Version: April 23, 2019
Download a .pdf of this policy here
1.Personal Information We Collect
Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide Personal Information when requested, you may not be able to benefit from our Service if that information is necessary to provide you with the service or if we are legally required to collect it.
If you sign up for more information, the information you provide in the form will be sent to us (such as first and last name, company, address, city, state, country, zip and phone number). We use that information to respond to you and provide ongoing information about our services.
Log Files. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use the website or platform and record such information in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the website, browser type and settings, the date and time the website was accessed, information about browser configuration and plugins, language preferences and cookie data.
- Job Applications. We will collect your name, contact details, e-mail, phone number, information in your CV any other information which you provide to us when you apply for a job with CloudSimple via our website, including your resume and references.
We collect personal information, such as your name, username, title, address, telephone number, and email address, when you sign up to use the Services. As part of using the Services, you will be uploading various information about your business and the contact individuals within your organization. We use such information for our business purposes only, such as to provide you with access to our platform and to otherwise communicate with you about CloudSimple. If you contact us directly (e.g. when you communicate with our customer support team), we will collect your name, contact details, the content, date and time of your message and any attachments thereto, and other information you may directly provide to us.
When you use the service, we also receive your email address, device identifier(s), and IP address.
- Personal Information Collected via Automated Means
In addition to information that you provide to us, we may collect information about you and your use of the Service via automated means, such as cookies, web beacons and similar technologies:
- Cookies and Similar Technologies. When you use the Service, we may send one or more cookies – small text files containing a string of alphanumeric characters – to your device. We may use both session cookies and persistent cookies to automatically collect certain information. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Service. Please review your web browser “Help” file to learn the proper way to modify your settings with regard to such automated data collection. Please note that if you delete, or choose not to accept, such technologies from the Service, you may not be able to utilize the features of the Service to their fullest potential.
- The automatically collected information may include your IP address or other device address or ID, [web browser and/or device type, the web pages or sites that you visit just before or just after you use the Service, the pages or other content you view or otherwise interact with on the Service], and the dates and times that you visit, access, or use the Service. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message. In addition, we may use these technologies to personalize our Service, such as remembering your information so that you will not have to re-enter it during your visit or the next time you visit the Service.
- We use this information to assess how many users access or use our Service, which content, products, and features of our Service most interest our visitors, what types of offers our customers like to see, and how our service performs from a technical point of view.
- Location Information. We may obtain information about your physical location by inference from other information we collect (for example, your IP address indicates the general geographic region from which you are connecting to the Internet).
Personal Information Obtained from Third Parties
- Our Enterprise Customers. We may collect Personal Information about you from our Enterprise Customers, such as your contact details and job title.
2. How We Use Personal Information We Collect
We may use Personal Information we collect for the following purposes:
- Internal and Service-Related Usage. We use your Personal Information to operate, maintain, enhance and provide all features of the Service, to provide services and information that you request, to respond to comments and questions and otherwise to provide support to users.
- Analytics and Improving the Service. We use your Personal Information to understand and analyze the usage trends and preferences of our users, to improve the Service, and to develop new products, services, feature, and functionality.
- Communications. We may use your email address, phone number, or other Personal Information (i) to contact you for administrative purposes such as customer service, to address intellectual property infringement, privacy violations or defamation issues related to your User Content posted on the Service or (ii) to send communications, including updates on promotions, relating to products and services offered by us. Generally, you have the ability to opt-out of receiving any promotional communications as described below under “Your Choices.” Where required under applicable law, we will only contact you for marketing purposes with your prior consent.
- Aggregate Data. We may de-identify and aggregate information to monitor and analyze the effectiveness of Service and to monitor aggregate site usage metrics such as total number of visitors and pages viewed.
- Partners and Vendors. We use Personal Information collected from our business partners and vendors to manage those relationships.
- Job Applications. If you apply for a job at CloudSimple, we may process your Personal Information to evaluate your application.
- Legal. We may use your Personal Information to enforce our End User License Agreement and Terms of Service, to defend our legal rights, to comply with our legal obligations and internal policies.
- Other Purposes. We also may use your Personal Information as may be described in a notice to you at the time the information is collected, or in any other manner to which you consent.
3. When we Use Personal Information About You.
If you are located in the European Economic Area, we only process your Personal Information based on a valid legal ground, including when:
- Consent. You have consented to the use of your Personal Information for example for marketing purposes or to track your online activities via cookies and similar technologies;
- Contract. We need your Personal Information to provide you with the Service, including for customer account management and to respond to your inquiries;
- Legal obligation. We have a legal obligation to use your Personal Information for example to comply with tax and accounting obligations;
- Legitimate interest. We or a third party, have a legitimate interest in using your Personal Information. In particular, we have a legitimate interest in using your Personal Information to conduct business analytics, and otherwise improve the safety, security, and performance of our Services. We only rely on our or a third party’s legitimate interests to process your Personal Information when these interests are not overridden by your rights and interests.
4. How We Disclose Your Personal Information.
Except as described in this Policy or otherwise disclosed to you at the time of the collection, we will not disclose your Personal Information to third parties without your consent. We may disclose information to third parties in the following circumstances:
- CloudSimple affiliates and subsidiaries. We may disclose Personal Information about you with our affiliates and subsidiaries.
- Vendors and Service Providers. We work with third party service providers to provide website or application development, hosting, maintenance, web analytics, customer relationship management and other services for us. These third parties may have access to or process your Personal Information as part of providing those services for us. We limit the information provided to these service providers to that which is necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such information.
-User authentication services such as Okta.
-Videocall services such as MS Teams.
-Cloud providers like Microsoft Azure and Google Cloud.
-Customer Support apps like ZenDesk, PagerDuty.
-Development tools like Atlassian, Slack, github, testrail, cloudslouth, pingdom, mxtoolbox.
-CRM and email tools like salesforce and hubspot, mailgun.
-Storage services like One Drive.
-Security services like Nessus – Tenable, digicert, vericode, twistlock.
-Document management tools like Docusign.
-Web infrastructure like Statuspage, testrail, twistlock.
- Some of these service providers have limited access to personal data. Microsoft Azure and VMware are more integrated into the Service and have more integrated access to the full range of customer details that CloudSimple has. PagerDuty has access to ip address and machine names (unique device identifiers). Nessus has access to ip addresses. Hubpot and Salesforce have access to details needed for marketing such as full contact information. Our partners. We may disclose information about you with our Microsoft and VMware, such as service login information for the purpose of using our service on their cloud platforms.
- Other Third Parties. We may also share Personal Information about you with other third parties in the following circumstances:
- In Aggregated Form. We may make certain automatically-collected, aggregated, or otherwise de-identified information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Service.
- To Comply with Legal Obligations. We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws (such as U.S. copyright law), in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
- To Protect and Enforce Our Rights. We also reserve the right to disclose your information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others.
- In case of Merger, Sale, or Other Asset Transfer. Information about our users, including Personal Information, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- With Your Consent. We also may disclose your Personal Information as may be described in a notice to you at the time the information is collected, or in any other manner to which you consent.
5. Your Rights and Choices
- Account Information. You may decline to share certain Personal Information with us, in which case we may not be able to provide to you some of the features and functionality of the Service. You may update, correct, or delete your profile information and preferences at any time by accessing your customer account settings page on the Service. If you wish to access or amend any other Personal Information we hold about you, or to request that we delete any information about you that we have obtained from an Integrated Service, you may contact us at firstname.lastname@example.org. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so, to the extent permitted under applicable law.
- Opt-Out. If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial email from us, and any other promotional communications that we may send to you from time to time, by sending your request to us by email at email@example.com or by writing to us at the address given at the end of this policy. We may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us in the customer account functionality on the Service. Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten business days for us to process your request, and you may receive promotional communications from us that you have opted-out from during that period, unless we are required by applicable law to process your request within a shorter period of time. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service.
- Privacy Settings. Although we may allow you to adjust your privacy settings to limit access to certain Personal Information, please be aware that no security measures are perfect or impenetrable. To the fullest extent permitted under applicable law, we are not responsible for circumvention of any privacy settings or security measures on the Service. Additionally, we cannot control the actions of other customers with whom you may choose to share your information. Further, even after information posted on the Service is removed, caching and archiving services may have saved that information, and other customers or third parties may have copied or stored the information available on the Service. To the fullest extent permitted under applicable law, we cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons.
- Do Not Track. Some web browsers incorporate a “Do Not Track” feature. Because there is not an accepted standard for how to respond to Do Not Track signals, our website does not currently respond to such signals.
- Other Rights. If you are located in the European Economic Area, you may have the following additional rights:
- Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer your Personal Information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
- Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
Those rights may be limited in some circumstances by local law requirements. You may exercise these rights by contacting us as indicated in the section How to Contact Us below.
6. California Privacy Rights
Residents of California have the right to request a disclosure describing what types of personal information we have shared with third parties for their direct marketing purposes, and with whom we have shared it, during the preceding calendar year. You may request a copy of that disclosure by contacting us at firstname.lastname@example.org.
If the California Consumer Privacy Act is applicable to you, you may have the right to:
- know the categories of personal information collected about you, and obtain a copy of your personal information
- know whether your personal information is sold or disclosed, and to whom;
- opt out of the sale of your personal information;
- access and then delete your personal information; and
- equal service and price (non-discrimination) if you exercise your privacy rights.
“Personal Information” is defined to include information that identifies, relates to, describes, or is capable of being associated with a particular consumer or household. This includes (among other types of personal information) IP addresses, geolocation data, biometric information, and “unique identifiers” such as device and cookie IDs, Internet activity information like browsing history, commercial information such as products or services purchased or consuming histories or tendencies, and characteristics concerning an individual’s race, color, sex (including pregnancy, childbirth, and related medical conditions), age (40 or older), religion, genetic information, sexual orientation, political affiliation, national origin, disability or citizenship status. Inferences drawn from personal information “to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” are also considered “personal information.”
7. Third-Party Services
8. Data Security
We use certain physical, managerial, and technical safeguards that are designed to appropriately protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. Please be aware that no security measures are perfect or impenetrable and thus we cannot and do not guarantee the security of your data. The foregoing is subject to requirements under applicable law to ensure or warrant information security.
Examples of our current security practices include:
- Secure Development Lifecycle
- Vulnerability scanning
- Penetration testing
- OS Hardening
- Malware and code vulnerabilities
- Security incident and event monitoring
- Need-based Access control
- Encryption of certain data
- Periodic security review
If we learn of a security systems breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice through the Service if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach you should notify us at email@example.com.
9. Data Retention
We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. We may retain marketing and customer data for up to three years from providing the Services. We retain data related to use of the Services for so long as the originating account is active plus 3 months. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.
10. Data Transfers
The Service is hosted in the United States. If you choose to use the Service from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing. Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, and fulfilling your requests. By providing any information, including Personal Information, on or to the Service, you consent to such transfer, storage, and processing.
When we transfer Personal Information outside of the European Economic Area, we will comply with applicable EU data protection laws. We may transfer your Personal Information to countries which provide an adequate level of protection under EU law, we may use contractual protections for the transfer of Personal Information, or rely on a certification to the Privacy Shield framework. You may contact us as specified below to obtain a copy of the safeguards we use to transfer Personal Information outside of the European Economic Area.
11. Changes and Updates to this Policy
Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Service for the first time after such material changes are made.
12. Our Contact Information
CloudSimple, Inc. is the entity responsible for the processing of your Personal Information as described in this Policy. If you have any questions or comments about this Policy, your Personal Information, our use and disclosure practices, your consent choices, or if would like to exercise your rights, please contact us by email at firstname.lastname@example.org or write to us at:
2755 Great America Way, Suite 101
Santa Clara, CA, 95054, United States