Privacy Notice

‍

Last modified: September 4, 2024

‍

Introduction and Applicability

‍

Metaplane Inc. (“Metaplane”, “we”, “us”, “our”) respects privacy rights and is committed to transparency regarding its collection and use of Personal Data. This Privacy Notice (this “Notice”) describes the types of information we may collect from you or that you or your organization may provide to us when you use our products and services (collectively, the “Services”), visit our website, submit an inquiry to us, or otherwise interact with us. This Notice also describes how we use and share information about you, as well as certain rights and choices you may have regarding your Personal Data.

‍

If you have questions about this Notice or our collection and use of your Personal Data, please contact us at the email address listed below. 

‍

In this Notice, “Personal Data” means information that can be used to identify you (such as your name, email address or other identifiers) and information that is linked to your personal identifiers (such as login information, or whether you are an authorized user of the Services). Personal Data includes information that falls within the definition of “Personal Information”, “Personally Identifiable Information”, “Personal Data” or similar terms under applicable data protection laws. 

‍

By using the Services, visiting our website, or otherwise interacting with us in a medium in which this Notice is presented to you, you acknowledge that you have read and understood this Notice and that you accept and consent to the practices described in this Notice. If you are an authorized user of the Services, whether on your own behalf as a Metaplane customer or on behalf of an organization that is a Metaplane customer, your use of the Services and our respective obligations regarding confidential information and Personal Data are also subject to the terms and conditions of the applicable commercial agreement between Metaplane and you or your organization. That agreement may include a “data processing addendum” or similar document containing additional terms and conditions relating to our processing of Personal Data.

‍

This Notice applies to information that is Personal Data collected by us or provided to us through the Services, our website or other means where this Notice is specifically invoked. It does not apply to data we may obtain from other sources, to other applications or websites, to the practices of any third parties, or to aggregated anonymous data we may create that cannot be used by someone else to identify you.

‍

Information We Collect

‍

Information you or your organization provides to us

We collect and store Personal Data you or an administrator in your organization provides to us, such as when you register on our site, fill out a form, submit a request (including a support request), send us an email, or sign up for a demo or newsletter. 

‍

This information may include, without limitation:

• Contact data, such as: Name, email address, telephone number, business address, title/position, and similar contact data.
• Account or login information, such as username, password, account number or other unique identifier.‍
• ‍Information about the nature and subject matter of your interaction with us, such as the content of a support request, text notes entered by end users, related customers and organizations, or other information you provide for a particular purpose, such as job history and qualifications if you apply for a job with us.

Information we derive from your interactions with us and your use of the Services

We also collect and store information linked to the categories of information described above, (i.e., metadata and data for interactions), such as, without limitation: 

• Headers and metadata of emails and other communications (time sent, recipients, file size, etc.). 
• Authorizations and usage data, such as subscription level, deployed integrations, account activities, etc. 

Information we collect automatically using tracking or similar technologies

We collect some information automatically using technologies such as cookies, tags and scripts to administer the Services, track user actions within the Services (but not outside of our website or the Services), understand use of our website, and gather similar analytical and administrative data, some of which can become Personal Data if connected to your identifiers. 

‍

For example, we use cookies to remember users’ settings. Please see our cookie policy for more details. You can control the use of cookies by following the instructions for your browser. If you disable cookies, you may still access the metaplane.dev site and learn about the Services, but using the Services themselves requires cookies in order to access workflow administration.

‍

When you visit or log in to our website, cookies and similar technologies may also be used by our online data partners or vendors to associate these activities with other Personal Data they or others have about you, including by association with your email address. We (or service providers on our behalf) may then send communications and marketing to these email addresses. You may opt out of receiving this advertising by visiting https://share.hsforms.com/1ttwNpzbgT-e-lHFzSpKXCgc8f37.  

‍

We also gather certain information automatically and store it in log files, such as information about your computer and network environment, browser type and version, and session data. We use this information to provide, analyze and improve the Services. 

‍

How We Use Personal Data

‍

We use Personal Data to deliver the Services under the terms of our customer agreements and, if applicable, data processing addenda, and for our legitimate interests in understanding and improving the Services and marketing to our customers and potential customers. Specifically, we use Personal Data to:

• Establish and administer your account.‍
• ‍Respond to your inquiries (including customer service requests).‍
• ‍Operate and maintain our website and the Services.‍
• ‍Personalize your experience.‍
• ‍Analyze and improve our website and the Services.‍
• ‍Develop and market products and services that may be of interest to you or your organization. ‍
• ‍Fulfill any other purpose for which you provided Personal Data at the time, or which was disclosed to and agreed by you prior to our collection of that Personal Data.

‍

Information We Disclose to Others

‍

We do not disclose Personal Data to third parties except in accordance with this Notice, and we allow its use only for the purposes for which it was disclosed. 

‍

Service providers 

We may share Personal Data with third-party service providers we use to help us offer and provide the Services and maintain our operations. These include professional advisors, payment processors, email and other communication service providers, platforms for customer service, hosting, information security, analytics and customer-relations management, as well as technology partners with which we have developed integrations that our customers elect to use in connection with the Services. 

‍

Compliance and enforcement 

We may share Personal Data to comply with applicable laws or legal process, such as a subpoena. We may also use Personal Data when we believe such use is appropriate or necessary to enforce our agreements and policies, or to protect our rights or the safety or rights of others, or to investigate or cooperate in the investigation of fraud, illegal activity or matters of national security.‍

‍

Business Transfers 

We may share Personal Data with third parties in connection with a potential or actual sale of our company or any of our assets, in which case Personal Data held by us about our users may be reviewed as part of a detailed review of our business and operations. Any such review will be subject to a confidentiality agreement that will limit the use of such Personal Data for the purpose of the review. If the transaction takes place, such Personal Data will likely be among the transferred assets. 

‍

Just-in-Time Disclosures 

Additional disclosures or information about processing of Personal Data related to specific circumstances may be provided to you as such circumstances arise. These may supplement and/or clarify our privacy practices in those circumstances and provide you with additional choices as to how Metaplane may process your Personal Data.

‍

Personal Data Controlled by Our Customers

‍

In many instances, the Personal Data we collect and store is under the direction of our customers, and we are acting on their instructions. Where that is the case, we work with our customers to address user inquiries regarding the Personal Data of such users. 

‍

Data Security and Retention

‍

We have implemented and maintain commercially reasonable and appropriate measures to secure Personal Data in our possession from accidental loss and unauthorized access, use, alteration and disclosure. Such measures, verified by independent auditors as part of our “SOC 2, Type II” audit process, include encryption technologies, access restrictions, training, and other controls described at https://www.metaplane.dev/legal/security.  

‍

We retain your Personal Data for as long as necessary for the purpose for which we originally collected it, such as to perform the Services. In addition, we may retain Personal Data after we cease providing Services to you, to the extent necessary for other legitimate business purposes, such as for archival and backup purposes, to comply with our legal obligations, resolve disputes, and enforce our agreements. For however long we retain Personal Data, we use and disclose it only in accordance with this Notice and applicable agreements.

‍

Access, Choice and Rights

‍

In this Notice we refer specifically to certain data protection laws for convenience or to conform to common practice. For example, if you are a California resident, you may have specific rights under the California Consumer Privacy Act, as amended (the “CCPA”), among others. For CCPA purposes, please note that we do not sell Personal Data (or we fall under the service provider exemption under the CCPA), and we do not share Personal Data for purposes of cross-context behavioral advertising; accordingly, we do not provide opt-out links relating to “selling” or “sharing” data for CCPA purposes. Similarly, since we do not track our website users over time and across third-party applications or websites, we do not recognize or respond to browser initiated "do not track" signals. 

‍

The applicability of any particular data protection law to any particular set of Personal Data or party collecting or processing that Personal Data, however, depends on the facts and circumstances, including the locations and roles of the parties involved and the nature and purpose of the collection and processing of that Personal Data. We respect the data privacy rights of all individuals whose Personal Data we possess, regardless of their location, and we do not discriminate against individuals who seek to exercise their rights under applicable data protection laws. 

‍

You may access or update your Personal Data or notify us that you wish to exercise your rights under applicable data protection laws by using the tools available to you within the Services or by contacting us at the addressed listed below. We will respond to and act on verified and legitimate requests within a reasonable time. In some cases, we may be legally or contractually required to direct your request to the party that is considered the “controller” of your Personal Data, rather than act on your request directly ourselves. In other cases, your request may be overridden by legal, contractual or other legitimate interests, in which case we will inform you of those interests. 

‍

Notice to EU, EEA, Swiss and UK Residents

‍

We are based in the United States and our data processing activities occur in the United States. Except as otherwise expressly agreed by us, the information we collect is governed by United States law, which may be different from the laws applicable to Personal Data in your country of residence. 

‍

If you live and use the Services in an EU or EEA member state, Switzerland or the UK, you may have additional rights under the EU General Data Protection Regulation or its Swiss or UK counterparts (collectively, “GDPR”). Various sections of this Notice explain our practices regarding collection, use, disclosure and retention of your Personal Data, as well as your choices and rights, and how to exercise your rights. 

‍

Our lawful basis for processing your Personal Data as described in this privacy notice is necessity for providing the Services you request under our Terms of Service or other customer agreement, or for taking steps to enter into our Terms of Service or other customer agreement. We also process your Personal Data to comply with law, to defend our rights, and/or to serve our legitimate interests (in particular to conduct and develop our business activities and our relationships with our customers). In some cases, our lawful basis is consent, such as where we may be required by law to rely on your consent for purposes of direct marketing. If we wish to use your Personal Data for a purpose inconsistent with those described in this Notice or our Terms of Service or other customer agreement, we will notify you and, where required, ask for your consent. 

‍

In all cases where we rely on legitimate interests as a lawful basis for processing, we take steps to ensure that our legitimate interests are not outweighed by any prejudice to your rights and freedoms. For example, we apply principles of data minimization and security, and we take steps to ensure that Personal Data is only collected where it is relevant to the applicable, lawful business activities, and where using Personal Data is reasonably necessary for those activities.

‍

Where applicable in connection with the Services, we will provide you or your organization with our data processing addendum (the “DPA”), which will form part of our Terms of Service or other customer agreement in connection with transfers and processing of your Personal Data. The DPA addresses requirements of GDPR specific to our provision of the Services you or your organization and our processing of Personal Data in that context.

‍

Please contact us at privacy@metaplane.dev if you have any questions about this section. 

‍

EU/Swiss/UK – U.S. Data Privacy Frameworks

Metaplane complies with the EU-U.S. Data Privacy Framework (the “EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (the “UK Extension”), and the Swiss-U.S. Data Privacy Framework (the “Swiss-U.S. DPF” and, collectively, the “DPFs”) as set forth by the U.S. Department of Commerce. Metaplane has certified to the U.S. Department of Commerce that it adheres to the Principles set forth in each of the foregoing (collectively, the “DPF Principles”) with regard to the processing of Personal Data received from the European Economic Area (that is, the EU Member States, plus Iceland, Liechtenstein and Norway, collectively, the “EEA”) in reliance on the EU-U.S. DPF, from the United Kingdom and Gibraltar under the UK Extension, and from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this Notice and any such DPF Principles, the Principles shall govern.  To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

‍

Under the DPFs, we are responsible for the processing of Personal Data we receive and subsequently transfer to a third party acting as an agent on our behalf.  We comply with the DPF Principles for all onward transfers of Personal Data, including the onward transfer liability provisions.

‍

With respect to Personal Data received or transferred pursuant to the DPFs, we are subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

‍

In compliance with the DPFs, we have committed to refer unresolved complaints concerning our handling of Personal Data transferred to us in reliance on the DPFs to an alternative dispute resolution provider based in the United States.  If you live in the EEA, UK or Switzerland and have an unresolved privacy or data use concern that we have not addressed satisfactorily,  please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/DPF-Dispute-Resolution.  Under certain conditions, more fully described on the DPF website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

‍

Changes to this Notice; Governing Law

‍

If we decide to change this Notice, we will post those changes on this page, send an email or other communication notifying you of any changes, and/or update the modification date above. 

‍

To the fullest extent permitted by applicable law, and except as otherwise agreed between you and us in writing, (a) any dispute over data privacy or the terms contained in this Notice will be governed by the laws of the United States and the State of Delaware, (b) any legal action arising from the practices described in this Notice or otherwise relating to this Notice shall be brought in state or federal court in Delaware, and (c) you and we agree to submit to the jurisdiction of such courts and that such venue is proper. Nothing in the Notice is intended to limit your rights in violation of data protection laws that apply to your Personal Data processed by us.

‍

Contact

‍

If you have any questions regarding this Notice or our privacy practices in relation to your Personal Data, or to exercise your rights in relation to your Personal Data, you may contact us at: privacy@metaplane.dev.

‍

‍