Updated: March 5th, 2021
What Information does Spiro collect?
Information You Provide:
By downloading and enabling the Service, or by using the Service in your web browser, you are authorizing Spiro to access and store all of the foregoing types of Information:
- Information you submit as part of the registration process such as your name, email address and phone number.
- Information you elect to submit to any areas of the Service that are accessible by other Service users within your organization (“User Submissions”).
- Information that Spiro may obtain from third-party services (both Personal and Enterprise Information, such as CRM data, files, email/calendar information, and contacts) that Spiro requires for the operation of the Service.
You acknowledge and agree that you will not (i) provide us with any information that you do not have the right to provide, or (ii) share, via the Service, any information you do not have the right to share (such as information that is confidential to any third party and that you are not authorized to share with your intended recipients).
You further acknowledge that Spiro will be acting as the Data Processor as defined and governed by the European Union’s General Data Protection Regulation also known as GDPR.
If you register for a paid subscription to the Service, then you may be required to provide a valid credit card number and associated information needed to charge the card, which will be collected and used by our payment processor, not Spiro.
Information You Authorize Us to Collect:
Certain features of the Service may allow you to import information from third party services (“Third Party Services”). By requesting that Spiro import such information – you authorize Spiro to use your Third Party Service username and password to access the applicable Third Party Service Account. This authentication process is managed by the applicable Third Party Service provider. Spiro will not use your Third Party Service account credentials for any other purpose.
Spiro’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Automatically Collected Information:
We may automatically receive and store certain, anonymous types of information whenever you interact with the Service. Such information may include the your IP address, domain server, and type of Internet browser. This information helps us, among other things, analyze trends and administer the Service. This information is anonymous and contains no personally identifiable data.
How does Spiro use the information it collects?
Spiro uses your Information as follows:
- To operate and maintain the Service (such as, for the purposes of fixing malfunctions, testing our security systems, etc.).
- To provide you with the features, functions and benefits of the Service.
- To enhance, improve and further develop the Service (such as, creating new features or functions, refining the user experience, increasing Service technical performance, etc.).
- We will use your contact information to provide you with notices related to your use of the Service.
- We will use your contact information (such as, your email address) to provide you with promotional and marketing emails. You can opt-out of receiving certain types of promotional and marketing emails – but in such case you may not receive the full benefit of the Service.
- Our payment processor will use your credit card information to process charges in accordance with your paid subscription to the Service.
- To help personalize the Service experience for you (such as, remembering your information so you will not have to enter it each time you use the Service).
- And for the other purposes referenced in the “Will Spiro Share Any of the Information it Receives” section below (such as, for the purposes of legal compliance).
Will Spiro Share Any of the Information it Receives?
To the limited extent we collect Information – we neither rent nor sell your Information to anyone. We share your Information only as described below.
Within Your Organization:
As mentioned above – certain of your Enterprise Information may be shared internally with other members of your organization.
We employ other companies and people to perform tasks on our behalf. Your information may be accessed by these partners/employees, in the event that we need to share your Information with them to provide our services or customer support to you. Unless we tell you differently, Spiro’s agents do not have any right to use Information we share with them beyond what is necessary to assist us.
In some cases, we may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that are transferred. Moreover, if Spiro, or substantially all of its assets were acquired, or in the unlikely event that Spiro goes out of business or enters bankruptcy, customer information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Spiro (or any acquirer of Spiro’s assets related to the Service) may continue to use your Information as set forth in this policy. If personal data is part of an onward transfer as part of a business transaction, Spiro is not liable for how your personal information is handled by the acquiring company.
Protection of Spiro and Others:
We may release Information when we believe in good faith that release is necessary to comply with the law; enforce or apply our Terms of Service and other agreements; or protect the rights, property, or safety of Spiro, our employees, our users, or others.
With Your Consent:
There are no other instances where Spiro will share your personal information with third parties without your consent. Except as set forth above, you will be notified when your Information may be shared with third parties, and will be able to prevent the sharing of this information. If you wish to prevent the sharing of your personal information with a third party, please send an email to firstname.lastname@example.org.
What You can Do to Your Personal Information.
Accessing your information:
You have the right to access any of your personal data stored by Spiro. You can access your personal information by logging into your Spiro account on the web or via the mobile app.
Deleting your account:
You can delete your account by sending an email to email@example.com. When you request us to delete your account for the Service, your data will be permanently deleted from our servers and access to your account will be disabled. For clarity, the Service and your account will not be terminated simply by deleting our mobile application from your device.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice that, with respect to the immediately preceding calendar year, identifies the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, including contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please mail a written request to the Spiro (contact info below).
What about third-party services Spiro connects to?
Spiro links to other services, such as Zapier. Spiro does not access any information from these third-party services without your authorization. Except for Microsoft Exchange connectivity, the authentication process for 3rd party services is entirely managed by the third party. Spiro never sees or stores your password to these services. In the case of Microsoft Exchange, Spiro stores an encrypted version of your password which is never accessible in its original form, even to Spiro personnel.
How We Protect Your Information
Spiro takes certain precautions to protect your Information and to limit the risk that it will be accessed without authorization, including use of certain industry standard technologies and practices. That said, we cannot guarantee the security of such Information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. No security system is perfect – so your use of the Service is at your own risk.
If we learn of a security systems breach, then we may attempt to notify you via email, phone, physical mail, or by a posting on your Service account page – so that you can take appropriate protective steps. Pursuant to our Terms of Service you have consented to receive such notice by electronic means (provided that such consent is void where prohibited by applicable law). To receive a free written notice of a security breach, or if you have any questions about the security of the Service, please contact us at firstname.lastname@example.org.
Transfers of Personal Data
Service is hosted and operated in the United States (“U.S.”) through Spiro and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Service, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Spiro in the U.S. and will be hosted on U.S. servers, and you authorize Spiro to transfer, store and process your information to and in the U.S., and possibly other countries.
Spiro has certified to the EU-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection and use of Personal Data transferred to the United States from the European Union (“EU”) and the United Kingdom (“UK”). While Privacy Shield is no longer a valid lawful basis on which Spiro may rely to transfer personal data from the European Union to the United States pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR), Spiro continues to comply with the EU-U.S. Privacy Shield Framework, as administered by the U.S. Department of Commerce, regarding the collection, use, and retention of personal data from the EU and the UK, respectively, to the United States. For more information about the Privacy Shield Program, and to view Spiro’s certification, please visit www.privacyshield.gov. Spiro is committed to the Privacy Shield Principles of (1) notice, (2) consent, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access and (7) recourse, enforcement and liability with respect to all Personal Data received from within the EU in reliance on the Privacy Shield. The Privacy Shield Principles require that we remain potentially liable if any third party processing Personal Data on our behalf fails to comply with these Privacy Shield Principles (except to the extent we are not responsible for the event giving rise to any alleged damage). Spiro’s compliance with the Privacy Shield is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. For transfers of personal data from our customers in the EU and the UK to the U.S., we rely on the Standard Contractual Clauses approved by the European Commission.
Spiro has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the EU data protection authorities (DPAs) under the EU-U.S. Privacy Shield Framework. Under certain conditions, you may also be entitled to invoke binding arbitration for complaints not resolved by other means.
If you have any questions or concerns regarding our privacy practices, please send us a detailed message to email@example.com or: Spiro Technologies Inc., 334 Boylston St, Boston, MA 02116.