Last updated: May 25, 2018
This document includes important information about your personal data and we encourage you to read it carefully.
Appivo is a cloud application platform that provides users with applications and a platform and tooling to create web and mobile applications.
We understand that when you use Appivo’s services, and/or services of our subsidiaries, you are placing your trust in us to handle your data appropriately, including the personal information of you and your end users. We take this role very seriously.
Part of our approach is to make sure that you have information about how we process personal information in connection with your use of our products and services. We want to enable you to make informed decisions about your personal information when using our products and services. We also want to provide you with relevant information to help your end users make informed decisions about their personal information when they use applications built on Appivo’s platform.
If you’ve read everything here but still have questions about how we’re processing personal information, you can contact our Office of the Data Protection Officer at firstname.lastname@example.org, or at our headquarters:
703 63 Örebro
Appivo processes two broad categories of personal information when you use our products and services:
Your personal information as an app-builder customer (or potential app-builder) of Appivo – information that we refer to as Customer Account Data, and
The personal information of your end users’ who use or interact with applications that are built on Appivo’s platform – this category contains both your Customer Usage Data (e.g., app metadata) and your Customer Content (e.g., app content & data).
How Appivo Processes Your Personal Information
We collect and process your personal information:
- When you visit an Appivo public-facing website like appivo.com, apps.appivo.com, office.getbusy.io, sign up for an event, or make a request to receive information about Appivo or our services, like an Appivo newsletter;
- When you contact Appivo’s Sales Team or Customer Support Team; and
- When you sign up for an Appivo account and use our products and services.
We call this personal information Customer Account Data.
Data protection (aka privacy) laws in certain jurisdictions, like the European Union (EU), differentiate between “controllers” and “processors” of personal information. A controller decides why and how to process personal information.
A processor processes personal information on behalf of a controller based on the controller’s instructions. When Appivo processes your Customer Account Data, the Appivo entity with whom you are contracting is acting as a controller.
Broadly speaking, we use Customer Account Data to further our legitimate interests to:
- understand who our customers and potential customers are and their interests in Appivo’s product and services,
- Manage our relationship with you and other customers,
- Carry out core business operations such as accounting and filing taxes, and help detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our products and services.
What Customer Account Data Appivo Processes When You Visit Our Website, Sign Up for an Event, or Make a Request for Information About Appivo and Why?
When you visit our website, sign up for an event or request more information about Appivo, we collect information automatically using tracking technologies, like cookies, and through web forms where you type in your information. We collect this information to provide you with what you request through the web form, to learn more about who is interested in our products and services, and to improve navigation experience on our pages.
What Customer Account Data Appivo Processes When You Communicate with Our Sales or Customer Support Teams and Why?
You may share personal information, like your contact information, with a member of our Sales or Customer Support Team when you communicate with them. We keep a record of this interaction.
If you contact our Sales or Customer Support Teams, those teams keep a record of that communication, including your contact details and other information you share during the course of the communication. We store this information to help us keep track of the inquiries we receive from you and from customers generally so we can improve our products and services and provide training to team members. This information also helps our teams manage our ongoing relationships with our customers. Because we store a record of these communications, please be thoughtful about what information you share with our Sales and Customer Support Teams. While we will take appropriate measures to protect any sensitive information you share with us, it is best to avoid sharing any personal or other sensitive information in these communications not necessary for these teams to assist you.
What Customer Account Data Appivo Processes When You Sign Up for and Log Into an Appivo Account and Why?
When you sign up for an Appivo account, we ask for certain information like your contact details and billing information so we can communicate with you and so you can pay for our products and services. We also collect some information automatically, like your IP address, when you log in to your account or when applications make requests to our APIs. We use this to understand who is using our services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.
When you sign up for an Appivo account, you’ll be asked to give us your name, email address, and your company name, and to create a password. We collect this information so we know who you are, to communicate with you about your account(s), and to recognize you when you communicate with us.
We also use your email address to send you information about other Appivo products, services or events in which we think you may be interested. You can always opt out marketing communications through your marketing preferences linked from any marketing email you receive from Appivo. Or, you can contact our Support Team for additional assistance.
When you first sign up for an account, we also ask you for a telephone number so we can send initial account activation information as well as occasional account management messages. An Appivo team member may also contact you at this number to help you unless you tell us you don’t want us to contact you.
When you upgrade your trial account, we may ask you to provide our payment processor with your payment method information like a credit card or other payment account, and/or your billing address. Our payment processor, acting on our behalf, gathers this so we can bill you for your use of our products and services. Our payment processor will share your billing address with Appivo. Your billing address may also be used by Appivo for tax calculation and audit purposes.
For some products, we may also have to obtain a physical address from you, including proof of address or other identification information. For example, local law may require us to have a physical service address on file for you or your end user and/or proof of identity and physical service address. We may also use this physical service address for tax purposes. We may have to share your service or billing address with local government authorities upon their request.
Similarly, for some of our products, you may have to complete an application form providing details about your company and your intended use of the product. We’ll use this information for the purpose for which it was gathered from you. We may also use it in connection with improving our own internal processes and services or training our team members.
Other Customer Account Data We Collect and Why?
We may collect information about you, as our customer, from publicly-available sources so we can understand our customer base better.
We may use publicly-available information about you through services like Facebook, LinkedIn, & HubSpot, or we may obtain information about your company from third party providers to help us understand our customer base better, such as your industry, the size of your company, and your company’s website URL.
How Long We Store Your Customer Account Data
Appivo will store your Customer Account Data as long as needed to provide you with our services and to operate our business. If you ask us to delete specific personal information from your Customer Account Data (see ‘How To Make Choices About Your Customer Account Data’ below), we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.
Here is how long we hold on to Customer Account Data in a form that can be used to identify you, unless there is a specific need or obligation to retain your information longer (open investigations, audits or other legal matters):
- Customer Account Data stored in our customer relationship management system(s) is generally stored up to 8 years following closure of your account. Invoice records, including their digital equivalent, may be retained in identifying form by Appivo for longer periods for accounting, tax, and audit purposes depending on and in accordance with applicable tax law.
- Your communications with Appivo’s Customer Support Teams may be retained for up to 2 years after your account is closed.
- Apart from the above, within 60 days following closure of your account, we will either delete other Customer Account Data or transform it such that it can no longer be used to identify you.
How To Make Choices About Your Customer Account Data?
You can make various choices about your Customer Account Data through the account portal, such as accessing it, correcting it, deleting it, or updating your choices about how it is used, when you log into your Appivo account or through the cookie preferences options. Any other requests about your data you cannot make through these self-service tools, you can request by emailing email@example.com or contacting Appivo Support.
Please note that even if you opt out of promotional communications, we may still send you non-promotional messages relating to things like updates to our terms of service or privacy notices, security alerts, and other notices relating to your access to or use of our products and services.
How Appivo Processes Your End Users’ Personal Information?
Your end users’ personal information typically shows up on Appivo’s platform in a few different ways:
- Communications-related personal information about your end users, like your end users’ phone numbers for number-based communications, IP addresses for IP-based communications, or device tokens for push notifications, show up in our systems when you use or intend to use this information to contact your end user through use of our products and services.
- Your end users’ personal information may show up in “friendly names,” which are strings you provide, if you choose to include your end users’ personal information as part of a string.
- Your end users’ personal information may also be contained in the content of communications you (or your end users) send or receive using Appivo’s products and services.
We call the information in the first two bullets above Customer Usage Data. The information in the third bullet is what we refer to as Customer Content.
As noted above, data protection (aka privacy) law in certain jurisdictions, like the EU, differentiate between “controllers” and “processors” of personal information. When Appivo processes Customer Content, we generally act as a processor. When we process Customer Usage Data, we act as a processor in many respects, but we may act as a controller in others. For example, we may need to use certain Customer Usage Data for the legitimate interests of billing, reconciling invoices with our service providers, and in the context of troubleshooting and detecting problems.
What Customer Usage Data and Customer Content Appivo Processes and Why?
We use Customer Usage Data and Customer Content to provide services to you and to carry out necessary functions of our business as a communications service provider. We do not sell your end users’ personal information and we do not share your end users’ information with third parties for those third parties’ own business interests.
Records containing end user personal information may, from time to time, also be used in debugging or troubleshooting or in connection with investigations of security incidents, as well as for the purposes of detecting and preventing spam or fraudulent activity, and detecting and preventing network exploits and abuse.
How Long Do We Store Customer Usage Data and Customer Content and Exercising Choices About End User Personal Information?
Details regarding how long your end user personal information may be stored on Appivo systems and how to delete, access, or exercise other choices about end user data will depend on which Appivo products and services you are using and how you are using them.
As an Appivo customer, if the Appivo product or service you use enables you to store records of your usage on Appivo’s platform, including personal information contained within those records, and you choose to do so, then Appivo will retain these records for as long you instruct. In some cases, use of extended storage may cost more. Depending on the scenario, you may be able to delete those records yourself. If you later instruct us to delete those records, we will do so. Please note it may take up to 60 days for the data to be completely removed from all systems. In some cases, a copy of those records, including the personal information contained in them, may nonetheless be retained to carry out necessary functions like billing, invoice reconciliation, troubleshooting, and detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse. Sometimes legal matters arise that also require us to preserve records, including those containing personal information. These matters include litigation, law enforcement requests, or government investigations. If we have to do this, we will delete the impacted records when no longer legally obligated to retain them. We may, however, retain Customer Usage Data transformed such that your end user cannot be identified.
When and Why We Share Your Personal Information Or Your End Users’ Personal Information?
We do not sell or allow your Customer Account Data to be used by third parties for their own marketing purposes, unless you ask us to do this or give us your consent to do this. Further, we do not sell your end users’ personal information (whether contained in Customer Usage Data or Customer Content). And, we do not share it with third parties for their own marketing or other purposes, unless you instruct us to do so.
There are some specific scenarios that you should also understand:
Third-parties. Appivo engages certain third-party service providers to carry out certain data processing functions on our behalf. These providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances they will appropriately safeguard the data.
Sub-processors. We may share Customer Content with sub-processors who assist in providing Appivo services, like our infrastructure providers.
Legal compliance. We may disclose your or your end users’ personal information to a third party if (i) we reasonably believe that disclosure is compelled by applicable law, regulation, legal process or a government request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If Appivo is required by law to disclose any personal information of you or your end user, we will notify you of the disclosure requirement, unless prohibited by law. Further, we object to requests we do not believe were issued properly.
Subsidiaries. Appivo may share your personal information or your end users’ personal information with an affiliate company, like a subsidiary of Appivo AB. We and our subsidiaries will only use the information as described in this notice.
Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. Any acquirer or successor of Appivo may continue to process data consistent with this notice.
Transfers of Personal Information Out of the EU
When you use our account portal, or our other products and services, personal information about you and your end users processed by Appivo may be transferred to the United States and possibly to other countries where we or our service providers operate. These transfers will often be made in connection with routing your data in the most efficient way to optimize application performance and redundancy. Service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances they will appropriately safeguard the data.
Automated Decision Making
Appivo may use automated decision making using a variety of signals derived from account activity to help identify and suspend accounts violating our use policies or engaged in other abusive or fraudulent activity. Holders of accounts suspended under these circumstances are notified of the suspension and given an opportunity to request human review of the suspension decision.
Handling Disputes Relating To Our Data Protection Practices
We hope we can resolve any disputes relating to our data protection practices between us. You can raise your concern or dispute by emailing our Privacy Team at firstname.lastname@example.org or by writing to us at our headquarters:
703 63 Örebro
For individuals in the EU, you have additional rights to make a complaint to a competent data protection authority or commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws.
How We Secure Personal Information?
We use appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.
Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Here’s some other information about our privacy practices, such as how we handle certain types of data like children’s data or protected health information, how we handle do-not-track signals, what to expect if we make changes to our notice, and the legal bases for processing personal information.
Information from children. We do not knowingly permit children (under the age of 13 in the US or 16, if you live in the EU) to sign up for an Appivo account. If we discover someone who is underage has signed up for an Appivo account, we will take reasonable steps to promptly remove that person’s personal information from our records. If you believe a person who is underage has signed up for an Appivo account, please contact us at email@example.com.
Do-not-track settings. Appivo does not currently respond to web browser’s Do-Not-Track signals. You can learn more about Do Not Track here.
Changes to our Privacy Statement. We may change our Privacy Statement from time to time. If we make changes we’ll revise the “Effective” date at the top of this statement, and we may provide additional notice such as on the Appivo website homepage, account portal sign-in page, or via the email address we have on file for you. We will comply with applicable law with respect to any changes we make to this notice and seek your consent to any material changes if this is required by applicable law.
Legal Basis for processing personal information (EU only). If you are from the EU, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person such as in the case where we request personal information from you in the context of a government audit or in response to a request from law enforcement.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact information provided in the introduction section of this privacy statement.