Pypestream Privacy Policy

Last Updated: September 10, 2020

Pypestream Inc., its subsidiaries and affiliates (collectively “we” “us” or “Pypestream”) respect the privacy of its users. Pypestream provides a Cloud Service that enables organizations (“Platform Customers”) to communicate with their employees, customers, end-users or audience (“Platform End Users”) through our messaging platform. The Cloud Service provides an online platform for the creation and sharing of materials, ideas, concepts and communications between Platform Customers and Platform End Users via online conversations, which are contained within secure, bidirectional connections associated with a given Platform Customer.

This Privacy Policy applies to how we collect, use, and disclose Personal Information obtained:

  • If you visit our corporate websites or social media channels (“Site User”)
  • If you use our Cloud Service as an authorized representative of a Platform Customer (for example, if you, as an employee of one of our Platform Customers, manage or configure aspects of the service) where Pypestream is the controller of your data.

If you, as an employee, customer, end-user or audience (“Platform End User”) of a Platform Customer, use Pypestream’s Cloud Service to communicate via messaging with a Platform Customer, Pypestream acts as a processor of your data and has no control over what data is collected by the Platform Customer. In this capacity, only the section below titled “Pypestream as a Processor of Your Data” of this Privacy Policy applies to you.

“Personal Information” means information that alone or when in combination with other information may be used to readily identify, contact, or locate an individual, such as: name, social security number, address, email address, location, or phone number.

Pypestream takes reasonable steps to protect information provided to us from loss, misuse, and unauthorized access or disclosure. When we are provided with sensitive information (such as sign-in credentials), we encrypt the transmission of that information using secure transport layer security (TLS). Pypestream encrypts data in transit to and from data centers, and encrypts data at rest. We follow generally accepted standards to protect the data submitted to us, both during transmission and once we receive it. However, no electronic transmission or digital storage mechanism is ever totally secure or error-free.

Pypestream as Processor of Your Data

Our Cloud Service enables Pypestream Customers to collect data from you as a Platform End User during messaging sessions. The Platform Customer that you engage with through our service, not Pypestream, controls what Personal Information, if any, is collected, and we have no direct relationship with you in connection with our Platform Customers’ use of the Cloud Service.

On the behalf of Platform Customers, Pypestream collects transcripts of each messaging session. This includes the messages, file names and video titles, and the time messages or files were sent and by whom during the entire messaging session. We use any information collected during messaging sessions solely for the benefit of the associated Platform Customer. We may aggregate or anonymize data to help our Platform Customers improve their levels of customer service.

Session transcripts and any aggregated session data are made available to the associated Platform Customer. Pypestream has no control over how Platform Customers use information collected and provided by our Cloud Service. Generally, we retain session information only as long as required to perform our Cloud Service or other purpose that was the reason for the collection of the information.

Pypestream does not share this data with any third parties unless at the direction of the Platform Customer or to comply with legal/law enforcement requests and protect our rights. Pypestream may access, preserve, and disclose Session information in cases where we believe doing so is reasonably necessary to: (i) comply with a law, regulation or legal request; (ii) to protect the safety, rights, or property of the public, any person, or Pypestream; or (iii) to detect, prevent, or otherwise address fraud, security or technical issues.

Platform Customers are solely responsible for ensuring compliance with all applicable laws and regulations, as well as any privacy policies, agreements or other obligations, relating to the collection of Personal Information in connection with the use of the Cloud Service by Platform End Users.

If you as a Platform End User have used our Cloud Service to engage with one of our Platform Customers and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable Platform Customer directly.

 

Pypestream as a Controller of Your Data

This describes the choices you have regarding our collection and use of Personal Information. However, we are not responsible or liable for (and this does not apply to) the privacy practices or content of any third-party sites linked through Pypestream, including but not limited to those of Platform Customers, since we do not control them.

The use of information collected through the Cloud Service is limited to the purpose of providing the service for which Platform Customers have engaged Pypestream in an applicable Customer Services Agreement (CSA) or Order Form. Agreements between individual Platform Customers and Pypestream, including applicable CSA or Order Forms may specify additional rights or obligations with respect to Personal Information.

1. What Information We Collect About You?

We collect various kinds of information, some of which is Personal Information, and some of which is non-identifying or aggregated. We may receive Personal Information or other information in a variety of ways described below, based on access granted to us by Site Users and Platform Customers.

a. Registration and Account Information

If you engage or register with the Cloud Service through a Platform Customer, we may collect information needed to register or create an account. In order to create a Pypestream account we may ask for and may collect a username, a password, an email address, a phone number, and other information. Further information you may choose to provide to us is optional and provided at your discretion.

b. Platform Customer billing information

We collect billing and payment information from Platform Customers, which is securely passed to our payment processing partners, but is stored exclusively and securely within Pypestream’s accounts payable systems.

c. Log data and Cookies

When you use the Service, our servers automatically record information, including information that internet browsers send whenever you visit a website or that your mobile app sends when using it. This log data may include your IP address, your browser type and settings, the date and time of your request, information about your browser configuration and plug-ins, language preferences and cookie data. When you visit our Site, use our Cloud Services or open our emails, we, our Platform Customers, and our third-party partners, such as social media widgets, and analytics providers, may collect certain information by automated means, such as cookies, web beacons and web server logs.

Cookies are small text files we send to your computer and that your computer sends to us, each time you use the Service. They are unique to your Pypestream account or your browser. Pypestream uses cookies to record log data. We may use both session-based and persistent cookies. Session-based cookies last only while your browser is open, and are automatically deleted when you close your browser.

Persistent cookies last until you or your browser delete them or until they expire. Some cookies are associated with your Personal Information in order to remember that you are logged in. Other cookies are not tied to your Pypestream account but are unique and allow us to perform or collect site analytics and customize the user experience, among other things.

If you access the Service through your browser, you can manage your cookie settings there, but if you disable all cookies you may not be able to use some or all of the Service. Pypestream sets and accesses our own cookies on our company-owned domains. In addition, we use third parties, like Google Analytics, for analytics on the Service. To learn more about Google Analytics and how to opt-out, please visit www.google.com/policies/privacy/partners. Our Site does not respond to browser Do-Not-Track signals.

d. Device/Usage information

In addition to log data, we may also collect information about the device you’re using the Service on, including what type of device it is, what operating system you’re using, device settings, unique device identifiers, and crash data.

e. Information from partners or other third parties

Pypestream may receive information from partners or others that we could use to improve and enhance our products. This might be aggregate level information about which IP addresses match to which zip codes or it might be more specific information about how well an online marketing or email campaign performed.

2. How Do We Use Your Information?

a. To provide and secure the Service

We use information you provide (including Personal Information, to the extent applicable) to authenticate you. We also continuously take the steps necessary to keep Pypestream secure, to prevent abuse and fraud and to ensure the integrity of the Service as detailed in the “Data Security” section below.

b. To understand and improve the Service

We utilize usage information in various ways to improve, iterate and enhance our product. For instance, we may use aggregated or anonymized usage data regarding the efficiency and effectiveness of specific roles that are authorized to help deliver the service on the behalf of a Platform Customer. When we anonymize or aggregate data collected through the Service, we may use and disclose it for any purpose.

c. To communicate with you

We will use your information to respond to support queries and address your problems or concerns. We may send you service or administrative emails when necessary. We may also contact you to inform you about changes to our terms or service offerings.

3. How Do We Share and/or Disclose Information We Collect

a. To comply with legal/law enforcement requests and protect our rights.

Pypestream may access, preserve, and disclose your information in cases where we believe doing so is reasonably necessary to: (i) comply with a law, regulation or legal request; (ii) to protect the safety, rights, or property of the public, any person, or Pypestream; or (iii) to detect, prevent, or otherwise address fraud, security or technical issues.

b. With our Vendors and Service Providers.

Our third-party service providers who provide hosting and maintenance for the Service, development, backup, storage, payment processing, analytics and other services may have access to Personal Information. Their access may include processing of your Personal Information, as a sub-processor of Pypestream, for the purpose of providing services based on our instructions, and in compliance with this DSP. We do not permit our third-party service providers to use the Personal Information that we share with them for their marketing purposes or for any other purpose than in connection with the services they provide to us and under contractual promises of confidentiality.

c. As part of a merger, sale, or other asset transfer.

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, sale of company assets, or transition of service to another provider, your information may be disclosed in connection with the negotiation of such transaction, and/or sold or transferred as part of such a transaction as permitted by law and/or contract.

d. As aggregated or anonymized data.

We may share aggregated anonymized information with our partners or others for business or research purposes. For example, we may share usage statistics and advanced analytics with customers or potential customers or research partners. We may also share data regarding the effectiveness and efficiency of a given Session or Pype with the Platform Customer that owns that Session or Pype in order to improve their customer service capabilities.

e. With Your Permission.

We may also disclose your information with your permission.

4. Data Retention and International Transfer

If you are using the Service, you agree to the transfer of your Personal Information to the United States and processing globally by providing us with that information. If you are a visitor from the European Economic Area, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.

You may have certain rights to the Personal Information we hold about you, including the right to access such Personal Information, the right to receive a copy of Personal Information provided to and processed by us, and to correct Personal Information that is inaccurate. Some of these only apply in certain circumstances (as set out in more detail below) and as provided under EU data protection laws.

Generally, we retain Personal Information only as long as required to perform our Services or other purpose that was the reason for the collection of the information. We will normally collect Personal Information from you only where we need the Personal Information to provide our Service, where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent. In some cases, we may also have a legal obligation to collect Personal Information from you. If we ask you to provide Personal Information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time. If we process Personal Information in reliance on your consent, you may withdraw your consent at any time.

We do not share your Personal Information with third parties, unless it is necessary to carry out your request, for our professional or legitimate business needs, or as required or permitted by law. When we transfer your Personal Information to third parties or service providers, contractual arrangements will be established for data processing in compliance with applicable data protection law.

We retain the Personal Information we collect where we have an ongoing legitimate business need to do so (for example, to provide you with the Service and to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process your Personal Information, we will either delete or aggregate it.

We remove information from our computing resources upon the expiration or cancellation of the Service, or earlier upon request from a Platform Customer or Site User, as applicable. Pypestream does not archive information from Users, however some information may remain in backup files until expiration of such files as governed by Pypestream’s backup retention practices. When destroying Personal Information, measures will be taken to make the Personal Information irrecoverable or irreproducible, and electronic files which contain Personal Information will be deleted permanently. If immediate deletion is not possible (for example, because your Personal Information has been stored in backups), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

If you have the right to request and require Pypestream to destroy your Personal Information before the end of its life cycle, Pypestream will destroy your Personal Information in accordance with applicable data protection law.

We may need to retain Personal Information if there are valid grounds under data protection laws for us to do so (e.g., for the defense of legal claims or freedom of expression) but if you have the right to request and ask us to destroy Personal Information, we will let you know if that is the case. Where you have the right and have requested that we erase Personal Information that has been made available publicly, and there are grounds for erasure, we will use reasonable steps to try to tell others that are displaying the Personal Information or providing links to the Personal Information to erase it too.

You may have a right to require us to stop processing the Personal Information we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the Personal Information, we may use it again if there are valid grounds under data protection laws for us to do so (e.g., for the defense of legal claims or for another’s protection). As above, where we agree to stop processing the Personal Information, we will try to tell any third party to whom we have disclosed the relevant Personal Information so that they can stop processing it too.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us via the channels below.

5. California Privacy Rights

If you are a California resident, you have the right to request disclosure on how we collect, use, disclose, and sell your Personal Information to the extent permitted by applicable law.

Right to Know About Personal Information Collected, Disclosed, or Sold. You have the right to request that we disclose what Personal Information we collect, use, disclose, and sell.

Right to Request Deletion of Personal Information. You have the right to request the deletion of your Personal Information collected or maintained by us as a business.

Right to Opt-Out of the Sale of Personal Information. You have the right to opt-out of the sale of your Personal Information by us as a business, in the event we sell Personal Information.

Right to Non-Discrimination for the Exercise of Your Privacy Rights. You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA.

Authorized Agent. You may designate an authorized agent to make a request under the CCPA on your behalf by us with a copy of your power-of-attorney document granting that right.

Financial Incentives. We do not provide any financial incentives tied to the collection, sale, or deletion of your Personal Information.

If you would like to make a request and exercise your rights described above, please contact us using the channels listed below.

6. European Privacy Rights

Under the General Data Protection Regulation, if you are a European Union data subject, you have rights to understand and request how we collect, use, and disclose Personal Information in our capacity as a data controller, to the extent permitted by applicable law.

Right to Access. You have the right to access your Personal Information held by us.

Right to Rectification. You have the right to rectify inaccurate Personal Information and, taking into account the purpose of processing, to ensure it is complete.

Right to Erasure (or “Right to be Forgotten”). You have the right to have your Personal Information erased or deleted.

Right to Restrict Processing. You have the right to restrict our processing of your Personal Information.

Right to Data Portability. You have the right to transfer your Personal Information, when possible.

Right to Object. You have the right to object to the processing of your Personal Information that is carried out on the basis of legitimate interests, such as direct marketing.

Right Not to be Subject to Automated Decision-Making. You have the right not to be subject to automated decision-making, including profiling, which produces legal effects.

If you would like to make a request and exercise your rights described above, please contact us using the channels listed below.

7. Privacy Shield

a. Pypestream Inc. complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and the Privacy Shield Principles regarding the collection, use, and retention of information about you that is transferred from the European Union or Switzerland (as applicable) to the U.S. We ensure that the Privacy Shield Principles apply to all information about you that is subject to this privacy DSP and is received from the European Union, the European Economic Area, and Switzerland.

b. Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, we are responsible for the processing of information about you we receive from the EU and Switzerland, and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers. We remain liable in accordance with the Privacy Shield Principles if third- party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.

8. Children’s Information

No part of Pypestream is directed to children. We do not knowingly collect, maintain, or use Personal Information from children under 16 years of age. If you learn that your child has provided us with Personal Information without your consent, you may alert us via the channels below. If we learn that we have collected any Personal Information from children under 16, we will promptly take steps to delete such information.

9. How to Contact Pypestream

If you would like to contact us with questions or concerns about our privacy policies and practices, you may contact us via any of the following methods:

Email: privacy@pypestream.com

Mail: Pypestream, Inc. Attn: Privacy Officer, 1177 6th Ave 5th Floor, New York, NY 10036

Telephone: +1(866) 444-7973