Privacy Policy
Last Updated:
Jan 12, 2024
This Privacy Policy describes how OctoML, Inc. and our subsidiaries and affiliates (collectively, “OctoML,” “we,” “us,” and “our”) handle personal information that we collect through our websites, online products, and other digital properties that link to this Privacy Policy (collectively, the “Services”), and through other activities described in this Privacy Policy. It also describes your rights relating to your personal information. More information about your rights, and how to exercise them, is set out in the “Your Choices” section below.
This Privacy Policy covers the following topics:
What Personal Information Do We Collect?
Information you provide to us. Personal information you may provide to us through the Services or otherwise includes:
- Account data, such as your name, email, password, company, and country.
- Payment and transactional data needed and produced as part of your subscription to our Services.
- Contact data, such as your name, phone number, email, job title, company, and office address.
- Communications that we exchange, including when you communicate with us via the Services' chat feature described here, or contact us with questions, feedback, or otherwise.
- Marketing preference data, such as your preferences for receiving our marketing and other communications.
- Other information that we may collect which is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
- Data providers, such as information services and data licensors.
- Public sources, such as social media platforms.
- Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area derived from your IP address.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access, and UTM data.
Like many online services, we may use some or all of the following technologies to facilitate our automatic data collection:
- Cookies, which are text files that websites store on a user’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
- Web beacons, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.
- Local storage, which is used to save data on a user’s device. We may use data from local storage to, for example, turn on web navigation, store multimedia preferences, customize what we show you based on your past interactions with our Services, and remember your preferences.
- Session replay technologies. We use third-party services that record users’ interactions with the Services in a manner that allows us to watch DVR-like replays of those user sessions. The replays may include users’ clicks, mouse movements, scrolls, and keystrokes/key touches during those sessions. These replays help us diagnose usability problems and identify areas for improvement. For example, we use session replay services provided by Hotjar. You can learn more about Hotjar at https://www.hotjar.com/legal/policies/privacy/.
How Do We Use Your Personal Information?
We use your personal information for the following purposes or as otherwise described at the time we collect it:
Provide, operate, and improve the Services and our business;
Establish, monitor, and maintain your account on the Services;
Enable security features of the Services, such as by sending you security codes via email, and remembering devices from which you have previously logged in;
Communicate with you about the Services, including by sending announcements, updates, security alerts, and support and administrative messages; and
Provide support for the Services, and respond to your requests, questions, and feedback.
Maintain the safety, security, and integrity of the Services, our business, and our databases and other technology assets;
Protect our, your, or others’ rights, privacy, safety or property (including by making and defending legal claims);
Audit our internal processes for compliance with legal and contractual requirements and internal policies;
Enforce the terms and conditions that govern the Services and similar terms and agreements, including our Acceptable Use Policy; and
Prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft.
How Long Do We Retain Personal Information?
We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested, to comply with applicable legal, tax or accounting requirements, to establish or defend legal claims, or for fraud prevention). Whether the retention period is sufficient to fulfill such purposes is the primary criteria for determining the duration of the retention period. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will store your personal information and isolate it from any further processing until deletion is possible.
How Do We Protect Your Personal Information?
We implement a variety of technical, organization, and physical security measures to maintain the safety of your personal information. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your Personal Information.
How Do We Disclose Personal Information?
We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection:
- Affiliates and Related Companies. Our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.
- Service providers. Companies and individuals that provide services on our behalf or help us operate the Services or our business (such as information technology, customer relationship management, and support, chat features described here, email delivery, advertising, marketing, and website analytics).
- Integration Partners. Third party providers of products and services that you or your organization may choose to integrate with or connect to the Services. If you or your organization uses one of these integrations, we may share your personal information with those third parties to facilitate the integration.
- Other Users and the Public. Other users of our Services and members of the public who view our forums or other locations where you have provided public comments or other content. In some cases, when you participate in a forum, we will identify you by displaying information such as your username and profile picture along with the content you submit. We do not control how other users or third parties use any personal information that you make available to other users or the public.
- Advertising partners. Third party advertising companies who we partner with for advertising campaigns or that collect information about your activity on the Services and other online services to help us advertise products and services and for the purposes described in the “Interest-Based Advertising” section above.
- Professional advisors. Professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us.
- Authorities and others. Law enforcement, government authorities, crisis lines, and private parties, as we believe in good faith to be necessary or appropriate to comply with legal obligations and for the purposes described above.
- Business transaction participants. Acquirors, investors, and other relevant parties (and their advisors) of business transactions (or potential transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, OctoML or our affiliates (including, in connection with a bankruptcy or similar proceedings).
International Data Transfer
We are headquartered in the United States and we may use service providers that operate in the United States and in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country. By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein or in any terms and conditions related to your use of and access to the relevant Services.
Individuals located in the European Economic Area, the United Kingdom, or Switzerland can find more information about data transfers and OctoML’s certification to the Data Privacy Framework below.
Other sites and services
Occasionally, at our discretion, the Services may include links to other websites or online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or online services that are not associated with us. This Privacy Policy only applies to the Services, so when you visit other websites or services we encourage you to read those separate and independent privacy policies. We have no responsibility or liability for the content or activities of these linked websites or online services.
Children
The Services are not intended for use by children under 16 years of age, and we do not knowingly collect personal information from anyone under the age of 16.
Your Choices
You have the following choices with respect to your Personal Information. Access or update your information. If you have registered for an account with us, you may review and update certain account information by logging into the account.
Many of the opt-out preferences described in this section must be set on each device or browser for which you want them to apply. In addition, please note that some of the advertising companies we work with may not participate in the opt-out mechanisms described above, so even after opting-out, you may still receive interest-based advertisements from those companies. If you choose to opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you.
Changes to Our Privacy Policy
We reserve the right, at any time, to modify this Privacy Policy. If we decide to change this Privacy Policy, we will post those changes on this page and update the “Last updated” date at the top of this page. In some cases, such as if required by law, we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Services. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your continued use of the Services after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.
Notice to California Residents (Shine the Light Law)
Under California Civil Code sections 1798.83-1798.84, California residents who have an established business relationship with OctoML are entitled to ask us for a notice describing what categories of personal information we share with third parties for the third parties’ direct marketing purposes. If you are a California resident and would like a copy of this notice, please submit your request to the email address listed at the end of this Privacy Policy with “Shine the Light” in the subject line.
Notice to Nevada Residents
In some cases, Nevada Revised Statutes Chapter 603A allows Nevada residents to opt-out of the “sale” of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. If you are a Nevada resident who wishes to exercise your “sale” opt-out rights, you may submit a request to us using the contact information listed at the end of this Privacy Policy with “Nevada Opt-Out Request” in the subject line.
European Economic Area and United Kingdom Privacy Notice
This section applies only to individuals in the European Economic Area (“EEA”) and the United Kingdom (“UK”). References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.
- Processing purpose (Details regarding each processing purpose listed below are provide in the section above title "How do We Use Your Personal Information?"
- Legal Basis listed in sub-bullet
- Service Delivery
Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services. Where we cannot process your personal information as required to operate the Services on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the Services you access and request and the other interests described in this Privacy Policy.
- Research and development
These activities are based on our legitimate interests in performing research and development as described in this Privacy Policy. In some cases, we may also rely upon your consent for these purposes.
- Direct marketing & Interest-based advertising
Processing is based on your consent where that consent is required by applicable law. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consented or via the relevant Services. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business and providing you with tailored, relevant content.
- To Comply with Laws and Regulations
Processing is necessary to comply with our legal obligations.
- Compliance and protection
Processing is necessary to comply with our legal obligations or based on our legitimate interests in protecting our or others’ rights, privacy safety, or property.
- With your consent
Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Services.
- Access. Provide you with information about our processing of your Personal Information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You may submit these requests to exercise these rights by emailing them or sending them to our postal address provided below in the “How Do You Contact Us?” section. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. If you are in the EEA, you can find your data protection regulator here. If you are in the UK, you can reach the Information Commissioner’s Officer here.
Participation in the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss- U.S. Data Privacy Framework
OctoML has certified to the United States Department of Commerce that we adhere to the Data Privacy Framework Principles of the EU-U.S. Data Privacy Framework, the UK Extension to the EU U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework, as further described in the OctoML Data Privacy Framework Certification Notice https://octo.ai/legals/data-privacy-framework-certification-notice, which supplements this Privacy Policy.
How Do You Contact Us?
If you have questions about our practices regarding the collection, storage, use, processing, and disclosure of Personal Information that we receive in the course of providing the Services to you, you may contact us as at:
1000 N Northlake Way
Seattle, WA 98103 USA