ALLOY TECHNOLOGIES, INC.
PRIVACY POLICY

Effective Date: January 15, 2021

This Privacy Policy applies to the website alloy.ai (the “Site”) owned and operated by Alloy Technologies, Inc. (collectively, “Alloy”, “we”, “us”, or “our”) and the software-as-a-service described on the Site (the “Service”). This Privacy Policy describes how Alloy collects, uses, shares and secures the personal information you provide, as well as the information about our customers’ customers or end users that we process on behalf of our customers. It also describes your choices regarding use, access, correction and deletion of your personal information.

1. How we Collect Information

We collect the following personal information from you:

a. Information that you provide to us about yourself

When you sign up for or use the Services, we ask you for information such as: (i) contact information, including your name, email address, mailing address, or phone number; (ii) unique identifiers, such as username, account number or password; (iii) your IP address; (iv) information about your business, such as company name, company size, business type.  This information allows us to provide the Services to you and your business.

b. Information collected automatically

When you use our Services, we use cookies and similar technologies to collect information about your location, and your activities on our website, information about your device, and log information. These cookies and similar technologies collect anonymized Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data.

Alloy allows third party analytics services to use these technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole for the purpose of analytics.

You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

2. How we Share your Information

We share information with service providers, as required by law, and in connection with the protection and enforcement of our legal and contractual rights.

With Service Providers: We share your information with third parties who provide services on our behalf to help with our business activities. This includes: payment processing, providing customer service, sending marketing communications, conducting research and analysis, and providing cloud computing infrastructure. The legal basis for sharing this information is our legitimate interest in providing our Services efficiently and we implement measures to safeguard your information.

With Public Authorities or Law Enforcement: In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law (such as to comply with a subpoena or other legal process), when we believe in good faith that disclosure is necessary to protect our rights, when we believe there is a violation to our Terms of Service or your other agreement with us, to protect your safety or the safety of others, to investigate fraud, to respond to a government request, if we are involved in a merger, acquisition, or sale of all or a portion of our assets, or if we are involved in a bankruptcy or liquidation proceeding. The legal basis for this is our legitimate interest in protecting our legal rights and those of others, compliance with legal obligations and our legitimate interest in fulfilling legal obligations imposed by legal authorities outside of the EU.

Prevent fraud and abuse of the Services: We will share information to prevent or detect fraud, to address technical issues and if we believe it is necessary to investigate, prevent, or take action regarding situations that involve abuse of the Services infrastructure. The legal basis for this is our legitimate interest in maintaining the security of our Services.

We also process and share information in an aggregated, de-identified manner, where the information is shared as part of a statistical report and does not contain personal information.

3. Security

The security of your personal information is important to us. We implement adequate measures to protect the personal information submitted to us, both during transmission and once it is received. Alloy takes steps to ensure that such data remains private and confidential. We restrict access to personal information to Alloy employees, contractors and agents who need to know that information in order to operate, develop or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. If you have any questions about the security of your personal information, you can contact us via the contact information below.

4. Rights with respect to your information

Upon request Alloy will provide you with information about whether we hold any of your personal information. You may access, correct, obtain a copy of or request deletion of your personal information by contacting us via the contact information below. We will respond to your request within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing service.

Alloy acknowledges that you have the right to access your personal information. Alloy has no direct relationship with your customers or end users whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to you as the data controller. If we are requested to remove data we will respond within a reasonable timeframe. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing service.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

You may sign-up to receive email or newsletters or other communications from us. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or by contacting us via the contact information below.

5. Data Retention

We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.

Even if you delete your account, keep in mind that the deletion by our third party providers may not be immediate and that the deleted information may persist in backup copies for a reasonable period of time.

6. Policy Regarding Children

The Services are not directed to children under the age of 18. We do not knowingly collect Personal Information from children under 18. If you are under 18, please do not use the Services and do not provide any personal information to us. If you become aware that a child under 18 has provided us with personal information without your consent, please contact us at support@alloy.ai. If you are a California resident under the age of 18 and you wish to remove publicly available content, please contact us at support@alloy.ai with the subject line “California Eraser”.

7. Global Data Privacy Protection

a. European Union Data Transfer Mechanism and Data Protection Laws

Alloy uses Standard Contractual Clauses, under Directive 95/46/EC of the European Parliament and of the Council, as the basis for its compliance with laws regulating data transfers from the European Union. These Standard Contractual Clauses provide appropriate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and the exercise of the corresponding rights.  If you or your organisation will transfer personal data from the European Union to Alloy, you must enter into the Standard Contractual Clauses with Alloy by contacting support@alloy.ai

If you or your organisation is required under the European Union General Data Protection Regulation to enter into a contract or other binding legal act under EU or Member State law with your data processors, and Alloy is acting as a processor for you, as a controller, as those terms are defined by GDPR, then such processing is governed by and subject to the terms of Alloy’s Data Processing Agreement.

b. Purpose and Legal Basis of the Processing

To the extent EU data protection law applies to our processing of information about you, we act as the “data controller”.  To the extent EU data protection law applies to our processing of your customer or end user data, you serve as the “data controller” or “data processor” and we serve as the “data processor” or “data sub-processor”.

To perform the Services: We use your information to identify you, process your payment, provide you with technical support and assistance; and communicate with you about the Services and promote the Services to you via email or by other methods. For example we will contact you to notify you of any issues with the Services or any suspicious activity in your account. The legal basis for these uses is the performance of the contract with you.

To optimize or improve the Services: We use your information to authenticate you, prevent fraud and abuse of our Services and perform research. The legal basis for these uses is our legitimate interest in the improvement and optimization of our service offerings and in ensuring the security of our services and we apply appropriate safeguards to protect your information.

c. Transfers of information not from the EEA

To the extent that personal information is transferred to the United States from countries other than countries within the European Economic Area and Switzerland, including personal information that is transferred from Canada, we employ similar safeguards such as selecting third party vendors carefully, ensuring personal information will be used and disclosed only as set out in this privacy policy and that it is protected by appropriate security safeguards.

However, in connection with these transfers of personal information, your personal information may be subject to privacy laws that may not provide the same protection as your country of residence. For example, government entities in such other countries may have certain rights to access your personal information. By using this Site or using our Service that this privacy notice relates to you are consenting to this transfer of your personal information.

8. California Data Privacy Protection. 

a. Third Party Data Sharing

In addition to the rights provided for above, if you are a California resident, you have the right to request information from us regarding whether we share certain categories of your personal information with third parties for the third parties’ direct marketing purposes. To the extent we share your personal information in this way, you may receive the following information:

(a) the categories of information we disclosed to third parties for the third parties’ direct marketing purposes during the preceding calendar year; and

(b) the names and addresses of third parties that received such information, or if the nature of their business cannot be determined from the name, then examples of the products or services marketed.

b. Rights Related to Personal Information

Effective January 1, 2020, pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), California residents have certain rights in relation to their personal information, subject to limited exceptions. Any terms defined in the CCPA have the same meaning when used in this section.  The processing of personal information subject to CCPA will be subject to and governed by Alloy’s California Data Processing Addendum.

For personal information collected by us during the preceding 12 months that is not otherwise subject to an exception, California residents have the right to access and delete their personal information. We will not discriminate against those who exercise their rights. Specifically, if you exercise your rights, we will not deny you services, charge you different prices for services or provide you a different level or quality of services.

To make such requests, contact us at support@alloy.ai or the other contact information set out below. 

If you are a California resident, you may designate an authorized agent to make a request to access or a request to delete on your behalf. We will respond to your authorized agent’s request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf, or submit evidence you have provided them with power of attorney pursuant to California Probate Code section 4000 to 4465. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf, or are unable to verify their identity.

In accordance with California Civil Code Section 1789.3, California resident users are entitled to know that they may file grievances and complaints with the California Department of Consumer Affairs, 400 R Street, STE 1080, Sacramento, CA 95814; or by phone at (916) 445-1254 or (800) 952-5210; or by email to dca@dca.ca.gov.

9. Browser Do Not Track

Some browsers offer a “do not track” (“DNT”) option. Because no common industry or legal standard for DNT has been adopted by industry groups, technology companies, or regulators, we do not respond to DNT signals. We will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.

10. Changes to This Privacy Policy

We may need to update this policy from time to time. Unless otherwise required by law, we will notify you before we make such changes and give you an opportunity to review them before they go into effect. We encourage you to periodically review this page for the latest information on our privacy practices.

11. Privacy Questions / Feedback

If you have questions or concerns about Alloy’s Privacy Policy please contact us at support@alloy.ai or 528 Folsom Street, San Francisco, California 94105.