Privacy Policy
Last updated: September 26th, 2022
Thank you for using Sunrize (“Company,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how your personal information is collected, used and disclosed by the Company.
Table of Contents:
- What information we collect about you
- How we use information we collect
- How we share information we collect
- How we store and secure information we collect
- How to access and control your information
- Other important privacy information
This Privacy Policy applies to the use of the online services, mobile services, application available at www.sunrizeapp.com, web sites, bots in Slack or Microsoft teams, communications, updates, information, and all related services, the website, the servers used by the application, the computer files stored on such servers, and all related services, and all related services, features and content offered by the Company (collectively, the “Services”) and all other aspects detailed in our Terms of Service. This Privacy Policy does not apply to any third-party websites, services, or applications, even if they are accessible through our Services. This Privacy Policy applies to all products and services offered by Sunrize, Inc.
By accessing or using our Service, you signify that you have read, understood and agree to our collection, storage, use and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.
This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.
Where we provide the Services under contract with an organization (for example your employer) that organization controls the information processed by the Services. For more information, please see Notice to End Users below.
Sunrize
, Inc participates in the EU-US Privacy Shield Framework. We acknowledge our commitment to comply with the EU-US Principles (“Principles”) for all Personal Information received from the EU and United Kingdom which was provided in reliance on Privacy Shield. We will collect, use and disclose Personal Information received from the EU and United Kingdom only in accordance with the principles outlined in this Privacy Statement, the above-noted Privacy Shield Principles, and legal requirements. For purposes of Privacy Shield compliance enforcement, we acknowledge that we are subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
What information we collect about you
We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.
Information you provide to us:
We collect information about you when you input it into the Services or otherwise provide it directly to us. This includes:
Account and Profile Information:
We collect information about you when you modify your profile, set preferences or make purchases through the Services. This includes your name, birthday, and e-mail address, job title, and online, offline status to register your profile. You also have the option of updating settings from a free user to a paid user, and we may collect additional payment information, such as credit card and billing address.. We keep track of your preferences when you select settings within the Services.
Information you provide through our products:
The Services include the Sunrize products you use, where we collect and store your content such as online, offline status, your interaction with your colleagues. This content includes any information about you that you may choose to include. Examples of content we collect and store include: the title of your matching channel/Team names, surveys created and the audience you are sending them to. Content also includes the messages and links you upload to the Services.
Information you provide through our websites:
The Services also include our websites owned or operated by us. We collect other content that you submit to these websites, which include social networking websites operated by us. For example, you provide content to us when you provide feedback or when you participate in any interactive features, surveys, promotions, or events.
Information you provide through our support channels:
The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. Whether you speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
Payment Information:
We collect certain payment and billing information when you register for certain paid Services. For example, we ask you to designate a billing representative, including name and contact information, upon choosing a paid offering. You might also provide payment information, such as payment card details, which we collect via secure payment processing services.
Information we collect automatically when you use the Services
We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services. This includes:
Your use of the Services:
We collect certain information about you when you visit and interact with any of our Services. This information includes the features you use; the links or pages you click on; the site from which you came and the site to which you are going when you leave our website, frequently used search terms; and how you interact with others on the Services. We also collect information about the teams and people you work with and how you work with them, like who you collaborate with. When you access our Service from a mobile device, we may collect unique identification numbers associated with your device or our mobile application (including, for example, a UDID, Unique ID for Advertisers (“IDFA”), Google AdID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and depending on your mobile device settings, your geographical location data, including GPS coordinates (e.g., latitude and/or longitude) or similar information regarding the location of your mobile device, or we may be able to approximate a device’s location by analyzing other information, like an IP address.
Device and Connection Information:
We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through
your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
Cookies and other tracking technologies:
We, and our third-party partners, automatically collect certain types of usage information when you visit our Services, read our emails, or otherwise engage with us. We typically collect this information through a variety of tracking technologies, including cookies, web beacons, embedded scripts, location-identifying technologies, file information and similar technology (collectively, “Tracking Technologies”). For example, we collect information about your device and its software, such as your IP address, browser type, Internet service provider, platform type, device type, operating system, date and time stamp, a unique ID that allows us to uniquely identify your browser, mobile device or your account, and other such information.
We may collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Service and to understand more about the demographics of our users.
We may also work with third-party partners to employ technologies, including the application of statistical modeling tools, which permit us to recognize and contact you across multiple devices. Although we do our best to honor the privacy preferences of our users, we are unable to respond to Do Not Track signals set by your browser at this time.
We use or may use the data collected through tracking technologies to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the site; (b) provide custom, personalized content and information, including targeted content; (c) recognize and contact you across multiple devices; (d) provide and monitor the effectiveness of our Service; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our website; (f) diagnose or fix technology problems; and (g) otherwise to plan for and enhance our service.
If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Please note that doing so may negatively impact your experience using the Service, as some features and services on our Service may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. You may also set your e-mail options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our e-mail and performed certain functions with it.
We and our third-party partners may also use cookies and tracking technologies. For more information about tracking technologies, please see “Third Party Tracking” below.
How we use information we collect
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
Personalize your experience:
For example, we use the name and picture you provide in your account to identify you to other Service users. Our Services also include tailored features that personalize your experience, enhance your productivity, and improve your ability to collaborate effectively with others by automatically analyzing the activities of your team to provide search results, activity feeds, notifications, connections and recommendations that are most relevant for you and your team. We may use your email domain to infer your affiliation with a particular organization or industry to personalize the content and experience you receive from our service.
Improve our service via research and development:
We are always looking for ways to make our Services smarter, faster, secure, integrated, and useful to you. We may use your information and feedback to improve and maintain our Services, including our emails, bots, and website. For example, to improve the audience select feature, we may automatically analyze recent interactions among users and how often they talk to certain audiences. We automatically analyze and aggregate frequently used search terms to improve the accuracy and relevance of suggested topics that auto-populate when you change your settings. In some cases, we apply these learnings across our Services to improve and develop similar features or to better integrate the services you use. We also test and analyze certain new features with some users before rolling the feature out to all users.
To communicate with you about the Services:
We may use your information to help us to respond to your customer service requests and support needs effectively. We use your contact information to send transactional communications via email and within the Services, including confirming your purchases, reminding you of subscription expirations, We also send you communications as you onboard to a particular Service to help you become more proficient in using that Service. These communications are part of the Services and in most cases you cannot opt out of them. If an opt out is available, you will find that option within the communication itself or in your account settings.
Other ways of using your information:
We may also use your information to run promotions, contests, surveys, or other features, market products and services to you that we believe may be of interest to you, send you information you agreed to receive about topics we think will be of interest to you, send periodic emails with updates pertaining to our Services, provide customer support by responding to your inquiries, questions, and/or other requests.
For safety and security:
We use information about you and your information to verify accounts and activity, to
monitor suspicious or fraudulent activity and to identify violations of Service policies.
To protect our legitimate business interests and legal rights:
Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
With your consent:
We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
How we share information we collect
We want our service to work well for you, this means we will collect and analyze data provided to us via the various third-party accounts you enable for use with our Services. To do that, we will need to share your information with those certain third parties. We share information we collect about you in the ways discussed below, including in connection with possible business transfers, but we don’t sell information to advertisers and third parties. We require any third-parties to adhere to any privacy and security requirements governing the collection, use, and processing of your information.
Sharing with third parties:
We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services.
Our Services Providers:
We may share aggregated information and non-identifying information with third parties such as Mixpanels, Google Analytics, Hubspot to enhance the effectiveness of our Services and for industry research and analysis, demographic profiling, benchmarking, and other similar purposes. As part of our Services we may share aggregate, anonymous demographic information, survey results, market trends, and other analysis that we create based on the information we receive from you and other customers. Such information will never identify you, your business, or your employees.
Third Party Apps:
You, your administrator or other Service users may choose to add new functionality or change the behavior of the Services by installing third party apps (like Google Calendar) within the Services. Doing so may give third-party apps access to your account and information about you like your name and email address, and any content you choose to use in connection with those apps. Third-party app policies and procedures are not controlled by us, and this privacy policy does not cover how third-party apps use your information. We encourage you to review the privacy policies of third parties before connecting to or using their applications or services to learn more about their privacy and information handling practices. If you object to information about you being shared with these third parties, please uninstall the app.
Links to Third Party Sites:
The Services may include links that direct you to other websites or services whose privacy practices may differ from ours. If you submit information to any of those third party sites, your information is governed by their privacy policies, not this one. We encourage you to carefully read the privacy policy of any website you visit.
With your consent:
We share information about you with third parties when you give us consent to do so. For example, we often display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name alongside the testimonial.
Business Transactions:
Information that we collect from our users under this privacy policy, is considered to be a business asset. Thus, if we are acquired by a third party as a result of a transaction such as a merger, acquisition, or asset sale or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our business assets, may be disclosed or transferred to a third party acquirer in connection with the transaction. Such information will be governed by the terms of this policy unless you are notified of any changes and provided an opportunity to exercise any rights that may be available.
Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights:
In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms of Service or to protect the security or integrity of our Service; and/or (c) to exercise or protect the rights, property, or personal safety of Company, our visitors, or others.
Onward Transfers
Any information received under the Privacy Shield and subsequently transferred to a third party will be processed in accordance with those Principles. We agree to remain liable under the Principles if such information is processed in a manner inconsistent with the Principles, unless such information is processed in a manner inconsistent with our instruction.
How we store and secure information we collect
Information storage and security:
We use data hosting service providers in the United States to host the information we collect, and we use technical measures to secure your data.
If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to the U.S or any other country in which Company or our service providers maintain facilities and the use and disclosure of information about you as described in this Privacy Policy.
Sunrize, Inc complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
Keeping your information safe:
We care about the security of your information. However, no security system is impenetrable and we cannot guarantee the security of our systems
100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations. If you believe you have discovered a potential vulnerability in our service, please refer to our responsible disclosure guidelines for instructions on how to proceed.
All Sunrize
production services are hosted on Amazon Web Services’ (AWS) EC2 platform. The physical servers are located in AWS’s EC2 data-centers. Customer data is stored within the us1-east region. As of this date, AWS has certifications for ISO/IEC 27001:2013, 27017:2015, 27018:2014 and is certified as PCI DSS 3.2 Level 1 service provider and undergoes SOC 1, SOC 2, SOC 3 audits. See amazon website for more details.
All customer data is encrypted in transit and at rest. All servers processing personal data possess EBS volume encryption and communicate over SSL with TLS 1.2+ connection.
How to access and control your information
You have certain rights, choices, and means available to you when it comes to your information, including the use and disclosure of that data. Below is a summary of those choices, how to exercise them and any limitations.
You may also have certain rights and choices regarding our processing of your information. Depending on your jurisdiction, and if your information is processed under Privacy Shield, you may entitle you to additional consumer rights, including the right to:
- Know the categories and/or specific pieces of information collected about you, including whether your Information is sold or disclosed, and with whom your Personal Information was shared
- Access a copy of the Personal Information we retain about you
- Request deletion of your Personal Information
- Correct or amend your Personal Information
- Object to certain uses of your Personal Information.
To exercise any of these rights please contact support@sunrizeapp.com.
Data retention:
We will purge all company data in our database upon request, with a 48-hour response SLA. 7 days after deleting data from our database, it will be fully purged from all encrypted backups.
We use volume-encrypted Amazon RDS databases for our data storage and take automated encrypted backups every 24 hours, which are saved in Amazon S3. The backup is taken from our standby databases so that the extra load imposed by the backup process does not negatively impact customer traffic.
These S3 backups are not publicly accessible, and we do not use or consume them in any way, but rather retain them for 1 week (nightly for a 7-day rolling window) solely in the case of emergency recovery operations.
Your Choices:
You have the right to request the deletion of your information. Below, we describe the tools and processes for making these requests. You can exercise some of the choices by logging into the Services and using settings available within the Services or your account. Where the Services are administered for you by an administrator (see “Notice to End Users” below), you may need to contact your administrator to assist with your requests first. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.
Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. Where you have asked us to share data with third parties, for example, by installing third-party apps, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
Access and update your information:
Our Services give you the ability to access and update certain information about you from within the Service. For example, you can access and delete your interests or job titles directly from your account. To exercise any rights that may be available please contact support@sunrizeapp.com
Deactivate your account:
If you no longer wish to use our Services, you or your administrator may be able to deactivate your Services account. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact support@sunrizeapp.com. Please be aware that deactivating your account does not delete your information; your information remains visible to other Service users based on your past participation within the Services. For more information on how to delete your information, see below.
Delete your Information:
To delete your information, please send an email to support@sunrizeapp.com. Upon request, company data will be deleted from our database within 48 hours, and permanently purged from our encrypted S3 backups within 7 days. Encrypted database backups are taken nightly, and permanently deleted after 7 days. Application logs are stored on the host (encrypted EBS volumes) and deleted after 7 days. All communication with external services (such as Slack and Teams APIs are over SSL).
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Other important privacy information
Notice to End Users:
Many of our products are intended for use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different from this policy.
Administrators may be able to:
- require you to reset your account password;
- restrict, suspend or terminate your access to the Services;
- access information in and about your account;
- access or retain information stored as part of your account that’s associated with the organization the administrators are managing;
- install or uninstall third-party apps or other integrations
- In some cases, administrators can also:
- restrict, suspend or terminate your account access that’s associated with the organization the administrators are managing;
- change the email address associated with your account;
- change your information, including profile information that’s associated with the organization the administrators are managing;
- restrict your ability to edit, restrict, modify or delete information that’s associated with the organization the administrators are managing;
Even if the Services are not currently administered to you by an organization, if you use an email address provided by an organization (such as your work email address) to access the Services, then the owner of the domain associated with your email address (e.g. your employer) may assert administrative control over your account and use of the Services at a later date. You will be notified if this happens.
If you do not want an administrator to be able to assert control over your account or use of the Services, use your personal email address to register for or access the Services. If an administrator has not already asserted control over your account or access to the Services, you can update the email address associated with your account through your account settings in your profile.
Please contact your organization or refer to your administrator’s organizational policies for more information.
California Requirements
Exercising your rights:
If you are a California resident, there are some additional rights that may be available to you under the California Consumer Protection Act (“CCPA”). This policy explains the tools that we have made available to you to exercise your data rights under the CCPA, such as the right to deletion and the right to request access to the categories of information we have collected about you. For more information on how to exercise your rights please visit the “How to access and control your information” section of this policy. We encourage you to manage your information, and to make use of the privacy controls we have included in our Services. You will not be discriminated against for exercising any of your privacy rights under the CCPA. In order to protect your information from unauthorized access or deletion, we may require you to provide additional information for verification. If we cannot verify your identity, we will not provide or delete your information.
Sharing your personal information:
We don’t sell your personal information. We do share your information with others as described in the “How we share information we collect” section of this policy.
Processing your information:
This policy describes the categories of personal information we may collect, the sources of that information, and our deletion and retention policies. We’ve also included information about how we may process your information, which includes for “business purposes” under the CCPA – such as to protect against illegal activities, and for the development of new products, features, and technologies. If you have questions about the categories of information we may collect about you, please be sure to visit the section of this policy called, “What information we collect about you.” For more details about our processing activities, please be sure to visit the section called, “How we use information we collect.”
If you have any questions or would like to exercise your rights under the CCPA, you can reach out to us at support@sunrizeapp.com
European Union Residents
Residents of the European Union may have additional rights, including a right to an independent dispute mechanism to resolve complaints, and the right to choose whether information collected about you is used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. European Union resident individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at support@sunrizeapp.com. We will respond within at least 45 days from the time we receive your complaint and endeavor to resolve any issues as quickly as possible.
An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. Please see Annex I of the Privacy Shield for additional information.
For certain processing activities, we agree to comply with, and you may have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Your Acceptance of These Terms:
By using our Services, you signify your acceptance of this Privacy Policy.
Changes to this Privacy Policy:
We reserve the right to revise this Privacy Policy from time to time. We will post changes on this page and indicate the “last modified” date at the top of this page. Please check back often for any updates. You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically, and that your continued use of our Services after any change in this Privacy Policy will constitute your acceptance of such change.
Contact Us:
If you have any questions about this Privacy Policy, please contact us at support@sunrizeapp.com