DataGrail Privacy Policy

1. Personal Data Collected by DataGrail on the Platform

• Email & Contact Information. Users may optionally provide their email address and/or other contact information (e.g., name, company name, job title) to DataGrail to contact us through the Platform with questions about our Platform and Services, or to request a Demo. Users may also optionally subscribe to our newsletters and may unsubscribe at any time through the opt-out link contained within those communications.
• Account Information. In subscribing to its Services, DataGrail requires its Customer to provide account-based information, including Customer name, address, phone number, email and payment processing information. This information is necessary to facilitate account services and subscription and related purchases through the Platform. Account information may also be used to (i) provide information regarding our Services; (ii) communicate material changes to our Terms of Service and Privacy Policy; and/or (iii) help us maintain and improve Services offered.
• Log-File Information. Log file information is automatically reported by your browser each time you access a web page. Server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, referring / exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information. Log-File data will be used for debugging purposes and to improve
• Web Beacons. Pages of our site, Platform and/or emails from DataGrail may contain web beacons. Also known as “tags”, “pixels” or “clear GIFs”, these are pieces of code or tiny electronic images, that are ordinarily not visible to website visitors and email recipients and may be associated with cookies on the visitors’ browser or device. Pixel tags allow us to count users who have visited certain pages of our website or have interacted with our Platform, to deliver branded services, to provide online advertising, and to help determine the effectiveness of promotional or advertising campaigns.
• Cookies. DataGrail’s site uses cookies to provide users with a better browsing experience — cookies are only collected with your express consent. In addition, by accepting DataGrail’s Privacy Policy upon purchase of the Services, you are consenting to DataGrail’s use of cookies in connection with the Services itself. DataGrail utilizes cookie technology to gather information on Internet use in order to serve you more effectively. Cookies are files with a small amount of data and are sent to your browser from a website and transferred to your device. You can set your browser to remove or reject cookies; however some Platform features or Services may not work properly without cookies.

How You Can Control Advertising Cookies. Cookies are also utilized to deliver advertising on our site. Among other uses, they allow us to show more relevant advertising to people who visit the site by showing you ads that are based on your browsing patterns and the way you have interacted with our sites. We may use the following advertising partners. You can find information about how to opt out of targeted ads and related data collection here:

• Google Ads & Google Tag Manager. Google Ads utilizes search engine marketing to serve ads to target audiences. Google Tag Manager tracks Flash cookies, and social networking applications. Please see Google’s Data Privacy and Security Policy for more information on their data collection and processing. You can use Ads Settings to manage the Google ads you see and opt out of Ads Personalization. To manage privacy settings for Flash cookies, see Adobe Flash Player Help
• Facebook Advertising. Meta Platforms, Inc., providing services as Facebook, may use cookies, web beacons, and other storage technologies to collect or receive information and use that information to provide measurement services and target ads. DataGrail may use “Visitor action pixels” from Facebook on the Platform. This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the Personal Data of individual users. Please see the Meta’s Privacy Policy  for additional information. Users can opt-out of the collection and use of information for ad targeting. To opt-out, go to Privacy Settings through your Facebook account and opt out under the Ad Preferences settings.
• LinkedIn Ads. LinkedIn Ads uses cookies to track the success of LinkedIn advertising. Personal Data is processed in accordance with the LinkedIn Privacy Policy. To opt out of LinkedIn Ads, see manage your LinkedIn Advertising preferences.
• Twitter Advertising. X Corp., providing services as Twitter, utilizes cookies to provide interest based advertising. See X Privacy Policy for more information on its data collection and processing policies. Please See X Privacy Controls for more information on how to adjust your privacy settings.
• Microsoft Ads. In connection with Microsoft Ads and remarketing, DataGrail uses a Universal Event Tracking (UET) feature, which enables Microsoft to collect or receive Personal Data from you to provide Microsoft Advertising. Please see Microsoft Privacy Statements for more information.

Even if you opt out of cookies/ads personalization, you may still see ads based on factors such as your general location derived from your IP address, your browser type, and your search terms. You can also manage cookies for any online advertising service via the consumer choice tools created under self-regulation programs, such as the US-based aboutads.info choices page or the European Union (“EU”)-based Your Online Choices. See also the Network Advertising Consumer Opt-Out and/or the Digital Advertising Alliance Opt-Out.

2. Personal Data Received by DataGrail or Disclosed or Shared by DataGrail

Personal Data is collected to facilitate the Services offered, for marketing of our services and products, or for internal analysis relating to product improvements and data security. DataGrail shares Personal Data with only those contractors, service providers and other third parties who are bound by contractual obligations to keep Personal Data confidential and to limit such use only for the purpose for which it is disclosed. Personal Data collected is processed to facilitate the provision of the Services on the Platform or as otherwise disclosed at the time of collection to:

Provide Services. Personal Data is used to:

• Provide, operate and improve the Platform and Services;
• Process payments and complete transactions;
• Update you and provide marketing communications about new features and services;
• Sales and marketing outreach;
• Employment application processing;
• Respond to inquiries and provide customer support and feedback;
• Detecting, preventing, and investigating security incidents that compromise the availability, authenticity, integrity or confidentiality of stored or transmitted Personal Data;
• Protecting against malicious, deceptive, fraudulent or illegal activity directed at DataGrail;
• Debugging to identify and repair errors that impair existing intended functionality.
• Analyze data to assess, understand and improve the services and personalize user experiences, including creation of anonymized aggregated, statistical and benchmark data. Aggregated data is utilized to help develop and market products or services and present targeted content and advertising
• Enable functionality of the services to authenticate a user, prevent fraud, and implement security measures
• Undertaking activities to verify or maintain the quality of a service or product that is developed or provided, and to improve, upgrade, or enhance any service or product that is developed or provided by DataGrail.

Share with Service Providers. DataGrail has engaged with third party service providers to facilitate the DataGrail services and operate our business, including without limitation, database management hosting, information technology, email delivery, customer support, sales and marketing outreach, consent management, analytics, data security and compliance services necessary to provide the Services. For each service provider, DataGrail will have in place written contracts that describes the purpose of the service and disclosure of Personal Data, and requires the service provider to both keep the Personal Data confidential and not use it for any purpose except performing the services pursuant to such contract.

SMS Notifications – Notice & Consent. DataGrail utilizes a third party service provider, Twilio, to enable SMS notifications to its customers and its authorized users (as defined in the applicable Terms of Service or Services Agreement). You consent to receive recurring text messages relating to the Services to the mobile number associated with your account or otherwise provided to DataGrail. You understand and agree that text messages sent to your mobile number may be generated using automated technology, Message and data rates may apply. Reply STOP to opt-out or HELP for info. Consent is not a condition of any purchase. Mobile phone numbers are processed in accordance with Twilio’s Privacy Policy.

Analytics: DataGrail uses the following third party analytics services:

• Datadog.  DataGrail utilizes Datadog, a SaaS based monitoring and analytics platform to obtain analytics, service application and infrastructure logs. Please see the Datadog EEA Data Processing Addendum and Datadog Privacy Policy for additional information.
• Google Analytics. DataGrail utilizes Google Analytics to access anonymized (nonpersonal) and/or pseudonymously identifiable personal data to help us understand how our Site and Services are used. Google Analytics is a web analytics tool that helps us understand how users engage with our Platform, so that we can review and improve our Services. Google Analytics provides a report to us with website trends without identifying the Personal Data of individual users. Please see Google’s Data Privacy and Security Policy. However, if you decide to withdraw your consent to such data collection, you may opt-out by installing Google Analytics Opt-out Browser Add-on.
• Matomo. DataGrail utilizes Matomo to understand how our Site and Services are used. It provides a report to DataGrail with website trends without identifying individual visitors. Site usage is tracked in accordance with the Matomo Privacy Policy.

Sales & Marketing. Personal Data is collected for the following sales and marketing purposes:

• Sales Team Engagement. DataGrail utilizes the Gong digital communications solution to enable its sales team to capture and summarize customer communications to improve customer engagement. At DataGrail’s election, Gong.io may utilize biometric identification, including voiceprint identification, to match a user’s identity with information on file with DataGrail’s sales team. Each user’s consent is expressly obtained prior to collecting such information. Please see the Gong Privacy Policy for additional information.
• Prospective Leads Updates. DataGrail utilizes Cognism to enable it to supplement its existing contact information with information maintained in Cognism’s professional profile database, including name, job title, email address, mobile number, city, company information, obtained from third party sources such as LinkedIn, to enable our sales team to more effectively identify and communicate with prospective leads. Please see the Cognism Privacy Policy for additional information.
• Sales Automation & Analytics. DataGrail utilizes Outreach.io to automate its sales processes and generate actionable insights to help manage inbound and outbound sales processes. To the extent DataGrail utilizes Outreach’s call recording (audio/video) functionality, it will first obtain your consent to record calls prior to making such recording in accordance with applicable laws. Contact information shared with Outreach will be used solely for purposes of sales engagement functions made available through the Platform. Please see the Outreach Privacy Policy for additional information.
• Marketing Outreach. DataGrail utilizes Sendoso to coordinate personalized marketing outreach efforts to current and prospective customers. Contact information such as name, email and addresses are shared for purposes of sending e-gifts, direct mail, and physical personalized gifts sent directly at DataGrail’s request. Please see the Sendoso Privacy Policy.

4. Retention and Deletion of Personal Data; De-Identified Data

Unless erasure is otherwise requested under applicable law or as otherwise stated in this Privacy Policy, DataGrail will retain account data as long as it is necessary to provide services to our customers. Personal Data obtained from Platform visitors will be maintained as long as it is necessary to provide requested communications and information-based services or until a visitor exercises the right to opt-out of requested communications or information-based services. Anonymized and pseudo-anonymized data will be retained as long as DataGrail determines such data is commercially necessary for its legitimate business interests.

To the extent DataGrail de-identifies any Personal Data, DataGrail shall maintain and use such de-identified data without attempting to re-identify the data.

8. Supplemental U.S. State-Specific Notices – Notice of Collection

This supplemental notice sets forth the disclosures and rights applicable to residents of California, Colorado, Virginia, Connecticut, and Utah. Such consumer privacy notices and rights shall also apply to other state residents to the extent other state consumer privacy laws are implemented following the last effective update to this Privacy Policy.

DataGrail collects, uses and/or discloses Personal Data as follows:

DataGrail does not retain a consumer’s Personal Data for longer than is reasonably necessary for each disclosed purpose.

Other Potential Disclosures: Personal Data may also be disclosed to serve our legitimate business interests as follows: (a) as required by law, such as to comply with a subpoena, or similar legal process, (b) as part of a merger, acquisition, bankruptcy or other transaction in which a third party assumes control of all or part of the business, (c) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies as required by law; (d) enforce our agreements with you, and/or (e) investigate and defend ourselves against any third-party claims or allegations.

A. Sale of Personal Data; Sharing of Personal Data; Right to Opt-Out

DataGrail does not and will not sell your Personal Data in the traditional sense. However, DataGrail’s use of personalized advertising related tracking technologies may be considered a “sale” / “sharing” under California (CCPA), Colorado (CPA) and other applicable U.S. consumer privacy laws. Visitors to our U.S. site can opt-out of having data transmitted to these ad-tech providers by clicking the “My Privacy Choices” link at the bottom of our site to access available opt-out mechanisms.

You can also submit a request to opt-out through the DataGrail’s Opt-Out Form or by emailing us at [email protected] with the subject line “Do Not Sell or Share.” 

Finally, if your browser supports it, you can turn on the Global Privacy Control to automatically opt-out of the “sale” or “sharing” of your personal information.

B. Collection of Sensitive Information

DataGrail does not collect Sensitive Information as defined by applicable laws.

C. Consumer Rights. Consumers may visit DataGrail’s Trust Center or contact DataGrail directly to exercise the following consumer rights:

Request DataGrail Disclose At No Charge (“Right to Know”):

• Specific pieces of personal information it has collected about you;
• categories of Personal Data collected, used, and/or disclosed about you;
• categories of sources from which Personal Data is collected;
• business and/or commercial purposes for collecting and disclosing your Personal Data;
• categories of third parties with whom your Personal Data has been disclosed/shared; and

Right to Know Requests can be submitted to DataGrail through the DataGrail’s Privacy Request Form or by email at [email protected].

Request DataGrail to Delete At No Charge (“Right to Delete”):

Deletion Requests can be submitted to DataGrail through the DataGrail’s Privacy Request Form, or by email at [email protected].

D. Request DataGrail Correct At No Charge (“Right to Correct”):

Requests that DataGrail correct any inaccurate Personal Data collected by DataGrail can be submitted by through the DataGrail’s Privacy Request Form, or by mail to [email protected]

E. Verified Request Process

DataGrail will verify all consumer requests prior to taking any action in response to such request. For consumers that maintain an account with DataGrail, it may verify the identity of the consumer making the request by either matching information with the account information on file or through existing account authentication credentials.

Under applicable state law, you may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf. Authorized agents must demonstrate they have written authorization from you to make requests on your behalf. DataGrail may additionally require the consumer to confirm their identity and verify the authorized agent’s permission before complying with any request.

F. Consumer Request Limitations

Please note that these rights are not absolute and in certain cases are subject to conditions or limitations as specified in the applicable state laws, including, but not limited to:

• DataGrail is obligated to disclose/delete only upon a verifiable Consumer request from the consumer or an authorized agent acting on behalf of Consumer.
• Consumers may only make a personal information request twice in a 12-month period.
• Deletion is not required if it is necessary for DataGrail to maintain the Personal Data to fulfill applicable permissible purposes enumerated pursuant to applicable state consumer privacy laws.

DataGrail will confirm and respond to all requests within the timeframe required under applicable state law. In responding to any request to disclose/delete, DataGrail shall maintain a record of the requests as required under applicable state law.

G. Non-Discrimination Policy

You have the right not to receive discriminatory treatment for exercising any rights conferred by the CCPA and VCDPA. DataGrail shall not discriminate against a consumer for exercising any statutory consumer privacy rights, including, but not limited to, (a) denying goods or services, (b) charging different prices or rates (including discounts/penalties) that is not directly related to the value provided to DataGrail for the Personal Data, (c) suggesting Consumer will receive a different rate/price or different level of quality of goods/services, or (d) providing a different level of quality of goods/ services.

Employees, applicants and independent contractors have the right not to be retaliated against for the exercise of their CCPA rights.

H. Your Virginia Privacy Rights under VCDPA

If DataGrail is unable to process requests relating to your Personal Data and denies your request, Virginia residents have the right to appeal by emailing DataGrail at [email protected]. DataGrail will respond to your appeal request within 60 days of receiving the request to appeal.

I. Your California Privacy Rights under California Civil Code Section 1798.83 & Business and Professions Code Section 22581

California law permits Consumers to request and obtain from DataGrail once a year, free of charge, certain information about their Personally Identifiable Information (“PII”) (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.

In addition, a business subject to California Business and Professions Code Section 22581 must allow California residents under age 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted. Your request should include a detailed description of the specific content or information to be removed. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

J. Accessibility of this Policy.

• You can download and print a copy of this Notice here

K. Contact Us

If you have any questions regarding your Personal Data or about our privacy practices, please contact us at: DataGrail, Inc., Attention: Privacy Department, 164 Townsend Street, Suite 12, San Francisco CA 94107 or by email at: [email protected].

9. Applicable EU GDPR Notices

Data Processor. DataGrail is the processor of all Customer Data (as defined in the applicable Terms of Service), including Personal Data input by a Customer, and its Authorized Users, in connection with a Customer’s use of the DataGrail Services.

Data Controller. The Personal Data input by (a) visitors in general, and (b) Customer for purposes of establishing a commercial account with Customer, is controlled by DataGrail, Attention: Privacy Department,164 Townsend Street, Suite 12, San Francisco CA 94107. You may contact us at any time through the DataGrail’s Privacy Request Form or by emailing us at [email protected]

For applicable EU Users, we will only collect and process Personal Data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you, and “legitimate interests.” Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please submit a request through the DataGrail’s Privacy Request Form or email DataGrail at [email protected].

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

How to Review, Transfer, Restrict the Use of or Request Erasure of Personal Data

IF YOU WOULD LIKE TO:

• Access, review, restrict processing of, or otherwise request erasure of your Personal Data;
• Obtain the identity of the source of any Personal Data collected;
• Request correction of any errors contained within your Personal Data;
• Request DataGrail transfer your Personal Data to another service provider;
• Object to the manner in which your Personal Data is processed;
• Lodge a complaint with an EU supervisory authority; or
• Withdraw consent to the collection of your Personal Data

Requests under this Section can be made through DataGrail’s Privacy Request Form. We will respond in the timeframes required under applicable law. For all requests made pursuant to this section, DataGrail will (a) respond as required under applicable law, (b) provide a copy of any requested Personal Data in a structured, commonly used and machine-readable format, and/or (c) transmit such Personal Data to another service provider without restriction in accordance with applicable law.