“Personal Information” is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Information We Collect
We collect your Personal Information in the following ways:
Information from your use of the Services: We may receive information about how and when you use the Services, store it in log files or other types of files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, browser used, and actions you have taken within the application. This type of information helps us to improve our Services for both you and for all of our Customers.
Web beacons: We use web beacons, also called pixel tags, on our Websites and in our emails. When we send emails to Customers, we may track behavior such as who opened the emails and who clicked the links. This allows us to measure the performance of our email campaigns and to improve our features for specific segments of Customers. To do this, we include a single pixel tag in emails we send. These tags allow us to collect information about when you open the email, your IP address, your browser or email client type, and other similar details. We also include single pixel tags in the emails we deliver, through the Platform, on our Customer’s behalf. We use the data from those web beacons to create reports about how our Customer’s email campaign performed and what actions their Recipients took with respect to that email. Similarly, reports are also available to us when we send email to you, so we may collect and review that information to analyze how our email campaigns to Customers performed and what actions our Customers took with respect to that email.
Contest and Sweepstakes: We may, from time to time, offer surveys, contests, sweepstakes, or other promotions on our Websites or through social media (collectively, “Promotions”). Your participation in our Promotions is completely voluntary. Information requested for entry may include personal contact information such as your name, address, date of birth, phone number, email address, username, and similar details. We use the information you provide to administer our Promotions. We may also, unless prohibited by the Promotion’s rules or law, use the information provided to communicate with you, or other people you select, about our Services. We may share this information with our Affiliates and other organizations or Service Providers in line with this policy and the rules posted for the Promotion.
Blog: We have public blogs on our Websites. Any information you include in a comment on our blog may be read, collected, and used by anyone. If your Personal Information appears on our blogs and you want it removed, please contact us at firstname.lastname@example.org. If we are unable to remove your information, we will tell you why.
Social media platforms and widgets: Our Websites may include social media features, such as the Facebook Like button. These features may collect information about your IP address and which page you are visiting on our Website, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our Website. We also maintain presences on social media platforms including Facebook, Twitter, and LinkedIn. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
Information from other sources: We may, from time to time, obtain information about you from third party sources, such as public databases, third party data providers, and our joint marketing partners. We take steps to ensure that such third parties are legally permitted or required to disclose such information to us. Examples of the information we may receive from other sources include: demographic information, company information, device information (such as IP addresses), location, and online behavioral data (such as information about your use of social media websites, page view information, and search results and links). We use this information, alone or in combination with other information (including Personal Information) we collect, to enhance our ability to provide relevant marketing and content to you and to develop and provide you with more relevant products features, and services.
Use and Disclosure of Your Personal Information
We may use and disclose your Personal Information only for the following purposes:
To promote use of our Services to you and others. For example, if we collect your Personal Information such as your email address when you visit our Websites and do not sign up for any of the Services, we may send you an email inviting you to sign up where permitted by applicable law. If you use any of our Services and we think you might benefit from using another Service we offer, we may send you an email about that. You can stop receiving our promotional emails by following the unsubscribe instructions included in every promotional email we send. In addition, we may use information we collect in order to advertise our Services to you or suggest additional features of our Services that you might consider using. In addition, we may use your Personal Information to advertise our Services to potential or other users like you.
To send you informational and promotional content in accordance with your marketing preferences. You can manage your preferences to receive specific content in our subscription center (which is available by clicking the “Email Subscription Center” link found in the footer of our marketing emails) or choose to stop receiving these emails altogether by following the unsubscribe instructions included in every marketing email.
To bill and collect money owed to us by our Customers. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments.
To communicate with our Customers about their account and provide customer support.
To protect the rights and safety of our Customers and third parties, as well as our own.
To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.
To prosecute or defend a court, arbitration, or any other legal proceeding.
To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
To provide, support, and improve the Services we offer. This includes our use of the data that our Customers provide us in order to enable our Customers to use the Services to communicate with their Recipients. This also includes, for example, aggregating information from your use of the Services and sharing this information with third parties to improve our Services. This might also include sharing your information or the information you provide us about your Recipients with third parties in order to provide and support our Services or to make certain features of the Services available to you. When we do have to share Personal Information with third parties, we take steps to protect your information by requiring these third parties to enter into a contract with us that require them to use the Personal Information we transfer to them in a manner that is consistent with this policy.
Disclosure of Personal Information to Third Parties
Business Partners. From time to time, Gravity may partner with other companies to jointly offer products, services or programs including, for example, webinars, events, downloadable content, or integrated features. If you purchase, specifically express interest in, or register for a jointly offered product, service, or program from or through Gravity, we may share your Personal Information collected in connection with your purchase or expression of interest with our business partners. Gravity does not control our business partners’ use of shared Personal Information and their use of such information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt to not purchase or specifically express interest in a jointly offered product or service.
Information Disclosed for our Protection and the Protection of Others. We may disclose information about you to third parties: (a) if we are required to do so by law, court order or legal process; (b) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (c) under the discovery process in litigation; (d) to enforce Gravity policies or contracts; (e) to collect amounts owed to Gravity; (f) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (g) if we, in good faith, believe that disclosure is otherwise necessary or advisable. In addition, from time to time, server logs may be reviewed for security purposes including, for example, to detect unauthorized activity on the Services. In such cases, server log data containing Personal Information may be shared with law enforcement bodies so that they may identify users in connection with their investigation of the unauthorized activities.
Data Collected for and by our Customer
If you are a Recipient and no longer want to be contacted by one of our Customers, please unsubscribe directly from that Customer’s emails or contact the Customer directly to update or delete your data. If you contact us, we may remove or update your information within a reasonable time and after providing notice to the Customer of your request.
Disclosure of Anonymized Information
Gravity reserves the right to use and disclose anonymized information, aggregated information or publicly available information that has not been combined with nonpublic Personal Information for any purposes including without limitation Gravity’s internal use and research.
However, Gravity will not disclose information, even in anonymized, aggregate, or derivative forms, that is made available by our connection to email providers such as Gmail, including API calls relating to checking, reading, or sending email, in accordance with the Additional Requirements for Restricted Scopes as specified by Google. When connecting to email providers such as Gmail, Gravity will only make use of the information necessary to render our service so that we can display our user interface and perform requested actions on your account.
Third-Party Email Account Syncing
Gravity allows you to connect our Services to your various third-party email accounts (such as Gmail) for the purpose of sending email and for us to check your inbox for replies and bounces. We require a small set of permissions on your third-party email account to be able to do this and will only use it for the purpose of providing you with our Services or for diagnosing issues related to your third-party email account. Gravity will not use your email account information for any purpose other than providing the Services to you. Gravity is not responsible for any issues related to your third-party email account.
Gravity’s use of information received from Gmail APIs will adhere to Google's Limited Use Requirements.
Permissions Gravity requires
“View your email messages and settings”
Gravity will access your basic profile information including photo, name, and email address so that we can properly label your account.
Gravity will periodically check your inbox for messages. Our app will check your inbox to find replies to emails sent by your Gravity campaigns in order to present this information to you within the Gravity application, turn recipients into leads as necessary, and stop follow-up messages from sending when a reply causes someone to become a lead. We also look for unsubscribe requests and bounces to emails sent by Gravity to keep your contact lists up to date and help you with deliverability.
In rare cases, our engineers may use an internal tool to attempt to locate emails related to your Gravity campaigns to either resolve a support request you submitted, to solve a bug, or to investigate a potential security issue. This is always done in such a manner that the engineers view the least amount of information possible.
“Send email on your behalf”
Gravity needs this permission to be able to run your campaigns and send emails to
“The reason a narrower scope is not sufficient”
In order to run a full email campaign, send emails on your behalf and report back on the effectiveness of those emails. Alphavoice needs permission to send emails, and read the emails in your inbox to classify. Whether emails bounced, whether individuals asked to unsubscribe, or whether individuals responded in a positive manner.
Content of Emails Sent
When a Customer sends an email to a Recipient, it bounces from server to server as it crosses the Internet. Along the way, server administrators can read what you send. Email was not built for sending confidential information and most emails end up in an unencrypted inbox. Please do not use the Services to send confidential information.
Usage Data and Aggregate Data
Where you have consented to Gravity’s Processing of your Personal Information, you may withdraw that consent at any time and opt out by following the instructions below. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will provide information regarding the new purpose and give you the opportunity to opt out. Note that, due to the nature of the Services, you may have to provide the email address or other identifying value that is associated with your Personal Information in order for Gravity to segregate out the use and retention of such Personal Information. Where consent of the individual for the Processing of Personal Information is otherwise required by law or contract, Gravity will comply with the law or contract.
Sensitive Personal Data
“Sensitive Personal Data” is a subset of Personal Information, which due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Data includes Personal Information regarding EU-residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (a) race or ethnic origin; (b) political opinions; (c) religious or philosophical beliefs; (d) trade union membership; (e) genetic data; (f) biometric data where Processed to uniquely identify a person; (g) health information; (h) sexual orientation or information about the individual’s sex life; or (i) information relating to the commission of a criminal offense.
Gravity does not collect Sensitive Personal Data from you. However, if we do ever collect it, we will, prior to disclosing it to a third party or Processing it for a purpose other than its original purpose or the purpose authorized subsequently by the individual, obtain your consent. Where consent of the individual for the Processing of Personal Information is otherwise required by law or contract, Gravity will comply with the law or contract.
“Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. At this time, there is no general agreement on how companies like Gravity should interpret DNT signals. Therefore, Gravity does not recognize or respond to browser-initiated DNT signals, whether that signal is received on a computer or a mobile device.
We take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the Processing and the nature of the Personal Information.
Our credit card processing vendor uses security measures to protect your information both during the transaction and after it is complete. Our vendor is certified as compliant with card association security initiatives, including the Visa Cardholder Information Security and Compliance (CISP), MasterCard® (SDP), and Discovery Information Security and Compliance (DISC). We also perform annual SOC II audits. If you have any questions about the security of your Personal Information, you may contact us at email@example.com.
Gravity accounts require a username and password to log in. You must keep your username, password, and API key(s) secure, and never disclose them to a third party. If you have reason to believe that your passwords or Personal Information is no longer secure, please promptly notify us at firstname.lastname@example.org.
OTHER RIGHTS AND IMPORTANT INFORMATION.
Due to the nature of Gravity’s business, our Services are not marketed to minors. Gravity does not knowingly solicit or collect Personal Information from children under the age of 13 (and in certain jurisdictions under the age of 16). This applies to any Personal Information directly collected by us but does not apply to the Personal Information provided to us by third party services and organizations or from our Customers regarding their Recipients (please refer to the terms of their respective privacy policies). If we learn that we have collected Personal Information from a child under the age of 13 (and in certain jurisdictions under the age of 16) in relation to the Services, we will promptly delete that information.
California Privacy Rights
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. If you are a California resident and would like to make such a request, please submit your request to email@example.com.
Links to Third Party Websites
Gravity takes reasonable precautions to protect Personal Information provided to us through the Site from loss, misuse, unauthorized access, disclosure, alteration and destruction. Gravity has put in place reasonable and appropriate physical, electronic and managerial procedures designed to safeguard and secure such Personal Information from loss, misuse, unauthorized access, disclosure, alteration and destruction. Our security and privacy policies are periodically reviewed and enhanced as necessary. While Gravity strives to undertake such reasonable and necessary efforts to secure Personal Information provided to us through the Site, even such security measures do not guarantee the security of all Personal Information, and Gravity cannot guarantee that the Personal Information it collects, uses and retains will be protected in all circumstances, including those beyond Gravity’s reasonable control.
Particularly sensitive information is encrypted. You can usually tell whether encryption is being used by noting the “locked” or other status indicator on the browser you are using. If the browser you are using does not indicate that the session is secure (e.g., by displaying a lock, a key or a similar icon), you should assume that the connection is not secure and that third parties will receive the information shared by you and us during that part of the session. Your information may be transferred to and maintained on computer networks that may be located outside of the state, province, country or other governmental jurisdiction in which you reside, and the country or jurisdiction in which these computer networks are located may not have privacy laws as protective as the laws in your country or jurisdiction.
Below is a non-exhaustive list of our security procedures:
All customer data has at-rest and in-transit encryption
User passwords and other similar user secrets are salted and stored with a one-way hash using the SHA-256 algorithm
Backups of data are stored for a maximum of 7 days
Gravity has no technical contractors at this time and if any are contracted in the future they will get minimal, temporary access to production on a need-to-have basis
We rely on Stripe for all our payment processing: in terms of credit card information, we only store the last 4 digits of someone's card in our database
V2.10 March 1, 2021