TRUEVAULT PRIVACY POLICY

Last Update: April 30th, 2019

This Privacy Policy by TrueVault, Inc., and affiliates and other entities (each, an Affiliate, with TrueVault and its affiliates collectively called here "TrueVault", “Us”, or "We") explains what type of information may be gathered or tracked on our Marketing Website (“Site”) or TrueVault Safe and TrueVault Atlas Cloud (collectively referred to as “Services”), how such information may be used, and with what other parties the information is or may be shared.

Section 1: Overview

TrueVault obtains Personal Data about you from various sources to provide our Services and to manage our Sites. “You” may be a visitor to one of our websites, a user of one or more of our Services (“User”), or a customer of a User (“Customer”). If you are a Customer, We will generally not collect your Personal Data directly from you. Your agreement with the relevant User should explain how the User shares your Personal Data with TrueVault, and if you have questions about this sharing, then you should direct those questions to the User.

Section 2: Collection of Personal Data

1. Personal Data is any information that relates to an identified or identifiable individual. 

2. One channel of acquiring Personal Data is when You proactively provide Personal Data through one of our Sites. The Personal Data that you provide directly to us through our Sites and Services will be mostly apparent from the context in which you provide the data.  In particular, When you contact us by email, chat, telephone, or via a contact form, we will store the data you share with us (your email address and possibly your name and phone number) in order to respond to your questions as well as to be able to provide you with the best possible service in the future.

In addition to the apparent data, we will receive supplemental data including but not limited to:

  • IP address
  • Date and time of request
  • Content of the request
  • Access status / HTTP status codes
  • Browser information (e.g., screen size, language, version)
  • Operating system information (e.g. version, language)

3. A second channel by which we acquire personal data is when a User provides personal data for the purpose of operating our Services.  Through this channel, We may collect:

  • Names
  • Phone numbers
  • Email addresses
  • Usage behavior statistics
  • UP address
  • Date and time of request
  • Content of the request
  • Access status / HTTPS status codes
  • Browser information (e.g., screen size, language, version
  • Operating system information (e.g. version language) 

4. A third channel which We use to collect Personal Data without proactive consent is through the utilization of publicly available resources if it is in compliance with regulatory standards, notably The General Data Protection Regulation (“GDPR”) Article 6(1)(f) legitimate interest provision.

5. All personal data collected by TrueVault is driven by necessity in order to deliver Services, respond to inquiries, improve the Site and Services, or else governed by GDPR Article 6(1) for applicable EU individuals.

Section 3: Your Rights 

1. You may exercise certain rights regarding their Personal Data.

In particular, You have the right to do the following:

  • Withdraw consent to the processing of Personal Data where it has previously been given.
  • Object to the processing of Your Personal Data if the processing is carried out on a legal basis other than consent.
  • Learn how Your Personal Data is being processed, obtain disclosure regarding certain aspects of the processing, and obtain a copy of the Data undergoing processing.
  • Verify the accuracy of Your personal Data and ask for it to be updated or corrected.
  • Under certain circumstances, You have the right, to restrict the processing of Your Personal Data. In this case, the Owner will not process Your Personal Data for any purpose other than storing it.
  • Under certain circumstances, You have the right, to obtain the erasure of Your Personal Data from the Owner.
  • Receive Your Data and have it transferred to another controller. You have the right to receive Your Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.

2. Users have the right to file a complaint with the appropriate data protection supervisory authority concerning our processing of your personal data.

Section 4: Cookie Policy

1. Use of the Site or Services will lead to cookies being stored on your computer. Cookies are small text files that are stored on your hard drive and allocated to the browser used by you and are used to forward certain information to the site that installed the cookie. Cookies cannot execute programs or transmit viruses to your computer. They are used to make the website more user-friendly and effective. 

2. Use of cookies

This website uses the following types of cookies, the scope and function of which are explained below:

  • Transient cookies. Transient cookies are automatically deleted when you close your browser. These particularly include session cookies. Session cookies store what is called a session ID with which the various requests made by your browser are allocated to a collective session. This allows your computer to be recognized again when You return to our Site or Services. Session cookies are deleted when you log out or close your browser.
  • Persistent cookies. Persistent cookies are automatically deleted after a predetermined period of time that may vary between cookies. You can delete the cookies at any time in your browser’s security settings.

3. Your browser settings can be configured according to your wishes. For example, you can reject the acceptance of third-party cookies or all cookies. Please note that if you do this, you may not be able to use all of the functions of this website. 

4. In order to improve our website as well as for economic interests, such as reminding interested website visitors of our offers (remarketing), we use third-party cookies as described below: 

5, When you visit our website, we notify you of our use of the described third-party cookies. An option for preventing these cookies from being stored on your computer can be found in your browser’s settings. 

Section 5: Data Retention

1. Personal Data shall be processed and stored for as long as required by TrueVault for the purpose they have been collected for, as determined by TrueVault, and not any longer. 

2. Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period. 

Section 6: EU - US Privacy Shield and Safe Harbor Privacy Statement 

1. TrueVault has established a comprehensive privacy program, including a global privacy office and a chief privacy officer, designed to help us respect and protect your data privacy rights. This statement includes both TrueVault's EU-U.S. Privacy Shield and Safe Harbor Privacy Statement and the Site and Services Privacy PolicyPrivacy Statement.

2. For personal information of employees, consumers, healthcare professionals, medical research subjects and investigators, customers, investors, and government officials that TrueVault receives from the European Economic Area, TrueVault has committed to handling such personal information in accordance with the Safe Harbor Principles. TrueVault's Safe Harbor certification can be found at http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list. For more information about the Privacy Shield and Safe Harbor Principles, please visit the U.S. Department of Commerce's Website at http://export.gov/safeharbor. 

For more information about the EU-U.S. Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website.

For more information about U.S.-Swiss Safe Harbor and to view our certification, visit the U.S. Department of Commerce’s Safe Harbor website.

3. TrueVault believes in protecting your privacy. When we collect Personal Data from you on our website, we follow the privacy principles of (an independent resource mechanism) and comply with the EU-U.S. Privacy Shield and Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from the European Union. These are our promises to you:

  • Notice. When we collect your Personal Data, we'll give you timely and appropriate notice describing what personal information we're collecting, how we'll use it, and the types of third parties with whom we may share it.
  • Choice. We'll give you choices about the ways we use and share your personal information, and we'll respect the choices you make.
  • Relevance. We'll collect only as much personal information as we need for specific, identified purposes, and we won't use it for other purposes without obtaining your consent.
  • Retention. We'll keep your personal information only as long as we need it for the purposes for which we collected it, or as permitted by law.
  • Accuracy. We'll take appropriate steps to make sure the personal information in our records is accurate.
  • Access. We'll provide ways for you to access your personal information, as required by law, so you can correct inaccuracies.
  • Security. We'll take appropriate physical, technical, and organizational measures to protect your personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction.
  • Sharing. Except as described in this policy, we won't share your personal information with third parties without your consent.
  • International Transfer. If we transfer your personal information to another country, we'll take appropriate measures to protect your privacy and the personal information we transfer.
  • Enforcement. We'll regularly review how we're meeting these privacy promises, and we'll provide an independent way to resolve complaints about our privacy practices.

4. For personal data transferred from the EU, if we transfer your personal data to a third party, we will ensure that the third party is contractually obligated to process your data only for limited, specific purposes consistent with this policy. We will also ensure that the third party will apply the same level of protection to that data as the EU-U.S. Privacy Shield Principles and will notify us if it makes a determination that it can no longer meet this obligation. TrueVault may be potentially liable if these requirements are not met.

Section 7: Children Online Privacy Protection Act (COPPA)

1. TrueVault is concerned about the safety of children when they use the internet, and will never knowingly collect Personal Information from minors (children under 13 years of age, or any other age defined under applicable law) without prior verifiable parental consent that complies with those recommended practices and applicable rules put forth by the Federal Trade Commission. Our Site and Services are all expressly directed to people who are at least 13 years old or older. If we become aware that a minor is attempting to or has submitted Personal Information, we will not accept such Personal Information and will then take prompt steps to remove any such Personal Information from our records, Site and Services.

Section 8: Detailed Information on the processing of Personal Data for Site

1. Personal data is collected for the following purposes and using the following services:

  1. Algolia
    1. Algolia is a leading Search & Discovery API for websites apps. They help companies create powerful, relevant and scalable discovery experiences for their users. TrueVault uses Algolia for the search functionality in various places on the website to deliver a better experience to You.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(f) of the GDPR.
    3. Algolia collects: Resources Center search terms and usage.
    4. Privacy Policy
  2. Calendly
    1. Calendly is an automated scheduling tool that simplifies scheduling between two parties.  TrueVault uses this to coordinate schedules and meeting times with clients, prospective clients, and business partners.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(a) of the GDPR.
    3. Calendly collects: Your contact information when you book a call with our team.
    4. Privacy Policy
  3. G Suite
    1. An integrated suite of secure, cloud-native collaboration and productivity apps powered by Google AI. Includes Gmail, Docs, Drive, Calendar, Meet and more.  TrueVault uses G Suite for emails, notes, planning, and record keeping.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(f) of the GDPR.
    3. G Suite collects: Emails, meeting notes, and other information needed to support your prospective, current, and previous use and purchase of our Services.
    4. Privacy Policy
  4. Hubspot
    1. HubSpot is a growth platform with thousands of customers around the world. Comprised of Marketing Hub, Sales Hub, Service Hub, and a CRM, HubSpot gives companies the tools they need to grow better.  TrueVault uses Hubspot for sales, marketing, account management, and website hosting.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(f) of the GDPR
    3. Hubspot collects: Emails, meeting notes, and other information needed to support your prospective, current, and previous use and purchase of our Services.
    4. Privacy Policy
  5. Intercom
    1. Intercom offers a suite of messaging-first products to help manage customer lifecycle, from acquisition, to engagement, and support. TrueVault uses Intercom to provide customer support.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(b) of the GDPR.
    3. Intercom collects: Contact and contextual information you provide when you reach out to Us for support.
    4. Privacy Policy
  6. Outreach
    1. Outreach is a sales engagement platform that helps companies optimize interaction throughout the customer lifecycle. TrueVault uses Outreach for prospect development and lead nurturing.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(f) of the GDPR.
    3. Outreach collects: Contact information and email exchange history.
    4. Privacy Policy
  7. Reply
    1. Reply automates one-to-many communication teams.  TrueVault uses Reply for lead development.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(f) of the GDPR
    3. Reply collects: Contact information and email exchange history.
    4. Privacy Policy
  8. RingCentral
    1. RingCentral is a provider of unified communications and collaboration platform. TrueVault uses RingCentral for telephony services.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(f) of the GDPR
    3. RingCentral collects: Your Caller ID, phone number and when you called our team.
    4. Privacy Policy
  9. Segment
    1. Segment provides the customer data infrastructure that helps businesses put their customers first.TrueVault uses Segment for syndicating information about your use of our Services to Data Processors in this list.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(f) of the GDPR.
    3. Segment collects: Segment does not store any Personal Data.
    4. Privacy Policy
  10. Slack
    1. Slack is a collaboration hub for teamwork that aggregates information in one place.  TrueVault uses Slack for collaboration, coordination, and to aggregate information for monitoring and analysis.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(f) of the GDPR.
    3. Slack collects: Your contact information shared between our team members when you reach out for sales and technical support.
    4. Privacy Policy
  11. Zoom
    1. Zoom helps businesses bring their teams together via their video, content sharing, and chat platform.  TrueVault uses Zoom to run remote meetings with employees, contracts, and business partners.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(a) of the GDPR.
    3. Zoom collects: Your contact information when joining a call with our team.
    4. Privacy Policy

Section 9: Detailed information on the processing of Personal Data for Services

1. In addition to the services outlined in Section 8, additional Personal data is collected for the following purposes and using the following services:

  1. Atlassian
    1. Atlassian is a provider of collaboration, development, and issue tracking software for teams.  TrueVault uses Atlassian to support product development efforts and manage product development cycles.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(f) of the GDPR.
    3. Atlassian collects: Your contact information and other details when you make a feature request.
    4. Privacy Policy
  2. Chargebee
    1. Chargebee is a recurring billing platform for subscription based SaaS and eCommerce businesses.  TrueVault uses Chargebee to manages subscriptions and billing.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(b) of the GDPR.
    3. Chargebee collects: Your contact information and your payment history with Us.
    4. Privacy Policy
  3. HelloSign
    1. The HelloSign platform – which includes eSignature, digital workflow and electronic fax solutions – is built to automate and manage important business transaction.  TrueVault uses Hellosign to manage and execute contracts.
    2. The Legal basis for the processing of your data in compliance with GDPR is Article 6(1)(c) of the GDPR.
    3. HelloSign collects: Your contact information and agreements you have executed with Us.
    4. Privacy Policy
  4. Mailchimp
    1. Mailchimp is a marketing platform for small businesses. They make innovative, beautiful products that empower those businesses to find more customers.  TrueVault uses Mailchimp for transactional communication.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(a) of the GDPR.
    3. Mailchimp collects: Your contact information.
    4. Privacy Policy
  5. QuickBooks Online
    1. QuickBooks is a cloud based accounting software.  TrueVault uses Quickbooks to assist with financial management and taxes.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(c) of the GDPR.
    3. Quickbooks collects: Your contact information and your payment history with Us.
    4. Privacy Policy
  6. Stripe
    1. Stripe is a set of tools for building and running an internet business. TrueVault uses Stripe to accept and process payments.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(b) of the GDPR.
    3. Stripe colects: Your contact information and your payment history with Us.
    4. Privacy Policy
  7. TrueVault Atlas
    1. TrueVault Atlas automates all aspects of data subject request processing and is the only data protection solution that has the intelligence and capability to link personal data across internal and external systems and recognize personal data in natural language. TrueVault uses TrueVault Atlas because if we didn’t, how could we ask anyone else to? If you actually read this, email sales@truevault.com with the subject line: “I Actually Read the Privacy Policy!” for 10% off the first year of any standard plan.
    2. The Legal basis for the processing of your data in compliance with GDPR  is Article 6(1)(f) of the GDPR
    3. TrueVault Atlas collects: An inventory of your Personal Data.
    4. Privacy Policy

Questions regarding this policy.

If you have questions concerning this Privacy Policy, please contact us at: 415.214.9795 or info@truevault.com.

Modification to this Privacy Policy.

TrueVault may, in its sole discretion, update this policy from time to time by posting a new or amended policy on this Site. If we make material changes to this policy affecting handling of your Personal Information we will provide you an opportunity to opt in under the terms of the revised policy through an email notice, or conspicuous notice on the Site or Services' home page, if applicable. After any such changes take effect, any newly collected Personal Information will be subject to the terms of the revised policy and all previously collected Personal Information will be handled in accordance with your response to our opt-in notice (per the revised policy if you opt in and under the previous policy if you do not opt in, which may, however, limit or prevent your further use of the Site and Services).

If no material changes are made to this policy affecting treatment of your Personal Information, the amended policy shall be effective upon posting and your access to or use of the site following an update shall be deemed consent to the revised policy.

We recommend you visit this page regularly and in particular before supplying any Personal Information to us via this Site or Services.

This policy may not be otherwise amended by you without the written consent of TrueVault