Privacy Policy
Last edited: Oct 11, 23
TL;DR
-
We store the minimal user and team information that is required to achieve a functioning bot.
-
The identity of an author of any anonymous interaction (message, reply, whisper, upvote, poll or vote) is not stored and therefore we simply don't know who sent what. You can read more about it on this blog post.
-
To better understand how the bot is used we gather per-team usage statistics.
Longer Version
Your privacy is important to us. It is OpenSay's policy to respect your privacy regarding any information we may collect from you across our website, https://opensay.co, and other sites we own and operate. OpenSay is based on the premise of keeping most of the user experience within Chat Platforms (Slack, Google Chat, Microsoft Teams) . As such, it makes an effort to store the minimum amount of data required to run the service and to collect analytics to improve it.
We will only process personal information in accordance with the Data Protection Legislation which for the purposes of this privacy policy shall mean: (i) the GDPR and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in Israel;(ii) any successor legislation to the GDPR or to Israel's Privacy Protection Regulations (Data Security) 5777-2017, and other applicable privacy laws; and (iii) any other privacy legislation worldwide, applicable to OpenSay’s business.
Where you contract with us to provide the service to you, we will act as data processor and you will act as data controller. This privacy policy forms the basis of the instructions to us, under which we will process relevant personal data, and comply with GDPR.
Any reference to "you" throughout, shall be deemed to refer to underlying data subjects for which you are a data controller, as appropriate.
By signing into your Chat Platform account on the Website, you grant us access to and permission to process personal data in your Chat Platform account and, if you are a data controller of personal information, to process personal data of the Chat Platform user accounts you give us access to by installing the OpenSay app.
1. Information we collect
Log data
When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
Personal information
This means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may ask for, or receive from Chat Platform after an approval, personal information, such as your:
- Name (first name and last name)
- Username
When using one of our paid offerings, we may also ask for the following information:
-
Credit card information (processed directly by our payments provider in a manner compliant with the Payment Card Industry (PCI) Data Security Standard)
-
Billing address
-
VAT identification number
Retention Policy
Data that is required for the functioning of the app is stored as long as you continue to use our services. Two weeks after the app is uninstalled, all your remaining team data is deleted.
Business data
Business data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.
We may receive information about you through Chat Platform. We are also working closely with third parties (including, for example, business partners, suppliers, sub-contractors, analytics providers, and search information providers) and may receive information about you from them.
We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy. We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
2. Confidentiality and Ownership of Content and Personal Information
All content and personal information that you provide to us or that is collected through OpenSay is confidential and will be used only for the purpose of providing you with OpenSay's services. We will not sell, lease, or share your personal information with any third parties without your consent, except as required by law or as otherwise stated in this Privacy Policy.
You retain ownership of all content that you submit to OpenSay. We will not use your content for any purpose other than to provide you with OpenSay's services, without your consent.
We will not use your content or personal information for any purpose beyond the provision of services to you, without your consent.
3. Legal bases for processing
We will process your personal information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have legal bases for doing so.
These legal bases depend on the services you use and how you use them, meaning we collect and use your information only where:
It’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when we provide a service you request from us); it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, and to protect our legal rights and interests; you give us consent to do so for a specific purpose (for example, you might consent to us sending you marketing emails); or we need to process your data to comply with a legal obligation. Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).
We don’t keep personal information for longer than is necessary. While we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.
4. Collection and use of information
We may collect, hold, use and disclose information for the following purposes and personal information will not be further processed in a manner that is incompatible with these purposes:
To provide you with our platform’s core features; to process any transactional or ongoing payments; to contact and communicate with you; and for internal record keeping and administrative purposes. If you are a customer, you will only be contacted if you agree to it (by agreeing to this privacy policy). In addition, if you don't want us to use your personal data for any of the other reasons set out in this privacy policy, you can let us know at any time by contacting us at [email protected], and we will delete your data from our systems. However, you acknowledge this will limit our ability to provide any service to you.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to our marketing communications. You have the right to withdraw consent to marketing at any time by unsubscribing via OpenSay's Dashboard, and we will either delete your data from our systems or move your data to our "unsubscribe list". However, you acknowledge this will limit our ability to provide the best possible service to you.
OpenSay is an app for Chat Platforms and integrates tightly with them. Almost all data that OpenSay collects originates from the Chat Platform. As such, you may find it useful to review the relevant Chat Platform policies including:
The data that you instruct Chat Platform to pass to OpenSay is stored, However, the identity of an author of an Anonymous Interaction (anonymous message, reply, poll or vote) is not stored. In cases where we need to save a per-user state, such as Anonymous Vote (the act of responding to an Anonymous Poll), the identity of the anonymous interaction author is irreversibly cryptographically blinded per such Anonymous Interaction. We use such measures to protect identities even in the (highly unlikely) event of a database breach.
By design, OpenSay has very little access to the data in your Chat Platform workspace: OpenSay cannot view any messages or activities in any of your channels or conversations and it also does not have access to any of your files. In addition to the team/workspace, channel, and user metadata mentioned above, OpenSay only receives data when you or another user on your workspace actively engages or interacts with OpenSay. This could be in the form of authoring an anonoymous message, reply, poll or a vote.
Age limitations Use of the OpenSay service is not permitted for children under the age of 16. If you are aware of anyone under the age of 16 having supplied us with personal data, please contact us so that we can take steps to delete such information.
5. Disclosure of personal information to third parties
We may disclose personal information to third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, professional advisors and payment systems operators.
All sub-processors that OpenSay employs are certified under the EU - US privacy shield. We have a dedicated page that lists sub-processors we employ which may access personal information.
OpenSay does not display any advertisements, and does not share any data with advertisers.
6. International transfers of personal information
The personal information we collect is stored and processed in the United States and Israel, or where we or our partners, affiliates and third-party providers maintain facilities. By providing us with your personal information, you consent to the disclosure to these overseas third parties.
We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means. Your acceptance of this privacy policy shall be your consent to permitting us to store or transfer data outside the EEA if it is necessary for us to do so.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see the European Commission: EU-US Privacy Shield.
7. Your rights and controlling your personal information
.
Choice and consent:
By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this privacy policy. If you are under 16 years of age, you are not permitted to use this service. You do not have to provide personal information to us, however, if you do not, it may affect your use of this website or the products and/or services offered on or through it.
Information from third parties:
If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Restrict:
You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by opting out via the OpenSay Dashboard or by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services.
Access and data portability:
You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may request that we erase the personal information we hold about you at any time. You may also request that we transfer this personal information to another third party.
Correction:
If you believe that any information we hold about you is inaccurate, out of data, incomplete, irrelevant or misleading, please follow the instructions in the OpenSay Dashboard, or contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
Notification of data breaches:
We will comply with laws applicable to us in respect of any data breach.
Complaints:
If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Unsubscribe:
To unsubscribe from marketing communications, please opt-out in the OpenSay Dashboard, contact us using the details below, or opt-out using the opt-out facilities provided in the communication.
Automatic deletion:
Your user account (including an email address OpenSay may store directly) is automatically deleted within 24 months of inactivity. Data collected as part of Google Analytics is automatically deleted within 38 months of collection.
Requests for Individual's Data Deletion:
By default, we don't log individual's data. We do store minimal information for signed-in users to our web app (i.e. app.opensay.co).
If you wish to delete the minimal data we do store, please send us a request at [email protected].
8. Cookies
We rely on “cookies” for certain functionality of the OpenSay service. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our service. Please refer to our Cookie Policy for more information.
9. Business transfers
If we or our assets are acquired; or in the unlikely event that we go out of business or enter bankruptcy, we would include data among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal information according to this policy.
10. Limits of our policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices. Similarly, OpenSay is an app for the Chat Platforms and as such, you may find it useful to review the relevant privacy for your Chat Platform: https://slack.com/legal
11. Changes to this policy
At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our service. Your continued use of this service after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.
If we make a significant change to this privacy policy, for example changing a lawful basis on which we process your personal information, we will ask you to re-consent to the amended privacy policy.
OpenSay's Data Protection Contact: Sagi Kedmi [email protected]