Last Updated: January 24, 2022
Effective Date: April 6, 2021
Sequin is a set of tools and services owned and operated by Sequin Labs, Inc. Sequin replicates APIs to Postgres databases in real-time so developers can skip API integrations. The services consist of software, apps, a web interface, content offered in connection with the software, documentation, and online tools, whether they are accessed through the use of a mobile device, computer, or other method (individually and together, the "Services"). The term "Services" also includes any help desk and support services we offer, as well as any new features which augment or enhance the current Services, including the release of new features or products.
When you enter into an agreement with us, either by accessing the Services, by executing an agreement in hard copy or by clicking "I Accept" or similar language online, we will process your Data for the purposes of fulfilling the terms of our contract with you. In that case, our processing of your Data is based on the contract, so your withdrawal of consent will only be effective after the purposes for processing that Data have been fulfilled and after we no longer have a legal obligation to keep that Data.
In all cases, we will comply with applicable law and we will cease processing your Data after the legal right, obligation, or other lawful basis expires.
The Services are directed solely to persons 18 years of age or older or of children under 18 who are supervised by a parent, guardian, or other caregiver. Other than for Data collected for the specific purpose of providing the Services to users, we do not knowingly collect Data from users who are under 13. If we become aware that we have gathered Data from a person under 13, except to provide the Services to such person, and except to the extent allowed or required by law, then we will attempt to delete such Data as soon as possible, subject to our obligations under applicable law. If you believe that we have gathered Data from a person under 13 in contravention of this policy, please contact us at email@example.com.
Listed below are the categories of Data we collect when you use our Services. We never sell your Data, and we always have a lawful basis for gathering the Data, but that lawful basis might be different for different categories, and we describe those uses below. Regardless, we never use the Data for any purpose other than the purpose for which we gathered the Data in the first place, unless we get your prior explicit consent.
A. Registration Data
Data Description: Registration Data consists of the name, e-mail address, and other contact information you provide us using the Services when you register your account or thereafter.
Lawful Basis for Processing: Our lawful basis for processing Registration Data is (1) our contract with you or your employer, (2) our legitimate interest in providing that data as a service provider for your employer, and/or (3) your consent. We can only provide certain of the Services to you if we have the Registration Data, so we need to store and access that Registration Data during the term of our contract. Even when the Registration Data is not critically necessary to the provision of the Services, we may still process that Registration Data to facilitate our contractual interactions with you.
How We Use It and Who We Share It With: Registration Data is accessible only to us and to you. We use it only to provide the Services to you. At times, we will share the Registration Data with other third parties at your request or to fulfill requests that you make of us. We may also use your Registration Data to offer our own goods or services to you through emails, but you may opt out of those offers at any time. We will never share your username or password with any third party, and we will never sell your Registration Data to any third party.
B. Engagement Data
Data Description: Engagement Data consists of all the information you input or record using the Services, except as otherwise stated in this policy. It also includes all information that is proprietary to you regarding your use of the Services (other than the data that qualifies as "Usage Data" below) that is collected or processed by the Services. For example, Engagement Data includes employee interaction information, personal information about you and your employees, and internal company communications, among other things.
Lawful Basis for Processing: Our lawful basis for processing Engagement Data is (1) our contract with you or your employer, (2) our legitimate interest in providing that data as a service provider for your employer, and/or (3) your consent.
How We Use It and Who We Share It With: Your Engagement Data is accessible only to us, to you, and where it relates directly to a party who either provides services to you or receives services from you, to that party, in which case that party will be obligated to protect the confidentiality of your Engagement Data. We do not share Engagement Data with other third parties, except at your specific request. We also do not de-identify or aggregate Engagement Data for use for any purpose other than to provide the Services to you and to improve our knowledge of how our systems are used.
C. Usage Data
- Data Description: Usage Data consists of the following and similar information:
- Information about your interactions with the Services, most commonly our website, which includes the date and time of any requests you make. This also may include details of your use of Third-Party Applications and any advertising you receive via the Services.
- Adjustments you make to the default state of the Services, such as custom categories or settings.
- The timing of the information you post to the Services including messages you send and/or receive via the Services and your interactions with our customer service team, but not including the content of those interactions and messages, which would be included as Engagement Data.
- Technical data which may include URL information, cookie data, your IP address, the types of devices you are using to access or connect to the Services, unique device IDs, device attributes, network connection type (e.g. WiFi, 4G, LTE, Bluetooth) and provider, network and device performance, browser type, language, information enabling digital rights management, operating system, and application version.
We may use third-party services to track engagement. These may consist of service providers such as Segment, FullStory.com, Intercom, Google Analytics, and Amplitude Analytics. These may change over time.
Lawful Basis for Processing: Our lawful basis for processing Usage Data is (1) our contract with you or your employer, (2) our legitimate interest in providing that data as a service provider for your employer, and/or (3) your consent.
How We Use It and Who We Share It With: Usage Data is accessible to us and to you. We do not share it with third parties, except at your specific request, but we may use Usage Data to make improvements to the Services and may user third-party service providers to that end. Both during the term of our agreement with you and thereafter, we may also use Usage Data in an anonymized and aggregated format that is not identifiable to any individual, and that anonymized and aggregated information belongs solely to us to use in our sole discretion (including to sell anonymized and aggregated information, which is not Data). To the extent we are required to delete any Usage Data about you, we may still retain aggregated and anonymized information that may have originated as your Usage Data.
D. Payment Data
- Data Description: Payment Data is only collected when your use of the Services is subject to the payment of a fee or other charge. Payment Data is the information necessary for us to process your payments for premium Services. Payment Data will vary depending on the payment method you use (e.g. direct via your mobile phone carrier or by invoice) but will include information such as:
- Date of birth;
- Certain credit card information used to reference a credit card; (Please note that we use a third-party provider to collect credit card information. The third party's collection tool is layered over our shopping cart, so your credit card information never hits our system at all.)
- Address and postal code; and
- Mobile phone number
Lawful Basis for Processing: Our lawful basis for processing Usage Data is (1) our contract with you and (2) our legitimate interest in improving our Services based on the Payment Data we receive from you.
How We Use It and Who We Share It With: We only use Payment Data to facilitate payment, and we only communicate it to those parties who are strictly necessary for that purpose.
E. Business Data
The Services we render involve obtaining information from third parties who are already rendering services to you and with whom you share your Data already. The Services may integrate directly with those third parties through the use of your credentials and may obtain access to the data those third parties are processing about you, your customers, and your business ("Business Data"). The Business Data may include exceptionally sensitive personal information, and that Business Data may be transmitted, stored, and processed using the Services. However, while we may access and process the Business Data for the sole purpose of providing the Services, our employees never access or view the Business Data other than while we are in the direct act of providing support services to you or your employees.
Except where a specific limitation is noted above, we may share your Data as follows:
At Your Instruction. If you request us to make your Data available to a third party, and such request furthers the purposes of our Services, we will do so.
Sharing with Vendors. In certain cases, we use the services of third-party vendors, to assist us in providing the Services. We may share your Data with such vendors solely for that purpose, and we will require those parties to abide by our privacy policies or privacy policies substantially in consonance with ours.
Service Providers. We may sometimes use a third party to provide specific Services on our behalf, including sending e-mails to our members, conducting member surveys, processing transactions or performing statistical analysis of our Services. In these cases, we may provide certain personal information, such as your name and e-mail address and other financial information necessary for the service to be provided. However, these third parties are required to maintain the confidentiality of this information and are prohibited from retaining, sharing, storing or using this information for any other purposes.
Business Transitions. In the event that we go through a business transition, such as a merger, acquisition, liquidation or sale of all or a portion of our assets, the information we have about you will, in most instances, be part of the assets transferred. We reserve the right to transfer that information in connection with such transactions without notice to you. We will not be required to obtain your consent for such a transfer.
Legal Disclosure. We may disclose your Information if required to do so by law or in the good faith belief that such action is necessary to conform to applicable law, comply with a judicial proceeding, court order or legal process served on us, protect and defend our rights or property, or investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our terms of service.
If we ever plan to use any Data in the future for any other purposes not identified above and we do not have a separate lawful basis for that new purpose for processing, we will only do so after obtaining your specific consent.
The technologies we use for automatic Data collection may include the following:
Flash Cookies. Certain features of our Services may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from and on our Services. Flash cookies are not managed by the same browser settings as are used for browser cookies.
Web Beacons. Pages of the Services and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs. pixel tags and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Other Technologies. We may also use device identifiers, local storage, html modifiers, and different types of caching to help us understand the devices and users who access the Services. Those methods include device identifiers that are either hardware-based or software-based, persistent or non-persistent, and which may identify either a device or a software module within a device (such as a web browser).
By using our Services, you agree that we may use your Data to market our other Services to you. If, after giving your consent, you wish to opt-out of our using your Data to market Services to you, please follow the instructions below.
Receiving electronic communications from us: If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out of receiving these marketing-related emails by sending a request for list removal to firstname.lastname@example.org.
We will comply with your request(s) as soon as reasonably practicable. Please also note that if you do opt-out of receiving marketing-related emails from us, we may still send you messages for administrative or other purposes directly relating to your use of the Services, and you cannot opt-out from receiving those messages.
For employees and other authorized users operating in their role as administrators or users of our services, our lawful basis is the legitimate interest we have in providing the services to their employer.
The GDPR also requires us to take appropriate technical and organizational measures to protect the security of Data relating to residents of Europe. We make commercially reasonable efforts to ensure the privacy and security of the Data of our European visitors and customers, and we are happy to give you a complete description of our most current efforts in that regard. You may write to Anthony Accomazzo, who serves as our data protection officer, at email@example.com.
California has also adopted the California Consumer Privacy Act ("CCPA"), which took effect at the beginning of 2020. We comply with the requirements of the CCPA to the extent they apply to us.
If you are a California resident and we qualify as a "business" under the terms of that law, you will have the following rights:
You have the right to request that we disclose the categories and the specific items of Data about you that we collect, use, disclose, and/or sell and that Data about you that we have collected, used, disclosed, and/or sold during the 12 months prior to your request. Notwithstanding the foregoing, if we process Data about you because it was entered into our system by a processor, we will likely not be able to identify you from the information that is in our system, and in that case, you will need to contact the processor who entered your information into the system. You also have the right to have the Data we collect about you deleted. We use a two-step process to verify your identity and to have the information deleted. Your rights to have Data deleted are subject to several exceptions, including the references in the foregoing bullet point about Data entered into the system by a processor, and in particular the Data that is necessary for us to: -- complete your transaction; -- provide you a good or service; -- perform a contract between us and you; -- protect your security and prosecute those responsible for breaching it; -- fix our system in the case of a bug; -- protect the free speech rights of you or other users; -- comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.); -- engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws; -- comply with a legal obligation; or -- make other internal and lawful uses of the information that are compatible with the context in which you provided it.
To make any request under the CCPA, you must complete the Data Request Form found at https://airtable.com/shrmz096BUCNtdh3z or send an e-mail to firstname.lastname@example.org. You will be asked to give us your name, e-mail address, and any other information we request to reasonably verify your identity. We will respond to your request within 10 days after receipt of your request, and we will then take action to verify your identity and fulfill your request, as required by the CCPA.
We will provide you with a CSV copy of your stored data within 45 days of your request, assuming we are able to verify your identity in that period and so long as you provide a correct email address for successful correspondence.
You have the right not to receive discriminatory treatment by us for the exercise of any privacy rights conferred by the CCPA, which means that we will not take any action to hurt or punish you for exercising your rights under the CCPA.
You may designate an authorized agent to make a request under the CCPA on your behalf by writing us at email@example.com. Upon receipt of your request, we will provide you with the information you will need to designate that agent.
Note that we are not allowed by law to at any time disclose your Social Security number, driver's license number, or other government-issued identification number, financial account number, any health insurance or medical identification number, or any account password or security questions or answers.
We have listed the specific and general categories of information we have collected, disclosed, or sold in the last 12 months in the section above entitled "Data We Collect and How We Use It." That section also lists the specific and general categories of Data we have disclosed to third parties for our business purposes.
We do not sell your Data.
We do not sell the personal information of minors under 16 years of age.
For more information, please direct your questions to us at firstname.lastname@example.org.
The security of your Data is important to us. We use commercially reasonable efforts to store and maintain your Data in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Data that you provide to us. We have implemented procedures designed to limit the dissemination of your Data to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.
You have the right to access the information we hold about you in order to verify the information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your information, although in certain limited circumstances we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.
We will make every reasonable effort to keep your information accurate and up-to-date, and we will provide you with mechanisms to update, correct, delete or add to your information as appropriate. As appropriate, this amended information will be transmitted to those parties to which we are permitted to disclose your information. Having accurate information about you enables us to give you the best possible service.
You can help by keeping us informed of any changes such as a change of your personal contact information. If you would like to access your information, if you have any questions, comments or suggestions of if you find any errors in our information about you, please contact us at email@example.com. If you have a complaint concerning our compliance with applicable privacy laws, we will investigate your complaint and if it is justified, we will take appropriate measures.