Privacy Policy

Effective as of May 1, 2020.

INTRODUCTION

Advice respects your privacy rights and is committed to transparency in how we collect, use and share your personal information. This Privacy Policy explains how Advice.io, Inc. (“Advice”, or “we”, “us” or “our”) handles personal information that we collect through:

• our website at www.Advice.io (the “Website”);
• about users of the Advice services (the “Services”);
• through use of the Advice application at app.advice.io (the “App”);
• in other settings where we post this Privacy Policy.

By using the Services, visiting the Website, or using the App, you consent to the collection, transfer, processing, storage, disclosure, and other uses described in this Privacy Policy. If you have any questions or concerns about your personal information or this Privacy Policy, email us at privacy@advice.io.

APPLICATION

This Privacy Policy details our commitment to the privacy of individuals who are:

• Site Visitors – those who visit the Sites or individuals who request us to contact them via our online web forms or email;
• Registered Users – those who are users of the Services via their employer’s (our customer) subscription to the Services or visit the App;
• Identifiable Individuals – those whose information is collected for the purpose of providing our data management services to our customers, which is described further, below;
• Attendees – those who attend or register to attend in person or online events sponsored by Advice.io or in which Advice.io participates. 

Collectively, we refer to the individuals, above, as collectively as “Users.” An individual may fall into more than one category of individual. For example, an individual may attend one of our sponsored events and be classified as an Attendee, and then a Site Visitor when visiting the Sites. The terms “Advice.io,” “we,” “us,” and “our” refer to Advice.io, Inc. 

SCOPE

This Privacy Policy applies to the Website, the App, and all subpages and successor pages found within their respective domains. The Privacy Policy applies to data that relates to the Personal Information (defined below) of the Users and the Customer Activity Data (defined below) of our Customers.

The data may be collected through use of the Services; visiting the Sites; or communicating with Advice.io through email, chat, or other channel. The Privacy Policy does not apply to de-identified or aggregated Personal Information or data lawfully made available from federal, state, or local records. De-identified or aggregated data is data that does not personally identify you. An example would be, how many users have a certain postal code.

The Privacy Policy does not apply to any third party website, which may be linked to from the Sites. The information collected through these third party websites are governed by the privacy policies of the respective third party websites. 

WHAT DATA WE COLLECT

Information you provide to us

When you visit our Sites or contact us, we might collect Personal Information that you voluntarily submit to us, such as through a web form, in an email, in a chat message, or other form of electronic communication. Personal Information collected in this way includes identifiers, such as your name, business address, email address, similar identifiers, commercial information, and professional or employment-related information relevant to you as an agent of your business. 

Information for web technologies

When Site Visitors and Registered Users visit our Sites or use our Services various web technologies may collect information in relation to your use of the Sites. For example, we may collect browser information, device data, logs, IP addresses, the page of the Sites you request, the date and time of the request, and the time spent on the Sites or page. 

Some of the pages on the Sites may contain “cookies.” A cookie is a small data file that may be sent to your web browser and stored on your computer. This allows our server to recognize a computer when it revisits the Sites. The cookies also help Advice.io analyze trends, track user movement in the site, and gather demographic information about our users as a whole. 

Most web browsers can be configured to not accept cookies, or to notify you if a cookie is sent to you. You may also consider visiting aboutcookies.org, which provides helpful information about cookies. You can choose to disable cookies for the Sites but, blocking cookies may prevent or reduce the extent to which the Sites or Services can be used or customized by you. Please note that opting out of receiving cookies may not exercise your other data rights. 

Information from services

Advice.io collects information and data for the purpose of allowing Customers to measure their performance. We collect information and data to help us compile, organize, and verify this information. The collected information can include:

Performance Data – data (e.g., email, calendar, phone, customer relationship management (“CRM”) data, etc.) from activity collected through access to the Customer’s third party services or within Advice.io on behalf of the Customer. Advice.io never receives or stores user credentials (i.e., passwords) for these third party services. Advice.io relies on federated authentication protocols and tokens. 

Personal Information (“PI”) – any information which can reasonably be used to identify an individual, and may include, but is not limited to, name, email address, telephone number, postal or other physical address, title, or occupation. It may also include IP addresses or other telemetry data necessary to run the Website or App. Customer Activity Data may include Personal Information of Identifiable Individuals, Registered Users, and Attendees. We endeavor to limit our requests for and collection of Personal Information to information we believe is reasonably necessary to achieve our purposes, or is necessary for the providing the Services.

Publicly Available PI – we may collect, directly or indirectly, Personal Information from publicly accessible online sources. Publicly Available PI may be collected by a third party and then provided to Advice.io.

Licensed PI – we may collect Personal Information through licensing agreements directly with data brokers or other Companies, pursuant to their privacy policies and terms and conditions.

HOW WE USE YOUR INFORMATION

General use of your information

We may use the information we collect about you to perform our obligations with our Customers on the basis of our legitimate interest including to provide, operate, maintain, improve, and promote the Sites and the Services. We also use the collected information to provide you with information that you may request from us, to notify you about updates to the Privacy Policy, or for any other purpose described when you provide the information. 

DATA SHARING & DISCLOSURE

We do not share the personal information that you provide us with other organizations without your express consent, except as described in this Privacy Policy. We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection:

Sub-processors (Third-Party Service Providers)

We may transfer information, including Personal Information, to our sub-processors such as Amazon AWS, which we use to provide our services. These sub-processors may have access to or process your Personal Information for the purpose of providing these services for us (and in turn, you). We prohibit our sub-processors to use any Personal Information for their marketing purposes or for any other purpose than in connection with the services they provide to us.

Payment processors.

Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processor, Stripe, and we never physically receive or store your full payment card information. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Stripe may use your Payment Information in accordance with its own Privacy Policy here: https://stripe.com/privacy.

Compliance and protection.

We may disclose your personal information as we believe appropriate to government or law enforcement officials or private parties (a) for the compliance and protection purposes described above; (b) as required by law, lawful requests or legal process, such as to respond to subpoenas or requests from government authorities; (c) where permitted by law in connection with any legal investigation; and (d) to prosecute or defend legal claims.

Business Transfers.

We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy.

INTERNATIONAL TRANSFERS

Personal Information collected on the Sites will be stored and processed in the United States, or in other countries if specifically agreed upon in an applicable EUSA, and by using the Sites, you consent to any such transfer of information outside of your country. Please note, we may transfer the Customer Data we collect about you to countries other than the country where we originally collected it for the purposes processing the data and operating the Services. If we transfer your information to outside of the country of collection, we will protect that information as described in this Privacy Policy and take steps, where necessary, to ensure that international transfers comply with applicable laws.

CHILDREN’S PERSONAL INFORMATION

Our Services are not intended for or directed to persons under the age of 13. Accordingly, we do not knowingly collect Personal Information from children under the age of 13. If you are under the age of 13, do not submit any Personal Information to us via email, the Sites, through our Services, or through other channels. Any person who provides information to us through registration or in any other manner on the Sites or through the Services represents to Advice.io that they are 13 years of age or older. If you believe that we have mistakenly collected such information, please notify us at security@advice.io so that we may immediately delete the information.

ADDITIONAL INFORMATION PER USER TYPE

Site Visitors

We may collect data on how you use the Sites, to improve the Sites and the Services. This may include the ability to reproduce your actions on the Sites, your IP address, your browser and device characteristics, and other such data, for the purpose of Sites and Service improvement. We may collect Personal Information from you if you choose to contact us through the Sites.

Registered Users

Our Services are intended for use by enterprise companies. Where our Services are made available to you, a Registered User, through a Customer of ours, that enterprise is the data controller of your personal information. Your data privacy questions and requests should initially be submitted to the Customer in its capacity as your data controller. Advice.io is not responsible for our Customers’ privacy or security practices which may be different than this Privacy Policy.Where we are the data controller of Personal Information (for example, for Site Visitors and Attendees), then we retain the Personal Information we collect where we have an ongoing legitimate business need or purpose to do so. (For example, providing you with our Services, to enable your participation in an event, and to comply with applicable legal, tax or accounting requirements, is a legitimate purpose.)

Attendees

We ask for and may collect personal information such as your name, address, phone number, commercial information, and email address when you register for or attend a sponsored event or other events at which any member of the Advice.io participates. We collect this information to facilitate your registration or attendance of the event and to send you related or followup communications. 

YOUR DATA RIGHTS

Cookies and Similar Technologies

Your browser or device can allow you to opt-out of data collection from cookies or similar technologies by setting your browser to refuse all or some of the web technologies (e.g., cookies) employed on the Sites. Please note that your experience using the Sites or the Services might be degraded, or certain functionalities may not work, if you opt-out to such collection.

Marketing Communications

If you wish to opt-out of our use of your contact information for our direct marketing purposes, you can click the “Unsubscribe” button located within the most recent marketing email you received from us, or contact us at privacy@Advice.io. 

Opt-Out Rights

Depending on where you are located, you may have additional rights to opt-out of certain uses of Personal Information, know what Personal Information we’ve collected, or request that we delete your Personal Information. Please review the JURISDICTION SPECIFIC NOTICES, below, to determine if these rights apply to you. 

JURISDICTION SPECIFIC NOTICES

Advice.io is based in the United States. The Sites and Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States.

Your Personal Information may be collected, transferred to, stored and otherwise processed in any country where we have facilities or in which we engage service providers, and by using the Sites and/or Services you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.You may be entitled to additional privacy notices depending on where you are located. Please see the appropriate subsection below that may apply to you.

Advice offers a Data Protection Agreement as a means of meeting the adequacy and security requirements of the European Parliament and Council of the European Union’s Data Protection Directive and the General Data Protection Regulation (GDPR) as well as addressing the requirements of the California Consumer Privacy Act (CCPA).

SECURITY

To ensure appropriate levels of security Advice.io applies technical, administrative and organizational security measures to prevent against accidental or unlawful destruction and loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against other unlawful forms of processing. 

Our service is built on Amazon Web Services (AWS) which maintains multiple certifications for its data centers, including SOC reports, PCI Certification, and ISO 27001 compliance. They provide strong security measures to protect our infrastructure and are compliant with most certifications. You can read more about their practices here.

Furthermore, Advice has implemented additional security measures using Sqreen which allows us to:
• Monitor and protect our infrastructure from automated scanners, bots and targeted attacks. It blocks attacks and alerts in case of critical threats. It also brings additional features like IP blocking etc
• Monitor our applications. Security events are logged and notifications are sent in case of critical attacks to allow for fast remediation.
• Integrate security in our applications and protect our users from data breaches. It integrates protections against the most critical attack categories like SQL injections, cross-site scripting and adds security headers to our application. It blocks attacks in real-time and warns us when attackers start stressing our applications.
• Monitor suspicious behaviors and react fast in case of account takeovers. It also protects customers against data theft by blocking credential stuffing or brute force attacks.

EMPLOYEE ACCESS

Our strict internal procedure prevents any employee or administrator from gaining access to user data. Limited exceptions can be made for customer support. Our employees sign a Non-Disclosure and Confidentiality Agreement to protect our customers sensitive information.

POLICY UPDATES

Changes to this Privacy Policy may be made from time to time and will be posted on this page as legal, regulatory, or operational requirements change. If we make material changes to Advice.io’s Privacy Policy, we will provide notice on the Sites or via email. However, we encourage you to periodically review this page for the latest information on our privacy practices. If you continue to use the Services, after those changes are in effect, you agree to the revised Privacy Policy.

CONTACT US

If you have any questions or concerns about this Privacy Policy or our privacy practices, please don’t hesitate to contact privacy@advice.io.