Privacy Policy

At Timebook Software, Inc. (“Timebook,” “we,” or “us”), we recognize the importance of protecting your privacy and are committed to communicating transparently regarding our privacy practices.

Please read this privacy policy (“Privacy Policy”) carefully before you start to use the Services, as defined below. By accessing or using the Services in any manner, you accept and agree to be bound by this Privacy Policy. If you do not agree with any terms of this Privacy Policy, you may not access or use the Services for any purpose.

The following sections are covered in this Privacy Policy:

Contact us

If you have any questions about this Privacy Policy or our information practices, please email us at:

support@timebook.net

Or write to us at:

Data Protection Officer Timebook Software, Inc.

800 W. El Camino Real, Suite 180 Mountain View, CA 94040

Applicability

This Privacy Policy describes the types of information we may collect from you when you visit or use our “Services,” which is defined as our website at www.timebook.net (or any subdomain thereof), mobile or desktop applications, our application programming interfaces, or any content, functionality, or online services offered on or through any of the foregoing.

This Privacy Policy does not apply to any third-party applications or software provided by third parties (“Third Parties”) that integrate with the Services (“Third-Party Services”), or any other third-party products, services, or businesses. A list of Third-Parties Services supported by Timebook is available here.

We advise you to review the privacy policies of the Third Parties but reiterate that we have no control over and assume no responsibility for the content, privacy policies, or practices of any such Third Parties, their sites, or services.

To use the Services, a separate “Service Agreement”, which is defined as our Terms of Service (available here) or a separate written master services agreement, must have been entered into with us by you or an organization with which you are associated (e.g., your employer or another entity or person) (“Related Entity”).

This Service Agreement governs delivery, access, and use of the Services, including the processing of any messages, files or other content submitted through Services accounts (collectively, “Entity Data”). Users granted access to the Services under a Service Agreement are referred to as “Authorized Users.”For any Related Entity that entered into the Service Agreement, it controls its instance of the Services (its “Workspace”) and any associated Entity Data.

In such a case, if you have any questions about specific Workspace settings and privacy practices, please contact the Related Entity whose Workspace you use. If you have received an invitation to join a Workspace but have not yet created an account, you should request assistance from the Related Entity that sent the invitation.

Personal information we collect

When an Authorized User accesses the Services, that user or the Related Entity with which that Authorized User is associated, may routinely submit personal information to us (“Personal Information”), which includes the following:

1. Account Information. To create or update your account, you or your Related Entity (e.g., your employer) supplies us with an email address, name, phone number, password, and other similar account information.

2. Payment Information. You or Related Entities that subscribed to a paid version of the Services provide us (or its payment processors) with billing information such as a billing address, credit card, and/or banking information, etc.

3. Usage Information:

   • Interaction Data. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way Authorized Users work, including the Workspaces, channels, people, features, content and links you view or interact with, the types of files shared and what Third-Party Services are used (if any).

   • Log Data. As is common with online platforms, our servers automatically collect information when you access or use the Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.

   • Device Information. We collect information about the devices Authorized Users use to access the Services, including the device type, software (e.g., operating system, browser, or other applications that are used to access the Services), device settings, application identifiers (IDs), unique device IDs, crash data, etc. The amount and nature of the information we collect may be dependent on the type of device and the settings of the device being used.

   • Location Information. We may use information received from Authorized Users or Related Entities or other third-parties to help us determine or approximate your location, which can help us evaluate and optimize the provision of the Services.

4. User Contributions. You also may provide information, images, and other content to be published or displayed (hereinafter, "posted") on public areas of the Services or transmitted to other users of the Services or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Although you may have the option to set certain permission settings through your account, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other Authorized Users of the Services with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

5. Cookies. We may use cookies and similar technologies in our Services, as described in the Cookies and Other Tracking Technologies section of this Privacy Policy.

6. Third-Party Services. Our Services provide you with a management center for all your work items. Since many Authorized Users and Related Entities typically rely on several different Third-Party Services to perform their work, we provide the option for Authorized Users and/or Related Entities to integrate the Third-Party Services with our Services. Once connected, the provider of a Third-Party Service, such as a email provider, calendar provider, project management provider, file storage provider, etc., may share certain Personal Information with us. For example, to facilitate the connection, we may receive integration information, such as certain account information of Authorized Users, along with other information that the application makes available to us to enable and support the integration. Authorized Users and Related Entities are solely responsible for and should check the privacy settings and notices in these Third-Party Services to understand what Personal Information may be disclosed to us by the Third Parties. We have no control over and assume no responsibility for the content, privacy policies or practices of any Third Parties or their Third-Party Services. When a Third-Party Service is enabled, we are authorized to connect and access Personal Information made available us. See here for more information on Third-Party Services.

7. Contact Information. Any contact information that an Authorized User chooses to import (such as an address book from a device or API) is collected when using the Services.

8. Supplemental Data. We may receive data about organizations, industries, lists of companies that are customers, site visitors, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partners, or others that we use to make our own information better or more useful, such as managing our customer base and determining the effectiveness of marketing campaigns. This data may be combined with Personal Information we collect.

9. Other Information. We also receive other information when submitted to Services or in other ways, such as if you contact us for customer support, participate in a survey, focus group, contest, activity or event, apply for a job, enroll in a certification program or other educational program hosted by us or a vendor, interact with our social media accounts or otherwise communicate with us.

How we use personal information

We may use Personal Information we obtain about an Authorized User, or that an Authorized User or Related Entity provides to us:

• to provide, operate, evaluate, and improve the Services;

• for billing, account management, and other administrative purposes;

• to provide and support integrations with Third-Party Services;

• to analyze trends and statistics regarding use of the Services and transactions conducted using the Services;

• to develop new products and services;

• to send and receive electronic messages (e.g., emails, texts, webchat messages, instant messages, etc., “Electronic Messages”);

• to send you the information or materials you requested;

• to communicate with you about our products, services, offers, and promotions;

• to provide user support;

• to maintain records;

• to comply with applicable legal requirements and industry standards;

• to adhere to our terms of service, service agreements, and other agreements;

• to protect against and prevent fraud, unauthorized transactions, claims, and other liabilities, and manage risk exposure, including by identifying potential hackers and other unauthorized users;

• for any other purpose for which you provide your consent.

Promotional Activities

We may use your information to contact an Authorized User about our goods and services or third-party goods and services that may be of interest. For more information including information for opting out of any such communications, see the Your Choices section of this Privacy Policy.

Non-Personal, Anonymized, and De-identified Information

To the extent information not associated with an identified or identifiable natural person, or if Personal Information is anonymized, aggregated or de-identified (“Anonymized Information”) so that it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any business purpose unless otherwise not permitted under the Service Agreement.

How we share and disclose information

We may disclose Personal Information that we collect or you provide (as described in this Privacy Policy):

• to provide our Services to you;

• to provide the Services to other Authorized Users or Entities;

• to share a Workspace or information with other users invited to access and use the Workspace or information;

• to provide support;

• to fulfill instructions from Authorized Users or Entities;

• to enable Third-Party Service integrations;

• to our subsidiaries and affiliates;

• to contractors, service providers, and other third parties we use to support our business;

• to comply with any court order, law, or legal process, including to respond to any government or regulatory request;

• to enforce or apply our Service Agreement or other legal agreements and rights;

• if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Timebook, users of the Services, and/or others;

• for any other purpose which is incidental to the normal use of the Services; and

• for any other purpose for which we receive user consent.

We also reserve the right to transfer Personal Information and any other information to a buyer or other transferee in the event of a merger, divestiture, restructuring, reorganization, dissolution, sale, or other transfer of some or all of our assets. Should such a sale, merger, or transfer occur, we will use reasonable efforts to direct the transferee to use your information in a manner that is consistent with our Privacy Policy.

We may disclose Anonymized Information about Authorized Users, and information that does not identify any individual user, without restriction.

Data transfers

The Services are administered by Timebook in the United States. When we obtain information about Authorized Users through their access to or use of the Services or when Authorized Users input or import information to the Services from somewhere other than the United States, we may transfer, process, and store such information in the United States.

If you access the Services from outside the United States, you do so on your own initiative, at your sole risk, and you are responsible for compliance with all applicable laws. If you are a non-United States resident and provide us with your Personal Information, or if you use the Services, you consent to the transfer to and processing of such information in the United States, which may have data protection laws less stringent than those in the country in which you reside.

Additionally, if any information you provide to us includes the Personal Information of other individuals (e.g., your customers or clients), you confirm that you have all necessary authority and consents to transfer such information to us.

Timebook vendors

Timebook employs third-party companies and individuals to facilitate our Services, process data, perform Services-related services, and assist us in analyzing how the Services are used (“Third Party Vendors”).

These Third-Party Providers may have access to your Personal Information for purposes of performing these tasks on our behalf and may have the right to retain and use Personal Information or other information through performance of these tasks on an aggregated and de-identified basis in accordance with the terms of the applicable Third-Party Provider’s privacy policy.

We advise you to review the privacy policies of the Third Party Vendors but reiterate that we have no control over and assume no responsibility for the content, privacy policies, or practices of any such Third Parties Vendors, their sites, or services.

Third-Party Vendors include without limitation the following:

Cloud Providers

We use cloud services providers to host and secure our Services. These include:

• Google Cloud Platform: you can learn about Google’s privacy practices at https://cloud.google.com/terms/cloud-privacy-notice

Analytics

We may use Third Party Vendors to monitor and analyze the use of our Services.

• Google Analytics: Google Analytics is an independent web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can learn about Google’s privacy practices at https://www.google.com/intl/en/policies/privacy. You may opt out of the aggregation and analysis of data collected about you on our Services by Google Analytics by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. Please note that if you opt out, analytics companies other than Google Analytics may continue to aggregate and analyze data collected about you on the Services.

• Usersnap: The referring web application or website is using Usersnap by including the web snippet of Usersnap. This web application or website uses Usersnap, a user feedback solution provided by Usersnap GmbH (“Usersnap”). Usersnap uses "cookies", which are text files placed on your computer, to help the solution to remember data already filled out and for handling your session. Some information about your use of the web application or website will be transmitted to and stored by Usersnap on servers in the European Union (EU). Usersnap will store information about your IP address, geo-location, operating system, browser version, (browser) screen size, URL visited, your email, and name (in case you provided it). Usersnap will use this information for the purpose of adding context information to manually submitted feedback by users, for analysis of feedback items, and generated reports in the dashboard of Usersnap. Usersnap may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Usersnap's behalf. Usersnap will not associate your IP address with any other data held by Usersnap. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. By using this web application or website, you consent to the processing of data about you by Usersnap in the manner and for the purposes set out above.

Payment Processing

We use Third Party Providers to process payment transactions initiated via the Services. Your payment card details are not stored by the Services. If you purchase a subscription to the Services, your payment card details are encrypted and securely stored by our third-party payment processors to enable Timebook to automatically bill your payment card on a recurring basis. We currently use the following third-party payment processing services:

• Stripe: you can learn about Stripe’s privacy practices at https://stripe.com/privacy

Other Vendors

We also use Third Party Providers for technical, operational, and other services, including as follows:

• Postmark: you can learn about Postmarks’s privacy practices at https://postmarkapp.com/privacy-policy

• Bitbucket: you can learn about Bitbucket’s privacy practices at https://www.atlassian.com/legal/privacy-policy

• Slack: you can learn about Slack’s privacy practices at https://slack.com/trust/privacy/privacy-policy

• Google Workspace: you can learn about Google’s privacy practices at https://cloud.google.com/terms/cloud-privacy-notice

• Zoom: you can learn about Zoom’s privacy practices at https://explore.zoom.us/en/privacy

Your choices

We strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with the following control over your information:

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Services may then be inaccessible or not function properly.

Electronic Messages from Timebook

Timebook sends alerts, activity updates, billing information, information about products or services, support information, service updates, service notifications, and other items to you via Electronic Messages. Promotional Electronic Messages will contain instructions describing how you can opt out of receiving future promotional communications from us. If you opt out of promotional Electronic Messages, you may continue to receive non-promotional, transactional emails from us.

Accessing and Correcting Personal Information

Your account information and other Personal Information is accessible anytime through and may be reviewed and changed by logging in to your user account. You may also send us an email at support@timebook.net to request access to, correct, or delete any Personal Information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. If you delete your User Contributions from the Services, copies of your User Contributions may remain viewable in cached and archived pages or might have been copied or stored by other users.

Privacy Rights

We honor user requests to access, delete, correct, etc., their Personal Information as afforded by various privacy laws and regulations. Please refer to the corresponding sections of this Privacy Policy if you wish to exercise any of those rights.

Do not track signals

Your web browser may let you choose your preference as to whether you want to allow the collection of information about your online activities over time and across different websites or online services. At this time, the Services do not respond to the preferences you may have set in your web browser regarding such collection of your information, and we may continue to collect information in the manner described in this Privacy Policy.

Your California privacy rights

Under the CCPA, California consumers have the right to:

• request that we disclose to you the Personal Information that we have collected, used, disclosed or sold (“Right to Know”);

• request that we delete your Personal Information that we have collected or maintained (“Right to Delete”);

• opt out of the sale of your Personal Information; and

• not receive discriminatory treatment for exercising your privacy rights.

Right to Know

You may request from us a list of (i) the Personal Information that we have collected about you, and (ii) the categories of third parties to whom we have disclosed your Personal Information. You have the right to up to two (2) access requests each twelve (12) months.

Right to Delete

You may request, at any time, that we delete your information and direct our service providers to delete your information from their records.

Opt-out of sale

Timebook does not sell any Personal Information, even under the broad CCPA definition of a “sale.”

Non-discrimination

We will never discriminate against any California resident who exercises these rights.

Exercising your Privacy Rights

If you would like to exercise any of the rights outlined in this Privacy Policy or if you have any questions or would like to provide feedback on this Privacy Policy or our privacy practices, please contact us using methods provided in the contact information section above and our privacy team will acknowledge your request within 10 days of receipt and will respond to you within 45 days of receipt.

If exercising any of your rights outlined in this Privacy Policy, please email your request from the email address that matches the email under which your account is registered and include your first and last name in the request. We will use this information to verify your identity and the validity of your request. We reserve the right to ask for additional information if needed to validate the request. We also reserve the right to reject requests that are unduly burdensome or repetitive in nature, or if there are legal obligations to maintain the data due to a dispute, compliance, audit, or other investigation.

Categories of Personal Information Collected

The Personal Information that we may collect, or may have collected from consumers in the preceding twelve months, fall into the following categories established by the CCPA, depending the type of user you are (e.g., buyer, seller, or affiliate) and how you engage with the Services:

• Identifiers such as your name, email, address, IP address, and IDs

• Other individual records such as phone number, billing address, credit or debit card information, financial account information, employment information, and physical characteristics. This category includes personal information protected under pre-existing California law (Cal. Civ. Code 1798.80(e)) and overlaps with other categories listed here.

• Demographics, such as your age range and gender. This category includes data that may qualify as protected classifications under other California or federal laws.

• Commercial information, including purchases made or considered and purchase histories and tendencies.

• Internet activity, including your interactions with our Services and what led you to our Services.

• Sensory visual data, such as pictures posted on Services.

• Geolocation data provided through your physical address, location enabled services or via your IP address.

• Professional or employment-related information about the sellers that sell items on the Services or affiliates.

• Inferences, including information about your interests, preferences, and characteristics.