Effective: August 31, 2020
Your data and privacy are important to us, and we are committed to transparency regarding how we collect, use, and share information about you and your data.
This policy also explains your choices about how we use information about you, which could be used to identify you directly or indirectly (“Personal Data”). Your choices include how you can object to certain uses of Personal Data about you and how you can access and update certain Personal Data about you. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.
Where we provide the Services under contract with an organization, that organization controls the information processed by the Services. For more information, please see Notice to End Users below.
We also collect, generate and/or receive Other Information, which may include Personal Data:
- Organization and Account Information
To create your account, you or the Organization Owner (e.g., your employer or tool administrator) supply us with a name, email address, phone number (optional), password, role in the Organization (optional), timezone and/or similar account details. To update your account, you or the Organization Owner can log in using the supplied credentials (username/password) and change settings to which you have access. If your Organization Owner chooses to invite you to a Workspace (add you to the Account), they can do so via email.
- Your use of the Services
We keep track of certain information about you when you visit and interact with any of our Services. This information includes:
– the features you use
– the links you click on
– the type, size, and file names of attachments you upload to the Services
– frequently used search terms
– how you interact with others on the Services. We also collect information about the teams and people you work with and how you work with them, such as who you collaborate with and communicate with most frequently.
- Device and Connection Information
We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
- Cookies and Other Tracking Technologies
- Third Party Services
Organization Owners (or tool administrators) can choose to permit or restrict Third Party Services for their Organization. Typically, Third Party Services are software that integrate with our Services. Team Members should check the privacy settings and notices in these Third Party Services to understand what data may be disclosed to us. When a Third Party Service is enabled, we are authorized to connect and access Other Information made available to us in accordance with our agreement with the Third Party Provider.
- Third Party Data
We may receive data about organizations, industries, Website visitors, marketing campaigns and other matters related to our business from our partners or others that we use to make our own information better or more useful. This data may be combined with Other Information that we collect and might include aggregate-level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.
- Additional Information Provided to Us
We receive Other Information when you submit information through a form on our Website or if you participate in a focus group, contest, webinar, activity or event, apply for a job, request support, visit our office, interact with our social media accounts, or otherwise communicate with us.
Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as Organization setup details, is not provided, we may be unable to provide the Services.
Notice to End Users
Many of our products are intended for use by organizations. Where the Services are made available to you through an organization (e.g., your employer), that organization is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.
Administrators are able to:
- require you to reset your account password
- restrict, suspend, or terminate your access to the Services
- access information in and about your account
- access or retain information stored as part of your account
- install or uninstall third-party apps or other integrations
In some cases, administrators can also:
- restrict, suspend, or terminate your account access
- change the email address associated with your account
- change your information, including profile information
- restrict your ability to edit, restrict, modify, or delete information
Even if the Services are not currently administered to you by an organization, if you use an email address provided by an organization to access the Services, then the owner of the domain associated with your email address (e.g., your employer) may assert administrative control over your account and use of the Services at a later date. You will be notified if this happens.
If you do not want an administrator to be able to assert control over your account or use of the Services, use your personal email address to register for or access the Services. If an administrator has not already asserted control over your account or access to the Services, you can update the email address associated with your account through your account settings in your profile. Once an administrator asserts control over your account or use of the Services, you will no longer be able to change the email address associated with your account without administrator approval.
Please contact your organization or refer to your administrator’s organizational policies for more information.
How We Use Information
Customer Data will be used by us in accordance with Customers’ instructions, including any applicable terms in the Services Agreement and as required by applicable law. Writer, Inc. is a processor of Customer Data and Customer is the controller. Customer may, for example, use the Services to grant and remove access to an Organization, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services.
We use Other Information in furtherance of our legitimate interests in operating our Services, Websites, and business. More specifically, we use Other Information:
- To provide, update, maintain, and protect our Services, Websites, and business.
This includes use of Other Information to support delivery of the Services under a Services Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at a Team Member’s request.
- As required by applicable law, legal process, or regulation.
- To communicate with you by responding to your requests, comments and questions.
If you contact us, we may use your Other Information to respond.
- To develop and provide additional features.
We try to make the Services as useful as possible for specific Organizations and Team Members.
- To send emails and other communications.
We may send you service, technical, and other administrative emails, workflow notifications, messages, and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. We will also contact you if you request information or to meet with a company representative. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications, or other news about Writer. These are marketing messages, and you can control whether you receive them by clicking the “Unsubscribe” link in our email footers.
- For billing, account management, and other administrative matters.
We may need to contact you for invoicing, organization management, and similar reasons and we use organization data to administer accounts and keep track of billing and payments.
- To investigate and help prevent security issues and abuse.
If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any business purpose.
We will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Services Agreement and as required by applicable law. We will retain your information for as long as your account is active or as needed to provide you Services. If you wish to cancel your account or request that we no longer use your information to provide you services, you may delete your account by sending a request to delete your account to “email@example.com” or by requesting that your Organization owner remove you.
We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will try to delete your information quickly upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist after deletion. In addition, we do not delete from our servers files that you have in common with other users.
How We Share And Disclose Information
This section describes how we may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and we do not control how they or any other third parties choose to share or disclose Information.
- Customer’s Instructions.
We will solely share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
- Displaying the Services.
When a Team Member submits Other Information, it may be displayed to other Team Members in the same or connected Workspaces. For example, a Team Member’s email address may be displayed with their Workspace profile.
- Collaborating with Others.
The Services provide different ways for Team Members working in independent Workspaces to collaborate, such as shared channels. Other Information, such as an Team Member’s profile Information, may be shared, subject to the policies and practices of the other Workspace(s).
- Customer Access.
Owners, administrators, Team Members, and other Customer representatives and personnel may be able to access, modify, or restrict access to Other Information. This may include, for example, your employer using Service features to export logs of Workspace activity, or accessing or modifying your profile details.
- Third Party Service Providers and Partners.
We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide virtual computing and storage services.
- Third Party Services.
Customer may enable or permit Team Members to enable Third Party Services. When enabled, we may share Other Information with Third Party Services. Third Party Services are not owned or controlled by us and third parties that have been granted access to Other Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
- Corporate Affiliates.
We may share Other Information with our corporate affiliates with your consent.
- During a Change to Our Business.
If Writer, Inc. engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements.
- Aggregated or De-identified Data.
We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective Writer customer the average amount of time or money saved for an average team.
- To Comply with Laws.
If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- To enforce our rights, prevent fraud, and for safety.
To protect and defend the rights, property or safety of Writer, Inc. or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
- With Consent.
We may share Other Information with third parties when we have consent to do so.
We take security of data very seriously. We work hard to protect Other Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Other Information we collect, process and store, and the current state of technology.
- Information storage and security
We use data hosting service providers in the United States to host the information we collect, and we use technical measures to secure your data. For more information on where we store your information, please see Google’s Cloud hosting infrastructure page – https://cloud.google.com. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. If you use our server or data center Services, responsibility for securing storage and access to the information you put into the Services rests with you and not us. We strongly recommend that server or data center users configure SSL to prevent interception of data transmitted over networks and to restrict access to the databases and other storage points used.
- How long we keep information
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
- Account information
We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
- Information you share on the Services
If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Services. For example, we continue to display messages you sent to the users that received them and continue to display content you provided.
- Managed accounts
If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by the administrator of your account. For more information, see “Managed accounts and administrators” above.
Our Policy Toward Children
Our Services are not directed to persons under 16. We do not knowingly collect personally identifiable information from children under 16. If a parent or guardian becomes aware that their child has provided us with Personal Data without their consent, they should contact us at firstname.lastname@example.org. If we become aware that a child under 16 has provided us with Personal Data, we will take steps to delete this information from our files.
Data Protection Officer
To communicate with our Data Protection Officer, please email email@example.com.
Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their Personal Data. Subject to any exemptions provided by law, you may have the right to request access to Personal Data, as well as to seek to update, delete or correct this Personal Data. If you cannot use the settings and tools, contact your Organization Owner for additional access and assistance. Please check your profile at https://app.writer.com for your contact information.
To the extent that our processing of your Personal Data is subject to the General Data Protection Regulation, we rely on our legitimate interests, described above, to process your data. We may also process Other Information that constitutes your Personal Data for direct marketing purposes and you have a right to object to our use of your Personal Data for this purpose at any time.
Personal Data Transferred from the EU or Switzerland to the United States
Writer, Inc. complies with the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (Privacy Shield) as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EU and the United Kingdom and/or Switzerland, as applicable to the United States in reliance on Privacy Shield. Writer, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. A violation of our commitment to Privacy Shield may be investigated by the Federal Trade Commission and/or the United States Department of Commerce. If there is any conflict between the policies in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, to the extent available, please visit https://www.privacyshield.gov.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of Personal Data about you. Persons from the EU who have inquiries or complaints regarding this Statement should first contact us via email at: firstname.lastname@example.org.
We have committed to refer unresolved privacy complaints under the Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information and to file a complaint.
These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law.
Under certain conditions, if you are not satisfied with the above recourse mechanism, you may be able to invoke binding arbitration.
In cases of onward transfer to third parties of Personal Data of EU and Swiss individuals received pursuant to the EU-US and SW-US Privacy Shield, Writer, Inc. is potentially liable.
Pursuant to the Privacy Shield, Writer, Inc. remains liable for the transfer of Personal Data to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages.
For California Residents
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of Personal Data by us to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to email@example.com or write us:
140 Geary St #800
San Francisco, CA 94108
Furthermore, California residents have the following rights with respect to Personal Data we may have collected about them:
(i) Requests to Know
You have the right to request that we disclose:
- The categories of Personal Data we have collected about you;
- The categories of Personal Data about you we have sold or disclosed for a business purpose;
- The categories of sources from which we have collected Personal Data about you;
- The business or commercial purposes for selling or collecting Personal Data about you;
- The categories of Personal Data sold or shared about you, as well as the categories of third parties to whom the Personal Data was sold, by category of Personal Data for each party to whom Personal Data was sold;
- The specific pieces of Personal Data collected.
You may submit a request to know by emailing firstname.lastname@example.org. The delivery of our response may take place electronically or by mail. We are not required to respond to requests to know more than twice in a 12-month period.
(ii) Requests to Delete
You have the right to request that we delete any Personal Data about you that we have collected. Upon receiving a verified request to delete Personal Data, we will do so unless otherwise authorized by law. You may submit a request to delete Personal Data by emailing email@example.com.
Upon receipt of a request, we may ask you for additional information to verify your identity. Any additional information you provide will be used only to verify your identity and not for any other purpose.
We will acknowledge the receipt of your request within ten (10) days of receipt. Subject to our ability to verify your identity, we will respond to your request within 45 days of receipt. In order to protect your privacy and the security of Personal Data about you, we typically verify your request by requesting additional identifying information relating to you and/or you’re your mobile device.
(iii) Right to Opt Out of the Sale of Personal Data
We do not sell Personal Data.
(iv) Authorized Agents
You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney pursuant to Probate Code sections 4000-4465 may submit a request on your behalf.
(vi) Categories of Personal Data the We Have Sold in the Last 12 Months
We do not sell Personal Information.
(vii) The Right to Non-Discrimination
You have the right not to be discriminated against for the exercise of your California privacy rights described above.
How We Respond to Do Not Track Signals
California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently isn’t an industry or legal standard for recognizing or honoring DNT signals, we don’t respond to them at this time.
Contacting Writer, Inc.
140 Geary St #800
San Francisco, CA 94108