Last updated: May, 2018
NOTE: Natural persons located in the European Economic Area (“EEA”) should review the General Data Protection Regulation (“GDPR”) privacy notice for their specific rights, remedies, and other GDPR/Privacy Shield-related information here.
In the course of operating the Site, the Platform and/or interacting with you, Validately will collect (and/or receive) the following types of information. You authorize us to collect and/or receive such information and assume contractual responsibility for obtaining all consents as required under applicable laws and regulations.
1. Contact Information
When you sign up to use the Platform as a Customer or a Tester, you will be asked to provide us with certain information, such as your name, email address, and PayPal email address (for Testers) (collectively, the “Contact Information”). We will use your Contact Information to respond to contact you about changes to the Platform, respond to your requests and inquiries, send you notices (for example, in the form of e-mails, mailings, and the like) regarding products or services you are receiving, and for purposes of direct marketing.
2. Tester Information
If you sign-up as a Tester, we will also collect your personal information, including audio recordings of your voice and images of your face (collectively, “Tester Information”). We will use the Tester Information to provide our Platform to you and our Customers.
3. Billing Information
If you would like to purchase a paid Subscription to the Platform, you will be asked to provide us with your credit card, billing address, and other payment related information (“Billing Information”). Billing Information is collected and processed by our third-party payment processor operating as our agent. Validately does not directly obtain or process any Billing Information.
4. Other Information
In addition to the Contact Information, and the Tester Information, we may collect or receive the following information:
For Google Analytics: https://support.google.com/analytics/answer/6004245
For FullStory: https://www.fullstory.com/optout/
For Intercom, please visit: https://www.intercom.com/privacy
Aggregate Data: In an ongoing effort to better understand our users, we might analyze your information in aggregate form to operate, maintain, manage, and improve the Site and the Platform. This aggregate information will not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our Platform and the Site to current and prospective business partners and to other third parties for other lawful purposes.
If you are a Tester, we may share your personal information, in de-identifiable form (e.g., without your name), with the Customer who has recruited you to run the Test(s).
Disclosure to Public Authorities. We are required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
We take commercially reasonable steps to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, taking into account the risks involved in processing and the nature of such data, and compliance with applicable laws and regulations. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.
Without limiting the generality of the foregoing, we keep your communications secure using industry-standard HTTPS, with 256-bit encryption on every request. This means that every request passes from your computer to our servers without any third party tampering. Aside from information that you explicitly choose to send out, your data can only be accessed using the secure login and password you use to sign up. We use many industry-standard best practices to prevent hacking, like irreversible passwords, prepared statements to avoid SQL injection, and filtered output and CSRF tokens to avoid cross-site style attacks. Users (and any teammates you invite) must authenticate with a secure login and password in order to view your sensitive data, and users can only view data for the products in which they've been explicitly granted access by the account owner.
Validately takes security and security researchers very seriously. If you have any security concerns or believe that you've detected a security vulnerability, please contact us immediately at firstname.lastname@example.org and we will respond within 24 hours.
Our security team makes the following commitments:
Investigation of Validately's security must follow these guidelines:
You may opt out at any time from the use of your personal information for direct marketing purposes by emailing us at email@example.com. Please allow us a reasonable time to process your request.
You may also choose to unsubscribe from our emails by following the instructions in the bottom of the email.
The Site and the Platform are operated by Validately in the United States, and complies with US law. If you are located outside of the United States, please be aware that any information you provide to us may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your home country, where the data protection laws may not be as protective as those in your jurisdiction.
B601 V2, Inc.
315 Fifth Avenue
New York, NY 10036
In addition, Validately does not monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.