Last updated: October 31, 2022
Information That We Collect
This section describes the different types of Personal Data (as defined below) we may obtain from Customers.
Information that You Provide Directly
- Sign Up Information: When you create an account, we collect and retain certain information that you can be used to identify you (“Personal Data”), including, in the case of account creation: your name, email address, your employer or company name, the website of you or your employer or company, and your phone number.
- Through Communicating with Us: You may provide information to us when you use the Services, including when you contact us, respond to surveys, or provide feedback about the Services. This information may include your name, email address, phone number, address, order payment information, and other information that may relate to you or identify you. We also collect any information you provide to us when you send us emails with queries, feedback, or for any other reason.
- Through Interactive Features: If you use any of our interactive features, such as messaging between Customers, comment features, or social features, we will collect information that you might submit or make available.
- Contact Information of Others: If you choose to share contact information of other individuals with us, for example if you are using a referral feature, we will collect and retain the contact information that you provide. Please only share the contact information of close friends and relations to you, or of others who have consented to such sharing of their information.
- Job Applications: We may post job openings and opportunities on our Services. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and use your information to assess your qualifications. We may also use this information to monitor recruitment statistics, to communicate with you, to comply with law, and as otherwise necessary for compliance, fraud prevention, and safety purposes.
Information Collected Automatically
- Information Sent by Your Device: We collect certain information that your mobile device, laptop, or other hardware device sends when you use our Services, including but not limited to IP address, user agent information, network and connectivity information, device identifiers, advertising identifiers, language preferences, user settings, software and operating system names and versions, hardware models, as well as other information about your use of our Services.
- Location Information: When you use our Services, we may collect and store information about your location by converting your IP address into a rough geo-location or by requesting precise location through your browser settings.
- Necessary Cookies: We use this type of Cookie to run our site, and to identify and prevent security risks. For instance, we may use these cookies to store your session information to prevent others from changing your password without your username and password.
- Performance Cookies: We use this type of Cookie to collect information about how you use our site, monitor site performance, and improve our site performance, our services, and your experience. For example, we can use these Cookies to learn more about which features are the most popular with our Customers and which ones might need some tweaks.
- Preference Cookies: We use this type of Cookie to remember your settings and preferences, and to improve your experience on our site. For instance, we may use these Cookies to remember your language preferences.
- Marketing Cookies: We use this type of Cookie to deliver advertisements, to make them more relevant and meaningful, and to track the efficiency of our advertising campaigns, both within and outside of our Services.
- Interaction Data: We also collect information relating to the actions that you perform while logged into your account.
Information From Third Parties
We may also obtain information about Customers from third parties, including but not limited to affiliates, joint marketing partners, lead providers, fraud and risk mitigation vendors, and identify verification services.
How We Use the Information
Our primary goals in collecting information are to (i) provide and improve our Services, (ii) customize content and the Services for you, (iii) administer your use of the Services (including your account, if you are an account holder), and (iv) enable you to enjoy and easily navigate our Services. We will use your Personal Data for the following purposes:
- Providing our Services, including to communicate with you, and provide customer support in relation to the Services;
- Resolving disputes, responding to inquiries, collecting and processing payments fees (as applicable) and troubleshooting problems;
- Collecting and processing payment;
- Managing our everyday business needs, including, but not limited to the following activities: auditing, administration of the Services, forum management, fulfillment, analytics, fraud prevention, identify verification, and enforcement of our Terms and Conditions, or to comply with applicable laws or regulations;
- Customizing your experience and otherwise measuring and improving our content and Services;
- Sending you relevant emails and communications (including keeping you informed about our products, offerings, and any promotional offers) that might be of interest to you. (In the event that we use your Personal Data to market to you, you will be able to opt-out of such uses);
- Enforcing our agreements, terms, conditions, and policies, and sending you notices and alerts;
- Better understanding our Customers’ interests, behaviors, and demographics;
- Short-term, transient use, such as contextual customization of ads;
- Auditing relating to interactions, transactions and other compliance activities, and;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity.
We may use Personal Data and other information about you to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified location information, and de-identified information about the device from which you access our Services.
We may also use your information for any other purpose disclosed to you at the time we collect or receive your information, or otherwise with your consent.
Information that We Share with Third Parties
We may share information you provide us, including your Personal Data, with third parties, in the types of scenarios, and for the types of reasons described in this section.
- Services Providers and Business Partners: We may engage third-party service providers to help us administer, provide, and improve the Services, including but not limited to the following types of partners: third party financial services companies, web hosting providers, cloud hosting providers, fraud detection services, identity verification services, fulfillment service providers, and customer support partners. These third-party services providers will have access to your Personal Data for the purpose of performing services on our behalf. For example, we may share your Personal Data with a cloud hosting provider (for example, Amazon Web Services) as part of our utilization of their hosting services.
- At Your Request: We may share information about you with third parties in the event that you request we do so, for example, with other Customers or groups of Customers if you request that or if, for instance, you use a feature that performs that type of sharing function. Similarly we may share information about you with companies offering complimentary services, promotions, or offers through our Site our Services, if you request, or consent, that we share your information.
- Other Third Parties: We may share de-identified or aggregated data we collect from the use of the Services, including but not limited to de-identified or aggregated: transaction information, location information, information about the computer or device from which you access the Services, market trends, and other analysis that we create based on the information we receive from you and other Customers.
- Our Subsidiaries and Affiliates: We share information with our corporate subsidiaries and affiliates, including parent and holding companies, for our administrative purposes, including activities such as IT management, auditing and compliance, and for them to provide services to you or support and supplement the Services we provide.
- With Your Consent: There may be other circumstances where we will notify you of information that we seek to share with a third party not listed here, and will do so with your consent
- Information Shared with Web Analytics Services Providers: We may use some or all of the following analytics services:
- Google: We use Google Analytics, a service provided by Google, Inc. (“Google”), to gather information about how Customers engage with our Site and Services. For more information about Google Analytics, please visit this page. You can opt out of Google’s collection and processing of data generated by your use of the Services by going here.
- Segment: We may use a service provided by Segment, Inc. (“Segment”) to provide us with analytics data regarding Customers’ interactions with our Site and Services. You may opt-out of Segment’s automatic retention of data that is collected while using the Services by visiting this page. To track opt-outs, Segment uses a persistent opt-out cookie placed on your device. Please note that if you get a new computer, install a new browser, erase or otherwise alter the browser’s cookie file (including upgrading certain browsers), you may delete the Segment opt-out cookie.
- Information Disclosed in Connection with Business Transactions: If we are acquired by a third party as a result of a transaction such as a merger, acquisition, or asset sale, or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your Personal Data, may be disclosed or transferred to a third party acquirer in connection with the transaction.
- Information Disclosed for Our Protection and the Protection of Others: We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to: (i) respond to claims, legal process (including subpoenas); (ii) protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) stop any activity that we consider illegal, unethical or legally actionable activity.
- With Advertising Partners and Social Media. Your Personal Data may be shared with certain advertising partners who conduct or assist us with marketing, as well as advertising and social media partners who we allow to place cookies (or similar technology) in our Services as necessary to their provision of various services, including but not limited to ad attribution, ad placement, audience measurement, social sharing, and site analytics.
We offer you choices regarding the collection, use and sharing of your Personal Data and we’ll respect the choices you make. Please note that if you decide not to provide us with the Personal Data that we request, you may not be able to access all of the features of the Services.
- Cookie and Ad Tracking Choices: You can opt out of the collection and use of your information for ad targeting by going here or here to limit collection through the Site, by configuring the settings on your browser, or by using cookie blocking extensions in your browser (such as Privacy Badger or Ghostery).
- Modifying Your Information: You can access and modify the Personal Data associated with your account by sending an email to firstname.lastname@example.org. If you want us to delete your Personal Data or your account, please contact us at email@example.com with your request. We’ll take steps to delete your information as soon as we can, but some information may remain in archived/backup copies for our records or as otherwise required by law.
Responding to Do Not Track Signals
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. Our Site does not currently have the capability to respond to “Do Not Track” signals received from various web browsers. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
The Security of Your Information
We take reasonable administrative, physical, and electronic measures designed to protect the information that we collect from or about you (including your Personal Data) from unauthorized access, use or disclosure. When you enter sensitive information on our forms, we encrypt this data using SSL or other technologies. Please be aware, however, that no method of transmitting information over the internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services, by mail or by sending an email to you.
We need to retain the information you provide us in order to provide our Services, and we retain such information for as long as you maintain your account, at a minimum. We also retain certain relevant information, including transaction, location, device, and usage information, for as long as it is required to do so, in connection with regulatory, tax, insurance, legal, administrative, and other requirements. You may request deletion of your account at any time as provided above. Following such a request, we will delete the information that it is not necessary to retain. In certain circumstances, we may be unable to delete your account, such as if there is an outstanding credit or debt on your account or an unresolved dispute, ongoing investigation (e.g. for fraud or misuse), or we believe that we may be required to retain your account for legal, regulatory, or accounting reasons. Upon resolution of the issue preventing deletion, we will delete your account as described above. We may also retain certain information if necessary for our legitimate business interests, such as fraud prevention and enhancing Customers' safety and security. For example, if we shut down a Customer's account because of security or fraud incidents, we may retain certain information about that account to prevent that Customer from opening a new account in the future.
Links to Other Sites
Processing Information in the United States
We are headquartered in the United States and may use service providers that operate in other countries. Your Personal Data may be transferred to, and maintained on, computers located outside of your state, province, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. We strive to safeguard your information consistent with the requirements of applicable laws by taking reasonable administrative, physical, and electronic measures designed to protect the information that we collect from or about you from unauthorized access, use, or disclosure. However, no security measures are failsafe and we cannot guarantee the security of your personal information.
Our Policy Toward Children
Our Services are not directed to children under 16, and we do not knowingly collect Personal Data from children under 16. If we learn that we have collected Personal Data of a child under 16, we will take steps to delete such information from our files as soon as possible.
Privacy Notice for California Residents
California Consumer Protection Act
Your Rights Under the California Consumer Protection Act
The following rights (in this section) are available to California residents.
- Right to opt out of selling of your Personal Data. As stated above, we do not sell your Personal Data, within the meaning of the CCPA. That said, in the event that we ever do choose to sell data to third parties, we will provide a method to allow our Customers to opt out of that selling, in accordance with California law.
- Timely response. You have the right to make two free requests in any 12-month period. We will respond to your request within 45 days, and in more difficult cases we may extend our response time by another 45 days.
- Non-discrimination. You are entitled to exercise the rights described above free from discrimination. We will not discriminate against you because you exercise your rights. For example, we will not deny you any goods or services, charge you a different price, or provide a different level or quality of goods or services just because you exercised your rights under the CCPA.
Contacting Us (CCPA Purpose)
To make any inquiries, request, or exercise any of your rights granted under California Consumer Protection Act, you can contact us by email at firstname.lastname@example.org. Please state that you are a California resident in that communication. We may need to go through a few verification steps after you reach out, but we’ll help you through that.
Information We Collect (CCPA Required Disclosure)
- Identifiers, such as your name, email address, IP address, username, or other similar identifiers. We primarily use these identifiers to create your account, maintain security of our Services, and communicate with you.
- Customer records information, such as telephone number, bank account number, credit card number, or debit card number. We primarily use these types of information to facilitate transactions and payments and to communicate with our Customers. (This category under CCPA overlaps with other categories.)
- Commercial information, such as payment history and purchase history. We primarily use this type of information to keep track of Customer transactions and for internal business and financial recordkeeping.
- Internet or other electronic network activity information, such as session logs, search history, information about your interaction with a website, application, or advertisement. We primarily use this type of information to help understand how our Services are performing, as well as to improve our own understanding of our Services.
- Geolocation information, such as your IP address which provides a rough approximation of location. We use this data primarily to understand where Customers are accessing the Services, and in some cases to provide more relevant advertising.
- Professional or employment-related information, such as the name of your employer. We use this information in order to know the names and types of businesses that utilize our Services.
Information Sharing (CCPA Disclosure)
In the past 12 months, we’ve disclosed the above categories of information for business purposes, or at your direction, with our service providers, affiliates, and other third-parties. For instance, we share Personal Data about our Customers with our data hosting and storage providers. For more details please refer to the section above entitled Information That We Share with Third Parties. We have agreements with our service providers which limit their ability to use your information and require them to ensure its confidentiality.
Updates to this CCPA Section of the Privacy Notice for California Residents
Privacy Notice for European and Brazilian Customers
We are providing this supplemental privacy notice to European data subjects (including Customers in the EEA, UK, and Switzerland), pursuant to European data protection laws including the General Data Protection Regulation (“GDPR”) and Brazilian data subjects, pursuant to Brazilian data protection laws including the General Personal Data Protection law (“LGPD”). Sona Labs is the controller of your Personal Data. This means that Sona Labs is responsible for how your Personal Data is handled. And we encourage you to review the remainder of this section to understand the bases upon which we process Personal Data as well as the rights afforded to you.
Bases for Processing of Personal Data
Pursuant to the GDPR and LGPD, we may process Personal Data under only the following conditions:
|To operate our Services:
||Processing is necessary to perform the contract governing our provision of our Services or to take steps that you request prior to signing up for the Services. If we have not entered into a contract with you, we process your Personal Data based on our legitimate interest in providing the Services you access and request.
|For research and development, marketing purposes, compliance, fraud prevention and safety:
||These activities constitute our legitimate interests. We do not use your Personal Data for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
|To comply with the law:
||Processing is necessary to comply with our legal obligations.
|With your consent:
||Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Services.
Rights Under the GDPR and LGPD
Where the GDPR or LGPD apply, you have rights in relation to the Personal Data we hold about you. We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights by providing details only known to the account holder. Please note that for each of the rights below we may have valid legal reasons to refuse your request. In such instances we will let you know if that is the case. To inquire about or to exercise any of these rights, you may contact us at email@example.com.
- Access: You have the right to know whether we process Personal Data about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.
- Portability: You have the right to receive a subset of the Personal Data you provide us if we process it on the legal bases of our contract with you or with your consent in a structured, commonly used and machine-readable format and a right to request that we transfer such Personal Data to another party. If you wish for us to transfer the Personal Data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the Personal Data or its processing once received by the third party.
- Correction: You have the right to require us to correct any Personal Data held about you that is inaccurate and have incomplete data completed. When you request correction, please explain in detail why you believe the Personal Data we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that while we assess whether the Personal Data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
- Erasure: You may request that we erase the Personal Data we hold about you in the following circumstances: where you believe it is no longer necessary for us to hold the Personal Data; we are processing it on the basis of your consent and you wish to withdraw your consent; we are processing your data on the basis of our legitimate interest and you object to such processing; you no longer wish us to use your data to send you marketing; or you believe we are unlawfully processing your data. Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. Please know there may be some types of Personal Data that we are required to retain for legal, regulatory, or accounting reasons, or other legitimate interests.
- Restriction of Processing to Storage Only: You have a right to require us to stop processing the Personal Data we hold about you other than for storage purposes in the following circumstances: you believe the Personal Data is not accurate for the period it takes for us to verify whether the data is accurate; we wish to erase the Personal Data as the processing we are doing is potentially unlawful but you want us to simply restrict the use of that data; we no longer need the Personal Data for the purposes of the processing but you require us to retain the data for the establishment, exercise or defense of legal claims; or you have objected to us processing Personal Data we hold about you on the basis of our legitimate interest and you wish us to stop processing the Personal Data while we determine whether there is an overriding interest in us retaining such Personal Data.
- Objection: You have the right to object to our processing of data about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. You also have the right, at any time, to object to our processing of data about you in order to send you marketing, including where we build profiles for such purposes and we will stop processing the data for that purpose.
- Withdrawal of Consent: Where you have provided your consent to us processing your Personal Data, you can withdraw your consent at any time by emailing us at firstname.lastname@example.org.
Complaints and Questions
If you’re based in the EU, you can always file a complaint with the supervisory authority in your Member State. That said, we’d encourage you to reach out to us directly first (at email@example.com ) so we can try to assist you with your questions or help you exercise the rights you’re seeking to exercise.