Dharma.ai Privacy Policy

Posted: May 23, 2018

Effective: May 25, 2018

1. Some key terms

In our Privacy Policy, when we refer to “Customers”, we mean parties who contract with us for the use of our Services. Our Customers may authorize or instruct individuals to register for an account on and use our Services. These individuals are referred to herein as “Users”. Users may use the Services to collect and share data related to third parties. These third parties are referred to herein as “Subjects” and the data related to such Subjects are referred to as “Subject Data”. Any other capitalized terms not defined in this Privacy Policy have the meanings in our User Agreement, Customer Agreement, and Acceptable Use Covenants (all four of which are collectively referred to as Dharm.ai’s “Terms”).

When we refer to “Dharma.ai,” “we,” or “us” in this policy, we mean Dharma Platform, Inc., which controls the information Dharma.ai collects when you use the Services. Dharma.ai offers a partition tolerant database that operates on cloud and mobile platforms, which help you solve complex data challenges wherever you are in the world. We also own and operate a number of websites and offer related services, like support. We refer to all of these products, together with our other services and websites as “Services” in this policy.

2. How does this Privacy Policy apply?

This Privacy Policy describes what we do with personal information that we collect and use for our own purposes (i.e., where we are a controller), such as a Customer’s account information and information about how such Customer and its Users use and interact with our Services, including information submitted to our customer support as well as certain information relating to such Customer’s Users. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.

In providing the Services, we host and process Subject Data and User information on behalf of our Customers. Each Customer determines what it does with its Subject Data and User information. The Customer controls such Subject Data and User information and, under the European General Data Protection Regulation (“GDPR”), is deemed the controller of such Subject Data and User information. This Privacy Policy does not describe what we do with Subject Data and User information on our Customers’ instructions (i.e., as their processor under the GDPR). If you are a User or Subject and want to know how a Customer handles your information, you should check its privacy policy.

If you want to know about what we do with information we collect for our own purposes, read on.

If you are a Customer or User in the European Economic Area, United Kingdom or Switzerland (the “EEA”) or if the GDPR is otherwise applicable to your personal data or the data you collect, please see our Data Processing Addendum to learn more about how we process such data.

At Dharma.ai. we respect your privacy. When it comes to your personal information, we believe in transparency, not surprises. That’s why we’ve set out here what personal information we collect, what we do with it and your choices and rights.

By using the Services you confirm you have agreed to our Terms and read and understood this Privacy Policy.

3. Personal information we collect

We collect various personal information regarding you or your device. This can include the following:

4. How we collect personal information

We obtain personal information from various sources. We do this in three main ways:

We’ve described this in more detail below.

a. Personal information you provide

When you use our Services, we collect information from you in a number of ways. For instance, we ask you to provide your name and email address to register and manage your account. We also maintain your marketing preferences and the emails and other communications that you send us or otherwise contribute, such as customer support inquiries or posts to our social media accounts. You might also provide us with information in other ways, including by responding to surveys, submitting a form or participating in Dharma.ai events.

Sometimes we require you to provide us with information for contractual or legal reasons. We’ll normally let you know when information is required, and the consequences of failing to provide it. If you do not provide personal information when requested, you may not be able to use our Services if that information is necessary to provide Services to you or if we are legally required to collect it.

b. Personal information obtained from your use of our Services

When you use our Services, we collect information about your activity on and interaction with the Services, such as your device and browser type, the web page you visited before coming to our sites, what pages on our sites you visit and for how long and identifiers associated with your devices. If you’ve given us permission through your device settings, we may collect your location information in our mobile apps.

If you are a User, we also get information about your interactions with the Customer’s account, including their projects, though we use this in anonymous, aggregated or pseudonymized form which does not focus on you individually. We use this data to evaluate, provide, protect or improve our Services (including by developing new products and services).

c. Personal information obtained from other sources

Customers of our Services may provide information about you when they submit content through the Services. For example, we may receive your email address from another User when they provide it in order to invite you to the Services.

We may also receive information about you when you or your account administrator link a third-party service with our Services. For example, you may authorize our Services to access and display files from a third-party document-sharing service within the Services interface. Or you may authorize our Services to sync a contact list or address book so that you can easily connect with those contacts within the Services or invite them to collaborate with you on our Services. The information we receive when you link or integrate our Services with a third-party service depends on the settings, permissions and privacy policy controlled by that third-party service. You should always check the privacy settings and notices in these third-party services to understand what data may be disclosed to us or shared with our Services.

If you sign up for Paid Services, we obtain limited information about your payment card from our payment processor. Currently, our payment processor is Stripe. Stripe uses and processes your complete payment information in accordance with Stripe’s privacy policy.

5. How we use your personal information

How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. We may use the personal information we obtain about you to:

We process your personal information for the above purposes when:

Consent. You have consented to the use of your personal information in a particular way. When you consent, you can change your mind at any time. We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.

Performance of a contract. We need your personal information to provide you with the Services or to respond to your inquiries. In other words, so we can perform our contract with you or take steps at your request before entering into one. For example, we need your email address so you can sign in to your Dharma.ai account.

Legal obligation. We have a legal obligation to use your personal information, such as to comply with applicable tax and other government regulations or to comply with a court order or binding law enforcement request.

Legitimate interests. We have a legitimate interest in using your personal information. In particular, we have a legitimate interest in the following cases:

Legal bases for processing (EEA Customers and Users): If you are an individual in the EEA, we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your personal information only where:

6. How we share your personal information

We share personal information in the following ways:

7. Your rights and choices

Where applicable law requires (and subject to any relevant exceptions under law), you may have the right to access, update, change or delete personal information. In such cases, you can access, update, change or delete certain personal information (or that of your Users) either directly in your account or by contacting us at dpo@dharma.ai to request the required changes. You can exercise your other rights (including deleting your account) by contacting us at the same email address.

You can also elect not to receive marketing communications by following the unsubscribe instruction in such communications.

Please note that, for technical reasons, there is likely to be a delay in deleting your personal information from our systems when you ask us to delete it. We also will retain personal information in order to comply with the law, protect our and others’ rights, resolve disputes or enforce our legal terms or policies, to the extent permitted under applicable law.

You may have the right to restrict or object to the processing of your personal information or to exercise a right to data portability under applicable law. You also may have the right to lodge a complaint with a competent supervisory authority, subject to applicable law. If you are subject to the GDPR, we suggest you lodge any such complaints with your local data protection authority within the EEA.

Additionally, if we rely on consent for the processing of your personal information, you have the right to withdraw it at any time and free of charge. When you do so, this will not affect the lawfulness of the processing before your consent withdrawal.

If you are a User or Subject of one of our Customer’s accounts you should contact them to exercise your rights with respect to any information they hold about you.

8. How we protect your personal information

We use data hosting service providers in the EEA to host the information we process, and we use technical measures to secure your data. While no service is completely secure, we have a security team dedicated to keeping personal information safe. We maintain administrative, technical and physical safeguards that are intended to appropriately protect against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse and any other unlawful form of processing of, the personal information in our possession.

9. How we retain your personal information

We retain your personal information regarding you or your use of the Services for so long as your Account is active or for as long as needed to provide you or your Users with the Services. We also retain personal information for as long as necessary to achieve the purposes described in this Privacy Policy, for example, to comply with our legal obligations, to protect us in the event of disputes and to enforce our agreements and to protect our and others’ interests.

The precise periods for which we keep your personal information vary depending on the nature of the information and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, the period during which a claim can be made with respect to an agreement or other matter, whether the personal information has been aggregated or pseudonymized, and other relevant criteria. For example, the period we keep your email address is connected to how long your account is active, while the period for which we keep a support message is based on how long has passed since the last submission in the thread.

As Customers may have seasonal projects or come back to us after an account becomes inactive, we don’t immediately delete your personal information when your trial expires or you cancel all paid or subscription Services. Instead, we keep your personal information for a reasonable period of time, so it will be there for you if you come back.

You may delete your account by contacting us at dpo@dharma.ai and Dharma.ai will delete the personal information it holds about you (unless we need to retain it for the purposes set out in this Privacy Policy).

Please note that in the course of providing the Services, we collect and maintain aggregated, anonymized or de-personalized information which we may retain indefinitely.

10. Privacy Shield (applicable to EEA Customers & Users)

Dharma Data Limited, an affiliate of Dharma.ai based in the EEA, has entered into contractual terms to include standard contractual clauses with Dharma.ai for the transfer of data to Dharma.ai as part of a delivery of service. Dharma.ai is located in the United States and accordingly, Customer data (to include User data and Subject Data) will be transferred to the United States. Please see our Data Processing Addendum to learn more about how we process such data.

Dharma.ai is in the process of attaining certification under the EU-U.S. Privacy Shield Framework (“Privacy Shield”). Accordingly, Dharma.ai is committed to treating personal information received from the EEA pursuant to the Privacy Shield Frameworks in accordance with the applicable Principles.

Our accountability for personal information we receive under the Privacy Shield and subsequently transfer to a third-party is described in the Privacy Shield Principles. In particular, we may use third parties to process data on our behalf as described in this Privacy Policy, and we remain liable if they do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.

11. Users’ personal information

Our Customers who have created an account on Dharma.ai are responsible for what they and their Users do with the User information and Subject Data they collect, directly or through Dharma.ai. This section is directed to such Customers.

a. Your relationship with Users

If you’re one of our Customers, you will collect personal information about your Users. For example, name and email address so that you can add them to teams and projects.

You’re solely responsible for complying with any laws and regulations that apply to your collection and use of your Users’ information, including personal information you collect about them from us or using Dharma.ai functionality, including mobile applications.

We’re not liable for your relationship with your Users or how you collect and use personal information about them (even if you collect it from us or using Dharma.ai functionality) and we won’t provide you with any legal advice regarding such matters.

b. Your relationship with Subjects

Where the Services are made available through a Customer, that Customer is responsible for the Users and Subjects over which it has control. All Subject Data at an individual level is controlled by the Customer. We are not responsible for the privacy or security practices of a Customer, which may be different than this policy.

12. Our policy towards children

The Services are not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13. We will direct potential users under 13 years of age not to use the Services. If we learn that personal information of persons less than 13 years of age has been collected without verifiable parental consent, then we will take the appropriate steps to delete this information. To make such a request, or if there are any questions or concerns about the Privacy Policy for the Service or its implementation, please contact us at dpo@dharma.ai.

13. Updates to this Privacy Policy

We’ll update this Privacy Policy from time to time to reflect changes in technology, law, our business operations or for any other reason we determine is necessary or appropriate. When we make changes, we’ll update the “Effective Date” at the top of the Privacy Policy and post it on our sites. If we make material changes to it or the ways we process personal information, we’ll notify you (by, for example, prominently posting a notice of the changes on our sites or directly sending you a notification).

We encourage you to check back periodically to review this Privacy Policy for any changes since your last visit. This will help ensure you better understand your relationship with us, including the ways we process your personal information.

14. How to contact us

Your information is processed by Dharma Platform, Inc. If you have questions or concerns about how your information is handled, please direct your inquiry to Dharma Platform, Inc., as set forth below or, if you are a resident of the EEA, please contact our EU Representative.

Dharma Platform, Inc. 80 M St. SE, Suite 100 Washington, DC 20003 USA Email: dpo@dharma.ai

EU Representative: Dharma Data Limited, 3 Waterhouse Square, 138 Holborn, London, EC1N 2SW UK Email: dpo@dharma.ai