Effective on: January 23, 2018
information you provide when subscribing for the Service, including Customer Information;
financial information, including credit card, debit card or bank account information, which you provide when paying for our Service;
information you include in the employee feedback data including any group or individuals with whom you are associated in a Third Party Service;
information you provide in connection with any customer support, product evaluation, dispute resolution and other communications with our Service and personnel; and
information regarding the geographic location where your computing device is located when interacting with our Service.
Content from a Third Party Service
When you deploy the Disco Service within a Third Party Service, you specifically authorize our Service to take certain actions, including collecting Customer Information (to the extent made available by such Third Party Service), and indexing and processing the Customer Data. Your Customer Data is reviewed automatically by our proprietary algorithms to enable you to configure how our Service will operate for you. No humans at Disco will be involved in this process. For example, you may wish to measure employee satisfaction and employee sentiment, or analyze certain workflows, or obtain intelligence on your top performers. You may configure our Service to look for certain keywords and other indicators in the communications in the Third Party Service, which will provide you these insights. Your Administrator(s) may elect to obtain reports detailing these analyses, and share these with others. Our Service only stores Customer Data that are explicitly required to operate our Service, for you.
You may also configure our Service’s algorithms to monitor Customer Data for certain keywords in order to promote the exchange of employee feedback among Users. Our Service can spot communications containing positive feedback, and prompt Users to give “kudos” and other compliments to others. Our Service may also be used as a tool to provide constructive and anonymous feedback. Our Service will process this type of employee feedback data for use by the Customer, so that it may be distributed among Users or limited to Administrator – determined personnel.
Other Automatically Collected Information
We use your personal information for the following purposes:
to establish the Customer account with our Service, and to communicate with the Administrator and Users regarding the Customer account;
to establish authorization for our Service to access the Third Party Service(s) that the Administrator requests;
to operate, improve and personalize our Service for Users, including any collection and processing of payment for our Service;
to provide you information regarding our Service and other services or products, or redeem promotional offers (consistent with your communications preferences), including sponsored gifts or rewards;
to provide reports and other information in the Customer dashboard;
to create User profiles; and
to contact Administrators and Users to detect, prevent and mitigate fraudulent or illegal activities, investigate or inform about any security issues, enforce our Terms of Service with you or other applicable policies, and comply with our legal obligations.
Third Party Service Information
We process the information obtained from a Third Party Service in the manner directed by your Administrator(s) in order to provide the Service (e.g., to promote Users feedback, monitor User sentiment and provide insights to the Customer relating to its Users)
Our Service operates on computers owned and/or operated by Disco and located in third-party data centers in the United States and, possibly in other countries in the future. These computers store all Users’ feedback and performance data collected in the manner required to perform according to the Administrator’s configuration of the Service (including any relevant Customer Data obtained from the Third Party Service(s)), all in an encrypted form using industry standard security.
We do not enable our personnel to access Customer Data obtained from a Third Party Service, or disclose such Customer Data to third parties, except in the following limited circumstances:
you request assistance from us with respect to any relevant Customer Data obtained from a Third Party Service, in which event our customer support personnel will obtain your prior consent to our accessing the Customer Data on the Third Party Service (including anything stored on such Third Party Service in addition to the relevant content provided to you in your Users’ communications, to other Users or our Service);
we believe our Terms of Service have been violated and confirmation is required, or we otherwise have an obligation to review the Customer Data in the Third Party Service;
we believe it is necessary to protect the rights, property or personal safety of Disco, its Customers or Users (including to protect against potential spam, malware or other security concerns); or
in order to comply with our legal obligations, such as responding to warrants, court orders or other legal process.
As part of the Service we may share aggregate, anonymous demographic information, survey results, market trends, and other analysis that we create based on the information we receive from you and other customers. Such information will never identify you, your organization, or your Users. We may also share information via the Service to the Third Party Service(s) you link to the Service. For example, if you use the Service to send a survey to your Users via Slack or Microsoft Teams, we may share the results of that survey to your Users via Slack or Microsoft Teams as well.
We vigilantly protect the privacy of your account and the Customer Data stored in our computer systems and, whenever we determine it appropriate, we provide you with notice if we believe we are compelled to comply with a third party’s request for information about your account.
We retain Customer Information, Customer Data and the communications and analytics generated by use of our Service (collectively, the “Service Output”), as long as we believe it is necessary and relevant for the operation of our Service. Service Output is retained at a company and employee level. A Customer Administrator may request that Customer Information and/or Customer Data be deleted from our systems after the termination of a Customer’s subscription. (However, Customers should understand that Users may elect to export and retain their own feedback data.) Under certain circumstances we may retain Customer Information from terminated subscriptions. We do this to ensure that the Service is not interrupted and none of the Service Output is lost due to interrupted Service subscriptions or other unanticipated events. We may also retain Customer Information after a Customer subscription term ends to prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Service, comply with applicable legal data retention obligations and take other actions permitted by law.
Information Choices and Access
The Administrator and Users choose what personal information we obtain, by providing us the Customer Information and establishing their personal user profiles in a Third Party Service, and each of them may choose to modify or limit such information. It is the Administrator’s responsibility to ensure the Customer Information is correct, and we may rely upon that information being current. You and each User consents to our using the then-current Customer Information and User address(es) to deliver notices and important messages.
Users may also elect to publish and share certain Service Output, such as accomplishments or achievements as part of their Disco profile, among other Users of the Service, or more broadly. Disco is not responsible for the actions of Users who choose to share this Service Output publicly or on their social networks.
We do not sell or rent your Customer Information to third parties for their marketing purposes without your explicit consent. We may contact you via email or within the Service with Service-related announcements that we think may be beneficial to you, and special offers. We also may contact you with information about products and services from our business partners. You may opt out of such communications at any time by following the opt-out instructions provided in such messages. You may not opt out of receiving what we consider to be essential Service-related messages, customer service responses or other communications relating to inappropriate use of the Service or requests from third-parties to access information in your account. We may deliver those messages using any of the Customer Information in our records. Please note that if you have agreed to receive marketing communications from any Third Party Service with which you are using Disco, you must change your communication preferences with them directly.
We will honor any statutory right you might have to access, modify or erase your personal information. You can contact Disco customer support at firstname.lastname@example.org to request access. Where you have a legal right to request access or request the modification or erasure of information, we can still withhold that access or decline to correct information in some cases in accordance with applicable law, but will give you reasons if we do so.
We exist to provide a valuable service to you, and not to obtain Customer or User information to sell or rent to third parties. In addition to actions you elect to take to enable us to share your credentials with a Third Party Service to integrate Disco with such Third Party Service, the circumstances in which we disclose information are limited to the following:
we have the Administrator or User’s explicit consent to share the information;
we believe it is necessary to investigate potential violations of our Terms of Service, to enforce the Terms of Service, or where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud or potential threats against persons, property or the systems on which we operate the Service;
we determine that the access, preservation or disclosure of information is required or permitted by law to protect the rights, property or personal safety of Disco or Users of the Service, or is required to comply with applicable laws, including compliance with warrants, court orders, subpoenas, legal process, or other lawful government requests (including in response to public authorities to meet national security or law enforcement requirements); or
we do so in connection with the sale or reorganization of all or part of our business, as permitted by applicable law.
Some third parties’ embedded content or plugins on the Service, such as Facebook “Like” buttons, may allow their operators to learn that you have visited our website, and they may combine this information with other, identifiable information they have collected about your visits to other websites or online services.
In each of these circumstances, we try to minimize the amount of personal information we share to what is directly relevant and necessary to accomplish the specified purpose. As stated above, we do not disclose your Customer Information to third parties for their marketing purposes without your explicit consent.
While we use contractual and other measures to ensure protection of personal information, the laws and regulations relating to privacy and personal information protection in other legal jurisdictions may not be the same as, or similar to, your local privacy laws. The governments, courts, law enforcement or regulatory agencies in these other jurisdictions may be able to request disclosure of personal information through the laws of these countries. In an effort to respect your privacy, we will not otherwise disclose your personal information to law enforcement, other government officials, or other third parties without a subpoena, court order or substantially similar legal procedure, except when we believe in good faith that the disclosure of information is necessary to prevent imminent physical harm, financial loss or to report potentially illegal or fraudulent activity.
Securing Your Information
We are committed to protecting the security of your information and take reasonable precautions to protect it. We use industry standard encryption to protect your data in transit and while it is stored on our servers. This is commonly referred to as transport layer security (TLS) or secure socket layer (SSL) technology. However, internet data transmissions cannot be guaranteed to be 100% secure, and we cannot ensure the security of information during its transmission between you and us. Accordingly, you acknowledge that when you transport such information, you do so at your own risk.
We protect your information in our systems using technical and administrative security measures designed to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centers, and information access authorization controls.
If we learn of a system breach, we may attempt to notify you and provide information on protective steps, if available, using the Customer Information that you have provided to us or by posting a notice on our web site and/or via our Service and other communication platforms. Depending on where you live, you may have a legal right to receive such notices in writing.
We also wish to share the following important privacy information related to your use of our Service:
Information from Children
We do not knowingly collect personal information from children without parental consent. If we learn that we have inadvertently obtained information in violation of applicable laws prohibiting collection of information from children without such consent, we will promptly delete it.
Third Party Privacy Practices
Scope of Policy
Questions or Concerns
Attn: Jeremy Vandehey
1266 Harrison St.
San Francisco, CA 94103