Privacy Policy
Last updated: 01.01.2020
This page summarizes the data we collect from the Experrto.io website or software application, including API and Google Chrome Extension and how we help ensure excellent privacy standards. When you use our site or app you agree to the data practices as per this policy.
In order to ensure that our customers and users are fully informed of our data handling policies and their rights pertaining to this data, we maintain this page which details our practices around information collected through the Experrto.io platform.
Overview
Our approach to data security and privacy includes but is not limited to:
- State-of-the-art platform security.
- Providing customers with the tools to control the amount of personally-identifiable information (PII) handled by Experrto.io.
- Encrypts all customer and end-user data.
- Uses best-in-class cloud vendors with excellent security standards.
Kinds of Information We Collect
Experrto.io processes four different categories of data, which reflect the different levels of sensitivity in context. However, there are several common traits about how we handle the data, regardless of type:
- We never sell this data to third parties.
- All data is subject to the protections of the General Data Protection Regulation, in the case it originates from the European Union.
End-user PII
This data can be used to identify a specific user. Examples of end-user PII include:
- User profile data passed to Experrto.io by the customer, using the `Experrto.identify()` SDK function;
- Browser information that is collected by default in the Experrto.io SDK (e.g., OS, device type, browser language, user agent), when associated with a particular user; and
- Browsing history data that is collected by default in the Experrto.io SDK (e.g., current page URL, current page title).
Again, like all data we collect, we never sell end-user PII to third parties.
Customers may opt out of browser and browser history information by contacting support@experrto.io.
We use this data to customize and deliver Experrto.io content.
End-user Experrto.io Data
This data pertains to how end users are interacting with Experrto.io content; for example, whether a gide was shown to a given user, whether a user has interacted with a tooltip, etc. This category also includes user responses to in-Experrto forms or surveys.
We do not actively collect PII for use in this category, and no PII is required in this category in order to use Experrto.io. Note, however, that form or survey responses may add PII to this data.
We use data in this category to customize and deliver Experrto.io content, as well as display analytics on the Experrto.io dashboard.
Customer PII
We collect customer PII through the Experrto.io dashboard. This category of data includes business-relationship information, such as the name, email address, phone of each of a customer's team members who are authorized to use the Experrto.io platform.
Experrto.io does not handle or store financial data about customers (e.g., credit card information). Instead, we use a fully PCI DSS compliant payments processor.
We use this type of data mainly in the Experrto.io dashboard and extension, and within the Experrto.io business.
We may use PII to contact customers with newsletters, marketing or promotional materials and other information that may be of interest to them. They may opt out of receiving any, or all, of these communications from us by contacting us via email at support@experrto.io.
Customer Aggregate Data
This category includes customer-wide, aggregated statistics such as active user count, number of Experrto.io guides shown, how many Experrto.io guides are published at a time, etc.
This data does not contain PII.
We use data in this category mainly in the Experrto.io dashboard and editor, customer emails, and within the Experrto.io business.
Security and Compliance
Encryption
Experrto.io is committed to the privacy of information as it passes over our network, as well as to preventing unauthorized access to customer or end-user data. Among other technical and organizational measures we have implemented to protect data, we use industry-leading encryption to protect all external traffic in transit (via HTTPS/TLS) and at rest (using RSA SHA-256 and an automated key rotation system).
Data Retention
We delete end-user and customer data promptly upon verified request by the applicable customer or end user, except to the extent required by applicable law or to perform or enforce the terms of applicable contracts.
Requests for data deletion may be addressed to support@experrto.io.
European Union-United States and Swiss-United States Privacy Shield
Experrto.io complies with the EU-US and Swiss-US Privacy Shield Frameworks and associated Privacy Shield Principles, as set forth by the United States Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, the United Kingdom and Switzerland. We have certified that we adhere to the Privacy Shield principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. If there is any conflict between this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
As a participant in the EU-US and Swiss-US Privacy Shield program, we are subject to the investigatory and enforcement powers and authority of the U.S. Federal Trade Commission with respect to maintenance of, and adherence to, this privacy policy.
In compliance with the EU-US and Swiss-US Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information. European Union, United Kingdom and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact us using the contact information specified in this privacy policy.
We have further committed to refer unresolved privacy complaints under the United States Council for International Business EU Data Protection Authorities (USCIB EU DPA). The USCIB is the American affiliate of the International Chamber of Commerce (ICC), the Business and Industry Advisory Committee (BIAC) to the OECD, and the International Organisation of Employers (IOE). As such, it has agreed to act as a trusted third party on behalf of the European Union (EU) Data Protection Authorities. Experrto.io has agreed to participate in the dispute resolution procedures of the panel established by the EU DPAs to resolve disputes pursuant to the Privacy Shield Principles and is registered with the USCIB. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.uscib.org/contact-uscib-ud-724/ for more information and to file a complaint.
As a last resort and under certain limited and prescribed circumstances and conditions, you have the right to invoke a “last resort” binding arbitration process between you and us to resolve a dispute related to our collection, use or disclosure of your personal information.
Without limiting our other obligations to you set forth in this privacy policy, we will maintain compliance with the Privacy Shield principles by adhering to the following practices:
Notice
When we collect your personal information, we will give you timely and appropriate notice describing what personal information we are collecting, how we will use it, and the types of third parties with whom we may share it. This privacy policy serves as such notice, and any changes to our collection, use or disclosure of your personal information will be reflected in revisions to the privacy policy posted on our website.
Choice
As established and described in this privacy policy and enabled through our platform, we will give you choices about the ways we use and share your personal information, and we will respect the choices you make, including choosing to change the way in which we use, store, process, or share your personal information.
Accountability for Onward Transfer
If we transfer your personal information to another country, we may remain liable and will take appropriate measures to protect your privacy and the personal information we transfer.
Security
We will take appropriate physical, technical, and organizational measures to protect your personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction, as further specified in this privacy policy.
Data Integrity and Purpose Limitation
We will collect only as much personal information as we need for specific, identified purposes, and we will not use it for other purposes without obtaining your consent. We will take appropriate steps to make sure the personal information in our records is accurate.
Access
If you wish to confirm the accuracy of your personal information or have it removed from our systems and records, you may contact us at the email address, telephone number or postal address provided in this privacy policy.
Recourse, Enforcement, and Liability
We will regularly review our continued adherence to our privacy obligations, and we will provide and maintain the independent mechanism specified in this privacy policy as a way of resolving complaints or concerns about our privacy practices. Further, we acknowledge our potential liability for misuse of your personal information by us or our third-party service providers.
Other Applicable Law
You may have other rights under applicable data protection laws. For example, if you are a resident of California, then under California law, including the California Consumer Privacy Act (“CCPA”), you may have specific rights relating to your PII. Your rights depend on the nature and purpose of the collection and use of your PII and may include the right to be informed about categories of PII we collect, categories of the sources of PII, and categories of third parties with whom we share PII. This information is provided in the applicable sections of this privacy policy. You may also have the right to request information about the specific PII we may have about you, and you may do so by contacting us as set forth below. In some cases, you may have the right to request that we delete PII we may have about you. We will respond and, where applicable, comply with your requests free of charge and within the timeframe required under applicable law.
As noted above, we do not sell PII for direct marketing or any other purpose. Therefore, the elements of CCPA or other applicable law relating to the sale or “commercial” use of PII do not apply to us. Similarly, we do not track users over time across third-party, non-customer websites, and therefore we do not recognize or respond to browser-initiated “do not track” signals. You do not need to establish an account with us or be a registered user in order to send us a request, but if you already have an account with us, we may communicate with you about your request through your account. We do not discriminate against our users based on their data-privacy choices or the exercise of their rights under applicable data protection laws.
We respect the privacy rights of all of our users. We are committed to complying with data protection laws to the extent they apply to us, and to assist our customers in their compliance obligations as applicable and appropriate. To exercise your rights, please contact us at the address listed below. Please allow us a reasonable time to respond to your request.
Please note that your rights under certain data protection laws depend in part on the nature of your relationship with us. For example, if we are processing your PII in the role of a service provider to your organization as our customer, then your organization is responsible for the instructions it gives to us regarding your PII, and if you wish to exercise any rights you may have under applicable data protection laws, please direct your inquiry to your organization. Because we may only access and use our customer’s data (which may include your PII) in accordance with instructions from the applicable customer, if you are a customer user and you make your request directly to us, we will refer your request to that customer, although we will support them as required by applicable data protection laws in responding to your request.
Other Uses of Data
Enforcement
All policies and practices described in this privacy policy are subject to our obligation to comply with applicable law, including any lawful request by public authorities. We may disclose any information necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of service or other applicable agreement, or as otherwise required by law
Transfer of Ownership
If Experrto.io merges with or is acquired by another company, our date, including your personal information, may be transferred to the other company, and the terms of this privacy policy may be subject to change.
We use the information you provide about yourself when doing business with us only to provide the service that you have requested, including customer service, during the term of your or your organization’s agreement with us. We do not share this information with outside parties, other than the service providers described above, without your permission.
Finally, we never use or share PII provided to us online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses, except under the circumstances described in this section.
Changes to this Privacy Policy
We reserve the right to change this privacy policy at any time. Any changes we make will be effective immediately as of the date the modified privacy policy is made available through our services or on our website. By continuing to access or use our services after we have posted a modification to this privacy policy, you are indicating that you agree to the terms of the modified privacy policy.
Contact Information
If you have any questions about this privacy policy, our collection and use of your personal information, or to exercise your rights under this privacy policy and applicable law, please contact us at support@experrto.io.