Last Revised: July 16, 2015
As you use our services, we want you to be clear how we’re using information and the ways in which you can protect your privacy.
- What information we collect and why we collect it.
- How we use that information.
- The choices we offer, including how to access and update information.
We’ve tried to keep it as simple as possible, but if you’re not familiar with terms like cookies, IP addresses, pixel tags and browsers, then read about these key terms first. Your privacy matters to Strap so whether you are new to Strap or a long-time user, please do take the time to get to know our practices – and if you have any questions consult this page.
Information we collect
We collect information to provide better services to all of our users – from figuring out basic stuff like which language you speak, to more complex things like which ads you’ll find most useful or the people who matter most to you online.
We collect information in two ways:
- Information you give us. For example, many of our services require you to sign up for a Strap Account. When you do, we’ll ask for personal information, like your name, email address, telephone number or credit card. If you want to take full advantage of the sharing features we offer, we might also ask you to create a publicly visible Strap Profile, which may include your name and photo.
- Information we get from your use of our services. We may collect information about the services that you use and how you use them, like when you visit a website that uses our advertising services or you view and interact with our ads and content. This information includes:
o Device information
We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). Strap may associate your device identifiers or phone number with your Strap Account.
o Log information
When you use our services or view content provided by Strap, we may automatically collect and store certain information inserver logs. This may include:
- details of how you used our service, such as your search queries.
- telephony log information like your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls.
- Internet protocol address.
- device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
- cookies that may uniquely identify your browser or your Strap Account.
o Location information
When you use a location-enabled Strap service, we may collect and process information about your actual location, like GPS signals sent by a mobile device. We may also use various technologies to determine location, such as sensor data from your device that may, for example, provide information on nearby Wi-Fi access points and cell towers.
o Unique application numbers
Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to Strap when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.
o Local storage
We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
o Cookies and anonymous identifiers
How we use information we collect
We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Strap and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads.
We may use the name you provide for your Strap Profile across all of the services we offer that require a Strap Account. In addition, we may replace past names associated with your Strap Account so that you are represented consistently across all our services. If other users already have your email, or other information that identifies you, we may show them your publicly visible Strap Profile information, such as your name and photo.
When you contact Strap, we may keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.
We use information collected from cookies and other technologies, like pixel tags, to improve your user experience and the overall quality of our services. For example, by saving your language preferences, we’ll be able to have our services appear in the language you prefer. When showing you tailored ads, we will not associate a cookie or anonymous identifier with sensitive categories, such as those based on race, religion, sexual orientation or health.
We may combine personal information from one service with information, including personal information, from other Strap services – for example to make it easier to share things with people you know. We will not combine cookie information with personally identifiable information unless we have your opt-in consent.
Strap processes personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live.
Transparency and choice
People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. For example, you can:
- Review and control certain types of information tied to your Strap Account by using Strap Dashboard.
- View and edit your preferences about the ads shown to you on Strap and across the web, such as which categories might interest you, using Ads Settings. You can also opt out of certain Strap advertising services here.
- Use our editor to see and adjust how your Strap Profile appears to particular individuals.
- Control who you share information with.
- Take information out of many of our services.
You may also set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us. However, it’s important to remember that many of our services may not function properly if your cookies are disabled. For example, we may not remember your language preferences.
Information you share
Many of our services let you share information with others. Remember that when you share information publicly, it may be indexable by search engines. Our services provide you with different options on sharing and removing your content.
Accessing and updating your personal information
Whenever you use our services, we aim to provide you with access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems).
Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
Information we share
We do not share personal information with companies, organizations and individuals outside of Strap unless one of the following circumstances applies:
- With your consent
We will share personal information with companies, organizations or individuals outside of Strap when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information.
- With domain administrators
If your Strap Account is managed for you by a domain administrator (for example, for Strap Apps users) then your domain administrator and resellers who provide user support to your organization will have access to your Strap Account information (including your email and other data). Your domain administrator may be able to:
o view statistics regarding your account, like statistics regarding applications you install.
o change your account password.
o suspend or terminate your account access.
o access or retain information stored as part of your account.
o receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.
o restrict your ability to delete or edit information or privacy settings.
- For external processing
- For legal reasons
We will share personal information with companies, organizations or individuals outside of Strap if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
o meet any applicable law, regulation, legal process or enforceable governmental request.
o enforce applicable Terms of Service, including investigation of potential violations.
o detect, prevent, or otherwise address fraud, security or technical issues.
o protect against harm to the rights, property or safety of Strap, our users or the public as required or permitted by law.
We may share aggregated, non-personally identifiable information publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.
We work hard to protect Strap and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:
- We encrypt our services using SSL.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We restrict access to personal information to Strap employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
For questions regarding our privacy practices, contact us at firstname.lastname@example.org
Last Revised: August 20, 2015
Strap (“Company”) has adopted this Policy to govern the treatment of our customers’ and employees’ Personal Information. The loss of Personal Information can result in substantial harm to individuals, including embarrassment, inconvenience and fraudulent use of the information. Protecting the confidentiality and integrity of Personal Information is a critical responsibility that must be taken seriously at all times. Compliance with this Policy is mandatory.
The purpose of the Policy is to:
- Define Personal Information and Sensitive Personal Information.
- Establish general principles for protecting Personal Information.
- Assign accountability for protection of Personal Information.
This Policy applies to all Company employees, agents and representatives, including any contractor or third-party provider of services to the Company (“Third-Party Service Provider”) who have access to Personal Information the Company has collected or otherwise has in its possession. This Policy applies to all Personal Information collected, maintained, transmitted, stored, retained or otherwise used by the Company regardless of the media on which that information is stored and whether relating to employees, customers or any other person.
“Personal Information” means information the Company has collected or otherwise maintains or has in its possession that identifies or can be used to identify or authenticate an individual, including, though not limited to:
- Telephone numbers;
- E-mail addresses;
- Employee identification numbers;
- Government-issued identification numbers;
- User identification and account access credentials, passwords, PINs and security question answers;
- Financial account numbers;
- Geolocation data; and
- Biometric, medical, health or health insurance information.
The term Personal Information includes Sensitive Personal Information (defined below). It also includes, for children under the age of 13, anything that can reasonably be used to identify the child, including online contact information, persistent identifiers, and pictures.
“Data Subject” means the person about whom Personal Information is collected.
“Sensitive Personal Information” means Personal Information that if lost, compromised, accessed or improperly disclosed could result in harm, embarrassment, inconvenience or unfairness to an individual and that therefore is subject to heightened protections. Examples of Sensitive Personal Information include, but are not limited to:
- An individual’s government-issued identification number, including a social security number, driver’s license number or state-issued identification number;
- A financial account number, credit card number or debit card number with or without any required security code, access code, personal identification number or password, that would permit access to an individual’s financial account; and
- Biometric, medical, health or health insurance information.
In most jurisdictions, the law will provide for the types of information that are subject to heightened protection. If you have any questions about whether any Personal Information qualifies as Sensitive Personal Information, you should contact the Privacy Officer.
“Security Incident” means any act or omission that compromises the security, confidentiality or integrity of Personal Information or the physical, technical, administrative or organizational safeguards the Company or a Third-Party Service Provider has put in place to protect Personal Information. The loss of or unauthorized access to, disclosure or acquisition of Personal Information is a security incident.
Using, Handling and Retaining Personal Information
Access, Use and Sharing of Personal Information. You may only access Personal Information when the information relates to and is necessary to perform your job duties. You may not access Personal Information for any reason unrelated to your job duties. You may not use Personal Information in a way that is incompatible with the notice given to the Data Subject at the time the information was collected. If you are unsure about whether a specific use or disclosure is appropriate, you should consult with your supervisor or contact the Privacy Officer. You may only share Personal Information with another Company employee, agent or representative if the recipient has a job-related need to know the information. Personal Information may only be shared with a Third-Party Service Provider if it has a need to know the information for the purpose of providing the contracted services and if sharing the Personal Information complies with the privacy notice provided to the Data Subject. You may not share Personal Information with a Third-Party Service Provider without prior written approval from the Privacy Officer.
Accuracy. You must collect, maintain and use Personal Information that is accurate, complete and relevant to the purposes for which it was collected.
Security. You are responsible for protecting Personal Information. The Company has implemented an Information Security Plan that sets forth technical, administrative and physical safeguards for the protection of Personal Information. You must follow the security procedures set forth in the ISP at all times. You must exercise particular care in protecting Sensitive Personal Information from loss, unauthorized access and unauthorized disclosure.
Data Subjects’ Rights. Individuals have rights when it comes to how their Personal Information is handled. These rights may vary depending on the applicable jurisdiction, but may include for example:
- the right to know what Personal Information the Company maintains about the individual and/or with whom the Company has shared the Personal Information;
- the right to access or correct the Personal Information; or
- a right to deletion of the Personal Information.
You must comply with applicable laws regarding the rights of Data Subjects. If you are unsure of the applicable legal requirements, or if you receive a request or complaint from a Data Subject regarding the handling of his or her Personal Information, please contact the Privacy Officer.
Retention and Disposal. You should maintain Personal Information only for so long as it is needed for the legitimate business purpose for which it was collected or to satisfy a legal requirement. You must follow the applicable records retention schedules and policies and destroy any media containing Personal Information in accordance with the applicable records disposal policy.
Training Employees and Supervising Contractors
All Company personnel who have access to Personal Information must be educated and trained on this Policy and the treatment of Personal Information. In addition, whenever Personal Information is entrusted to a Third-Party Service Provider, proper management and supervision over the outside party’s handling of that Personal Information must be ensured through appropriate contracts. Personnel with responsibility for supervising employees or managing Third-Party Service Provider relationships must be trained on supervision over those employees and Third-Party Service Providers.
Reporting a Security Incident
If you know or suspect that a Security Incident has occurred, immediately contact your supervisor and/or the Security Officer. You should preserve all evidence relating to the potential Security Incident. You may refer to Strap’s Incident Response Plan for more information.
Monitoring Compliance and Enforcement
The Privacy Officer is responsible for administering and overseeing implementation of this Policy and, as applicable, developing related operating procedures, processes, policies, notices and guidelines. If you are concerned that any provision of this Policy, or any related policy, operating procedure, process or guideline designed to protect Personal Information, has been or is being violated, please contact the Privacy Officer. The Company will conduct periodic reviews and audits to assess compliance with this Policy. Employees who violate this Policy and any related guidelines, operating procedures or processes designed to protect Personal Information and implement this Policy may be subject to discipline.
Other Company policies also apply to the collection, use, storage, protection and handling of Personal Information and may be relevant to implementing this Policy. You should familiarize yourself with these policies, including:
- Information Security Plan.
- Incident Response Plan
- Data Retention and Deletion Policy
This Policy is not intended to restrict communications or actions protected or required by state or federal law.
Amendment and Revision
This Policy may be revised from time to time.