Last Updated: August, 2022
If you have questions about our privacy practices or would like to make a complaint, please contact PypeServer:
- Email firstname.lastname@example.org
- Phone (425) 333-7736
- Mail 1600 SW Dash Point Rd #312, Federal Way, WA 98023
1. Personal Information
When we say, “Personal Information,” we mean information that identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with an individual, such as:
- Identifiers (e.g., name, address, telephone number, email address, username);
- Sensitive Personal Information (e.g., state ID, contents of messages where we are not the recipient, in some cases, information about a known child);
- Protected classification information (e.g., race, citizenship, marital status, medical condition, sex, sexual orientation, veteran or military status);
- Biometric information (e.g., keystrokes, behavioral or biological characteristics);
- Internet or other similar activity (e.g., browsing history, content interactions);
- Employment-related information (e.g., current or past employment);
- Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99);
- Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies); and
- Inferences drawn from Personal Information to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, and aptitudes.
Personal Information does not include (a) publicly available information; (b) aggregate information, meaning data about a group or category of services or users from which individual identities and other Personal Information has been removed; or (c) deidentified information that cannot be easily linked back to the individual.
2. Children’s Privacy
The Site and the Services are intended for adult audiences only, and we do not knowingly collect any Personal Information from anyone under 16 years of age. If you are under age 16, please do not provide any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 16, we will delete that information as quickly as possible.
3. Collection and Use of Personal Information
Generally speaking, PypeServer Services are intended for business-to-business use, meaning most information we collect is in a business-to-business context when a Site visitor or End User is acting as an employee in the performance of their job duties to a Client or potential new Client. Our processing of Personal Information as a service provider to our Clients is done entirely at the behest of our Clients, who provide all such information to us directly or indirectly through the use of the Services by End Users. Any use of Personal Information for our own purposes is detailed in this section.
- Lawful Basis. We only collect, use, retain, and disclose Personal Information as is adequate and relevant to the specific, express purposes described below or as reasonably necessary and proportionate to provide our Services or for other purposes that we disclose to you and are compatible with the context of how we collected your Personal Information. More specifically, we will only collect your Personal Information: (i) with your consent, as informed by this Privacy Notice and freely given at the time you provide the information; (ii) if we have a legitimate interest in doing so, such as in our capacity as a service provider to a Client or to provide or improve our Services; or (iii) as authorized or required by law. If we collect or use your Personal Information based on your consent, we will notify you of any changes and will request your further consent as needed.
- During the preceding 12 months, we have collected these categories of Personal Information: (i) identifiers; (ii) employment-related information; (iii) internet or other similar activity; and (iv) commercial history.
- We collect Personal Information from (i) you, when you provide it to us directly; (ii) our Clients; and (iii) automatically from your use of the Site or Services. Our Personal Information collection practices are described in more detail below.
- Client Registration, with consent and as a service provider to the Client. When a Client signs up for our Services, we collect the Client’s identifiers (e.g., name, address, email, phone) to open their account. PypeServer uses a third-party payment processor to handle payment information and we do not directly collect or process payment information.
- End User Registration, with consent and as a service provider to the Client. Each End User must create a profile on the Services including identifiers like their name, email, phone number, login information, location, hardware specifications, and employment-related information like their job title or role with the Client. We use this information to create the End User’s profile and to enable their access to the Services.
- Automatically Collected, with a legitimate interest. We automatically collect certain technical data, including some Personal Information, from End Users’ use of the Services and visitors’ interactions with the Site. The information we collect in this manner may include device, browser type, operating system, CPU speed, referring or exit webpages, click patterns, Session ID, and IP address. We collect this information to achieve our legitimate interest of improving our Services and we use it to analyze preferences, trends and statistics related to the use of the Site and Services, to ensure that our Services will appear and function properly on your device, and to conduct our own analyses and research to improve our Services.
- Third-Party Sources, with a legitimate interest. We may on occasion supplement or correct your Personal Information with information from third-party sources to reduce errors in our database, authenticate our users, prevent fraud, and prevent abuse of our Site, as well as to provide more consistent, relevant experiences to our users.
- Other Ways We Use Your Personal Information. In addition to the specific uses described above, we might also use your Personal Information:
- To conduct routine business operations such as billing, identification, authentication, contact purposes and general research.
- For internal marketing techniques such as tracking customer preferences to provide a customized Site experience and communicating with you about Services, special offers, and other services.
- To provide and enhance the Services.
- To comply with a law, regulation, legal process, court, or governmental order.
- To provide the Services you request, which may include the provision of your information to a third party if the relevant Service is operated by a third party.
- To contact Visitors who provide us with contact information, either with marketing information or in response to any inquiry.
- To fulfill any other purpose to which you consent.
We will not collect additional categories of Personal Information or use already collected Personal Information for purposes that are materially different, unrelated, or not reasonably necessary or compatible with the original purpose without notice and consent to you as required by law.
4. Retention of Personal Information
PypeServer will only retain the Personal Information we collect as long as necessary to deliver our Services or to respond to your inquiries. For example, Personal Information we collect from a Client is retained as long as the Client engages us to use our Services or until the Client deletes it or instructs us to do so. We retain Personal Information associated with End User accounts while the associated Client account remains active or until the Client request that we delete the End User’s data. Site visitor data collected by cookies and related technologies is retained for up to 24 months. We may retain Personal Information for longer periods as necessary and permitted under applicable law. At the end of the retention period, we will delete, anonymize or deidentify the Personal Information.
5. Disclosure of Personal Information
PypeServer will only disclose Personal Information we collect as detailed in this section or as instructed by a Client regarding the Client’s own data. In the preceding 12 months, we have disclosed all categories of Personal Information that we have collected for a business purpose. More specifically, we may disclose Personal Information for a business purpose to:
- Our Service Providers. Vendors that provide us with administrative or data processing services may receive Personal Information to perform their contractual obligations. We prohibit our service providers from selling or disclosing the Personal Information we provide, and we require all service providers to maintain confidentiality standards and appropriate technical and organizational measures to ensure the security of your Personal Information. The type of information that we provide to a service provider will depend on the nature of their services to us. The following are service providers with which we are currently engaged:
- ActiveCampaign (https://activecampaign.com) – Email & Marketing Service. We provide ActiveCampaign with personal information so we can communicate with you in accordance with this Policy.
- AWS (https://aws.amazon.com) – Primary hosting platform
- Bugsnag (https://bugsnag.com) – Used for error monitoring. Receives little to no Personal Information.
- Datadog (https://datadog.com) – Database & server monitoring service
- Google Analytics (https://analytics.google.com) – Data analysis tools for online platforms. Collects some Personal Information, like IP address, unique ID or ClientID.
- Honeybadger (https://honeybadger.io) – Platform performance machine. It receives extremely limited personal data if any.
- MongoDB (https://mongodb.com) – Cross-platform database
- Pusher (https://pusher.com) – Application monitoring. Receives technical and visit usage information related to use of our application and website.
- Scout (https://scoutapm.com) – Application monitor. Processes technical data related to queries.
- Stripe (https://stripe.com) – Payments processor.
- TeamViewer (www.teamviewer.com) – Remote desktop software.
- WordPress (https://www.wordpress.com) – Website building and content management system.
- ZoomInfo (https://www.zoominfo.com/) business and professional profile database. Primarily collects identifiers like professional contact information.
- As Instructed By A Client. As a service provider (or processor) to our Clients, PypeServer may disclose a Client’s data, including Personal Information, as instructed by that Client.
- Law Enforcement and regulatory and other governmental agencies, as permitted or required by law.
- Cookie Information Recipients, subject to their respective privacy notices.
- Other Third Parties, as permitted by applicable law. Examples include: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.
To improve our Services and provide more convenient, relevant experiences to our customers, we and our agents may use “cookies,” “web beacons,” and similar devices to track your activities. A cookie is a small amount of data that is transferred to your browser by a web server and can only be read by the server that gave it to you. It functions as your identification card and enables us to record your passwords and preferences. It cannot be executed as code or deliver viruses. A web beacon is a small transparent .gif image that is embedded in an HTML page or email used to track when the page or email has been viewed. Most browsers are initially set to accept cookies, and most services that include similar devices are typically initially activated to collect data.
You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether or not to accept it. We do not support browsers’ Do Not Track features. You can enable or disable Do Not Track by visiting the preferences or settings page of your browser. You can also use the Network Advertising Initiative Opt-Out Tool.
7. Protecting Your Information
PypeServer has implemented and maintains reasonable security measures to secure your Personal Information from accidental loss and unauthorized access, use, alteration, and disclosure. We use a variety of security measures, including SSL, encryption, and authentication tools, to help protect your information. We do not retain your Personal Information for longer than is necessary for our business purposes. When we no longer need your Personal Information, we dispose of it safely. Our security measures are appropriate to the volume, scope, and nature of the Personal Information processed and designed to meet our duty of care with respect to your Personal Information.
Our security measures include standard international data protection measures. These measures may also include periodic system-wide password resets with high password strength requirements. We strongly discourage password sharing. Due to the nature of the information and related technology, we cannot be held responsible if you share your own login credentials with others. If we learn of a security breach, then we will immediately reset your account password and attempt to notify you as per applicable guidelines to take appropriate steps.
8. Your Privacy Controls
- PypeServer Emails. We may use your email and other contact information to send you advertising and marketing communications. If you do not want us to use your email address or other contact information for advertising purposes, you can opt out by following the “unsubscribe” link in any email from us, or by emailing us directly at email@example.com. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt out of receiving promotional emails, we may still send you emails about your account or any services you have requested or received from us.
- Text Messages. By providing us with your wireless phone number, you consent to the Company sending you informational text messages related to our services. You can unsubscribe from our text messages by replying STOP or UNSUBSCRIBE to any of these text messages. Messaging and data charges may apply to any text message you receive or send. Please contact your wireless carrier if you have questions about messaging or data charges.
- Device Settings. You can control the data we collect through cookies and related technologies by adjusting your device settings or your cookie preferences on the Site.
- Do Not Track. Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track” requests.
- Privacy Requests. If you are and End User, please direct any privacy-related requests or inquiries to the Client through which you access our Services. Otherwise, if you wish to exercise your privacy rights beyond the methods described above, or if you want to express concerns, lodge a complaint, or request information, please email firstname.lastname@example.org or, if your state laws grant you a privacy right listed below, by submitting a Consumer Privacy Request. We may only legally fulfill a Consumer Privacy Request when we have sufficient information to verify that the requester is the person or an authorized representative of the person about whom we have collected Personal Information, and to properly understand, evaluate, and respond to the request. We do not charge a fee to process or respond to a verifiable request unless we have legal grounds to do so, such as requests that are excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
9. Privacy Rights
Depending on where you reside, you may be entitled to additional controls over your Personal Information. This section provides legally required and courtesy notices for consumers residing in certain jurisdictions where we offer our Services. You may be entitled to some or all of the rights listed below or other rights as provided under the laws that apply to your use of our Services.
If you are an End User, you can exercise these rights and learn more about your privacy rights by contacting the Client through which you access our Services. Visitors to our Site can contact email@example.com for support.
- California and Certain Other U.S. States. In the United States, consumer privacy is governed by federal privacy laws covering specific industries or data uses and state privacy laws providing with general consumer privacy rights. This section provides informational notices for residents of states with consumer privacy laws in place (“Consumers”) like California, Colorado, Connecticut, Nevada, Utah, Virginia, and other states require companies to inform consumers about their privacy rights and provide a method to exercise those rights. NOTE THAT PYPESERVER IS NOT CURRENTLY GOVERNED BY THE CALIFORNIA CONSUMER PRIVACY ACT AND IS EXEMPT FROM CERTAIN OTHER US PRIVACY LAWS. This section is offered as a courtesy to Consumers of states where the privacy law does not apply to our Services. Consumers may exercise the following rights over their Personal Information, subject to our receipt of a verifiable Privacy Request and any exceptions and limitations:
- No Sale or Sharing of Personal Information. Some states entitle consumers to opt-out of the sale or sharing of Personal Information or targeted advertising practices. PypeServer does not sell your Personal Information or share your Personal Information with third parties for cross-contextual behavioral advertising purposes. If this changes in the future, we will update this Privacy Notice and provide you with a method to opt-out.
- Limited Use and Disclosure of Sensitive Personal Information. You have the right to opt-out or limit our use of your sensitive Personal Information. We do not seek to collect sensitive Personal Information about any individual, and in no case do we disclose any sensitive Personal Information for the purpose of inferring characteristics about you or otherwise use your sensitive Personal Information without your consent. If this ever changes in the future, we will update this Privacy Notice and provide you with methods to opt-out or limit our use and disclosure of sensitive Personal Information.
- No Automated Processing. You have the right to opt-out of automated processing, or “profiling.” PypeServer does not process your Personal Information to evaluate, analyze, or predict your interests and preferences or otherwise use automated profiling to produce significant effects that concern you. If this changes in the future, we will update this Privacy Notice and provide you with a method to opt-out.
- Right to Disclosure. You have the right to request that we disclose information to you about our collection and use of your Personal Information over the past 12 months, such as (i) the categories of Personal Information we have collected about you; (ii) the categories of sources for the Personal Information we have collected about you; (iii) our business purpose for collecting or selling that Personal Information; (iv) the categories of third parties with whom we share that Personal Information; and (v) if we sold or disclosed your Personal Information for a business purpose, two separate lists stating (a) sales, identifying the Personal Information categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained. Depending on the laws that apply to you, we may only be required to respond to a certain number of disclosure requests within a 12-month period.
- Right to Correct. You have the right to request that we correct inaccurate Personal Information about you in our systems. If you become aware that the Personal Information that we hold about you is incorrect, or if your situation changes (e.g., you change address), please inform us and we will update our records.
- Right to Access. You have the right to request a copy of your Personal Information, along with details about the types of Personal Information we process, why we process it, and any third parties we work with to collect Personal Information on our behalf (also called a data portability request). We provide copies of the requested pieces of Personal Information in a portable and readily usable format. Please note that some laws prohibit us from disclosing copies of certain pieces of Personal Information (e.g., government identification numbers, financial account information, and passwords or security questions and answers) because the disclosure would create a substantial, articulable, and unreasonable risk to the security of the information, our business systems, or your account. If you are a resident of the State of California, your request is limited to specific pieces of Personal Information we have collected about you over the past 12 months, and we are only required to respond to two such requests within a 12-month period.
- Right to Deletion. You have the right to request that we delete any of your Personal Information that we collected from you and retained, with certain exceptions. We may permanently delete, deidentify, or aggregate the Personal Information in response to a request for deletion. If you submit a right to deletion request, we will confirm the Personal Information to be deleted prior to its deletion, and we will notify you when your request is complete.
- Right to Nondiscrimination. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by law, we will not (i) deny you goods or services, (ii) charge you different prices or rates for goods or services, (iii) provide you a different level or quality of goods or services, (iv) retaliate against you as an employee, applicant for employment, or independent contractor for exercising your privacy rights; or (v) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised a right under the CCPA.
- Right to Disclosure of Marketing Information. California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California residents to request certain disclosures regarding Personal Information sharing with affiliates and/or third parties for marketing purposes.
Please note that CCPA privacy rights do not apply where we collect and use your Personal Information in a business-to-business context when you are acting as an employee in the performance of your job duties.
- We adopted this section to provide supplemental information in compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). This section applies solely to residents of Canada where PIPEDA applies (“Canadian Consumers”). PIPEDA gives Canadian Consumers specific rights regarding Personal Information offering details on an identifiable person without the inclusion of name, title, telephone number, and business address of an employee of a business or organization. The following paragraphs describe PIPEDA rights and explain how to exercise those rights.
- Right to accuracy of your Personal Information. We take steps to reasonably ensure that your Personal Information we are using is accurate. In most cases, we rely on you to ensure that your information is current, complete, and accurate. We provide methods for you to correct, update, and delete inaccurate Personal Information in your account, and we will provide you with reasonable assistance to ensure that your Personal Information is accurate in our systems and with our service providers.
- Right to access your Personal Information. Upon written request and identity authentication, we will provide you with your Personal Information under our control, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed. We will make the information available within 30 days or provide written notice where additional time is required to fulfil the request. If limited by law or potential infringement on another’s privacy rights, we may not be able to provide access to some or all of the Personal Information you request. If we must refuse an access request, we will notify you in writing, document the reasons for refusal, and outline further steps that are available to you.
Canadian Consumers may exercise these rights over their Personal Information, subject to our receipt of a verifiable Consumer Privacy Request, as well as any exceptions and limitations that may apply.
- European Economic Area and United Kingdom. We adopted this section to comply with the General Data Protection Regulation (“GDPR”) and its counterpart regulation applicable to residents of the United Kingdom. This section applies solely to residents of the EEA and the United Kingdom (“Data Subjects”). We collect and processes Personal Information of Data Subjects who are Callers as a processor to our Customers. If you are a Data Subject, you have the following rights in relation to the Personal Information we hold about you:
- Right to access your Personal Information. Upon request, we will provide you with a copy of your Personal Information, along with details about the types of Personal Information we process, why we process it, and any third parties we work with to collect Personal Information on our behalf. We may have one or more legally valid reasons to refuse your request in whole or in part, for example, to protect the rights of other individuals.
- Right to restrict processing of your Personal Information. You can request that we restrict the processing of your Personal Information if: (a) the data is inaccurate; (b) the processing is unlawful; (c) we no longer need the Personal Information; or (d) you exercise your right to object.
- Right to rectify your Personal Information. If you become aware that the Personal Information that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.
- Right to data portability. In some circumstances, we are required to provide your Personal Information to another organization at your request and in a structured, commonly used machine-readable format so that the other organization can read and use it.
- Right to erasure (a.k.a. the “right to be forgotten”). Upon your request, and in certain circumstances and where we are required to do so by law, we are required to delete or anonymize your Personal Information. This right is not absolute, and we may be entitled to retain and process your Personal Information despite your request. If you make this request, we balance certain legal, contractual, and business interests against your right to request the deletion of your Personal Information.
- Right to object to certain processing of your Personal Information. Upon your request, and in certain circumstances and where we are required to do so by law, we will limit our processing of your Personal Information as you request.
- Right to not be subject to Automated Decision-Making (“ADM”). We do not use ADM to provide the Services. All decisions made on the Services which produce legal effects are the result of human decision-making. If this changes in the future, we will update this posting to describe our use of ADM and your options to exercise your privacy rights related to your Personal Information processed using ADM.
Data Subjects may exercise these rights over their Personal Information, subject to our receipt of a verifiable Consumer Privacy Request, as well as any exceptions and limitations that may apply. If you are a resident of the EEA and you believe we are unlawfully processing your Personal Information, you also have the right to complain to your local data protection supervisory authority. If you are a resident in Switzerland, you have the right to complain to the Swiss data protection authorities. Callers who are residents of the EEA or Switzerland should direct their privacy inquiries related to the Customer they contacted via our Services.
10. Consent to International Data Transfers
PypeServer is a United States company using technical infrastructure in the United States and other countries to provide our Services to users wherever they are located. If you access the Services from outside the United States, please be aware that your Personal Information may be transferred to, processed, stored, and used in the United States or other jurisdictions. When your information is moved from your home country to another country, the laws and rules that protect your Personal Information in the country to which your information is transferred may be different from those of the country where you live.
We are committed to transferring Personal Information using a lawful data transfer mechanism. For example, when we transmit data from the EU to the United States or other jurisdictions, we do so pursuant to standard contract clauses approved by the European Commission and employ those security measures required by the country in question to secure the data. However, we do not warrant that the Services are appropriate or authorized for use in any other jurisdictions. You are solely responsible for determining whether your use of the Services complies with the laws applicable to you in your location.
By allowing us to collect Personal Information about you, you consent to the transfer and processing of your Personal Information as described in this section.
11. Third-Party Websites and Advertising