Effective Date: February 16, 2018
Our Philosophy of Privacy Protection
- We collect information from you solely for the purpose of helping you create a confidential record and report of what happened, and, at your request, sending a version of that report to your employer.. We keep information for the minimum amount of time required to provide this service, after which your information is deleted.
- Our employees are prohibited from accessing your information unless you choose to submit a report to Spot for research purposes.
- We do not track you for the purposes of advertising or selling your data. We do track minimal aggregated, anonymized statistics to allow us to determine how our product is being used, but our core philosophy is that less tracking is better. The policy below explains in detail how we operate in accordance with this philosophy.
Information We Collect and How We Use It
Personal Information that You Elect to Provide Us
When you answer questions or submit other information to Spot, this will be information which you directly give us. Because we change our offerings and features from time to time, the options you have to provide us with information may also change. Here are some examples of information which you may decide to submit, unless you decide to stay entirely anonymous:
- Your name
- Your email address
- Demographic information (such as your gender and occupation)
- The name of your employer
- Other information about your employer, such as your department, location, industry or size
- Email address(es) to which you would like us to submit a report
- The name of the person who you feel treated you inappropriately
- Other details about an event, such as the time, location, or recurrence
- Feedback about your experience using Spot
Depending on how you choose to use Spot, the personal information we collect from you may vary. For example, you may only want to submit summary keywords to describe your experience. Summarizing your experience in keywords helps you to protect your anonymity if you request Spot to forward your report to someone. In other circumstances, you may elect to provide a more detailed report including additional information, such as your name or that of people who treated you unfairly. You should not include sensitive data (such as, names, places, events, etc.) if you will ask Spot to forward a report to another person and you desire to preserve your anonymity. Spot highlights instances in which you are asked to submit sensitive information and tells you what we will do with the information you submit.
You may elect to provide information and generate a report solely for your own purposes, in which case you should not make use of our service to send a redacted report to someone else, or permit us to submit your report to our researchers. If you create a report only for yourself, you will receive an email from Spot with a link to download that report. The data contained in your version of the report will be automatically removed from our systems 30 days after you download it for the first time. We wait 30 days so you have another chance to save the document if you can’t immediately download it to a secure location. After you’ve downloaded your report, you can manually delete that version of it from the Spot servers.
If you want us to send a version of your report to the organization you work or worked for, you must provide us with the recipient’s email address. Email addresses obtained in this manner are used solely for the purpose of submitting the report. When you elect to have Spot send a report, the recipient gets an email from Spot with a link to download that report. We retain this report on our systems for 30 days after the recipient downloads the report for the first time. If the recipient has not downloaded the report three months after receiving the download link, we remove that version of the report from our servers. If Spot sent a download link and the recipient has not yet downloaded the report, you can delete that version of the report from our servers using the status webpage that you bookmarked during your chat with Spot.
When you send a report download link to someone through Spot, we retain the recipient’s email address and a timestamp for when the email was sent. If the recipient downloads the report, we also retain a timestamp for that event. We do not retain other data about your report. Should the recipient ever deny that they received a download link or downloaded a report, we can offer proof that the email was sent and indicate whether a download for the report was initiated.We will not have the report itself after the expiration of the 30-day period following the first download. We will also not have the report itself if you manually deleted it on the status webpage before the recipient downloaded it. If you wish to obtain information regarding the delivery of a report and if and when a report was downloaded, please email Spot at firstname.lastname@example.org, ideally providing: (1) the report ID on the version of the report you kept for your records, (2) the email address where you asked us to send the report, and (3) the date and time you chatted with Spot. We review all requests for information and will conduct an investigation as to whether or not we believe the individual requesting information is entitled to receive it. The decision whether or not to provide the information requested lies with us.
In addition to creating a report for yourself, and directing Spot to send a report to another person, you may elect to have Spot share your report with our researchers. If you do so, Spot will automatically delete information you provide in the following data fields before sending your data to the researchers:
- Person accused of behaving inappropriately
- Your name
In addition, after such automatic deletion has occurred, Spot or our researcher personnel will read your report and endeavor to remove any individual or organization names they identify and that you may have included in other data fields.
Information submitted to our researchers is combined with the reports of others, as part of a database for research purposes. By combining the experiences of lots of people, we can examine what kinds of harassment and discrimination people are experiencing at work, and how we can help to make every voice heard. Because of open science guidelines, and the data sharing responsibilities that scientists have, we share the redacted set of reports with the scientific community.
Information We Collect by Automated Means
When you use Spot, your computing device is automatically providing information to us so we can respond and customize our response to you, and improve the user experience of our service. The type of information we collect to improve your user experience by automated means may vary, but generally includes technical information about your computer, such as its IP address or other device identifier, the type of device you use, and operating system version. The information we collect also may include usage information and statistics about your interaction with Spot. That information may include the URLs of our web pages that you visited, URLs of referring and exiting pages, page views, time spent on a page, number of clicks, platform type, location data, and other information about how you used Spot.
When you visit a Spot website, your browser automatically sends us your Internet protocol ("IP") address so that the web pages you request can be sent to your computer or device. We use your IP address to determine additional information, such as whether the computer or device has ever been used to visit Spot before, and how much time was spent on a page. Information about your general location may be discernable from your device's IP address or the URLs we receive.
We use this information for a variety of purposes, such as analytical purposes and to manage technical issues that may arise. At no point do we attempt to identify individual users through this information.
We may log information using "cookies." Cookies are small data files stored on your hard drive by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on Spot. This type of information is collected to make Spot more useful to you and to tailor the experience with us to meet your special interests and needs.
We created Spot to provide a valuable service to you, and not to obtain your information to sell or rent to third parties. In addition to actions you elect to take in providing us information to share with a third party, the circumstances in which we disclose information you provide to us are limited to the following:
- where you have provided us your express consent;
- we need to share your information with service providers for the limited purpose of processing data on our behalf in order to operate and improve Spot’s features and functionality, including fulfilling your reporting requests (subject to contractual data protection requirements);
- we believe it is necessary to investigate potential violations of our Terms of Service, to enforce the Terms of Service, or where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud or potential threats against persons, property or the systems on which we operate Spot;
- we determine that the access, preservation or disclosure of information is required or permitted by law to protect the rights, property or personal safety of Spot or users of Spot, or is required to comply with applicable laws, including compliance with warrants, court orders, subpoenas, legal process, or other lawful government requests (including in response to public authorities to meet national security or law enforcement requirements);
- we share aggregated usage statistics that cannot be used to identify you individually; or
- we do so in connection with the sale or reorganization of all or part of our business, as permitted by applicable law.
While we use contractual and other measures to ensure protection of personal information, the laws and regulations relating to privacy and personal information protection in other legal jurisdictions may not be the same as, or similar to, your local privacy laws. The governments, courts, law enforcement or regulatory agencies in these other jurisdictions may be able to request disclosure of personal information through the laws of these countries. In an effort to respect your privacy, we will not otherwise disclose your personal information to law enforcement, other government officials, or other third parties without a subpoena, court order or substantially similar legal procedure, except when we believe in good faith that the disclosure of information is necessary to prevent imminent physical harm, financial loss or to report potentially illegal or fraudulent activity.
Other Important Information
We do not sell or rent your Customer Information to third parties for their marketing purposes without your explicit consent. While we ask you for your email address to forward reports to yourself, we do not store this email address and will not use it as a communication channel. You may sign-up, however, for a newsletter on our website. In this case, we may contact you via email with Spot-related announcements that we think may be beneficial to you, and special offers. We also may contact you with information about products and services from our business partners. You may opt out of such commercial communications at any time by following the opt-out instructions provided in such messages. You may not opt out of receiving what we consider to be essential messages relating to the Spot service, customer service responses or other communications relating to inappropriate use of Spot or requests from third-parties to access information in your account. We may deliver those messages using any of the information in our records. You release us from any responsibility for communications you elect not to receive.
Deleting data submitted to Spot
We will honor any statutory right you might have to access, modify or erase your personal information. You can contact Spot customer support at email@example.com to request access. Where you have a legal right to request access or request the modification or erasure of information, we can still withhold that access or decline to correct information in some cases in accordance with applicable law, but will give you reasons if we do so. Please be aware that we cannot guarantee the deletion of whatever you submitted as we will not always be able to identify your data set. We may have to store certain sets of data to comply with our research (if you submitted a report for research) or legal obligations, resolve disputes and enforce our agreements.
We are committed to protecting the security of your information and take reasonable precautions to protect it. We use industry standard encryption to protect your data in transit and while it is stored on our servers. This is commonly referred to as transport layer security (TLS) or secure socket layer (SSL) technology. However, internet data transmissions cannot be guaranteed to be 100% secure, and we cannot ensure the security of information during its transmission between you and us. Accordingly, you acknowledge that when you transport such information, you do so at your own risk.
We protect your information in our systems using technical and administrative security measures designed to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centers, and information access authorization controls.
If we learn of a system breach, we may attempt to notify you and provide information on protective steps, if available, using the information that you have provided to us or by posting a notice on our web site and/or via other communication platforms. Depending on where you live, you may have a legal right to receive such notices in writing.
We explicitly recommend that you do not access www.talktospot.com from any work device or while on a work network. We cannot prevent, nor be held responsible for, you being monitored by others, particularly if you communicate using computing devices or networks owned or controlled by third parties, such as your employer.
If you received suspicious reports via a Spot email address, please contact us at firstname.lastname@example.org.
Vulnerability Disclosure Policy
Spot is committed to protecting your safety and keeping your data secure. If you believe you have discovered a potential security vulnerability with Spot’s online systems, we appreciate your help in disclosing the issue to us at email@example.com.
Privacy of Minors
Spot is not intended for minors. Minors under 13 years of age are expressly prohibited from using Spot or providing any personal information. If you become aware that a child has provided us with personal information without parental consent, please contact us at firstname.lastname@example.org. If we become aware that that we have inadvertently obtained information in violation of applicable laws, we will delete such information if it is possible to identify such information.
Scope of Policy
International Transfer of Personal Data
Most of your data is only shortly stored on our servers and will be removed afterwards. During the period that your personal data is stored on our servers, however, it may be collected, processed and/or otherwise transferred outside your current geographic location and may be processed not only in the country in which it was collected but also in other countries, including the United States, where data protection and privacy laws and regulations may not offer the same level of protection as in other parts of the world. By providing your personal data to us, you consent to such transfer, collection and/or processing in the United States of your personal data.
Attn: Legal Department
1266 Harrison Street
San Francisco, CA, 94103