PRIVACY POLICY

1. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date above. If we make material changes, we will notify you by email (if you have provided one) or by posting a prominent notice on our Services. Your continued use of our Services after any changes indicates acceptance of the updated Privacy Policy.

2. INFORMATION WE COLLECT

Information You Provide Directly

When you interact with our Services, you may provide us with various types of information. This includes account information such as your name, business email, organization name, job title, and password when creating an account. During our onboarding process, we collect business information including your company size, industry, use case details, and technical requirements. For enterprise agreements, we collect billing and payment details which are processed through our secure payment providers. We also receive information through your communications with us, including any details you share when contacting us for support, requesting demos, or making general inquiries. If you apply for a position with us, we collect employment-related information such as your resume, references, and other application materials. Additionally, we may collect your feedback and survey responses when you participate in product research or provide feedback on our Services.

Information Collected Automatically

We automatically collect certain information when you use our Services to help us understand how our Services are being used and to improve your experience. This includes device and browser data such as your IP address, device type, operating system, browser type, and language preferences. We also collect usage information including pages visited, features used, click paths, time spent on pages, and search queries within our Services. Our systems generate log data that captures access times, error logs, and system performance metrics. Based on your IP address, we may collect general location information to help us understand where our users are located and to comply with applicable laws.

Information from Third Parties

We may receive information about you from various third-party sources. Analytics providers like Google Analytics provide us with usage analytics to help us improve our Services. When you interact with our marketing efforts, we may receive information from marketing partners including webinar platforms, event sponsors, or lead generation services. For employment candidates, we may receive information from identity verification and background check services as part of our hiring process. If you choose to authenticate through third-party single sign-on providers, we receive basic profile information necessary to create and maintain your account.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for various purposes essential to providing and improving our Services. Our primary use is to deliver the Services you’ve requested, which includes creating and managing user accounts, processing transactions and maintaining billing records, providing customer support and technical assistance, improving Service functionality and user experience, and developing new features and offerings based on user needs and feedback.

Communication is a crucial part of our relationship with you. We use your information to send transactional emails about your account or Services, provide customer support responses, share important product updates and announcements, and with your consent where required, send marketing communications about features or services that may interest you. We always provide clear unsubscribe options for marketing communications.

Maintaining security and compliance is paramount to our operations. We use information to detect and prevent fraud, abuse, and security threats to our Services. This includes verifying user identity and authenticating access to ensure only authorized users can access accounts. We also use information to comply with legal obligations, enforce our agreements, conduct necessary audits, and maintain our SOC 2 Type I compliance certification.

For our business operations, we analyze usage patterns and business metrics to understand how our Services are performing and where we can improve. We process job applications for those interested in joining our team and manage relationships with our vendors and partners who help us deliver our Services. We may also de-identify or aggregate information for research, marketing, or other legitimate business purposes in ways that cannot be used to identify individual users.

4. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal information. We believe your information belongs to you, and we only share it in limited circumstances necessary to provide our Services or as required by law.

We work with carefully selected service providers who help us operate our business effectively. These include cloud infrastructure providers like AWS and Google Cloud Platform who host our Services, payment processors who handle billing transactions securely, email and communication services that help us stay in touch with you, analytics and monitoring tools that help us understand and improve our Services, and customer relationship management systems that help us provide better support. All these providers are contractually required to protect your information and use it only according to our instructions.

There are certain situations where we may need to disclose information for legal requirements and protection. This includes complying with applicable laws, regulations, or valid legal processes, responding to lawful government requests or court orders, protecting our rights, property, or safety and that of our users, investigating potential fraud or security incidents, and enforcing our Terms of Use to maintain the integrity of our Services.

In the event of business transfers such as a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We commit to notifying you before any such transfer occurs and before your information becomes subject to a different privacy policy. We may also share information for other specific purposes when we have obtained your explicit consent to do so.

5. DATA SECURITY

We take the security of your information seriously and implement comprehensive administrative, technical, and physical safeguards designed to protect your data. Our security measures include encryption of data both in transit and at rest using industry-standard protocols, strict access controls and multi-factor authentication requirements for accessing systems containing personal information, regular security assessments and penetration testing to identify and address potential vulnerabilities, comprehensive employee training on data protection and security best practices, and SOC 2 Type I compliance certification demonstrating our commitment to security controls.

However, we want to be transparent that no security measures are perfect or impenetrable. Despite our best efforts and continuous improvements to our security practices, we cannot guarantee absolute security of your information. We encourage you to take steps to protect your own information, such as choosing strong passwords and keeping your login credentials confidential.

6. DATA RETENTION

We believe in data minimization and only retain your information for as long as necessary to fulfill legitimate purposes. We retain information as needed to provide our Services to you and maintain our business relationship, comply with applicable legal obligations including tax and accounting requirements, resolve disputes and enforce our agreements, and support legitimate business interests such as improving our Services and maintaining security.

Our retention periods vary depending on the type of information and the purpose for which it was collected. When information is no longer needed for any of these purposes, we securely delete or anonymize it according to our data retention policies and industry best practices for secure data disposal.

7. YOUR PRIVACY RIGHTS

We respect your rights regarding your personal information and provide various ways for you to control your data. Depending on your location and applicable laws, you may have the right to access and receive a copy of the personal information we hold about you in a portable format. You can request corrections to update or fix any inaccurate information we have about you. Subject to certain legal requirements, you may request deletion of your personal information from our systems. You can also limit or object to certain uses of your information, and opt-out of marketing communications at any time using the unsubscribe link in our emails or by contacting us directly.

To exercise any of these rights, please contact us at legal@doe.so. We may need to verify your identity before processing requests to ensure we're protecting your information from unauthorized access. We'll respond to valid requests within the timeframe required by applicable law. For information we process on behalf of our enterprise customers, please contact the relevant customer directly as they control how that information is handled.

8. COOKIES AND TRACKING

Our Services use cookies and similar technologies to provide a better user experience and understand how our Services are used. These technologies help us keep you logged in securely, remember your preferences and settings, analyze Service usage patterns and performance, and improve the overall functionality of our Services.

You have control over how cookies are used. You can manage cookies through your browser settings, though some Services features may not function properly if cookies are disabled. You can opt out of Google Analytics tracking by visiting https://tools.google.com/dlpage/gaoptout. For marketing cookies, you can update your preferences through our email preference center or by contacting us directly. We respect your choices and provide these options to give you control over your privacy.

9. INTERNATIONAL DATA TRANSFERS

As a global company, we may transfer your information to countries other than where you reside, including the United States where our primary operations are located. Different countries have different data protection laws, and some may not provide the same level of protection as your home country. When we transfer information internationally, we implement appropriate safeguards including using standard contractual clauses approved by relevant authorities, ensuring recipients commit to maintaining adequate security measures, and limiting access to personal information on a need-to-know basis. By using our Services, you understand and consent to these international transfers as necessary to provide our Services.

10. CHILDREN'S PRIVACY

Our Services are designed for business use and are not intended for individuals under 18 years of age. We do not knowingly collect information from children under 18. If we discover that we have inadvertently collected information from a child, we will promptly delete it from our systems. If you believe we may have collected information from a child, please contact us immediately at legal@doe.so.

11. THIRD-PARTY LINKS

Our Services may contain links to third-party websites or services that we don't control. These links are provided for your convenience, but we are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit before providing them with any personal information. Our inclusion of links does not imply endorsement of these third parties or their practices.

12. CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). These include the right to know what personal information we collect, use, and disclose about you, the right to delete personal information we hold about you (subject to certain exceptions), the right to opt-out of the sale of personal information (though we do not sell personal information), and the right to non-discrimination for exercising your privacy rights. To exercise these rights, please contact us at legal@doe.so. We will verify your identity before processing your request to protect your information.

13. CONTACT US

We welcome your questions and feedback about this Privacy Policy and our privacy practices. If you have any concerns or requests, please don't hesitate to reach out to us.

Your privacy matters to us. Thank you for trusting Doe Labs with your information.