Privacy Policy

INTRODUCTION
Sisu Software, Inc. (“Sisu” or “we”) respects your privacy and is committed to protecting it. Please read this Privacy Policy carefully to understand how Sisu collects and uses your personal information and data. This Privacy Policy applies to all Personal Information that we receive from various sources, as outlined below. By using or accessing Sisu’s website(s) in any way, or by engaging in transactions with Sisu through any other means, you signify that you have read and understand this Privacy Policy and you consent to our collection, use and disclosure of your information in the manner described herein. If you do not agree with this Privacy Policy, please do not use this website or transact business with Sisu. This Privacy Policy applies to all websites and locations where it is presented, including but not limited to in the footers of our websites.

For purposes of this Privacy Policy, “Personal Information” may include any information that can be used to identify or locate you, such as your name, address, IP address, mailing address, contact information, email address or phone number and other information you may produce to us. Both federal and state law in the United States define Personal Information or Personal Data, as do the laws of Canada, the European Union, and other countries and jurisdictions. This Privacy Policy is intended to include the most expansive definition. However, please recognize that your rights related to Personal Information, and how Personal Information is defined, differ somewhat from state to state and country to country. For example, a California resident likely has different rights than a Utah resident, and each of them likely has different rights than a resident of Canada.

Changes to Privacy Policy. We review this Privacy Policy regularly and may update it from time to time. We will post any changes on this page and may also provide notice of material changes to our Privacy Policy on our website home page or through our online SaaS (software as a service) subscription service. If you object to any changes to this Privacy Policy, you may close your account and discontinue use of our website and services. Each time you use any service of Sisu, you agree that the current version of this Privacy Policy applies.

PERSONAL INFORMATION THAT WE COLLECT
In connection with our business, we collect and process the following categories of Personal Information of individuals:
• Contact information, such as your name, mailing address, physical address, telephone, and email address
• Payment information, such as credit card type and number or bank account number. However, please note that Sisu and its employees will not have access to payment data or store such data on Sisu’s servers, other than minimal information such as the last four digits of a credit card or bank account. Additional payment information is accessed and collected only by Sisu’s payment processor, as explained further below.
• IP Information, including information regarding your electronic device(s) and IP address
• Subscription Information, including information regarding your use of our subscription service or other services
• Internet use information
• Regulatory information (to satisfy regulatory obligations such as tax and other reporting obligations).• Account Credentials, including your username.
• Profile Information, such as your interests, preferences, purchasing history, order numbers, items and quantities purchases, favorites
• Communications Content, such as any messages you send to us such as feedback and questions to customer support, information you publicly post on our websites or other websites (such as product reviews or blog comments), e-mail messages, and recordings of telephone calls with customer service or other Sisu representatives, and interactions with us on our social media channels.

HOW WE COLLECT YOUR PERSONAL INFORMATION
General. We collect Personal Information when you or your employer or organization register an account with us, when you visit our website, when you use our services or software, participate in a feature of our website that requests or requires your Personal Information, and when you otherwise transact business with or communicate with Sisu.

Information Collected Automatically. When you visit our websites, information about your device hardware and software is automatically collected, including your IP address, browser type, domain name, access times, geographic location, referring website address and other technical information. For more information about how we collect this information through the use of cookies and related technologies, see Cookies & Related Technologies below.

Information Collected From Third Parties. We use a variety of third parties to provide you with the websites and to provide services. From time to time, we may collect information about you from those third parties, including for fraud protection purposes, credit checks, address verification, account authentication and verification, and other related business and commercial purposes.

Third-party payment processor/e-commerce provider. Your payment card information, such as account numbers, is collected and processed via a third-party vendor that specializes in payment processing and has committed to PCI DSS compliance. Currently Sisu uses Chargebee/Stripe Integrated as its e-commerce and payment processing service provider. Chargebee’s privacy policy, which governs its collection and use of your Personal Information, is at https://www.chargebee.com/privacy/.

Data received from software/subscription service users. Our customers who license our software/subscription service have employees who are granted administration rights to create user accounts for other employees and designated persons. These customers act as data controllers (“Controllers”) in the use of the software and the collection and processing of Personal Information to be able to effectively operate the software. In such cases, our role in processing the Personal Information provided by our customers is as a “Processor,” since we are processing data on behalf of the Controller (who is the customer). As a Processor, we are obligated to process this Personal Information as part of our license agreement entered with the customer. The Personal Information collected in this scenario generally includes the name, physical address and phone number of each assigned user, but may also include information related to employment, such as job title and role, scheduling information assigned to an individual and maintenance tasks performed by an individual. Processing of this Personal Information is performed on behalf of the customer and for the purpose of providing the services requested by the customer.

Data obtained for marketing purposes for potential customers or others. We obtain marketing data from third parties that we use to reach out to inform potential customers and others of the services offered by our organization. The Personal Information collected generally includes the email address of a potential customer or other and may also include their name and phone number. We also use the contact information provided to us by our customers to communicate information about our products and services, which may include marketing our products and services.

Cookies and Other Tracking Technologies: Sisu uses tracking technologies such as cookies to collect information from your web browser through our servers or filtering systems when you visit our website(s).

What Are Cookies? A cookie is a small file containing a string of characters that is sent to your computer or device when you visit a website or use an online service. The cookie then communicates with servers, ours (e.g., first-party cookies) or those of another third-party (e.g., third-party cookies) that we have authorized to place on our websites. When you visit our websites again, the cookie allows us to recognize your browser or device. Cookies may store unique identifiers, user preferences, and other information.

How Long Do Cookies Last? We may use “session cookies” or “persistent cookies.” Session cookies are temporary and expire once you close your browser or once your session ends. Persistent cookies remain on your device for much longer or until you or your browser erase them. Persistent cookies have varying durations that are dependent on their expiration date. What Types Of Cookies Do We Use?

• Necessary Cookies. These cookies are necessary for you to browse the websites and use their features, such as accessing secure areas of the websites. Without these cookies, certain aspects of the websites may not be available to you.
• Preferences Cookies. These cookies collect information about how you have used the websites in the past and allow the websites to remember the choices you have made. These cookies allow us to improve how the websites work for you and tailor the websites to your preferences.
• Statistics Cookies. These cookies collect information about how you use the websites, such as which pages you most often visit on the websites, the time you spend on the websites, which links you click on, and any issues encountered. These cookies help us understand how visitors interact with the websites. All information collected is aggregated and do not identify you.
• Marketing Cookies. These cookies track your online activity to help deliver advertisements that are relevant to you and your interests and measure the effectiveness of the advertising campaigns. They also limit how many times you see a certain advertisement. We may share the information collected through these cookies with others, such as advertisers.

To find out more about cookies, including how to manage and delete cookies through browser settings, visit www.allaboutcookies.org. Some web browsers provide settings that allow a user to reject cookies or to alert a user when a cookie is placed on the user’s computer, tablet or mobile device. Most mobile devices also offer settings to reject mobile device identifiers. Although users are not required to accept cookies or mobile device identifiers, blocking or rejecting them may prevent access to some features available through the websites. In addition to adjusting your browser and device settings, as outlined above, you may also control how cookies and related technologies are set and used on your device by visiting the following sites:o http://networkadvertising.org/o http://optout.aboutads.info/o http://youradchoices.com/

Beacons. Our websites, and some of our e-mail communications, may from time to time contain small electronic files known as beacons (also known as web beacons, clear GIFs, pixel tags, single-pixel GIFS) that permit us, for example, to count users who have visited those pages or opened an email communication, and for other related statistical analysis. Beacons in email marketing campaigns allow us to track your responses and your interests in our content, offerings, and websites. You may use the tools in your device to disable these technologies as well.

Do Not Track. Our websites may, from time to time, collect information about your online activities, overtime time and across our websites. Third parties may also collect information about your online activities, over time and across different internet websites, online or cloud computing services, online applications, or mobile applications. Some browsers support a “Do Not Track” feature, which is intended to be a signal to websites that you do not wish to be tracked across different websites you visit. Our websites do not currently change the way they operate based upon detection of a “Do Not Track” or similar signal.

Special Categories of Data Not Collected. We do not actively collect or otherwise process Personal Information from minors and require or and include in our license and subscription agreement a condition that the customer will not provide any Personal Information of minors to us. The age of a minor varies by jurisdiction. For the purposes of Personal Information collected from the European Union, the age of a minor is under age sixteen (16). For purposes of the Children’s Online Privacy Protection Act (COPPA) in the U.S., the age of a minor protected by such law is under age thirteen (13). We also do not actively collect or otherwise process special categories of Personal Information, including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, or genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. We do not actively collect or otherwise process Personal Information relating to criminal convictions and offences.

HOW WE USE YOUR PERSONAL INFORMATION
We may use and process Personal Information for any purpose that is permitted under applicable data protection laws in accordance with this Privacy Policy. “Processing” of Personal Information includes collecting, recording, organizing, structuring, storing, altering or modifying, retrieving, transmitting, disclosing or otherwise making available to third parties, deleting, and otherwise using or dealing with your Personal Information. We may process your Personal Information with or without automatic means.These purposes include: • Our business purposes, including addressing customer service issues; processing sales leads, quotes, invoices and payments; collecting debts; planning and conducting marketing activities; responding to inquiries; conducting web analytics, security monitoring, and business operations and administration; and addressing tax and other regulatory requirements.
• Purposes related to our software products, including SaaS or cloud-based software. These purposes include licensing and operation of the software, remote management, education and information services, training, webinars, communication, customer service, system monitoring and data security. We use Personal Information to enable use of software features and related services, including through use of third-party service providers. We also use Personal Information to communicate with our users to inform them of software updates and enhancements, educational information, available software features and modules, and other information that may helpful or informative for our users.
• Marketing. From time to time, we may offer you the option of signing up, or having us sign you up, for various subscription and/or mailing lists used to send communications from our company for purposes of keeping users, and other registered recipients updated with respect to information about our organization, news and developments, our organization’s products and services, and other communications about our organization and our affiliates (“Updates”).  In order to register you on such subscription and/or mailing lists, we will ask for your name and email address.  If you provide your personal information specifically to subscribe to a particular Update (e.g., a particular newsletter), we will use the personal information you provide specifically to send you the requested Updates.  If you would like to stop receiving information about Updates from Sisu, please see the “YOUR RIGHTS RELATING TO YOUR PERSONAL INFORMATION” section of this Privacy Policy below.
• For the Protection of Sisu and Others. If Sisu, in good faith, determines that you have used the service to menace, threaten, harass, intimidate or otherwise deceptively pose as another person, or in any other way in violation of law. Simply, if you attempt to use the website or purchase or use a product for any unlawful means, you have no expectation of privacy and we may use and disclose any and all information for the protection of Sisu and others.
• Pursuant to Law, Rule or Regulation. If required or permitted to do so by law or if, in good faith, Sisu believes that such action is necessary to: (1) comply with laws and regulations or with legal processes; (2) protect and defend Sisu’s rights and property or prevent fraud; (3) protect Sisu against abuse, misuse or unauthorized use of Sisu’s products or services; (4) protect the personal safety or property of our personnel, users of our website or the public; and/or (5) comply with tax reporting requirements, then Sisu may use and disclose any and all information as needed. The servers that serve our website automatically identify a computer by its IP address.
• Aggregated and de-identified data. We may anonymize data to create statistical data or system usage data, by removing all personal identifiers and/or aggregating your data with other’s data so that it is not identifiable as to any particular person. Such de-identified or anonymized data may be retained and used by Sisu to improve its products and services and for other proper purposes, provided that such retention and use is permitted by applicable laws.

Legal basis. We base our processing of Personal Information on the need to perform our contractual obligations under our license agreements and our legitimate activities as a provider of software and related services. We also process Personal Information to comply with applicable law and to exercise our legal rights. We may also use your Personal Information for internal purposes, including auditing, data analysis, system troubleshooting, and research. In these cases, we base our processing on legitimate interests in performing the activities of the organization.

HOW WE SHARE OR DISCLOSE YOUR PERSONAL INFORMATION
No sale of Personal Information. We never sell or rent Personal Information to third parties.

Disclosures of Personal Information. Depending on the circumstances, we may share your information in the following circumstances:
• With Your Consent. We may disclose, share, or make available your information with your consent, which may be obtained in writing, online, through “click-through” agreements, when you accept our terms for our websites, orally (including over the telephone), or by other means such as communications through our various social media channels.
• With Service Providers & Business Partners. We may disclose, share, or make available your information with our third-party service providers, business partners, and other third parties, such as credit / debit card processing partners, partners that facilitate billing, shipping, and customer service, third-party auditors and law firms, marketing and advertising networks (including those that provide ad measurement services), internet service providers, data analytics providers, companies that help debug and identify and repair errors that may impair the functionality of our websites, and third parties that help protect against malicious, deceptive, fraudulent, or illegal activity.
• In A Business Transfer. We may disclose, share, or make available your information as part of a business transaction, such as a merger or acquisition, joint venture, corporate reorganization, financing, or sale of company assets, or in the unlikely event of insolvency, bankruptcy, or receivership, in which such information could be transferred to third parties as a business asset in the transaction.
• For Legal Process & Protection. We may disclose, share, or make available your information to satisfy any law, regulation, legal process, governmental request, or where we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to: (1) enforce or apply agreements, or initiate, render, or bill for use of the websites; (2) protect our rights or interests, property or safety or that of others; (3) in connection with claims, disputes, or litigation - in court or elsewhere; (4) protect users of our websites and other carriers, providers, or partners from fraudulent, abusive, unlawful, or otherwise improper use of our websites; (5) facilitate or verify the appropriate calculation of taxes, fees, or other obligations due to a local, state, or federal government.
• Aggregated and De-identified Data. We reserve the right to disclose aggregated user statistics as well as non-personally identifiable information (such as anonymous usage data), in order to describe our services to prospective partners, licensees, advertisers, and other third parties.

STORAGE AND PROTECTION OF PERSONAL INFORMATION
Although no system or website can guarantee the complete security of your information, we take commercially reasonable steps to ensure your information is protected in accordance with all applicable laws and regulations, as appropriate to the sensitivity of your information. However, no electronic data transmission can be guaranteed to be secure from access by unintended recipients and Sisu will not be responsible for any breach of security unless this breach is due to its negligence. Although we are committed to employing reasonable technology in order to protect the security of our website, even with the best technology, no website is 100% secure. In transacting business with us through our website, you assume the risk inherent in transacting business online.

We may store Personal Information that we have collected (through the means described above) on our premises and in our information system at our facilities, in third party data centers, in the systems of third party service providers, and in cloud storage solutions. Sisu is located in the United States. If Sisu transfers Personal Information from one country to another, we will ensure that the information is transferred in accordance with this Agreement and the Privacy Policy, and as permitted by applicable data protection laws.Sisu stores all information in state of the art physical storage facilities and cloud storage. In doing so, Sisu uses appropriate physical, organizational and technological measures to protect the Personal Information you provide to us against loss or theft, and unauthorized access, disclosure, copying, use, or modification. This includes limiting access on a “need-to-know” basis. Where third parties (such as AWS) are used to host our products, we use third parties who meet required privacy and security standards.To offer our website, products and services to you, Sisu relies on plugins and services from third parties such as internet service providers, email service providers and plugins, calendar plugins, Customer Relationship Management (CRM) systems, credit card processors, and third party data storage. To the extent these providers have access to your Personal Information, we will require that they are legally or contractually committed to comply with applicable privacy laws, In the case of credit card processors, we require that they be PCI DSS-compliant. However, we cannot guarantee with certainty that the computer systems and storage systems whereon these services are offered will not be accessed by unauthorized parties. This is a risk inherent in providing any information or, or conducting any business, online. In transacting business with us through our website, you assume the risk inherent in transacting business online.Our website may use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies” to help the website analyze how users use and view the website. Any information generated by the cookie about your use of our website (including your IP address, and particulars about your browser and configuration as reported by your browser) may be transmitted to and stored by Google on servers in the United States. Please note any information collected by Google Analytics cookies do not include personalized identification information (such as names, e-mail addresses, and payment information). Google may use the information collected for the purpose of enabling us to evaluate your use of our website, certain aspects of your user experience thereon, compiling reports on activity for us and providing other services relating to our website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. More information on the Google Analytics cookies are available from Google at https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.

RETENTION OF PERSONAL INFORMATION
We keep your information for as long as necessary in accordance with the purposes for which it was collected, our business needs, and our legal and regulatory obligations. If we dispose of your information, we will do so in a way that is commercially reasonable taking into account the sensitivity of the information. Sisu reserves the right to retain usage data relating to our products and services, as well as data that has been anonymized and/or aggregated, to the extent permitted by applicable laws. With respect to any Personal Information collected by us for marketing or for our own internal purposes, we will retain that data for a reasonable time in order to fulfill those purposes.  We regularly review our retention policy to ensure compliance with our obligations under data protection laws and other regulatory requirements. We regularly audit our databases and archived information to ensure that Personal Information is only stored and archived in alignment with our retention policy.

YOUR RIGHTS RELATING TO YOUR PERSONAL INFORMATION
Specific Jurisdictions. Depending on where you live, you may have certain rights concerning your Personal Information. For more information on those rights, please see the specific sections below relating to residents of California and Canada.

General. If you wish to opt out from any of the uses of Personal Information that are specified in this Privacy Policy, except in the case of legal proceedings or where your data is required for tax and transactional purposes, please contact us as described in the “COMPANY’S CONTACT INFORMATION” section below. Please note that your subsequent disclosure of Personal Information to us may override prior opt-out requests. Sisu does not discriminate against those who opt out. However, opting out may prevent us from conveniently and efficiently providing further product support services and information to you.

Unsubscribing to Marketing Communications: In particular, if we are sending you email communications of a marketing nature, an ‘unsubscribe’ option is provided in the footer of every email. You may also contact us directly to unsubscribe to marketing emails or other marketing communications, at the contact information set forth in the “COMPANY’S CONTACT INFORMATION” section below. If you have agreed to receive marketing communications, you may always opt out at a later date.

Your California privacy rights. This section applies to California residents only.
• Shine the Light law. Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of Personal Information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. Sisu does not presently share any information with third parties for direct marketing purposes. However, to submit such a request, you can contact us as set forth below.
• California Minors. California residents under age 18 (“California Minors”) have additional privacy rights under California law. A California Minor who uses the services has the right to either remove content or information posted on the services by such user, or, if removal of such information by the user himself or herself is not enabled or possible, the user may request and obtain removal of such content or information. To have any content or information provided by a California Minor removed by us, contact us at the contact information provided below. This removal does not ensure complete or comprehensive removal of any such content or information posted.

Your Canadian privacy rights. This section applies to Canada residents only.Under the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), you have certain data subject rights, including:
• Right of access: You have the right to know if we are processing your Personal Data and, if so, you have the right to view and obtain a copy of your Personal Data that we’ve collected about you. If you request access to your Personal Information that is in our system, by contacting us as set forth below, we will provide you with a copy of that information within 30 days. Upon your request, we will also inform you if we have any of your Personal Information, explain how we’ve you’re your Personal Information, and provide a list of any other organizations to which your Personal Information has been disclosed.

• Right to rectification and correction: If you inform us that there are any errors in your Personal Data that we have collected and are processing, we will correct those errors upon your request. If you wish to exercise any of your rights relating to your Personal Information or data, you may contact us at the contact information set forth below. We may be unable to remove Personal Information to the extent that it is permitted or required to be retained by applicable law or document retention and data backup policies, or if removal is not practicable due to technological reasons. Please note that removal of your Personal Information may prevent or hinder us from providing further services and information to you.Sisu may require you to provide sufficient information to permit us to provide an account of the existence, use, and disclosure of Personal Information. The information provided shall only be used for this purpose.Your Personal Information may be transferred outside of Canada for processing and storage. Sisu and its service providers may store Personal Information on servers located in other jurisdictions, including the United States. Please note that privacy laws in such jurisdictions differ from Canadian privacy laws (e.g., PIPEDA) and that in some jurisdictions your Personal Information may be accessed by law enforcement authorities or the courts in such jurisdictions.

PRIVACY POLICIES OF OTHER WEBSITES
Our websites, from time to time, may contain links to third-party websites and services. Please note that these links are provided for your convenience and information, and may operate independently from us and have their own privacy policies and/or notices. You are strongly encouraged to review such policies or notices. We do not endorse or make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available on other websites, even if one or more pages of the other websites are framed within, or linked to, a page of our websites. COMPANY’S CONTACT INFORMATION:If you have any questions about this privacy policy or your Personal Information that we hold, would like to cease receiving marketing materials from us, have any complaints, or would like to exercise any of your other rights related to your Personal Information, please contact us support@sisu.co. If you wish to report a complaint or if you feel that Sisu has not addressed your concerns in a satisfactory manner, you may also contact your state or local data protection authority.

Last Updated and Effective as of: September 2022