TEXTEXPANDER ONLINE CCPA POLICY
Effective Date: January 1, 2020
This Policy applies to the Service – TextExpander’s system for creating, editing, and administering short abbreviations (“Snippets”) which expand into larger pieces of text, images, and/or scripts, and TextExpander’s software used to perform expansion on specific platforms, including https://textexpander.com (the “Website”). If you do not agree with its terms, do not access or use the Service.
TextExpander, Inc. (“us” or “we”) collects, uses, and discloses certain information about people who visit our Website or use the Service.
The California Consumer Privacy Act (“CCPA”) gives California “residents” who are “consumers” specific rights to their “personal information” as each of those quoted terms are defined in that law. These rights are subject to exceptions and limitations stated in the CCPA. We’ll refer to such California residents and consumers as “you.”
The CCPA only applies to certain businesses. To the extent it applies to us, this policy describes your rights and our online practices regarding personal information.
This Policy applies to:
- Personal information that either does or could be used to identify you, such as name, email, device identifiers and most recently visited Internet site (“Personal Information”).
- All users within any business entity (“Organization”) or individual (each a “Customer”) who has contracted to use the Service.
This Policy does not apply to:
- the processing and handling of all information which is not Personal information (“Content”) through the Service, which is governed by a separate agreement (“Terms of Service” or “TOS”).
- any third party applications or software that integrate with the Service through the TextExpander platform (“Third Party Services”), or any other third party products, services, business files or other information submitted through Service accounts (collectively, “Third Party Data”).
- information that is publicly available through government records.
- personal information collected by an employer from job applicants and employees used solely within the employment context.
- aggregated or de-identified data that can’t be used to identify any natural person, which we may use for any legitimate business purpose, such as showing a prospective customer aggregated data on the number of Snippets expanded.
- personal information covered by subject matter specific privacy laws such as The Fair Credit Reporting Act.
If you have an individual account for the Service, when we use “you,” you are both the Customer and User of the account.
Organizations use our Service by creating accounts for one or more Teams of Users which are linked to that Organization Customer. Teams enable collaboration and can include both Organization administrators (“Administrative Users”) and employees or other individuals authorized by our Organization Customer to access and use the Service (collectively, “User(s)”). For Organization Customers, when we use “you,” we mean both all Users within the Organization and our Organization Customer. All Organizations becoming Customers after June 13, 2019 are Type 3 Organizations, as defined in our TOS. At our discretion, and until further notice, we will continue to make the Service available to current Type 1 and 2 Organization Customers per our TOS.
Right to know
A California resident who is a consumer has the right to request and know what personal information we collect, use, or disclose, over the last 12 months, including specific pieces of that information.
You may exercise this right to know by sending us a “verifiable consumer request” showing that you are requesting your own personal information. If you have an account with us, you may submit the request by accessing and filing out our interactive webform at https://textexpander.com/contact. We will verify your request by password and other information we use to authenticate your access to the Service. We will also require that you re-authenticate yourself before we disclose your personal information to you. You may make this request twice in a 12 month period.
If you do not have an account with us, please submit your request to know to: email@example.com. To verify the identity of persons without an account, you must provide us with either two or three pieces of personal information (depending on the circunstances),that we will attempt to match with information in our possession, plus a signed declaration under penalty of perjury that the person making the request is requesting their own personal information. Once we receive and confirm your verifiable consumer request we will respond within 45 days, or if we need more time, we will tell you why and how much longer (up to an additional 45 days) we will need. We will then disclose to you:
The categories of personal information we collected about you
The categories of sources for the collected personal information
Our business purpose in collecting that information
The categories of third parties to whom we have shared that information
Specific pieces of personal information we collected (also known as the data portability right)
If we disclosed your personal information for a business purpose, a list of the personal information categories each category of recipients received.
For data portability requests, we will provide the information in a readily usable format which should permit you to easily transfer the information to another business.
In the last 12 months, we collected the following categories of personal information from the sources stated below:
First and last name, email address, password
2. Internet or other electronic network activity info
Internet Protocol (IP) address, browser type/settings, web page visited immediately before visiting our Website, how and when Service used
Website visitors or users
3.Professional or employment related info
Current job position and employer info
Third party Business Information Services
Details on personal information we collect and the business purpose for collection can be found on our subprocessors page
In the last 12 months, we have disclosed the following categories of personal information to the below described categories of third parties:
Category of Information Disclosed Category of Third Parties
1. Identifiers Service Providers and subprocessors
2. Internet or other electronic network activity info Advertising, analytics and our affiliates
Details on the business purposes of our disclosing personal information, and third parties we disclose that information to, can be found on our subprocessors page. We also collect and may disclose personal information for the following business or commercial purposes:
For audits relating to current interactions with consumers;
To detect security incidents and protect against malicious, fraudulent or illegal activity;
To debug and repair any errors which impair intended functionality;
For short term transient use;
To perform services on behalf of our business such as maintaining or servicing accounts or to provide customer service;
To protect and enforce out rights, property or safety of us or others;
As required by applicable law, court order or governmental regulation if we reasonably believe disclosure is required, check out our Data Request Policy.
As we have described to you when collecting your personal information or as stated in the CCPA or duly promulgated regulations thereto
To evaluate or engage in a merger or similar business transaction in which personal information is part of the assets transferred, subject to standard confidentiality provisions.
For our internal research to develop new functionalities, products or services
To verify or maintain the quality and safety of the Service
A note for Organization Users and Customers. Our Organization Customers may have their own policies for their sharing of personal Information within or outside of their Organization and we cannot control how they or any third parties share same. For example, with single sign on, your Organization controls your sign on identifier and its additional use may be subject to the Organization’s policies. When you access the Service, Administrative and other Organization Users may be able to access your personal information data, for example your name as the editor of a group of snippets.
We may share your personal information:
- If and when our Customer has permitted Users to access Third Party Services. Please check the privacy settings and policies of Third Party Services to see how they may affect you;
- With our parent companies subject to this Policy
- With our identified sub-processors
No Sale of Personal Information
We do not and will not sell your personal information. As we prohibit the use of this Service by anyone under 16 years of age, we do not and will not sell their personal information.
Right to Delete
You have the right to delete personal information we collect or maintain, subject to exceptions in the CCPA. You may exercise this right by making a request. You may submit your verifiable consumer request to delete your personal information the same way that you submit your Request to Know, see above. In addition, when we receive a request to delete, you will be required to send us a second request confirming your desire to delete. When the requirements for deletion have been met, we will tell you the manner in which your personal information was deleted and disclose that we will maintain a record of this request as required by the CCPA.
We may deny your request for one or more of the reasons stated in the CCPA, such as completing the transaction for which we collected the information.
The process we will use to verify your request, and any information you need to provide, is stated above in Right to Know.
You have the right to not receive discriminatory treatment by us for the exercise of your privacy rights under the CCPA.
Right to appoint a designated agent
You have the right to designate an authorized agent to make a request on your behalf regarding your personal information.
No Financial Incentives
We do not offer financial incentives or price or service differences to you in exchange for retaining or disclosing personal information.
If you have any questions or concerns regarding our privacy policies and practices, please submit your request either through the service or to firstname.lastname@example.org.
A word about Content: While Content isn’t Personal information and doesn’t apply to this Policy, we want to allay your potential concerns. We will not view your Content unless you freely consent or we must comply with a legal obligation, such as identifying a potential violation of our TOS.
We’ll retain your personal information while you are a User of the Service, and after, as needed for the purposes described in this Policy and our Sub-processor page, including our legitimate business interests, to perform our contract, to comply with our legal obligations and to enforce our rights. When no longer needed for these purposes, we’ll delete or anonymize your personal information. For information about our retention or deletion of Content, check out our TOS.
Security – Personal Information
TextExpander employs industry standard security practices and implements security-oriented technical and organizational measures, including regular third party reviews. Our policies and practices are informed by guidance from the Cloud Security Alliance and other sources. We require certifications from our primary processors.
As fully as prohibited by applicable law, we do not allow use of the Service and Website by any persons less than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal information please tell us and we’ll delete that information.
A note for Organization Users. Our Organization Customer, and/or its Administrative or other Users, may be able to use the Service to modify or restrict access to that portion of any personal profile you may create which does not constitute personal information. As those rights can vary with the Organization, please check with our Organization Customer. Personal profiles are optional, and we limit them to first and last name, creation date and any Gravatar you may choose to use.
We may change this Policy from time to time to address new legal requirements relating to Personal information or changes in product features or technology. If we do, we’ll post any changes on this page. To the extent we are not relying on your consent to process or share your Personal information, by your continued access to or use of the Service after those changes are in effect, you agree to the revised Policy. If we deem the changes to be material, we will give you 30 days advance notice via email before the change goes into effect and, if required by applicable law, we will seek your consent.
The Site and Service are operated in the United States and your Personal Information is stored on servers in the United States. The internal laws of the state of Oregon, without regard to conflict of laws principles, and United States law shall govern in any and all disputes, including, but not limited to, privacy and defamation, except as otherwise provided by the CCPA.
Please contact us at:
548 Market St # 37453
San Francisco, CA 94104
Or by email at: