Privacy Policy

Last Updated

August 2019

We at AffectLayer, Inc. (“AffectLayer”) respect your privacy rights. This Privacy Policy describes how we collect, use and handle personal information when you use our websites, apps, data analytics software and other services (collectively, the “Services”). By using, participating in, or accessing our Services, you acknowledge that you accept and consent to the practices and policies described in this Privacy Policy.


Scope; Privacy Shield

AffectLayer hereby certifies its adherence to the Privacy Principles set forth in the US-EU Privacy Shield Framework. With respect to Personal Data (as defined below) received or transferred pursuant to Privacy Shield, AffectLayer is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. The Company’s commitment to participate in the Privacy Shield program can be found at the following website located at https://www.privacyshield.gov/list that officially lists all U.S. entities that have registered for the program. In accordance with the Privacy Shield framework, this Privacy Policy contains provisions relating to the following data privacy principles, all of which are described hereunder in greater detail:

  • Notice
  • Choice
  • Accountability for Onward Transfer
  • Security
  • Data Integrity and Purpose Limitation
  • Access
  • Recourse, Enforcement, and Liability

This Privacy Policy outlines AffectLayer’s general position and its practices about its commitment to implement the foregoing principles, including the types of Personal Data that we collect, the purpose and use of the Personal Data and the notice and choice that affected data subjects have regarding our use of their Personal Data, their ability to correct that information, and the internal contact mechanism to make inquiries and/or lodge a complaint about our adherence to the principles. This Privacy Policy does not address additional local privacy requirements that the Company may need to adhere to.

Legal Status

AffectLayer, Inc. will be the Controller of your Personal Data that is provided, collected and/or processed pursuant to this Privacy Policy for purposes of AffectLayer being able to respond to requests for information or service, conclude a business transaction, provisioning the service, or otherwise for AffectLayer’s legitimate business interests. In contrast, AffectLayer will be a Processor of data that is entered into the service when an enterprise customer of AffectLayer uses the Service. If you have any questions about whether any of the foregoing applies to you, please contact us using the information set forth in the “Contact Us” section below.

What Information We Collect & Why

We collect and use the following information to provide, secure and improve our Services and as otherwise described in this Privacy Policy:

Account Information. We collect and associate with your account information like your name, title, company, email address, location, phone number, payment information, account and website activity, IP addresses, cookies identifiers, and other information you provide that will or may identify you (collectively, the “Personal Data”). Some of our Services let you access your accounts and related information with other service providers. We may use, process and transmit your Personal Data to contact you and allow others on your team to contact you through the Services, to tell you about new products and features, to respond to customer care and other inquiries, and to process and fulfill your transactions and other requests.

Collection from Minors. We do not knowingly solicit or collect information from anyone under the age of 13. If you believe that a child under 13 may have provided us personal information, please contact us at privacy@chorus.ai.

Services Information. Our data analytics services enable our enterprise customers to record, analyze and share the contents of telephone conference calls, video calls, chats, online demonstrations, webinars, communications, and associated data and documentation. These recordings and analysis thereof may contain personal information, such as names, titles, and contact information. We may reproduce, analyze, summarize and disclose these files, recordings and any results of our Services with such customers and their relevant personnel and other team members, and customers may share this information with their personnel and others.

You may choose to give us access to additional user contacts to make it easy for you to do things like share and collaborate, send messages, and invite others to use the Services. If you do, we may store those contacts on our servers for you to use.

If you provide us with any personally identifiable information about another person, whether through a telephone conference recording or otherwise, you represent and warrant that (1) you have that person’s consent to do so; (2) that such person has given explicit consent (a) for us to collect, process, use and store such information as set forth in this Privacy Policy and any commercial agreement you have entered into with us, and (b) for any other ways you may use that information; and (3) that you are responsible for ensuring that your (and any of your personnel or representatives, if applicable) use, control, processing and treatment of such information and any of your legal policies relating thereto are in compliance with all applicable laws, rules and regulations.

Usage Information. We collect information related to how you use the Services, including actions you take in your account, such as accessing and sharing files and reports. This helps us provide you with additional features, and to personalize, monitor and improve the Services.

We also collect information from and about the devices you use to access the Services, such as IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services.

Cookies and other technologies. We use technologies like cookies and pixels to provide, improve, protect and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services. In addition, when visitors come to our site, third parties (such as AdRoll) may place cookies on your browser for targeted advertising purposes. If you would like to opt out of receiving targeted advertising, please email privacy@chorus.ai.

Choice. You can always opt not to disclose information to us, but keep in mind that some information may be needed to create an account or take advantage of some of our features.

With Whom We Share Your Information

Other users. Our Services display information contained within your Personal Data like your name, team name, and email address to other users in places like your user profile and sharing notifications. When you register your account with an email address on a domain owned by your employer or organization, we may help your team members find you and your team by making some of your basic information—like your name, team name, and email address—visible to other users on the same domain. This helps us show your teams you can join, and helps other users share files and folders with you.

Other applications. You or your team administrators can also give or direct us to give third parties access to your information and account – for example, via third party CRM platforms. We may also share your personal information with third parties as requested or directed by you through the Services (e.g. sharing contact information with a third-party conference calling service provider). Please remember that such third party’s use of your information will be governed by their privacy policies and terms and we are not responsible for their acts or omissions. Similarly, this Privacy Policy does not reflect the privacy practices of how our customers may use information they collect using our Services (e.g. to analyze and improve their sales team members’ effectiveness in their sales discussions), and it is up to them to determine whether a non-disclosure agreement or other terms should be entered into with their prospects, customers, and other third parties with whom they may share information, however, we expect them to comply with all applicable laws. AffectLayer does not monitor, review or specifically comment on its customer’s privacy policies or their compliance with their respective privacy policies.

Team Admins and Team Members. If you are a member of a team, your administrator may have the ability to access and control your team account, and your Personal Data may be shared with your other team members and others. Please refer to your organization’s internal policies if you have questions about this. If you are not a team member but interact with a team member (e.g., by joining a shared folder or accessing reports shared by that user), members of that organization may be able to view the name, email address, IP address, and other information that was associated with your account at the time of that interaction.

Anonymized Data. We may anonymize or aggregate your Personal Data so that you are not individually identified (“Anonymized Data”), and we may use such Anonymized Data to improve our services. We also may provide that Anonymized Data to our partners, who may use that information in anonymized form to understand how often and in what ways people use our Services so that they, too, can provide you with an optimal online experience. However, we will never disclose aggregate usage information to a partner in a manner that would identify you personally as an individual except as required to perform the Services or as otherwise set forth in this Privacy Policy.

Vendors; Affiliates. AffectLayer uses certain trusted third parties (for example, providers of datacenters, support tools and IT services) to help us provide, improve, protect, and promote our Services. From time to time we may need to share your data with these parties. We may also share your Personal Data with our affiliated entities and personnel both in the United States and globally. These third parties will access your information only to perform tasks on our behalf in compliance with this Privacy Policy. We may and our customers may share information as discussed above and throughout this Privacy Policy, but we won’t otherwise sell your Personal Data to advertisers or other third parties.

Processing of Your Personal Data

As we’ve noted above, AffectLayer will use your Personal Data only in accordance with our Privacy Policy. If you do not wish us to continue using your Personal Data in this manner, you can request that your account be deactivated by contacting us as specified in the “Contact Us” section.

We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity (i.e. processing that is necessary for the performance of a contract with you, such as your user agreement with us that allows us to provide you with the Products) and our “legitimate interests” or the legitimate interest of others (e.g. our users),

We process Personal Data when you use our Services for purposes such as:

  • Account configuration
  • Account maintenance
  • Enabling meetings and webinars between users and third-party participants
  • Hosting and storing personal data from meetings and webinars (only to provide the Service)
  • Personalizing, improving or operating our Service and business
  • Fulfilling requests you make related to the Services
  • Protecting, investigating and deterring against fraudulent, harmful, unauthorized or illegal activity
  • Providing reports based on information collected from use of our Services
  • Providing support and assistance for our Services
  • Providing the ability to create personal profile areas and view protected content
  • Providing the ability to contact you
  • Providing customer feedback and support
  • Complying with our contractual and legal obligations, resolving disputes with users, enforcing our agreements
  • keeping you up to date on the latest Services announcements, software updates, software upgrades, system enhancements, special offers, and other information
  • To provide customer feedback and support


Data Subject Rights

You have certain rights with respect to your Personal Data as set forth below. Please note that in some circumstances, AffectLayer may not be able to fully comply with your requests, or we may ask you to provide us with additional information in connection with your request, which may be Personal Data, for example, if we need to verify your identity or the nature of your request. In such situations, however, we will still respond to let you know of our decision.

To make any of the following requests, contact us using the contact details referred to in the “Contact Us” section of this policy.

  • Access: You can request more information about the Personal Data we hold about you. You can also request a copy of the Personal Data.
  • Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your service account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
  • Objection: You can contact us to let us know that you object to the collection or use of your Personal Data for certain purposes.
  • Erasure: You can request that we erase some or all of your Personal Data from our systems.
  • Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
  • Portability: You have the right to ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
  • Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Products.
  • Right to File Complaint: You have the right to lodge a complaint about Zoom’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.

Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe and provide you an explanation. In order to make such a request of us, please contact our Privacy Team at privacy@chorus.ai.

Legal Requests/Disclosures

We may access, preserve and disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law, legal requests or court orders; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse or address security or technical issues relating to our Services or our users; or (d) protect and enforce our rights and the rights, property and safety of our users and others.

How We Store Your Information

Security. We have personnel and third parties dedicated to keeping your information secure and testing for vulnerabilities. We also continue to work on features to keep your information safe in addition to things like Single Sign-On user authentication, and encryption of data in transit and at rest. However, no means of transmission over the internet or electronic storage is 100% secure, and while we endeavor to use commercially reasonable means to protect personal information, we cannot guarantee its absolute security.

If you access our Services via a third-party CRM platform or Cloud calendar (GSuite, Outlook 365), you should also protect your account with secure account credentials and prevent unauthorized access to your account and personal information].

Retention. Subject to the rights of users set forth above, we’ll retain information for as long as we need it to provide you the Services or to comply with applicable law. If you discontinue the service, this information can be deleted upon request. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; (2) we will not delete Anonymized Data and may continue to use it as describe in this Privacy Policy; and (3) we may retain information if necessary to comply with our legal obligations, resolve disputes, manage security risks, or enforce our agreements.


Standard Contractual Clauses

In certain cases, AffectLayer will transfer Personal Data from the EU in accordance with the European Commission-approved Standard Contractual Clauses, a copy of which can be obtained at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087.

Accountability for Onward Transfers.

AffectLayer shall enter into contracts to ensure that any third party to whom Personal Data may be disclosed is aware of and adheres to the principles contained in this Privacy Policy and/or is otherwise compliant with applicable laws and regulations mandating an adequate level of privacy protection. In all circumstances, AffectLayer shall ensure by contract that any such third party (a) is aware of the principles contained in this Privacy Policy; (b) is subject to laws providing the same level of privacy protection as is required by these principles; and (c) has contractual safeguards in place to protect the Personal Data. We shall also, upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing by third parties. We acknowledge that in cases of onward transfers of Personal Data, AffectLayer is potentially liable under the EU-U.S. Privacy Shield framework.

AffectLayer is not required to identify the sources of personal data when such identification is not possible through reasonable efforts, or where the rights of persons other than the affected data subject would be violated. If there are compelling grounds to doubt the legitimacy of a data subject’s request for rectification, amendment or deletion of his or her Personal Data, we may require further justifications before performing the Data Subject’s request. We are not required to notify third parties to whom the Personal Data has been disclosed of any rectification, amendment or deletion when such notification involves a disproportionate effort or unreasonable burden.

Security

AffectLayer undertakes reasonable and appropriate administrative, technical and physical measures to protect the confidentiality, integrity and availability of Personal Data, whether in electronic or tangible, hard copy form. We shall also take reasonable steps to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Changes

If we are involved in a reorganization, merger, acquisition or sale of our assets, bankruptcy or similar event, your information may be transferred as part of the evaluation of and consummation of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal where we are not the surviving entity of such transaction, and outline your choices.

We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will make reasonable efforts to notify you. This Privacy Policy may be updated from time to time for reasons such as operational practices or regulatory changes, so we recommend that you review our Privacy Policy when returning to our website. By using the Services after any changes, you acknowledge your agreement to such changes and that use of information collection is subject to the Privacy Policy in effect when such information is used. If you have opted not to receive legal notices or emails from us, or have not provided your email address to us, the legal notices we send to you will still govern your use of the Services.


For California Visitors

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: privacy@chorus.ai AffectLayer, Inc., 465 California, Suite 600, San Francisco, CA 94104.

For Australia Visitors

In addition to complying all other applicable laws, AffectLayer has adopted the Australian Privacy Principles (the “APPs”) contained in the Privacy Act 1988 (Cth) (the “Privacy Act”). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Data. A copy of the APPs may be obtained from the website of The Office of the Australian Information Commissioner.

It is worth noting that sensitive information is defined in the Privacy Act to include a variety of information, including “Biometric information that is to be used for the purpose of automated biometric identification or verification” — in other words, your voice recordings collected when you utilize the Services are Sensitive Information under the Privacy Act. Sensitive information will be used by us only: (1) for the primary purpose for which it was obtained, which is to monitor your usage and enable various search tools in connection with your usage of the Services; (2) for a secondary purpose that is directly related to the primary purpose; and (3) with your consent; or where required or authorized by law.

Access and Contact

Through your account settings, you may access, and in some cases, edit or delete certain information you provide to us. The information you may view, update or delete may change as the Services change.

If your Personal Data has been provided to us by one of our customers, please contact that customer to request any access to, correction of, or removal of your information.

Inquires or Concerns

Affect Layer uses a self-assessment approach or outside compliance review to assure compliance with this Policy and periodically verifies that this Privacy Policy is accurate, comprehensive for the information intended to be covered, is completely implemented and accessible and is in conformity with the principles set forth in this Policy.

You may always request access to the data you submit to Affectlayer and/or a summary of the data that we’ve collected about you. Please direct those requests to either the ‘contact us’ feature on our website or by sending an email to privacy@chorus.ai, and we will do our best to provide a prompt response to your question. In addition, Affectlayer’s Chief Technology Officer is responsible for overseeing compliance with this Privacy Policy. You can also reach this individual by sending an email to privacy@chorus.ai.

Affectlayer commits to the resolution of complaints about your privacy and our collection or use of your Information. We have also committed to resolve any complaints pursuant to the Privacy Principles by European Union citizens relating to this Privacy Policy, and those which cannot be resolved directly with Affectlayer, through the JAMS Dispute Resolution Framework as our Independent Recourse Mechanism (“IRM”). You may contact JAMS by visiting https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided to you at no cost. Note for EU residents -- under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

If you have any questions or complaints regarding this Privacy Policy, please contact us as described above. We will investigate your question, respond to your inquiry, and attempt to resolve any concerns as quickly as practicable. If you do not receive acknowledgement of your complaint, or if your complaint is not satisfactorily addressed by Affectlayer, then please contact JAMS, as described above. In addition to the foregoing, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. Affectlayer is subject to the investigatory and enforcement powers of the FTC.

COOKIES

What is a cookie? A cookie is a small text file that is stored in your web browser that allows AffectLayer or a third party to recognize you. Cookies might be used for the following purposes: (1) to enable certain functions; (2) to provide analytics; (3) to store your preferences; and (4) to enable ad delivery and behavioral advertising.

Cookies can either be session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires or you delete your cookies. Expiration dates are set in the cookies themselves; some may expire after a few minutes while others may expire after multiple years. Cookies placed by the website you're visiting are sometimes called "first party cookies," while cookies placed by other companies are sometimes called "third party cookies."

2. What cookies are used when I use the Services? When you access and/or use any of the Services, AffectLayer or a third party may place a number of cookies in your browser. Some of the cookies will only be used if you use certain features or select certain preferences, and some cookies will always be used.

Each cookie serves one of four different purposes:

  1. A. Essential Cookies: These first party cookies allow users to use a feature of the Services such as: (i) staying logged in, or (ii) making purchases.
  2. B. Analytics Cookies: These cookies track information about how the Services are being used so that we can make improvements and report on our performance. We may also use analytics cookies to test new ads, pages or features to see how users react to them. Analytics cookies may either be first party or third-party cookies.
  3. C. Preference Cookies: These first party cookies store your Services preferences.
  4. D. Ad Targeting Cookies: These third-party cookies (also known as "behavioral" or "targeted" advertising) are placed by advertising platforms or networks in order to: (i) deliver ads and tracks ad performance, and (ii) enable advertising networks to deliver ads that may be relevant based upon your activities.

Finally, we may set cookies within emails we send to you (if you have consented to receiving emails from us). These cookies are used to track how often our emails are opened and clicked on by our customers. You can manage email cookies in the same way as website cookies, as explained above.

3. How do third parties use cookies on the Services? Third party companies like analytics companies and ad networks generally use cookies to collect user information on an anonymous basis. They may use that information to build a profile of your activities on the Services and other websites that you've visited.

4. What are my cookie options? If you don't like the idea of cookies or certain types of cookies, you can change your browser's settings to delete cookies that have already been set and to not accept new cookies. To learn more about how to do this, visit the help pages of your browser. Please note, however, that if you delete cookies or do not accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

You may also opt out of third party cookies by following the instructions provided by each third party in its privacy policy.

5. Do you use any other user tracking technologies? We use additional technologies to help track user activities and preferences. For example, we use web beacons (also known as clear gifs, pixel tags or web bugs). Web beacons are tiny graphics (about the size of period) with a unique identifier that are embedded invisibly on web pages or emails. They are used to track user activities and communicate with cookies. You cannot opt out of web beacons used in webpages, but you can limit their use by opting out of the cookies they interact with. You can opt out of web beacons used in emails by setting your email client to render emails in text mode only. Finally, we use local storage to facilitate certain functions, but we do not retain the data captured via local storage.