Last modified: September 2, 2020
Users Outside the United States
Information We Collect
Visitors: We collect information if you visit our Site or use the Retain Platform, even if you do not establish an account with Retain. This information includes: IP address, geographic location (country based on IP address), browser type, version and language setting and operating system type, version and language setting.
Account Creation and Use of Retain Platform: In addition to the information above, we collect your email address when you create an account with Retain.
User Data: We collect information you voluntarily provide to us in the process of using the Retain Platform. This includes data provided to us through third party integrations. We process such data on your behalf in accordance with the instructions received from you for as long as needed to provide our services, subject to this Policy.
Google APIs: We collect only the information that you authorize us to collect when you authenticate into Retain.ai using Google’s OAuth API. Retain.ai requires the following permissions to offer a base level of functionality:
Access to your calendar, in order to understand which external interactions you participate in
Read-only access to your coworkers’ calendar, if shared with you, in order to understand which external interactions they participate in
Access the names, emails and avatars of contacts in your organization in order to identify the co-workers whose calendars we should include in our analysis
Beyond the base functionality, you may also grant the following permissions to extend the coverage provided by Retain:
Read-only access to Gmail metadata, which will be used exclusively in order to estimate and report time spent on email activities with external parties
Read-only access to Drive, which will be used exclusively in order to estimate and report time spent on documents related to external parties
In both cases, the information collected may include personal information identifiers, typically in the form of email addresses and first and last names retrieved via an API. This information is used exclusively for the purposes of the service, such as attributing activity to the appropriate account based on an email sender’s domain.
Other Integrations: In using the Retain service you may elect to transfer data, programmatically or otherwise, from other applications to Retain; in that case, personal information residing in those platform, such as email or first and last name, may be collected by Retain if it is deemed necessary for the purpose of delivering the service to you.
Chrome Browser Extension: If you choose to install the Retain Chrome Browser Extension, you will be asked to grant access to information that will be used to associate time spent on specific websites, such as Facebook Ads Manager, with external parties. The extension requires access to your tabs in order to understand how much time is spent on each page. In a limited number of cases, we may request access to the contents of webpages on specific domains, exclusively in order to attribute time spent on a site to a specific external party, based on the content of the page.
Google API Services Usage Disclosure
Retain’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
How We Use Information
Unless otherwise specified, we may use information about you and your end-users for various purposes, including to:
Provide you with information about the time spent with various customers, vendors and counterparties to your business;
Provide, operate, maintain, analyze, improve and promote the Retain Platform and tailor our services to our users’ needs;
Create aggregate, anonymized benchmarks;
Respond to your comments, questions and requests and provide customer service;
Send you technical notices, updates, security alerts and support and administrative messages;
Communicate with you about products, services, offers, promotions, rewards, and events, and provide news and information we think will be of interest to you;
Monitor and analyze trends, usage and activities in connection with the Retain Platform;
Link or combine with information we get from others to help provide you with better service;
Detect, investigate and/or prevent fraudulent, unauthorized or illegal activity; and
Carry out any other purpose for which the information was collected.
The information we collect may be “personally identifiable” (meaning it can be used to specifically identify you as a unique person) or “non-personally identifiable” (meaning it can’t be used to specifically identify you). We use both types of information, and combinations of both types, as described above.
Sharing Your Information
We may share personally identifiable information as follows, unless otherwise specified:
With your consent;
With our affiliates;
With analytics providers for the purpose of analyzing user data;
When we believe that we are lawfully authorized or required to do so or that doing so is reasonably necessary or appropriate to comply with the law or legal processes or respond to lawful requests or legal authorities, including responding to lawful subpoenas, warrants or court orders;
To protect the rights, property, or safety of Retain, our users, or others; and
In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition, or in any other situation where personal information may be disclosed or transferred as one of our business assets.
We may also share aggregated or non-personally identifiable information with third parties.
Retain complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
You may choose to limit the information that is shared about you by contacting Retain at firstname.lastname@example.org and requesting that your information be modified or deleted.
Your Choices Regarding Information and User Generated Content
Cookies and Web Beacons: You can usually instruct your browser, by changing its settings, to stop accepting cookies or web beacons or to prompt you before accepting a cookie or web beacon from the websites you visit. If you do not accept cookies or web beacons, however, you may not be able to use all portions of the Retain Platform or all functionality of the Retain Platform.
Changing or Deleting Your Information: You may review, update, correct or delete the personally identifiable information in your account by sending a request to do so to hello@Retain.ai. If you completely delete all of your information, then your account may become deactivated. Please note that Retain may retain certain information as required by law, for legitimate business purposes, or as part of our regular retention practices. We may also retain cached or archived copies of information about you.
We use commercially reasonable safeguards to preserve the integrity and security of information collected and maintained through the Retain Platform. However, we cannot ensure or warrant the security of any information you provide to us or guarantee that information on the Retain Platform may not be accessed, disclosed, altered, or destroyed by unauthorized persons.
Do Not Track
We currently do not participate in any “Do Not Track” frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your information. We may, or we may engage third parties, such as marketing or analytics partners, who may collect information about your online activities over time and across different websites when you use our website.
The Retain Platform is not directed to children under 13. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, he or she should contact us at email@example.com.
How to Contact Us
If you have any questions about this Policy or any of the practices described herein, please contact us at Retain AI, Inc., 237 Kearny Street #9253, San Francisco, CA 94108, or send us an email at firstname.lastname@example.org.
Vulnerability Disclosure Program
If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at email@example.com. We will acknowledge your email within 24 hours.
Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure.
Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Retain service. Please only interact with accounts you own or for which you have explicit permission from the account holder
Exclusions: While researching, we’d like you to refrain from:
Distributed Denial of Service (DDoS)
Social engineering or phishing of Retain employees or contractors
Any attacks against Retain’s physical property or data centers
If an issue cannot be resolved our internal dispute resolution mechanism, individuals may contact or submit a complaint, at no cost, to the JAMS EU-U.S. Privacy Shield Program, which is based in the United States and which serves as our third-party alternative dispute resolution provider. We will cooperate with JAMS pursuant to the JAMS International Mediation Rules, which are accessible on the JAMS website at http://www.jamsadr.com. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
With respect to our compliance with applicable privacy laws and regulations Retain may be subject to the investigatory and enforcement powers of the Federal Trade Commission.
Last modified July 8, 2020
Amazon Web Services, Inc – Cloud Service Provider – United States
Inspectlet – Cloud-based Analytics – United States
Heap Analytics – Cloud-based Analytics – United States
Google, Inc. – Cloud-based Analytics – United States