Privacy Policy

Effective: May 15, 2018

Your data and privacy are important to us,  as is transparency about how we collect, use, and share information about you and your data.

This Privacy Policy covers the information we collect from you and about you when you use our products or services, or otherwise interact with us (for example, by attending our events), unless a different policy is displayed. We offer a range of products and refer to all of these products, together with our other services and websites as “Services” in this policy.

This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.

Where we provide the Services under contract with an organization (for example your employer) that organization controls the information processed by the Services. For more information, please see Notice to End Users below.

This Privacy Policy applies to Qordoba’s strings management platform, including the associated web application (collectively, the “Services”) and other Qordoba websites (collectively, the “Websites”) and other interactions (e.g., customer service inquiries, user conferences, etc.) you may have with Qordoba.

This Privacy Policy does not apply to any third party applications or software that integrate with the Services through the Qordoba platform (“Third Party Services”), or any other third party products, services or businesses. In addition, a separate agreement governs delivery, access and use of the Services (the “Services Agreement”), including the processing of any messages, files or other content submitted through Services accounts (collectively, “Customer Data”). The organization (e.g., your employer or another entity or person) that entered into the Services Agreement (“Customer”) controls their instance of the Services (their “Organization”) and any associated Customer Data. If you have any questions about specific Organization settings and privacy practices, please contact your Account owner.

Other Information. Qordoba also collects, generates and/or receives Other Information:

  1. Organization and Account Information. To create your account, you or the Organization Owner (e.g., your employer or tool administrator) supply Qordoba with a name, email address, phone number (optional), password, role in the Organization (optional), timezone and/or similar account details. To update your account, you or the Organization Owner can log in using the supplied credentials (username/password) and change settings to which you have access.  If your Organization Owner chooses to invite you to a Workspace (add you to the Account), they can do so via email.
  2. Your use of the Services
    We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links you click on; the type, size and filenames of attachments you upload to the Services; frequently used search terms; and how you interact with others on the Services. We also collect information about the teams and people you work with and how you work with them, like who you collaborate with and communicate with most frequently.
  3. Device and Connection Information
    We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
  4. Cookies and Other Tracking Technologies
    Qordoba and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices.
  5. Third Party Services. Organization Owners (or tool administrators) can choose to permit or restrict Third Party Services for their Organization. Typically, Third Party Services are software that integrate with our Services. Team Members should check the privacy settings and notices in these Third Party Services to understand what data may be disclosed to Qordoba. When a Third Party Service is enabled, Qordoba is authorized to connect and access Other Information made available to Qordoba in accordance with our agreement with the Third Party Provider.
  6. Third Party Data. Qordoba may receive data about organizations, industries, Website visitors, marketing campaigns and other matters related to our business from our partners or others that we use to make our own information better or more useful. This data may be combined with Other Information we collect and might include aggregate level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.
  7. Additional Information Provided to Qordoba. We receive Other Information when submitted to our Websites or if you participate in a focus group, contest, activity or event, apply for a job, request support, visit our office, interact with our social media accounts or otherwise communicate with Qordoba.

Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as Organization setup details, is not provided, we may be unable to provide the Services.

Notice to End Users
Many of our products are intended for use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.

Administrators are able to

  • require you to reset your account password;
  • restrict, suspend or terminate your access to the Services;
  • access information in and about your account;
  • access or retain information stored as part of your account;
  • install or uninstall third-party apps or other integrations


In some cases, administrators can also

  • restrict, suspend or terminate your account access;
  • change the email address associated with your account;
  • change your information, including profile information;
  • restrict your ability to edit, restrict, modify or delete information

Even if the Services are not currently administered to you by an organization, if you use an email address provided by an organization (such as your work email address) to access the Services, then the owner of the domain associated with your email address (e.g. your employer) may assert administrative control over your account and use of the Services at a later date. You will be notified if this happens.

If you do not want an administrator to be able to assert control over your account or use of the Services, use your personal email address to register for or access the Services. If an administrator has not already asserted control over your account or access to the Services, you can update the email address associated with your account through your account settings in your profile. Once an administrator asserts control over your account or use of the Services, you will no longer be able to change the email address associated with your account without administrator approval.

Please contact your organization or refer to your administrator’s organizational policies for more information.

How We Use Information

Customer Data will be used by Qordoba in accordance with Customer’s instructions, including any applicable terms in the Services Agreement and as required by applicable law. Qordoba is a processor of Customer Data and Customer is the controller. Customer may, for example, use the Services to grant and remove access to a Organization, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services.

Qordoba uses Other Information in furtherance of our legitimate interests in operating our Services, Websites and business. More specifically, Qordoba uses Other Information:

  • To provide, update, maintain and protect our Services, Websites and business. This includes use of Other Information to support delivery of the Services under a Services Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at a Team Member’s request.
  • As required by applicable law, legal process or regulation.
  • To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Other Information to respond.
  • To develop and provide additional features. Qordoba tries to make the Services as useful as possible for specific Organizations and Team Members.
  • To send emails and other communications. We may send you service, technical and other administrative emails, workflow notifications, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. We will also contact you if you request information or to meet with a company representative. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about Qordoba. These are marketing messages so you can control whether you receive them.
  • For billing, account management and other administrative matters. Qordoba may need to contact you for invoicing, organization management and similar reasons and we use organization data to administer accounts and keep track of billing and payments.
  • To investigate and help prevent security issues and abuse.

If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, Qordoba may use it for any business purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data.”

Data Retention

Qordoba will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Services Agreement and as required by applicable law.  Qordoba will retain your information for as long as your account is active or as needed to provide you Services. If you wish to cancel your account or request that we no longer use your information to provide you services, you may delete your account by sending a request to delete your account to “privacy@qordoba.com” or by requesting that your Organization owner remove you.  We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will try to delete your information quickly upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist after deletion. In addition, we do not delete from our servers files that you have in common with other users.

How We Share And Disclose Information

This section describes how Qordoba may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and Qordoba does not control how they or any other third parties choose to share or disclose Information.

  • Customer’s Instructions. Qordoba will solely share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
  • Displaying the Services. When a Team Member submits Other Information, it may be displayed to other Team Members in the same or connected Workspaces. For example, an Team Member’s email address may be displayed with their Workspace profile. 
  • Collaborating with Others. The Services provide different ways for Team Members working in independent Workspaces to collaborate, such as shared channels. Other Information, such as an Team Member’s profile Information, may be shared, subject to the policies and practices of the other Workspace(s).
  • Customer Access. Owners, administrators, Team Members and other Customer representatives and personnel may be able to access, modify or restrict access to Other Information. This may include, for example, your employer using Service features to export logs of Workspace activity, or accessing or modifying your profile details. 
  • Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide virtual computing and storage services.
  • Third Party Services. Customer may enable or permit Team Members to enable Third Party Services. When enabled, Qordoba may share Other Information with Third Party Services. Third Party Services are not owned or controlled by Qordoba and third parties that have been granted access to Other Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
  • Corporate Affiliates. Qordoba may share Other Information with its corporate affiliates with your consent.
  • During a Change to Qordoba’s Business. If Qordoba engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Qordoba’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements.
  • Aggregated or De-identified Data. We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective Qordoba customer the average amount of time or money saved for an average strings management instance.
  • To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
  • To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Qordoba or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
  • With Consent. Qordoba may share Other Information with third parties when we have consent to do so.

 

Security

Qordoba takes security of data very seriously. Qordoba works hard to protect Other Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Other Information we collect, process and store, and the current state of technology.

  • Information storage and security – We use data hosting service providers in the United States and Ireland to host the information we collect, and we use technical measures to secure your data. For more information on where we store your information, please see Google’s Cloud hosting infrastructure page – https://cloud.google.com. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.  If you use our server or data center Services, responsibility for securing storage and access to the information you put into the Services rests with you and not Qordoba. We strongly recommend that server or data center users configure SSL to prevent interception of data transmitted over networks and to restrict access to the databases and other storage points used.
  • How long we keep information – How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
  • Account information – We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
  • Information you share on the Services – If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Services. For example, we continue to display messages you sent to the users that received them and continue to display content you provided.
  • Managed accounts – If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by the administrator of your account. For more information, see “Managed accounts and administrators” above.

Our Policy Toward Children

Our Services are not directed to persons under 16. We do not knowingly collect personally identifiable information from children under 16. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at privacy@qordoba.com. If we become aware that a child under 16 has provided us with Personal Information, we will take steps to delete such information from our files.

Changes To This Privacy Policy

Qordoba may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, Qordoba will provide additional notice, such as via email or through the Services. If you disagree with the changes to this Privacy Policy, you should deactivate your Services account. Contact your Organization owner if you wish to request the removal of Personal Data under their control.

Data Protection Officer

To communicate with our Data Protection Officer, please email privacy@qordoba.com.

Your Rights

Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information.  If you cannot use the settings and tools, contact your Organization Owner for additional access and assistance. Please check your profile at https://app.qordoba.com for your contact information.

To the extent that Qordoba’s processing of your Personal Data is subject to the General Data Protection Regulation, Qordoba relies on its legitimate interests, described above, to process your data. Qordoba may also process Other Information that constitutes your Personal Data for direct marketing purposes and you have a right to object to Qordoba’s use of your Personal Data for this purpose at any time.

Contacting Qordoba

Please feel free to contact Qordoba if you have any questions about this Privacy Policy or our practices, or if you are seeking to exercise any of your statutory rights. You may contact us at privacy@qordoba.com or at our mailing address below:

Qordoba
300 Brannan Street, Suite 405
San Francisco, CA 94107
USA

Words matter. Request a demo.