PRIVACY POLICY

(Last updated and effective: 7/27/2020)

Shiny Inc. provides a collaboration platform via:

  • The Rock website (the "Site").
  • The Rock mobile and desktop application(s) (collectively, the "App").
  • Other related internet services (collectively, the "Service(s)").
  • Shiny Inc. (the "Company", "we" or "us") operates the Service for users of the Service or the organization you represent ("you").

    This Privacy Policy sets forth our policy with respect to information that is collected from visitors to the Site and users of the App and/or Services. Under applicable law, Shiny Inc, is the "data controller" of personal data collected through the Services. Shiny Inc only collects the minimum amount of information necessary to operate, develop and grow the services we build.

    Information we collect

    When you use our Services, we may collect information from you as described as below:

    Information you provide

    We collect information from you when you voluntarily provide information, for example when you register for access to the Services or use certain Services. Information we collect may include (but is not limited to) username, email address, and any messages, images, or other content you share through a space, tasks, notes, files or other parts of the Service.

    Data we collect automatically

    When you interact with us through the Services, we receive and store information such as a device ID, IP address, and other information gathered commonly made available through your browser, mobile devices, servers you use. We may store such information or such information might be included in databases owned and maintained affiliates, agents or service providers. The Services may use such information or this information might be combined with other information to track specific indicators relevant to the operation of the site. For example, to track the total number of visitors to the Site or App as well as the number of tasks or notes users have sent.

    Aggregated information

    To better understand and support the users of the Service, we may conduct research on our customer demographics, interests and behavior based on the information collected. This research may be compiled and analyzed on an aggregate basis, and we may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics to other third parties for other lawful purposes or in order to describe our service to current and prospective business partners.

    Information through third parties

    You may give us permission to collect your information in other services such as federated authentication service providers such as Google, Microsoft or Facebook. For example, you may connect your Google or Microsoft to your Rock account. When you do this, it allows us to obtain information from those accounts including but not limited to your email address, profile image, contacts and other information you explicitly grant us access to.

    Referrals

    If someone has referred any of our products or services to you through any of our referral programs, that person might have provided us your name, email address and other potentially personal information. You may contact us at privacy@rock.so to request that we remove your information from our database. Any information you provide for this purpose will only be used for the specific reason for which it was provided.

    Social media

    When you interact or engage with us on social media sites (Facebook, LinkedIn, and others) we may collect such publicly accessible information, including profile information, to allow us to connect with you, improve our product, or better understand user reactions and issues. Once collected this information may remain with us even if you delete it from social media sites. We may also add and update information about you from other publicly available sources.

    Cookies

    We utilize cookies and other similar technologies to improve and enable the Service. For instance, to keep track of which account you have logged into and other account specific settings. Cookies are pieces of data that sites and services can set on your browser or device that can be referenced on future visits. In the future, we might use cookies to save additional data to enable new features as they become available. We may use technologies such as single pixel gifs and web beacons to record log data enabling us to track engagement with email and specific parts of the service. You can disable cookies before visiting our Services. However, if you do so certain features of the website might not work correctly.

    We may use other third party web analytics tools like Google Analytics on our website and app that might employ cookies to collect specific information regarding your use of our Service. At any time you can disable cookies in your browser settings.

    Advertising

    We may advertise our Service in other applications or websites. Advertising platforms, including Google, Facebook and Twitter may provide their own services that we integrate with our Service. These services may collect information for optimizing advertising campaigns outside of what we monitor as part of our Service. These services are governed by their own privacy policy and terms of service and you may be able to opt-out of any personalized advertising provided by them through opt-out programs administered by third parties, including the Network Advertising Initiative (NAI), the Digital Advertising Alliance (DAA). In absence of a consistent industry-wide standard for compliance, our Services currently do not respond to "Do Not Track" (DNT) signals and operate as described in this Privacy Policy whether or not a DNT signal is received.

    Where information is processed

    Shiny Inc is based in the United States. Independent of where you are located, you consent to the processing and transferring of your information in and to the U.S. and other countries. The laws of the United States and other countries governing data collection and use may not be as protective and comprehensive as the laws of the country where you live.

    Use of your information

    The information you provide will be used in a manner that conforms with this Privacy Policy. If you provide information for a certain reason, we may use the information in connection with the reason for which it was provided. For instance, if you provide information to gain access to the service, we will use the information you provided to give you access to services and may monitor your use of such services. Shiny Inc and its affiliates or subsidiaries may also use your information collected through the Services to help us improve the content and functionality of the Services as well as to better understand our users. Shiny Inc and its affiliates may use your information to contact you about anything Service related, for example updates to our Service or planned Service disruptions, as well as other services we believe might be of interest to you. If we contact you, each marketing email or message will contain instructions allowing you to opt-out of future marketing communications. If at any point you want to opt-out, you can do so through our website as well as through the process indicated in this document.

    Legal bases for handling your information

    Some jurisdictions require companies to tell you about the legal basis a company relies on to use or disclose your personal data. To the extent this is applicable to you, our legal grounds are as follows:

    To honor our commitments to you A majority of our processing of personal data is to enable the Service we provide to our users as a result of acceptance (or expected acceptance) of our terms of service. For instance, we handle personal data on this basis to provide our Service and create your account.

    Legitimate interests

    In many cases, we handle personal data on the ground that it furthers our legitimate interests in ways that do not override interests of fundamental rights and freedoms of affected individuals. This includes (but are not limited to): customer service, providing a safe and exemplary user experience, marketing (e.g. emails to inform you about new features), customer service, safeguarding our users/employees/property, improving and analyzing our business, managing legal issues, consent (i.e. handling personal data on the basis of your express or implied consent), legal compliance (i.e. fulfilling our legal obligations) or processing job applications.

    Sharing your information

    We do not sell your information. The trust you have placed in us by sharing your information with us is something we appreciate and consider this to be an important part of our relationship with you. In certain circumstances, we might however share your information with certain third parties:

    Business Transfers As our business matures, we might sell or buy businesses or assets. In the event of a corporate sales/merger/reorganization/bankruptcy, dissolution or similar event, your information may be part of any transferred assets.

    Consent We may transfer your information with your implied or explicit consent.

    Related companies For purposes consistent with this Privacy Policy we may share your information with any affiliates, agents or subsidiaries. We might also hire other companies or individuals to perform certain business-related activities who may use your information to perform these activities. For example, sending out an email to inform you about a new feature or processing payments.

    Employees and independent contractors Some employees and independent contractors have access to information covered in this Privacy Policy on a need-to-know basis. We require all employees and independent contractors to follow this Privacy Policy for personal information that we share with them.

    Legal Requirements If required to do so by law or in the good belief that such an action is necessary, we may disclose your information if such an action is necessary to (a) comply with a legal obligation, (b) protect and defend the rights or property of the Company or any subsidiaries or agents (c) protect the personal safety of users of the Services or the public, or (d) protect against legal liability.

    Aggregated or Non-identifiable Data Non-personally identifiable or aggregated data may be shared with our partners or others for business purposes.

    Unsolicited information

    Ideas for new products, features or improvements to existing products might be provided by you through unsolicited submissions ("Unsolicited Information"). All Unsolicited Information shall be deemed non-confidential and we shall be free to reproduce, use, disclose and distribute such Unsolicited Information to others with limitation or attribution.

    Children

    Our services are for users age 16 and over and we do not knowingly collect personal information from children under the age of 16. If you are a parent of guardian of a child under the age of 16 and believe he, she or they has disclosed personal information to us please contact us at support@rock.so. For residents of the European Economic Area (EAA), where processing of personal data is based on consent, Shiny Inc will not knowingly engage in processing for users under the age of consent established by applicable data protection law. If we learn that we are processing data from such users, we will halt processing and will take reasonable measures to promptly remove application information from our records.

    Third party websites

    The Services may contain links to other websites not operated or controlled by Shiny Inc. (the "Third Party Sites"). This Privacy Policy applies only to the Services and does not apply to any Third Party Sites. The links from the Service to any Third Party Sites does not imply that we endorse or have reviewed the Third Party Sites. For any information about the privacy policies governing those sites please refer directly to them.

    Data retention

    In general we retain personal data for so long as its relevant for the purposes identified in the Privacy Policy. To dispose of personal data, we may anonymize it, delete it or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for additional time as required.

    Security

    We take reasonable steps to ensure that information provided via the Services are protected from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no internet or email transmission is ever fully secure or error free.

    Your data rights and choices

    Individuals in the European Economic Area (EEA), California, Canada, Costa Rica and some other jurisdictions outside of the United States have certain legal rights to obtain confirmation of whether we hold personal data about them, to access personal data we hold about them, and to obtain its correction, update, amendment or deletion in specific circumstances. They may also object to our uses or disclosures of personal data, to request a restriction on its processing or withdraw any consent even though most of these actions will not apply retroactively. These rights will also not affect our ability to continue processing data for lawful purposes.

    How can I access personal data you have about me?

    If you would like to submit a data access request, send an email to support@rock.so with "Personal Data Request" in the subject title. After verification of your identity, we will then follow up with details around how to start the process and access the personal data we have on you within 45 days. If we require more time (up to 90 days), we will inform you in writing. We cannot respond to your request, if we cannot verify your identity or if your request lacks enough details to help us handle this request.

    How do I correct, update, amend or delete the personal data you have about me?

    If you would like to submit a data access request, send an email to support@rock.so with "Personal Data Request" in the subject title along with an explanation of what data subject right you are seeking to exercise. After verification of your identity, we will then follow up with details around how to start the process and access the personal data we have on you within 45 days. If we require more time (up to 90 days), we will inform you in writing. We cannot respond to your request, if we cannot verify your identity or if your request lacks enough details to help us handle this request. How do I object or restrict the manner in which Shiny Inc processes my personal data?

    You have a right to ask us to stop using or limit our use of your personal data in specific circumstances, for instance if your personal data is inaccurate or if we have no lawful basis to keep using your data. We also offer constituents of the EEA the right to opt out of all our processing of their personal data for direct marketing purposes. To exercise this right click the "Unsubscribe" link in any of our marketing emails or through the email subscription page on our website.

    The rights and options described in this Privacy Policy are subject to limitations and exceptions under applicable law. In addition to these rights, you have the right to lodge a complaint with the relevant supervisory authority. We do encourage you to contact us first so we can do our best to resolve any of your concerns.

    California Privacy Rights

    If you are a consumer residing in California you are afforded additional rights with respect to your personal information through the California Consumer Privacy Act ("CCPA") and the "Shine the Light" law. Our collection and Use of Personal Information The following categories of personal information are collected as part of running the Service: identifiers (such as username, the email address you used to sign up, your phone number if you provided this), commercial information (a record of what you have bought from or subscribed to), financial data (payment information if you bought anything from Shiny Inc.), internet or other network or computer/device information (how you interact with the Service), location information (based on IP address which may indicate approximate location, inference data about you, and other information that identifies or reasonably associated with you. We collect personal data for business and commercial purposes as described in "Use of your information" section above. For examples of data points we collect and the sources of such collection please refer to the "Information we collect" section above.

    Disclosure of Personal Information

    Your personal information may be shared with third parties as described in our "Sharing your information" section in this document. We disclose the categories of personal information mentioned above for business or commercial purposes.

    No sale of Personal Information

    We do not sell personal information of our users. As a result, certain obligations as laid out in the California Consumer Privacy Act are not relevant to our business.

    Exercising Your Consumer Rights If you are a California resident, you have the right to request (a) more information about the categories and specific pieces of personal information we have collected and disclosed for a business purpose in the last 12 months (b) deletion of your personal information (c) opt out of sales of your personal information, if applicable. These requests can be made as detailed in "Your data rights and choices" section above. We will not discriminate against you if you exercise your rights under the California Consumer Privacy Act.

    Changes to this privacy policy

    We reserve the right to update or modify this Privacy Policy at any time and from time to time without prior notice. We kindly ask you to review this policy periodically, and especially before you provide any personal information. This Privacy Policy was last updated on the date indicated in the section above. Your continued use of the Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.

    Contact us

    Feel free to contact us if you have any questions about this Privacy Policy or the information practices of Shiny Inc and the Services we provide. You may reach us as at: privacy@rock.so.

    Collaborative spaces for any project.