The Service operates on Amazon Web Services (“AWS”) and is protected by Amazon’s security and environmental controls. Detailed information about AWS security is available at https://aws.amazon.com/security/ and http://aws.amazon.com/security/sharing-the-security-responsibility/. For AWS SOC Reports, please see https://aws.amazon.com/compliance/soc-faqs/. Customer Data stored within AWS is encrypted at all times. AWS does not have access to unencrypted Customer Data at any time.
Independent Security Assessments. Company periodically assesses the security of its systems and the Service as follows: Annual detailed security and vulnerability assessments of the Service conducted by independent third-party security experts that include a thorough code analysis and a comprehensive security audit. Company shall attest to Customer the date of the most recent security and vulnerability assessment at Customer’s reasonable request. Bi-annual penetration testing of Company systems and applications to test for exploits including, but not limited to, XSS, SQL injection, access controls, and CSRF. Monthly vulnerability scanning, including review of any new code added to the Service.
Incident Response. If Company becomes aware of unauthorized access or disclosure of Customer Data under its control (a “Breach”), Company will: Take reasonable measures to mitigate the harmful effects of the Breach and prevent further unauthorized access or disclosure. Upon confirmation of the Breach, notify Customer in writing of the Breach without undue delay. Notwithstanding the foregoing, Company is not required to make such notice to the extent prohibited by Laws, and Company may delay such notice as requested by law enforcement and/or in light of Company’s legitimate needs to investigate or remediate the matter before providing notice. Each notice of a Breach will include: The extent to which Customer Data has been, or is reasonably believed to have been, used, accessed, acquired or disclosed during the Breach; A description of what happened, including the date of the Breach and the date of discovery of the Breach, if known; The scope of the Breach, to the extent known; and A description of Company’s response to the Breach, including steps Company has taken to mitigate the harm caused by the Breach.
Business Continuity Management Company maintains an appropriate business continuity and disaster recovery plan. Company maintains processes to ensure failover redundancy with its systems, networks and data storage.
Personnel Management Company performs employment verification, including proof of identity validation and criminal background checks for all new hires, including contract employees. Company provides training for its personnel who are involved in the processing of the Customer Data to ensure they do not collect, process or use Customer Data without authorization and that they keep Customer Data confidential, including following the termination of any role involving the Customer Data. Upon employee termination, whether voluntary or involuntary, Company immediately disables all access to critical and noncritical systems, including Company’s physical facilities.
Modifications to Policy. From time to time, Company may modify this Information Security Policy and its security procedures, but Company will not materially reduce the overall level of security afforded to Customer Data during the Subscription Term. Company will provide any updates to this Security Policy at Customer’s request.