Wrap.co Privacy Policy
Last Updated 11/13/2019
Introduction
Wrap.co participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework.
Protecting your privacy is Wrap.co’s number one priority. With this in mind, we’re providing this Privacy Policy to ensure best practices regarding the collection, use and disclosure of information that we receive through our Services. When we say “Services” in this Privacy Policy, we mean our corporate website located at www.wrap.co (the “Site”), our web-based authoring tool that we make available to our customers for building mobile ready messages that are delivered as card-based, swipe-able content by way of an html link and viewable in the mobile browser (“Wraps”). Please note that, unless we define a term in this Privacy Policy, all capitalized terms used in this Privacy Policy have the same meanings as in our Terms of Service and our Services Agreement. So, please make sure that you have read and understand these documents to the extent they apply to your use of the Services.
Wrap.co complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Wrap.co has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
In regards to human resources data, Wrap.co commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Revisions to this Privacy Policy
Any information that is collected via our Services is covered by the Privacy Policy in effect at the time such information is collected. We may revise this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we will notify you of those changes by posting them on the Services or by sending you an email or other notification, and we will update the “Last Updated Date” above to indicate when those changes will become effective.
Collection and Use of Information
Our primary goals in collecting information are to provide and improve our Services, to administer your use of the Services, and to enable you to enjoy and easily navigate our Services. The Wrap Platform and Wrap Analytics both store information on usage of our system. In the case of the Wrap platform and how it is used, we store information that could be used to create a personalized Wrap. That information is stored in our database at the time a Wrap is created.
What type of Personally Identifiable Information is collected? To the extent we allow users to sign up to use of any of the Services, we will collect certain information that can be used to identify you (“PII”), such as your name and email address, and we may also collect other information that is not considered PII because it cannot be used by itself to identify you. If you are using our web-authoring tool as an employee of an enterprise customer, we may collect PII such as your name and email address in connection with such use. Any data used to render personalized Wraps is transferred to Wrap via a secured API, to be used only for the purposes of executing the intended Wrap or Wraps, and can be removed at any time. Any such proprietary data never leaves the Wrap production environment.
How is information collected using Cookies and other Web Technologies? We use automated data collection tools such as Cookies and Web Beacons to collect certain information.
“Cookies” are small text files that are placed on your hard drive by a Web server when you access our Services. We may use both session Cookies and persistent Cookies to identify that you’ve logged in to the Services and to tell us how and when you interact with our Services. We may also use Cookies to monitor aggregate usage and web traffic routing on our Services and to customize and improve our Services. Unlike persistent Cookies, session Cookies are deleted when you log off from the Services and close your browser. Although most browsers automatically accept Cookies, you can change your browser options to stop automatically accepting Cookies or to prompt you before accepting Cookies. Please note, however, that if you don’t accept Cookies, you may not be able to access all portions or features of the Services. Some third-party services providers that we engage (including third-party advertisers) may also place their own Cookies on your hard drive. Note that this Privacy Policy covers only our use of Cookies and does not include use of Cookies by such third parties. We may also use HTML5 local storage to store information locally within your browser such as user preferences and number of visits whenever you access our Services.
“Web Beacons” (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services, to monitor how many visitors view our Services, and to monitor the effectiveness of our advertising. Unlike Cookies, which are stored on the user’s hard drive, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).
How is information used and stored with our services? Wrap data is stored in a secure environment hosted by Amazon AWS. The data is stored in AWS RDS databases. RDS snapshots and backups are encrypted with an AES-256 algorithm via the AWS KMS service. AWS handles the responsibilities for encryption key management, storage, and rotation. Customer Wrap data is stored in AWS RDS databases. AWS RDS database snapshots and backups are encrypted using built-in AWS functionality which utilizes the AWS KMS service and uses an AES-256 algorithm. We use AWS managed keys for AWS services which means AWS is responsible for management, storage, and key rotation. Wrap also utilizes a role-based access model to govern access to these databases. Personalized Wrap data is not stored in S3. Data stored in S3 (eg. Wrap HTML, CSS, images) is intended to be public. For data stored by Wrap (eg. data stored in AWS S3) role-based access controls govern access to the data. Customer data and Wrap personalization is not stored in S3. Customer Wrap web assets such as HTML, images, CSS, etc. are stored in S3 and are expected to be public so that a Wrap is viewable. Wrap automatically records certain information about how a person uses our Services (we refer to this information as “Log Data”), including both Account holders and non-Account holders (either, a “User”). Log Data may include information such as a User’s Internet Protocol (IP) address, browser type, operating system, the web page that a User was visiting before accessing our Services, the pages or features of our Services to which a User browsed and the time spent on those pages or features, search terms, the links on our Services that a User clicked on, ads that a User clicked on within the Services, a User’s behavior and transaction related information while using the Services (such as videos and pages viewed within a Wrap), and other statistics. We use Log Data to administer the Services and we analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance our Services by expanding their features and functionality and tailoring them to our Users’ needs and preferences. We may use a person’s IP address to generate aggregate, non-identifying information about how our Services are used.
Information Sent by Your Mobile Device. We collect certain information that your mobile device sends when you use our Services, like a device identifier (such as IDFA or Android ID), user settings and the operating system of your device, as well as information about your use of our Services.
Location Information. When you use our Services, we may collect and store information about your location by converting your IP address into a rough geo-location or by accessing your mobile device’s GPS coordinates or coarse location if you enable location services on your device. We may use location information to improve and personalize our Services for you. If you do not want us to collect location information, you may disable that feature on your mobile device.
Retention of Information
Wrap retains Personal Information provided to us when there is an ongoing legitimate business need to do so (See Information Disclosed for Our Protection and the Protection of Others.).
When there is no ongoing legitimate business need to process Personal Information, we can securely delete the information or anonymize it. If this is not possible, we can securely store Personal Information and isolate it from any further processing until deletion is possible. We recognize an individual’s right to delete Personal Information upon request.
Sharing of Information
Information Shared with Our Services Providers. We may engage third-party services providers to work with us to administer and provide the Services. These third-party services providers have access to your information, including PII, only for the purpose of performing services on our behalf.
Information Shared with Third Parties. We may share certain anonymized information with third-party advertising partners. We may share aggregated information and non-identifying information with third parties for industry research and analysis, demographic profiling and other similar purposes. We utilize Google Analytics, a service provided by Google, Inc. to gather information about how Users engage with our Services. Users have the right to opt-out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/.
Information Disclosed for Our Protection and the Protection of Others. We cooperate with government and law enforcement officials or private parties to enforce and comply with the Privacy Shield laws. We may disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas); (ii) to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; and (iii) to stop any activity that we consider illegal, unethical or legally actionable activity.
We will not share any PII that we have collected from or regarding you except as described above.
Responding to Do Not Track Signals
Our Site does not have the capability to respond to “Do Not Track” signals received from various web browsers.
Security of Information
We take all necessary administrative, physical and electronic measures designed to protect the information that we collect from or about you (including your PII) from unauthorized access, use or disclosure. We utilize industry standard security measures to protect against external threats which include firewalls, strict configuration management, multi-zone architecture and a default deny-all access level. Internal controls include an ISO 2700x aligned information security program with provisions for strictly limited and formally implemented access control management, log management and ongoing policy and educational controls including security awareness training with specific audibility and executive oversight. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.
Links to Other Sites
Our Services may contain links to websites and services that are owned or operated by third parties (each, a “Third-party Service”). Any information that you provide on or to a Third-party Service or that is collected by a Third-party Service is provided directly to the owner or operator of the Third-party Service and is subject to the owner’s or operator’s privacy policy. To protect your information, we recommend that you carefully review the privacy policies of all Third-party Services that you access.
International Transfer of Information
Wrap.co is responsible for the processing of personal data it receives under the Privacy Shield Framework and complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. Your PII may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you’re located outside the United States and choose to provide your PII to us, we may transfer your PII to the United States and process it there.
Our Policy Toward Children
Our Services are not directed to children under 13 and we do not knowingly collect PII from children under 13. If we learn that we have collected PII of a child under 13 we will take steps to delete such information from our files as soon as possible.
Individual Rights
If you are located in the EU or the UK, you have the following individual rights in relation to your Personally Identifiable Information:
You have the right to request access, correction, updates or deletion of your personal information.
You have the right to object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. If we have collected and process your personal information with your consent, then you can withdraw your consent at any time.
If you are not located in the EU or the UK, you may still have rights in relation to your personal data under your local data privacy law. Many countries provide data subjects with a right to seek access to any personal data we hold about you and to request correction of that data if it is incorrect.
Inquiries and Resolution
In compliance with the Privacy Shield Principles, Wrap.co commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Wrap.co at info@wrap.co
Wrap.co has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
The Federal Trade Commission has jurisdiction over Wrap.co’s compliance with the Privacy Shield Framework.
You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. Please open the link to Annex I, Section C of the Privacy Shield for additional information: https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Contact Information
Data Protection Officer:
Melvin Laguren
Wrap.co
550 15th Street
Suite 28
San Francisco, CA 94103
melvin@wrap.co