Kumu Inc. ("Kumu", "we", "our", "us") developed the Compasshq.com website ("Website", "Services", "Compass") to help you tackle tough problems by visualizing and tracking communication patterns. We understand how important your privacy is and will take reasonable steps to protect your information as if it was our own. This document provides our policies and procedures for collecting, using, and disclosing your information.
To simply browse our Website, you are not required to provide any personally-identifiable information. However, we may collect non-personally-identifiable information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Kumu’s purpose in collecting non-personally identifying information is to better understand how Kumu’s visitors use its website and to monitor and improve our Website and Services. From time to time, we may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.
When you register for Compass, we collect personal information including name, username, email, account password, account name, date of registration, and subscription data. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses, information about your computer, geographic location, and other standard web log information. We do not disclose personally-identifying information other than as described below. Visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.
We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable law. We use Personal Data to facilitate the business relationships we have with our Users, to comply with our financial regulatory and other legal oblications, and to pursue our legitimate business interests. The follosing list sets out the business purposes that we have identified as legitimate. In determining the content of this list, we balanced our interests against the legitimate interests and rights of the individuals whose Personal Data we process. We:
If we need to use your Personal Data in other ways, we will provide specific notice at the time of collection and obtain your consent where required by applicable law.
We may send you email marketing communications about Kumu products and services, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with the consent requirements that are imposed by applicable law. When we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and, with your permission, include you on our marketing information campaigns.
Information from Slack API
When you authorize Compass to access a Slack team, we collect all available data that Slack exposes through their APIs. This may include message content and meta data for public channels, private channels and direct messages (depending on the level of authorization you provide to Compass), user information, channel information, group information, files, survey responses and any other information made available by the Slack API.
We may collect statistics about the behavior of visitors to the Website. However, Kumu will not disclose personally-identifying information other than as described below.
Protection of Certain Personally-Identifying
Kumu discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Kumu’s behalf or to provide services available at the Website, and (ii) that contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using Compass, you consent to the transfer of such information to them. Kumu will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, Kumu discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when Kumu believes in good faith that disclosure is reasonably necessary to protect the property or rights of Kumu, third parties or the public at large. If you are a registered user of Compass and have supplied your email address, we may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Compass and related services. You can opt-out of receiving these email communications from us by contacting us at firstname.lastname@example.org. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. Kumu takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
If Kumu, or substantially all of its assets were acquired, or in the unlikely event that Kumu goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquiror of Kumu may continue to use your personal information as set forth in this policy.
Your Data Protection Rights. Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:
Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.
We offer those who provide personal contact information a means to choose how we use the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of our marketing emails or you may send a request to email@example.com. Pleae note that if you opt-out of receiving marketing related emails from us, we may still send you important administrative messages that are required to provide you with our Services.
Correcting, Updating and Removing Your Information
Upon request we will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at firstname.lastname@example.org Account owners may update or change their account information by editing their profile or organization profile or by contacting email@example.com for more detailed instructions. To make a request to have personal information maintained by us returned to you or removed, please email firstname.lastname@example.org. Requests to access, change, or remove your information will be handled within 30 days.
An individual who seeks access to, or who seeks to correct, amend, or delete inaccuracies in personal information stored or processed by us on behalf of an account owner should direct his/her query to the account owners (the data controller). Upon receipt of a request from one of our account owners for us to remove the data, we will respond to their request within thirty (30) days. We will retain personal information that we store and process on behalf of our account owners for as long as needed to provide the Services to our users. We will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at email@example.com.
If you are an account owner or otherwise provide us with personal information in connection with your use of our Websites or Services, we will delete this information upon your request, provided that, notwithstanding such request, this information may be retained for as long as you maintain an account for our Services, or as needed to provide you with our Services, comply with our legal obligations, resolve disputes and enforce our agreements.
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.
If you are a Compass User, we retain your Personal Data as long as we are providing the Services to you. We retain Personal Data after we cease providing Services to you, even if you close your Compass account, to the extent necessary to comply with our legal and regulatory obligations. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
Privacy Shield Frameworks
Kumu abides by and has certified adherence to the principles of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. For more information on the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks, and to view the scope of Kumu’s certification, please visit https://www.privacyshield.gov/.
In compliance with the Privacy Shield Principles, Kumu commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at:
720 University Avenue, Suite 200
Los Gatos, CA 95032
We have further committed to refer unresolved Privacy Shield complaints to ICDR/AAA, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit ICDR/AAA (http://go.adr.org/privacyshield.html) for more information or to file a complaint. The services of ICDR/AAA are provided at no cost to you.
If neither Kumu nor ICDR/AAA resolves your complaint, you may pursue binding arbitration through the Privacy Shield Panel. To learn more about the Privacy Shield Panel, click here. The Federal Trade Commission has investigation and enforcement authority over our compliance with the Privacy Shield.
If we have received your personal information under the Privacy Shield and subsequently transfer it to a third party service provider for processing, we will remain responsible if they process your personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
We offer a data processing addendum (DPA) for our customers who collect data from people in the EU. Our DPA offers contractual terms that meet GDPR requirements and that reflect our data privacy and security commitments to our customers. Customers can request a DPA by emailing firstname.lastname@example.org.
To guarantee no terms are imposed on us beyond what is reflected in our DPA and Terms of Service, we cannot agree to sign individual customers’ DPAs. We are a small team and are unable to make individual changes to our DPA. Any changes to the standard DPA would require legal counsel and considerable back and forth discussion, which would be cost-prohibitive for our small team.
Effective Date: May 25, 2018
720 University Avenue, Suite 200
Los Gatos, CA 95032