Privacy Policy
This privacy policy applies across all websites that we own and operate and all services we provide. We define “personal data” as identifiable information about you, like your name, email, address, telephone number, payment information, etc.
We update this policy from time to time. When there is a significant change to this policy, we will notify you via the email address you have provided to us.
Who is Ruddr?
When we refer to “we” (or “our” or “us”), that means Nexza, Inc. (doing business as Ruddr). We provide a platform that helps small to midsize professional services firms operate their business.
Data protection principles
Our approach to data protection is built around the following principles.
- We are honest and transparent in how we collect and use your information.
- We are honest and transparent in how we collect and use your information.
- We enable efficient use of personal data to empower productivity and growth.
- We use industry leading approaches to securing the personal data entrusted to us.
- We accept the responsibility that comes with processing personal data.
How we collect your data
When you visit our websites or use our services, we collect personal data. The ways we collect it can be broadly categorized into the following:
Information you provide to us directly: When you visit or use some parts of our websites and/or services we might ask you to provide personal data to us. For example, we ask for your contact information when you sign up for a free trial, take part in training and events, contact us with questions or request support. If you don’t want to provide us with personal data, you don’t have to, but it might mean you can’t use some parts of our websites or services.
Information we collect automatically: We collect some information about you automatically when you visit our websites or use our services, like your IP address and device type. We also collect information when you navigate through our websites and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible. Some of this information is collected using cookies and similar tracking technologies.
Where we collect personal data, we’ll only process it:
- to provide our service to you, or
- where we have legitimate interests to process the personal data and they’re not overridden by your rights, or
- in accordance with a legal obligation, or
- where we have your consent.
If we don’t collect your personal data, we may be unable to provide you with all our services, and some functions and features on our websites may not be available to you.
How we use your data
First and foremost, we use your personal data to operate our websites and provide you with any services you’ve requested, and to manage our relationship with you. We also use your personal data for other purposes, which may include the following:
- providing you with information you’ve requested from us (like training or education materials) or information we are required to send to you
- sending you operational communications, like changes to our websites and services, security updates, or assistance with using our websites and services
- marketing communications in accordance with your preferences
- asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with)
- assisting with the resolution of technical support issues or other issues relating to the websites or services, whether by email, in-app support or otherwise
- tracking and monitoring your use of websites and services so we can keep improving
- detecting and preventing any fraudulent or malicious activity
- sending you marketing communications and displaying targeted advertising to you online through our own websites and services or through third party websites and their platforms.
How we can share your data
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
- third party service providers and partners who enable us to provide functionality via our websites or to market our goods and services to you
- regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
- an actual or potential buyer (and its agents and advisors) in connection with an actual or proposed purchase, merger or acquisition of any part of our business
- other people where we have your consent.
Security
Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organizational measures in place to make sure that happens.
Retention
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices.
Processing personal data under General Data Protection Regulation (GDPR)
If you are from the European Economic Area (EEA), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the personal data we collect and the specific context in which we collect it.
We may process your personal data because:
- We need to perform a contract with you
- You have given us permission to do so
- The processing is in our legitimate interests and it's not overridden by your rights
- For payment processing purposes
- To comply with the law
Data Privacy Framework Commitment and Compliance
Nexza, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Nexza, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Nexza, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit: https://www.dataprivacyframework.gov/
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Nexza, Inc. commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
Nexza, Inc. is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Under certain conditions, you may invoke binding arbitration. Nexza, Inc. is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to us and following the procedures and subject to conditions set forth in Annex I of Principles.
Nexza, Inc. is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Nexza, Inc. remains responsible for any of your personal information that is shared under the Onward Transfer Principle with third parties for external processing on our behalf.
Nexza, Inc. is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Nexza, Inc. remains responsible for any of your personal information that is shared under the Onward Transfer Principle with third parties for external processing on our behalf.
International data transfer and storage of data
Your personal information may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different to the laws of your country, and in some cases, may not be as protective. Specifically, our website servers are primarily located in the U.S. and we may process your personal information in jurisdictions where our affiliates, partners and third-party service providers are located. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy. These safeguards include implementing applicable data transfer mechanisms, such as the E.U. standard contractual clauses, or other lawful mechanisms for transfers of personal information in accordance with applicable data protection law. We have self-certified compliance with the EU-U.S. Data Privacy Framework, the UK extension to the EU-U.S. Data Privacy Framework, and the Swiss-US Data Privacy Framework as set forth by the U.S. Department of Commerce with respect to personal information relating to individuals from the EEA, UK, and Switzerland. Please see our Data Privacy Framework Notice to learn more.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
“Do Not Track” support
We do not support Do Not Track. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Data protection rights you have under the General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area, you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data.
If you wish to be informed what personal data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
- The right to access, update or to delete the information we have on you. Whenever made possible, you can access, update or request deletion of your personal data directly within your account settings or profile. If you are unable to perform these actions yourself, please contact us to assist you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your personal data.
- The right of restriction. You have the right to request that we restrict the processing of your personal information.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the European Economic Area.
Sub-processors
We use certain sub-processors to assist in providing our services. A sub-processor is a third party data processor engaged by us who agrees to receive personal data intended for processing activities to be carried out (i) on behalf of our customers; (ii) in accordance with customer instructions as communicated by us; and (iii) in accordance with the terms of a written contract between us and the sub-processor.
We maintain an up-to-date list of the names and locations of all sub-processors. This list is below.
- Amazon Web Services - Cloud service provider located in the United States.
- Backblaze - Cloud storage and data backup provider located in the United States.
- GitHub - Source code hosting provider located in the United States.
- Google - Cloud service provider, search marketer, and analytics provider located in the United States.
- Hubspot - Marketing automation provider in the United States.
- Microsoft Clarity - Digital experience analytics provider located in the United States.
- ReadMe - API documentation platform located in the United States.
- Sentry.io (Functional Software, Inc.) - Error detection provider in the United States.
- Slack - Messaging platform based in the United States.
- Stripe - Payment processor located in the United States.
- Zendesk - Cloud customer service provider located in the United States.
Payment processing
We may provide paid products and/or services within the service. In that case, we use third-party services for payment processing (e.g. payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with is Stripe, Inc. Their Privacy Policy can be viewed at https://stripe.com/us/privacy.
Links to other sites
Our service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Children's privacy
Our service does not address anyone under the age of 18 ("children").
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your children has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
Your rights
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication.
You also have rights to:
- know what personal data we hold about you, and to make sure it’s correct and up to date
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it
- object to our continued processing of your personal data
You can exercise these rights at any time.
If you’re not happy with how we are processing your personal data, please let us know by getting in touch with us via email. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.
Supplemental information for California residents
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act, as amended (CCPA).
Your Rights
Subject to applicable law, you have the following rights with respect to your personal information.
- Right to access. You have the right to request that we disclose to you what personal information we collect, use, disclose, share, and sell about you.
- Right to delete. You have the right to request that we delete your personal information that we’ve collected.
- Right to update. You have the right to request that inaccurate personal information we hold about you be corrected.
- Right to restrict the use and disclosure of your sensitive information. You have the right to request that we limit our use and disclosure of your sensitive personal information.
- Right to nondiscrimination. You have the right not to receive discriminatory treatment because you’ve exercised any of your rights under the CCPA.
If you or your authorized agent wishes to exercise any of these rights, please contact us via the information provided at the bottom of this Privacy Policy. Please note that we may ask you or your agent to provide us with additional information to confirm your identity.
Categories of Personal Information Collected
The personal information that we’ve collected in the past 12 months fall into the following categories specifically established under the CCPA:
- Identifiers such as a real name, postal address, unique personal identifier, online identifier, internet protocol address, and email address.
- Information under Cal. Civ. Code §1798.80(e), such as your name, address, telephone number, or any financial information.
- Commercial information, such as information related to products or services you’ve purchased.
- Internet or other electronic network activity information, such information regarding your interaction with our products.
- Geolocation data.
- Audio, electronic, visual, or similar information, such as audio recordings of calls with you.
- Inferences drawn on the information above, such as aggregated metrics.
- Account log-in or credit card number in combination with your credentials allowing access to your account.
Categories of Personal Information Disclosed for a Business Purpose
The personal information that we’ve disclosed for a business purpose (including to our service providers) in the past 12 months fall into the following categories specifically established under the CCPA:
- Identifiers such as a real name, postal address, unique personal identifier, online identifier, internet protocol address, and email address.
- Information under Cal. Civ. Code §1798.80(e), such as your name, address, telephone number, or any financial information.
- Commercial information, such as information related to products or services you’ve purchased.
- Internet or other electronic network activity information, such information regarding your interaction with our products.
- Geolocation data.
- Audio, electronic, visual, or similar information, such as audio recordings of calls with you.
- Inferences drawn on the information above, such as aggregated metrics.
- Account log-in or credit card number in combination with your credentials allowing access to your account.
For more information about the categories of personal information we disclose to other parties, including to our services providers, please see the “How We Share Personal Information” section above.
No Sale or Sharing of Personal Information
We do not sell or share (for the purpose of cross-context behavioral advertising) your personal information, as those terms are defined under the CCPA.
Supplemental information for Virginia residents
This section provides additional information for residents of Virginia and the rights afforded to them under the Virginia Consumer Data Protection Act (VCDPA).
Your Rights
Subject to applicable law, you have the following rights with respect to your personal information.
- Right to access. You have the right to access your personal information and obtain a copy of it in a portable and readily usable format.
- Right to correct. You have the right to correct errors in your personal information.
- Right to delete. You have the right to have your personal information deleted.
- Right to opt out. You have the right to opt out of behavioral advertising, automated profiling, and sales of personal information.
To exercise your rights, please contact us via the information provided at the bottom of this Privacy Policy. Please note that we may ask you to provide us with additional information to confirm your identity.
If you submit a request to exercise one of the above rights and you disagree with our decision regarding your request, you may appeal our decision by replying to our response.
Representation
We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:
- United Kingdom (UK)
- European Union (EU)
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). To make use of your data subject rights or to view our EU or UK certificate of representation, you can contact our representative, Prighter, via the following link or by clicking on the image below: https://prighter.com/q/13590678575
How to contact us
Please contact us via email at legal@ruddr.io.
Last updated: May 9, 2024