close

DataGrail Privacy Policy

Last Updated February 15, 2022

We recognize that your privacy is very important. This Privacy Policy covers DataGrail’s policies on the collection, use, and disclosure of Personal Data/Personal Information/Personally Identifiable Information (as defined by applicable law and hereinafter collectively referred to as “Personal Data”) when visitors and Customers (collectively “Users”)  access www.datagrail.io and/or DataGrail’s related mobile applications (collectively the “Platform”) and the Service related thereto.

By accepting DataGrail’s Privacy Policy, you are consenting to the collection, use and storage of the Personal Data pursuant to the disclosures contained within this Privacy Policy.   You may withdraw your consent at any time through the DataGrail’s Privacy Request Form or by email at privacy@datagrail.io.

1. Personal Data Collected by DataGrail on the Platform

Email & Contact Information.   Users may optionally provide their email address and/or other contact information (e.g., name, company name, job title) to DataGrail to contact us through the Platform with questions about our Platform and Services, or to request a Demo.  Users may also optionally subscribe to our newsletters and may unsubscribe at any time through the opt-out link contained within those communications.

Account Information. In subscribing to its Services, DataGrail requires its Customer to provide account-based information, including Customer name, address, phone number, email and payment processing information.  This information is necessary to facilitate account services and subscription and related purchases through the Platform.  Account information may also be used to (i) provide information regarding our Services; (ii) communicate material changes to our Terms of Service and Privacy Policy; and/or (iii) help us maintain and improve Services offered.

Log-File Information. Log file information is automatically reported by your browser each time you access a web page.  Server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information. Log-File data will be used for debugging purposes and to improve our products and services. Log-file data will be encrypted using AES-256 (or equivalent).

Cookies.  DataGrail’s site uses cookies to provide users with a better browsing experience — cookies are only collected with your express consent.  In addition, by accepting DataGrail’s Privacy Policy upon purchase of the Services, you are consenting to DataGrail’s use of cookies in connection with the Services itself.  DataGrail utilizes cookie technology to gather information on Internet use in order to serve you more effectively.  Cookies are files with a small amount of data, which may include an anonymous unique identifier.  Cookies are sent to your browser from a website and transferred to your device. You can set your browser to remove or reject cookies; however some Platform features or Services may not work properly without cookies.

How You Can Control Advertising Cookies.  Cookies are also utilized to deliver advertising on our site. Among other uses, they allow us to show more relevant advertising to people who visit the site by showing you ads that are based on your browsing patterns and the way you have interacted with our sites. You can find information about how to opt out of the cookies provided by our advertising partners here:

  • Google Ads & Google Tag Manager. Google Ads utilizes search engine marketing to serve ads to target audiences. Google Tag Manager tracks Flash cookies, and social networking applications. Please see Google’s Data Privacy and Security Policy for more information on their data collection and processing.  You can use Ads Settings to manage the Google ads you see and opt out of Ads Personalization. To manage privacy settings for Flash cookies, see Adobe Flash Player Help
  • LinkedIn Ads. LinkedIn Ads uses cookies to track the success of LinkedIn advertising. Personal Data is processed  in accordance with the LinkedIn Privacy Policy.  To opt out of LinkedIn Ads, see  manage your LinkedIn Advertising preferences.
  • Twitter Advertising. Twitter utilizes cookies to provide interest based advertising. See Twitter Privacy Policy for more information on its data collection and processing policies.   Please See Twitter Privacy Controls for more information on how to adjust your privacy settings.
  • Facebook Advertising. Facebook, may use cookies, web beacons, and other storage technologies to collect or receive information and use that information to provide measurement services and target ads. Users can opt-out of the collection and use of information for ad targeting. To opt-out, go to Privacy Settings through your Facebook account and opt out under the Ad Preferences settings.  See Facebook Privacy Tools for additional information.

Even if you opt out of cookies/ads personalization, you may still see ads based on factors such as your general location derived from your IP address, your browser type, and your search terms. You can also manage cookies for any online advertising service via the consumer choice tools created under self-regulation programs, such as the US-based aboutads.info choices page or the European Union (“EU”)-based Your Online Choices.

2. Personal Data Received by DataGrail or Disclosed or Shared by DataGrail

DataGrail does not sell Personal Data collected through your use of the Platform.   Information is collected to facilitate the Services offered, for marketing of our services and products,  or for internal analysis relating to product improvements.  However, under the California Consumer Privacy Act, some sharing of personal information necessary to provide you with personalized ads may be considered a “sale,” even if no money is exchanged.  Please see Section 7 for additional information.

As required by applicable law, including, but not limited to, GDPR & CCPA, DataGrail has in place Data Processing Addendum(s) with those subprocessors that process end-user Personal Data to ensure compliance with DataGrail’s obligations under applicable data protection laws and regulations.  Personal Data collected is processed by the following service providers to facilitate provision of the Services on the Platform as follows:

Newsletters & Marketing Campaigns.  DataGrail utilizes SendGrid to create and deliver DataGrail’s newsletters. Submission of data is optional and with a User’s consent. DataGrail shares contact information, such as name and email address, to process that data in accordance with our instructions regarding our marketing campaigns. Please see SendGrid’s Privacy Policy for more information on their data collection and processing practices.

Social Plug-Ins:  Users may optionally follow DataGrail Twitter and LinkedIn. Users should click on the hyperlinks for each site to review the applicable privacy policies for more detail about information collected and processed by these sites.

Sales & Marketing.

  • Sales Team Engagement. DataGrail utilizes the chorus.ai digital communications solution to enable its sales team to capture and summarize customer communications to improve customer engagement. At DataGrail’s election, Chorus.ai may utilize biometric identification, including voiceprint identification, to match a user’s identity with information on file with DataGrail’s sales team. Each user’s consent is expressly obtained prior to collecting such information. Please see the Biometric Data Policy for additional information.
  • Prospective Leads Updates. DataGrail utilizes Clearbit to enable it to supplement its existing contact information with information maintained in Clearbit’s  professional profile database, including name, job title, email address, mobile number, city, company information, obtained from third party sources such as LinkedIn, to enable our sales team to more effectively identify and communicate with prospective leads. Please see the Clearbit Privacy Policy for additional information.
  • Sales Automation & Analytics. DataGrail utilizes Outreach.io to automate its sales processes and generate actionable insights to help manage inbound and outbound sales processes. To the extent DataGrail utilizes Outreach’s call recording (audio/video) functionality, it will first obtain your consent to record calls prior to making such recording in accordance with applicable laws. Contact information shared with Outreach will be used solely for purposes of sales engagement functions made available through the platform. Please see the Outreach Privacy Policy for additional information.
  • Marketing Outreach. DataGrail utilizes Sendoso to coordinate personalized marketing outreach efforts to current and prospective customers. Contact information such as name, email and addresses are shared for purposes of sending e-gifts, direct mail, and physical personalized gifts sent directly at DataGrail’s request. Please see the Sendoso Privacy Policy.

Notifications. DataGrail utilizes Slack and Twilio to facilitate customer notifications. Users should review Slack’s Privacy Policy and  Twilio Privacy Policy for more information on their data collection and use practices

Customer Relationships Management.   DataGrail utilizes services provided by Salesforce.com, inc. to manage its customer relationships and the information and data associated with those customers.  Account information, including personal information such as customer’s account name, email, phone, mailing address, etc. with Salesforce.com.  Please see the Salesforce.com Privacy Policy for more information on their data collection and use practices.

HubSpot.  DataGrail utilizes HubSpot’s marketing software for automated marketing, content strategy and customer outreach. Please see HubSpot’s Privacy Policy for more information on their data collection and use practices.

Drift.  DataGrail utilizes Drift for automated chatbot support and conversational marketing purposes.   Draft may collect a User’s name, contract information, IP address and cookies when a User opts to provide such information for customer support purposes.  Please see the  Drift GDPR Policy for more information on their data collection and use practices.

Calendly.  DataGrail integrates Calendly to provide seamless demo and meeting scheduling.  Calendly will only collect Personal Data optionally provided by Users, such as name and email address, for the purpose of scheduling requested meetings. Please see the Calendly Privacy Policy for more information on their data collection and use practices.

Hosting Services . DataGrail hosts customer and services data through Amazon Web Services and WPEngine. Customers should click on the hyperlinks for more information about their data collection and privacy policies.

Usercentrics.  DataGrail utilizes Usercentrics for consent management purposes to facilitate compliance with GDPR and other mandatory consent requirements. DataGrail has entered into European Commission approved standard contractual clauses to ensure sufficient protection of Personal Data transferred internationally. Please also see Usercentrics Privacy Policy. Usercentrics collects consent data (consent yes/no, timestamp, data scope, data attributes, controllerID, processorID, consentID) through JavaScript. Users can permanently prevent the execution of JavaScript at any time by making the appropriate settings in your browser, which would also prevent Usercentrics from executing the JavaScript.

Analytics:

  • DataGrail utilizes Datadog, a SaaS based monitoring and analytics platform to obtain analytics, service application and infrastructure logs. Please see the Datadog EEA Data Processing Addendum and Datadog Privacy Policy for additional information.
  • Google Analytics. DataGrail utilizes Google Analytics to access anonymised and/or pseudo anonymised data to help us understand how our Services are used.  Google Analytics is a web analytics tool that helps us understand how users engage with our Platform, so that we can review and improve our Services.  Google Analytics provides a report to us with website trends without identifying the Personal Data of individual users.  Please see Google’s Data Privacy and Security Policy. However, if you decide to withdraw your consent to such data collection, you may opt-out by installing Google Analytics Opt-out Browser Add-on.

Payment Processing Information. DataGrail does not itself store debit or credit card information on its servers.  DataGrail utilizes a third party payment processor, Bill.com to manage and process payments in order to guarantee the security of your information.  Customers should review Bill.com’s Privacy Notice for more information on their data collection practices.

Abuse Prevention. DataGrail utilizes hCaptcha to protect its Platform from spam and abuse. hCaptcha may collect information directly from users for bot verification purposes, as well as additional data to determine whether users are human, such as mouse movements, scroll position, keypress events, touch events, and gyroscope / accelerometer information as applicable. Please see the  hCaptcha Privacy Policy for additional information.

Other Potential Third-Party Disclosures. Personal Data may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) if DataGrail is involved in a merger, acquisition, or sale of all or a portion of its assets, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law.

Please see Section 7 for a more specific disclosure of the applicable categories of personal information collected and processed under the CCPA.

3. Compliance with Children’s Online Privacy Protection Act and GDPR Regulations Relating to Minors

Only persons age 18 or older are authorized to create a DataGrail account.  We do not knowingly collect Personal Data from anyone under the age of 18.  If a parent or guardian becomes aware that his or her minor child (as defined by the applicable privacy rules or regulations pertaining to  the minor child) has provided us with Personal Data without their consent, he or she should contact DataGrail through the DataGrail’s Privacy Request Form or at privacy@datagrail.io.  We will delete such Personal Data from our files within a commercially reasonable time, but no later than required under the applicable law relating the child’s state and/or country of residence.

4. Retention of Personal Data Collected

We will retain account and purchase data as long as it is necessary to provide our Services to our Customers.  When a Customer’s account is terminated or expires,  Personal Data collected through the Platform will be deleted in accordance with the requirements of applicable law.  Personal Data obtained from Site visitors will be maintained as long as it is necessary to provide requested communications and information-based services or until a Visitor exercises its right to opt-out of requested communications or information-based services.  Anonymized and Pseudo-anonymized data will be retained as long as DataGrail determines such data is commercially necessary for its legitimate business interests.

5. Applicable EU GDPR Notices

Data Processor.   DataGrail is the processor of all Customer Data (as defined in the applicable Terms of Service), including Personal Data input by a Customer, and its Authorized Users, in connection with a Customer’s use of the DataGrail Services.

Data Controller.  The Personal Data input by (a) visitors in general, and (b) Customer for purposes of establishing a commercial account with Customer, is controlled by DataGrail,

Attention: Privacy Department, 164 Townsend St, Unit 12, San Francisco CA 94107. You may contact us at any time through the DataGrail’s Privacy Request Form or by emailing us at privacy@datagrail.io.

For applicable EU Users, we will only collect and process Personal Data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you, and “legitimate interests.” Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object.  If you have any questions about the lawful bases upon which we collect and use your personal data, please submit a request through the DataGrail’s Privacy Request Form or email DataGrail at privacy@datagrail.io.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:  http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.  If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

How to Review, Transfer, Restrict the Use of or Request Erasure of Personal Data

IF YOU WOULD LIKE TO:

  • Access, review, restrict processing of, or otherwise request erasure of your Personal Data;
  • Obtain the identity of the source of any Personal Data collected;
  • Request correction of any errors contained within your Personal Data;
  • Request DataGrail transfer your Personal Data to another service provider;
  • Object to the manner in which your Personal Data is processed;
  • Lodge a complaint with an EU supervisory authority; or
  • Withdraw consent to the collection of your Personal Data

Requests under this Section can be made through DataGrail’s Privacy Request Form.  We will respond in the timeframes required under applicable law. For all requests made pursuant to this section, DataGrail will (a) respond as required under applicable law, (b) provide a copy of any requested Personal Data in a structured, commonly used and machine-readable format, and/or (c) transmit such Personal Data to another service provider without restriction in accordance with applicable law

6. Privacy Shield Notice For Users In The European Union

DataGrail complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the European Union) and Switzerland.

Certification. DataGrail has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

Accountability for Onward Transfer.

DataGrail requires that its integrated service providers that have access to personal information from EU consumers have either self-certified to the Privacy Shield Principles, are subject to the EU Privacy Directive, or enter into a written agreement with us that requires them to provide at least the same level of privacy protection as is required by the relevant Privacy Shield Principles. DataGrail is potentially liable if such third party service providers process your personal information in a manner that is inconsistent with the Privacy Shield Principles.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Access and Choice. Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States.  Upon request, we will provide you with access to the personal information that we hold about you.  You may also correct, amend, or delete the personal information we hold about you.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to DataGrail’s Privacy Request Form or by email at privacy@datagrail.io.  If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  To request to limit the use and disclosure of your personal information, please submit a written request through the DataGrail’s Privacy Request Form or by email to privacy@datagrail.io

Complaints.  In compliance with the EU-US Privacy Shield Principles, DataGrail. commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact DataGrail through the DataGrail’s Privacy Request Form, by email at privacy@datagrail.io  or by mail to:  DataGrail, Inc. Attention: Privacy Department, 164 Townsend St, Unit 12, San Francisco CA 94107.

No Cost Dispute Resolution. DataGrail has further committed to refer unresolved privacy complaints  to BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus, an independent dispute resolution mechanism located in the United States.  If you do not receive timely acknowledgment of your complaint, or if we have not addressed your complaint to your satisfaction, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This services of BBB  are provided at no cost to you.

FTC Jurisdiction. The Federal Trade Commission (“FTC”) has jurisdiction over DataGrail’s compliance with this Privacy Policy and the EU-US Privacy Shield Framework and DataGrail subject to the investigatory and enforcement powers of the FTC.

Privacy Shield Panel – Binding Arbitration. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Required Disclosures.  DataGrail is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  

7. Your California Privacy Rights

California Consumer’s Request to Disclose, Right to Delete, Right to Opt-Out of Sale Rights:  For information on your California Consumer Rights pursuant to  the California Consumer Privacy Act, California Civil Code Section 1798.100 et seq. (“CCPA”), please see: California Consumer Privacy Rights Notice (“Notice”).  All capitalized terms contained in this Section or the Notice which are not otherwise defined in this Privacy Policy or applicable terms of service shall have the meaning as ascribed to them in the CCPA.

A verifiable Consumer Request may be submitted to DataGrail effective January 1, 2020  through the DataGrail’s Privacy Request Form or by emailing DataGrail at privacy@datagrail.io or through Customer’s account within the Platform.

For each request, DataGrail will initially verify the email address on file with the email address submitted in the applicable request. Further verification will be based upon confirmation of data correlating to information maintained by DataGrail, as applicable. Consumers may designate an authorized agent to make a request on the Consumer’s behalf through the DataGrail’s Privacy Request Form or by email at privacy@datagrail.io.  Requests by authorized agents are subject to additional verification requirements pursuant to the rules and regulations set forth in the CCPA. Please see the Notice for additional information.

8. DataGrail’s Security Policy

We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration.

All data is securely encrypted utilizing AES-256-bit encryption.  Please review the AWS Cloud Security Policy for more information on AWS’ security practices.  DataGrail utilizes only PCI-DSS compliant third party payment processors to ensure the security of your personal information. Users should review Bill.com Security Center for more information on their security practices.

9. Response to “Do Not Track” Signals

Do Not Track” is a feature enabled on some browsers that sends a signal to request that a website disable its tracking or cross-website user tracking.

DataGrail shall treat any user-enabled global privacy controls,  such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicate or signal the consumer’s choice to opt-out of the sale of their Personal Information as a valid request submitted pursuant to the CCPA for that browser or device, or, if known, for the consumer.

10. Notification of Changes to the DataGrail Privacy Policy

We may update this Privacy Policy as necessary to reflect changes we make and to satisfy legal requirements. We’ll post a prominent notice of material changes on the Platform and provide reasonable notice before any material changes take effect.

11. Additional Questions

If you have any additional questions about our practices, please contact DataGrail as follows:

By Mail:

DataGrail
Attention: Privacy Department
164 Townsend St, Unit 12
San Francisco CA 94107

By Email: privacy@datagrail.io

DataGrail’s Privacy Request Form