Privacy Policy

Gleantap, Inc., Mastera.io and any if its subsidiaries and affiliates (individually or collectively, “Provider”, “we”, or “us”) knows that you value your privacy. This privacy policy explains the information we collect through the websites available via Gleantap.com and Mastera.io and their subdomains as well as through other Provider-managed websites or pages where this privacy policy is posted or linked (collectively, the “Sites”). This policy also describes the information collected from or on behalf of end users of our software-as-a-service or other service offering selected by Customer from any Provider website (the “Services”). This policy is governed by the Terms of Service and describes how the above information is collected, used, shared, and secured, as well as your related choices regarding use, access and correction.

This policy does not apply to the information Provider receives from the third-party websites, mobile apps and other digital products that use the Services. When our franchisee customers use the Services on their own websites and products, they remain responsible for their own privacy and security practices, which may differ from ours. You should consult the relevant privacy policies on our franchisee customers’ websites and products to find out more about their privacy practices and your related choices. 

  1. Information We Collect

We collect the following categories of information, which may be considered personal information when maintained in identifiable form:

  • first name and surname, username and password, email address, contact information, country of residence, job title, and other information you provide us when you create an account on the Sites or Services, sign-up to receive communications or materials from us, or otherwise submit a form to us;
  • Transaction and payment information you provide when purchasing a product or service from us, whether on our Sites or elsewhere. This information may include the information listed above as well as payment information;
  • Content and information that you submit when using the Sites or the Services; this information includes, for example, information you provide in any blogs or forums on the Sites, comments you add on the Services, information you provide when you participate in any interactive features or surveys, and information you submit when filing a support ticket;
  • Usage, viewing, logs, metrics and other device and technical data collected when you visit our Sites, use the Services as an end user, or open or reply to emails we send. This may include information such as your web request, Internet Protocol (“IP”) address, device identifiers, device information (such as OS type or browser type), cookie IDs, referring / exit pages and URLs, interaction information (such as clickstream data), domain names, pages viewed, crash data, and other similar technical data;
  • Information about you and your company collected from third party or public sources or that we receive from companies that partner with us to provide products and services; this may include information about you and your company we receive from our advertising and market research partners, who may provide us with information about your interest in and engagement with our online advertisements; and
  • Location information when you visit our Sites or use the Services, including location information either provided by a mobile device interacting with one of our sites or applications or associated with your IP address.

    We may also collect non-personally identifiable information. We may use both personal information and non-personally identifiable information to create aggregate information.
  1. How We Collect Information From You

We collect information from you when you submit it to us, for example, when you request products, services, or information from us, register for an account, register to participate in a conference on our Site, participate in public forums on the Site, or respond to our customer surveys.

We may also:

  • automatically collect usage, analytics, viewing, logs, metrics and other device and technical data when you access our Sites or use the Services as an end user. For example, when you access our Sites or log into the Services, our servers will automatically record certain information about your device and browser, and we may collect usage, clickstream, event data, crash data, and other technical data. We, our advertising partners and our service providers may also use technologies such as cookies, beacons, tags, Local Storage Objects (LSOs) (such as HTML5 and Flash LSOs) and scripts to collect this information. 
  • obtain information about you from our franchisee, resellers or other third-party partners, for example, if you purchase access to the Services through one of these partners;
  • acquire information from public sources or from third-party sources, such as our advertising and market research partners, including to update or enhance the other information collected about you. Local law may require that you authorize the third party to share your information with us before we can acquire it; and
  • automatically acquire information when you reply to or interact with an email we send, such as to track your engagement with our messages or when your replies to our messages contain additional email addresses.
  1. How We Use Information

We may use the information collected to:

  • process your orders and requests and respond to your questions and concerns; for example, if you inquire about our services or submit an application for Services to us, we may use your data to respond to and process these requests;
  • provide you with products and services, and personalize your experience; for example, we may use information on your prior activities or job function to tailor the features and content on the Services or Sites, or we may use technical data to remember your preferences;
  • communicate with you about your account or transactions, and provide you with product-related communications, such as information about new features and policy updates;
  • operate, maintain, analyze, develop, update and improve our Sites, the Services, and other products and services we offer. For example, we may administer and track users’ activities on our Sites and the Services to determine how to improve our content and features, or we may analyze trends and gather demographic information about our user base to better tailor our marketing efforts;
  • detect, investigate and prevent activities that may violate our policies, including our Gleantap Terms of Service or applicable laws (such as fraud detection and prevention) or that may threaten the security, integrity or availability of our or another party’s products, systems and services;
  • send you news, updates, promotions, product information, event announcements, and other marketing communications. Please see the section entitled “Your Controls and Choices” for an explanation of your choices relating to these communications;
  • provide you with and target advertising based on your activity and interests, both on our own Sites and applications and on third-party sites and applications;
  • act pursuant to your consent for a specific purpose not listed in this policy. For example, with your consent, we may post your testimonial along with your name on our Sites. If you wish to update or delete your testimonial, please contact us as explained below; and

We also use aggregated information, such as usage data, for other lawful purposes, such as to create blog posts and content that others may find useful.

 

  1. Sharing Information with Others

We do not share your personal information to third parties except in certain circumstances, including:

  • When you allow us to share the information, such as when you:
    • Elect to share your personal information with third party partners and providers listed on our Sites, so they can send you information, offers and promotions about their products and services;
    • Choose to share your personal information with third parties or their sites or platforms, such as when you share one of our blog posts to your social media feed;
    • Publish information publicly on our Site or the Services. Any such personal information shared by you will be available to others who may collect or use it;
    • Use third-party features on our Site or the Services, such as commenting features run by third-parties.
  • Please note that once personal information is shared with another company, the information received by the other company becomes subject to its privacy policies and practices.
  • When we cooperate with other companies, such as our partners, to offer joint products and services to you in connection with the Services, or when such partners sponsor or participate in our events and conferences;
  • When our service providers are providing services on our behalf. For example, we may use an outside platform to host portions of our Sites or to provide certain features on the Services, or we may use a credit card processing company to bill you for services you purchase. Unless otherwise expressly noted, when acting as Provider’s agents, these services providers are prohibited from using the personal information we have shared with them for purposes other than those requested by us or required by law;
  • To enforce our terms, agreements, policies or rules, to help protect the security, integrity and availability of our or another party’s products, systems and services; to exercise or protect the rights, property (including intellectual property), or safety of Provider, our users, or others; to comply with legal requirements; or in other cases if we believe in good faith that disclosure is required by law (including in response to a lawful subpoena or other law enforcement request); and
  • In connection with a sale, divesture, or transfer of our company (including any shares in the company) or any combination of its products, services, assets, affiliates, and/or businesses. Your personal information (such as customer names and email addresses, and user information related to the Services) may be among the items sold or otherwise acquired in these types of transactions. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company. You will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

We may also share aggregated information (such as usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) for other business purposes. For instance, we may share aggregate reports with interested third parties to help them understand the usage patterns for certain Services or for our Sites or those of our partners.

 

  1. Your Controls and Choices

We provide you with certain controls and choices regarding the use of your personal information, which may include:

  • Correcting and Updating Account Information. By logging into your account on our Site and/or the Services, you may be able to change certain account information. Your account settings may also permit you to opt-out of some types of notification messages. To protect your privacy and security, we require your username and password in order to verify your identity before granting you account access or making changes.
  • Changing your choices for marketing communications. You can opt-out of the marketing communications we send by clicking the unsubscribe link in the applicable email. Please note that, even after you opt out from receiving marketing messages from us, you may continue to receive transactional and product-related messages.
  • Cookies and Other Technologies. You may be able to opt-out of certain cookies, targeted advertising and other technologies.

In many circumstances, you can exercise these choices yourself using the tools described above. If you cannot do so, please contact us as indicated in the “Contact Us” section below to discuss your options. We will respond to your request within 30 days. Please be aware that, if you do not allow us to collect personal information from you, we may not be able to deliver certain products, features and services to you, and some of our products and services may not work appropriately or be able to take account of your interests and preferences. 

 

  1. Children’s Privacy

Protecting the privacy of young children is especially important. For that reason, Provider does not knowingly collect or solicit personal information from anyone under the age of 13. In the event that we learn that we have collected personal information from a child under age 13, we will delete the information we have stored as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us as indicated in the “Contact Us” section below.

 

  1. Storage and Processing

Your information may be stored and processed in – and we may transfer information to – the U.S. and other countries where Provider (including its subsidiaries and affiliates) and our advertising partners and service providers maintain systems and facilities. In addition, information that we collect about you (including personal information) may be transferred to our affiliated entities and/or to other third parties across borders and/or from your country to other countries around the world.

You acknowledge that we may transfer information to the U.S., to any country in which Provider, its advertising partners, and its service providers maintain systems or facilities, and to other countries globally.

If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, you acknowledge that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, consistent with our legal obligations governing the transfer of such data.

 

  1. Data Security and Integrity

Provider is concerned about the security of your data. We have implemented technical and organizational security measures that are designed to help protect your information from unauthorized access, disclosure, use and modification. From time-to-time, we review our security procedures to consider appropriate new technologies and methods.

Please be aware, though, that despite our efforts, no security measures are perfect or impenetrable. We cannot ensure, and do not warrant or guarantee, that the information you transmit to Provider will remain secure, nor do we guarantee that this information will not be accessed, disclosed, altered, destroyed or used in an unauthorized manner.

If we learn of a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps. We may also post a notice on the Site or Services if a security breach occurs. Depending on where you live, you may have a legal right to receive a notice of a security breach in writing. If you have any questions about the security of your personal information, please contact us as indicated in the ‘Contact Us’ section below.

 

  1. Data Retention

How long we keep the personal information we collect depends on the type of information, the purpose for which it is used, how sensitive it is, and similar factors. In general, we will retain your personal information for the length of time reasonably needed to fulfill the purposes outlined in this privacy policy (including for as long as need to provide you or our customer with products and services), unless a longer retention period is required or permitted by law. We will also retain and use your information for as long as necessary to resolve disputes and/or enforce our rights and agreements. We retain your account information for the Services for as long as your employer’s account is active and thereafter unless your employer requests deletion. Aggregated information may be stored indefinitely.

 

  1. Third Party Sites, Services and Applications
  • In General. We are not responsible for the practices employed by websites, applications, or services linked to or from the Services or Sites, including the information or content contained there. Please remember that your browsing and interaction on any third-party website, service or application, including those that have a link or advertisement on our Site, are subject to that third party’s own rules, policies, and practices, and not our privacy policy.
  • Partner Pages. Some of our partner pages may have the look and feel of being on optimizely.com; however some information collected on those pages may be collected by, or sent to, our partners. Information collected by, or sent to, our partners is subject to their respective privacy policies.
  • Social Media and Commenting Features. Our Site may include social media and commenting features provided by third parties. These features may collect your IP address and which page you are visiting on our Site, and may set a cookie to allow the feature to function properly. Your interactions with these features are governed by the privacy policy of the organization providing it.
  • Notice to End Users of the Services. The Services can be used by organizations. Where the Services are made available to you through an organization, that organization is responsible for administering the accounts over which it has control. If this is the case, please direct your data privacy questions and requests to your administrator. We are not responsible for the privacy or security practices of your administrator’s organization, which may be different than this policy.
  • Notice to Users of our Customers’ Websites and Digital Product. As noted above, when Provider’s customers use the Services as part of their own websites, apps, and digital products, they may collect information from you using our services, but they remain responsible for their own privacy and security practices. We are not responsible for our customers’ privacy and security practices, which may differ from ours. If you have used one of our customers’ sites or products, and you would like to access, correct or delete the personal data collected through that product, you should direct your request to the applicable customer.
  1. Regional Notices

Privacy Shield:

Provider participates in and has certified its compliance with the EU – U.S. Privacy Shield and Swiss – U.S. Privacy Shield Frameworks. Provider is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. However, for data transfers outside of the EEA, please see the specific clause below regarding the personal data of EEA Data Subjects. To learn more about each Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.

With respect to personal data received pursuant to the Privacy Shield Frameworks, Provider is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, Provider may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

In compliance with the Privacy Shield Principles, Provider commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact the Privacy Team at privacy@optimizely.com.

Provider has further committed to refer unresolved Privacy Shield complaints to our designated independent dispute resolution mechanism, the International Centre for Dispute Resolution (“ICDR”), operated by the American Arbitration Association (“AAA”), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit the website https://go.adr.org/privacyshield.html for more information or to file a complaint. The services are provided at no cost to you.

In the context of an onward transfer Provider has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Provider shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

EEA Data Subjects & Transfers Outside the EEA:

If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws.

Third parties to whom we provide your data may be located outside the European Economic Area (“EEA”) or they may use servers that are located outside the EEA. In that event we will ensure that adequate protection of your data is provided as required by applicable law, for instance by concluding Standard Contractual Clauses issued by the European Commission.

The legal bases depend on the Sites and Services you use and how you use them. This means we collect and use your information only where:

  • We need it to provide or operate the Sites and Services, including to provide customer support and process your orders, requests, questions and concerns;
  • It satisfies another legitimate interest that is not overridden by your data protection interests, including our interest in:
    • collecting product usage, analytics and performance data relating to our Sites and the Services, in order to maintain, analyze, develop, update, and improve our products and services;
    • maintaining records of bugs, customer support requests and similar requests you file, and our response to these requests;
    • using information to personalize content and features on our Sites and the Services;
    • detecting, investigating and preventing activities that may violate our policies or applicable laws (such as fraud detection and prevention);
    • maintaining corporate or business records consistent with our retention policies and applicable laws;
    • protecting against activities that may threaten the security, integrity, or availability of our or another party’s products, systems, and services; and
    • for marketing and selling our products and services, consistent with applicable laws.
  • We are processing your information to protect our legal rights;
  • You give us consent to process your personal data;
  • We need to process your data to comply with a legal obligation, such as a lawful subpoena or law-enforcement request or to fulfill the lawful instructions of our customers (when they are acting as the controller); and/or
  • We have another lawful basis for processing in accordance with applicable EU laws.

If an individual in the EEA has consented to our use of their personal information, and our processing is based on that consent, that individual has the right to withdraw their consent in accordance with the General Data Protection Regulation (“GDPR”), but this will not affect any processing that has already taken place. If you object to or restrict processing, you may not be able to use the Sites and Services or certain features any longer.

Where we are using your information because we or a third party have a legitimate interest to do so, individuals in the EEA have the right to object to that use as specified in Article 21 of the GDPR, though, in some cases, this may mean no longer using the Sites or Services. Provider further acknowledges that EEA data subjects have certain other rights under the GDPR, including the right to lodge a complaint with a supervisory authority and to request from the controller access to, and rectification or erasure of, personal data, restriction of processing concerning the data subject, and data portability (in each case, as specified under the GDPR).

Where Provider is acting as a controller, you can initiate a request by contacting us as specified in the “Contacting Us” section below. Please note that these requests apply only to information that Provider holds as a “controller.” If your request relates to the personal data collected through a customer’s websites or digital products, you should direct your request to the owner of that website or product. Please note that you must verify your identity and request before Provider will process your request. You may be required to provide email confirmation or other information in order for us to verify your identity.

Finally, EEA and Swiss data subjects can contact Provider’s data protection officer by emailing support@mastera.io.

California Resident Notices

California Consumer Privacy Act

Effective January 1, 2020, the California Consumer Privacy Act of 2018 (the “CCPA”) allows consumers who are California residents, upon a verifiable consumer request, to request from a business:

  • Delete any personal information about the consumer which the business has collected from the consumer;
  • Disclose to the consumer certain information about the personal information that the business collects from the consumer; and
  • Direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information

Provider does not sell any consumer personal information to third parties. To submit a data access or data deletion request, please contact us at support@mastera.io. Please note that these requests apply only to information that Provider holds as a “controller.” If your request relates to the personal data collected through a customer’s websites or digital products, you should direct your request to the owner of that website or product. Please note that you must verify your identity and request before Provider will process your request. You may be required to provide email confirmation or other information in order for us to verify your identity. Consistent with California law, if you choose to exercise your rights, you will not receive discriminatory treatment by Provider.

Under certain circumstances, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, your valid government government issued identification, and the authorized agent’s valid government issued identification to allow Provider to verify that the agent is authorized to make the request on your behalf.

If you have any questions about Provider’s privacy policies and practices, please contact us at support@mastera.io.

California’s Shine the Light Law

CA Civil Code § 1798.83 permits California residents to request and obtain from Provider once a year, free of charge, a list of the third parties to whom Provider may have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those third parties. As a general policy, Provider does not share personal information with third parties for their own direct marketing purposes without your prior consent. Accordingly, you can prevent disclosure of your personal information to third parties for their direct marketing purposes by withholding consent. Please contact us at privacy@optimizely.com if you would like to make such a request.

  1. Do Not Track and Cross-Site Tracking

Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, we do not respond to Do Not Track browser settings or signals. In addition, some of our advertising partners, and other third-party services and tools on our Site and/or the Services, may use standard technologies, such as cookies, pixel tags, and web beacons, to collect information about your internet activities across websites. You may be able to disable certain third-party cross-site tracking as described in the “Your Choices” section above.

 

  1. Changes to Our Privacy Policy; Notices

From time-to-time, we may change this privacy policy to accommodate changes to our products, services and companies, new technologies or industry practices, updated regulatory requirements, or for other purposes. We will provide notice to you (as described below) if these changes are material.

Notices may be by email to the last email address you provided us, by posting notice of such change on our Site or the Services, or by other communication channels. You consent to receiving notices in these ways. We reserve the right to determine the form and means of providing notifications to you, consistent with applicable law.

 

  1. Contacting Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at support@mastera.io