Privacy

Effective as of May 15, 2020

This Privacy Policy describes how Tiled, Inc. and our subsidiaries and affiliates (collectively “Tiled,” “we“, “us” or “our“) handle personal information that we collect though our websites, mobile applications and other digital properties that link to this Privacy Policy (collectively, the “Service”), through social media, in connection with our marketing activities, and through other activities described in this Privacy Policy.

Personal information we process for our customers

Tiled provides a web-based software platform that businesses use to create, distribute and interact with microapps. We may collect and process personal information in our role as a processor on behalf of our customers, including when customers use our services to: (i) host and/or share content and collect analytics; (ii) send electronic communications, including SMS messages and emails, to other individuals; or (iii) otherwise collect, use, share, disclose or process personal information via our Service.

If you are using with the Service because you are an authorized user of one of our customers, or because you are interacting with a microapp from one of our customers’ accounts, the personal information we may collect, receive, process, and store may include name, phone number, job title, employer name, mailing address, email addresses, credential data, other profile data and other information identifiable to you; your search queries and viewing history; information related to your microapp viewing behavior and activities; location data, and automatically collected information such as IP addresses and the type of device or operating system. Customer’s users can also upload content to the Service, which may include your personal information, and share such content with other users or with the public.

We have no direct relationship with the people whose personal information we collect for customers while providing the Service to them. All such information is owned and controlled by our customers, who are the data controllers for such information with respect to data protection laws. Our use of this information is restricted by our agreements with those customers. We are not responsible for and do not control customers’ privacy and data security practices, which differ from those in this Privacy Policy. This Privacy Policy does not apply to any information we receive from or on behalf of our customers or their agents. If your personal information was submitted to us by, or on behalf of, a Tiled customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly.

Personal information we collect

Information you provide to us. Personal information you may provide to us through the Service, at a tradeshow, on our website, at our offices, by responding to inquiries from us, or otherwise includes:

Contact data, such as your first and last name, and email and physical addresses.
Profile data, such as your username and password that you set to establish an online account with us, and any other information that you add to your account profile.
Communications that we exchange, including when you contact us with questions, feedback, or otherwise.
Marketing data, such as your preferences for receiving communications about our products and services, and details about how you engage with our communications.
Other information that we may collect which is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third party sources. We obtain personal information from other sources, such as:

Data providers, such as information services and data licensors that provide contact, profile, demographic and other information.
Public sources, such as social media platforms.
Integrated services, such as Google, Salesforce, Adobe XD, Slack or other public or proprietary services offered by third parties that have been integrated into a Tiled account or microapp.

For Google user data collected as part of the Service’s integration with Google’s APIs, the use of the data adheres to Google’s User Data Policy established for its API Services and its stated Limited Use requirements found here: https://developers.google.com/terms/api-services-user-data-policy.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your activity over time on our sites and other sites and online services. This information may include:

Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, IP address, unique identifiers, the website you visited before browsing to our website, and general location information such as city, state or geographic area.
Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.

Cookies. Some of our automatic data collection is facilitated by cookies and similar technologies. For more information, see our Cookie Notice.

How we use your personal information

We use your personal information for the following purposes or as otherwise described at the time we collect it:

Service delivery. We use your personal information to:

provide, operate and improve the Service and our business;
establish and maintain your user profile on the Service;
enable security features of the Service, such as by sending you security codes via email or SMS;
communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
understand how you interact with content presented through our website;
understand your needs and interests, and personalize your experience with the Service and our communications; and
provide support for the Service, respond to your requests, questions and feedback.

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business. Sometimes, we may also create aggregated, de-identified or other anonymous data from personal information we collect by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Marketing and advertising. We and our third party advertising partners may collect and use your personal information for marketing and advertising purposes:

Direct marketing. We may send you Tiled-related or other direct marketing communications as permitted by law, including by email. You may opt-out of our marketing communications as described in the Opt-out_of_marketing section below.
Interest-based advertising. We may contract with third-party advertising companies and social media companies to display ads on our Service and other sites. These companies may use cookies and similar technologies to collect information about you (including the device data, online activity data and/or geolocation data described above) over time across our Service and other sites and services or your interaction with our emails, and use that information to serve ads that they think will interest you. You can learn more about your choices for limiting interest-based advertising, in the Your choices section below.

Compliance and protection. We may use your personal information to:

comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
audit our internal processes for compliance with legal and contractual requirements and internal policies;
enforce the terms and conditions that govern the Service; and
prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

How we share your personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection:

Affiliates. Our subsidiaries and other corporate affiliates, for purposes consistent with this Privacy Policy.

Service providers. Companies and individuals that provide services on our behalf or help us operate the Service or our business, such as hosting, information technology, customer service, email delivery, and analytics.

Advertising partners. Third party advertising companies that collect information about your activity on the Service and other online services to help us advertise our services, and/or use hashed customer lists that we share with them to deliver ads on their platforms to those customers and similar users.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transferees. Relevant participants in business transactions (or potential transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Tiled or our affiliates (including, in connection with a bankruptcy or similar proceedings).

Social Sharing Features. Our Service may offer sharing features and other integrated tools that allow you to share microapps or actions you take when using our Service with other media or applications, and vice versa. The use of these features enables the sharing of information with others, depending on the settings you establish with the entity that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.

Analytics Services Provided by Other Companies. We may allow others to provide us with analytics services. These entities may use cookies, web beacons, and other technologies to collect information about your use of our Service, including your IP address, web browser, pages viewed, time spent on pages, links clicked, and other usage information. This information may be used to analyze and track data, and to determine the popularity of certain content so we can better understand your use of our Service.

Customer Data. When you interact with a microapp or otherwise use our Service, we will share details about you and about that interaction, including information like your IP address, web browser, pages viewed, time spent on pages, links clicked, and other usage information, with users within the customer account publishing the microapp. This collection and use of information on behalf of our customers is controlled by the customer and subject to the customer’s privacy policy.

Sales of Personal Information. We will not “sell” your personal information, as that term is defined in the California Consumer Privacy Act of 2018 (“CCPA”), and have not done so over the last 12 months.

Your choices

You have the following choices with respect to your personal information.

Access or update your information. If you have registered for an account with us, you may review and update certain account information by logging into the account, subject to the administrative and privacy policies of the customer that owns the account.

Opt-out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. You may continue to receive service-related and other non-marketing emails. If you receive marketing text messages from us, you may opt out of receiving further marketing text messages from us by replying STOP to our marketing message.

Cookies. Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Service and the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information requested, we may not be able to provide those services.

Customer Data. We collect information for our customers. If you receive access to the Service under an account with one of our customers, including viewing any microapp or other content published under that account, and would no longer like to be contacted by that customer, please contact the customer that you interact with directly. We will retain personal data we process on behalf of our customers for as long as needed to provide services to our customers. Seismic will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Other sites and services

The Service may contain links to websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or other online services that are not associated with us. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

International data transfer

We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

Children

The Service is not intended for use by children under 16 years of age. If we learn that we have collected personal information from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Service. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

How to contact us

Email: privacy@tiled.co

Mail: Tiled, Inc. 11848 Bernardo Plaza Ct., STE 110, San Diego, CA 92128

Information regarding the European Economic Area

Notice to European users

This section applies only to individuals in the United Kingdom and the European Economic Area.

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Processor. Tiled, Inc. is the processor of your personal information covered by this Privacy Policy for purposes of European data protection legislation.

Legal bases for processing. The legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it. However, the legal bases we typically rely on are set out in the table below. We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law). If you have questions about the legal basis of how we process your personal information, contact us at privacy@tiled.co.

Processing purpose

‍Details regarding each processing purpose listed below are provided in the section above titled “How we use your personal information”.

‍Legal basis

Service delivery: Processing is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service. Where we cannot process your personal data as required to operate the Service on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the Service you access and request.

Marketing and advertising: Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.

Research and development, Compliance and protection: These activities constitute our legitimate interests.
‍Compliance with legal obligations Processing is necessary to comply with our legal obligations.
‍Actions we take with your consentProcessing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information

We ask that you not provide us with any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Service, or otherwise to us. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our Service.

Retention

We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested; to comply with applicable legal, tax or accounting requirements; to establish or defend legal claims; or for fraud prevention). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Your rights

European data protection laws give you certain rights regarding your personal information. If you are located within the United Kingdom or European Economic Area, you may ask us to take the following actions in relation to your personal information that we hold:

Access. Provide you with information about our processing of your personal information and give you access to your personal information.
Correct. Update or correct inaccuracies in your personal information.
Delete. Delete your personal information.
Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
Restrict. Restrict the processing of your personal information.
Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You may submit these requests by email to privacy@tiled.co or our postal address provided above in the How to contact us section. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Special note regarding personal information processed by Tiled for customers: If we have collected or are otherwise processing your personal information in connection with your access to the Service under an account with one of our customers, including viewing any microapp or other content published under that account, you should contact that customer (e.g. the business with whom you emailed or otherwise engaged online using our Service) in the first instance to address your rights with respect to the personal information.

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

Tiled complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, processing, use, and retention of Personal Data transferred from the European Union and the United Kingdom and/or Switzerland (“EU Data”) to the United States in reliance on Privacy Shield. Tiled has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in the policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit the Department of Commerce’s Privacy Shield website.

In compliance with the Privacy Shield Principles, Tiled commits to resolve complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our Privacy Shield should first contact Tiled at privacy@tiled.co.

If Tiled does not resolve your complaint, Tiled commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner, and comply with the advice given by the panel or Commissioner, as applicable, with regard to data transferred from the EU or Switzerland, as applicable.

Under certain conditions specified by the Privacy Shield Principles, you may also be able to invoke binding arbitration to resolve your complaint not resolved by any of the other Privacy Shield mechanisms as described here: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Tiled is subject to the investigatory and enforcement powers of the Federal Trade Commission. If Tiled shares EU Data with a third-party service provider that processes the data solely on Tiled’s behalf, then Tiled may be held liable for that third party’s processing of EU Data in violation of the Principles, unless Tiled can prove that it is not responsible for the event giving rise to the damage.

Tiled has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU, the United Kingdom, and Switzerland in the context of an employment relationship.

‍