Contents
Effective Date: June 15th, 2018
This Privacy Policy covers the collection, use, and disclosure of Personal Data/Personally Identifiable Information (as defined by applicable law and hereinafter collectively referred to as “Personal Data”) when visitors and Customers (collectively “Users”) access https://monograph.io (the “Site”) and/or the related applications (collectively the “Platform”).
The Platform is owned and operated by Monograph Inc. a Delaware C-Corporation company (the “Company”) with offices in the United States. Company collects Personal Data from its Users around the world and processes, transfers and stores data within the United States. By checking the “I consent to the Privacy Policy” box and subject to your opt-in/opt-out preferences, you consent to the collection, use and disclosure practices identified in this Privacy Policy.
All capitalized terms and phrases used herein but not otherwise defined shall have the same meanings given to them in Company’s Terms of Service.
1. WHAT INFORMATION IS COLLECTED BY COMPANY AND HOW IS IT USED?
ACCOUNT CREATION INFORMATION
When you sign up for a Subscription Services plan, Users may be asked to enter Customer’s name and email address. Profiles for Subscription Services accounts will also require a Customer’s mailing address, phone number, company, job title, and other company-related details to facilitate purchase of the products and the provision of services. Paid Subscription Services plans will additionally require payment debit and/or credit card or other third party payment processing information to process payments on the Platform. Emails submitted may also be utilized to (i) provide information regarding our services; and/or (ii) communicate material changes to our Terms of Service and Privacy Policy.
EMAIL ADDRESSES
Users may optionally provide their email address to subscribe to our newsletters or to obtain additional information regarding our products and services. Users may unsubscribe at any time through the opt-out link contained within those communications.
COOKIES
Company utilizes cookie technology to gather information on Internet use in order to serve Users more effectively. As described in Section 2, Company also utilizes third party analytics services which may also use tracking cookies to provide information about the use of our Platform. Users can set their browser to remove or reject cookies and/or accept or refuse cookies on the cookie consent banner on the Site itself. You can also manage cookies for any online advertising service via the consumer choice tools created under self-regulation programs, such as the US-based aboutads.info choices page or the European Union (“EU”) based Your Online Choices. Please be advised, however, that some Platform features/services may not function properly without cookies.
2. IS INFORMATION COLLECTED BY OR DISCLOSED TO THIRD PARTIES?
Company does not sell, trade, rent, or lease Personal Data to any third parties. Company utilizes and shares Personal Data with the following data processors:
HOSTING SERVICES
Personal Data collected is shared its website hosting partners, Amazon Web Services and Heroku, to facilitate its cloud hosting services. Customers should click on the hyperlinks of those third party services for more information about their data collection and privacy policies.
ANALYTICS, SUPPORT, AND PRODUCT IMPROVEMENT
Monograph will automatically collect, in response to certain user actions, and send data, which may include personally identifiable information, describing such user and action to a third-party (in this case, Segment). Segment may in turn send such user and action data to additional third parties (e.g. Amplitude, Custify), where for analytics, support, and to product improvement purposes. Monograph is not responsible for the practices of such third parties, and shall not be responsible for such third parties’ usage of any data. Below, you may access and review the privacy policies for:
Segment;
Amplitude;
Custify.
IMAGE PROCESSING
Company integrates API’s from imgIX to facilitate image processing and manipulation capabilities of content imported into the Platform as part of the Subscription Services. Personal Data contained within those documents is accessible to imgIX. Users should review the imgIX hyperlink for more information about its data collection and use practices.
MANAGED EMAIL SERVICES
Company utilizes MailChimp to assist in customizing its email marketing campaigns to its Customers. Users should review the hyperlink to MailChimp’s privacy policy for more information about its data collection and use practices.
CUSTOMER COMMUNICATIONS
Company utilizes SendGrid to send transactional and marketing related emails to our Customers. Customer information is processed in accordance with SendGrid's Services Privacy Policy.
CREDIT OR DEBIT CARD INFORMATION
Company does not itself store debit or credit card information on its servers. Company offers Stripe as a third party payment processor to process purchases made through the Platform. For more information on its data collection and use practices of these payment processors, please review Stripe's Privacy Policy.
INTERCOM
Intercom, Inc., a third party analytics service, is utilized to help Company understand the use of our Services and to communicate with Users by sending service-related notifications. Information is collected pursuant to Intercom's Privacy Policy.
CUSTOMER SERVICE – ERROR TRACKING
Company utilizes Rollbar for services-related error monitoring, error notifications and de-bugging purposes. Customer information is processed in accordance with Rollbar's Privacy Policy.
ANONYMOUS DATA – ANALYTICS
- Google Analytics: Company uses Google Analytics as a web analytics tool to track user behavior on its marketing Site. Google Analytics collects anonymized information in accordance with its Privacy Policy. However, if you do not want Google Analytics to track your behavior on the Platform, you may opt-out by installing Google Analytics Opt-out Browser Add-on.
- MixPanel: Company utilizes MixPanel for tracking user-driven events in the web application. MixPanel collects information in accordance with its MixPanel Privacy Policy. You can opt-out of MixPanel’s automatic retention of data collected by clicking here: MixPanel Opt-Out. If you get a new computer, install a new browser, erase or otherwise alter your browser's cookie file (including upgrading certain browsers) you may also clear the MixPanel opt-out cookie.
SHARING SERVICES
Users may follow Company and/or share information on Facebook, Twitter, and LinkedIn, as well as other additional social media/sharing services/sites Users who follow/share on such third party sites are subject to the data collection and privacy practices of such third party sites. Users should click on the applicable Privacy Policies to review for more detail about information collected from these services.
THIRD PARTY APIS
Company may offer Customers the ability to integrate third party services (such as accounting applications) within the Platform via third party API’s. Such integration will require Customers to specifically authorize Company’s access. When authorized to access, Company will store a set of tokenized credentials to use with such third party API and exchange applicable data necessary to enhance features and functionality of the Subscription Services available to Customer.
THIRD PARTY SERVICES – INTERNAL USE
We may share Personal Data with third parties who provide services on our behalf for purposes such as accounting, facilitating the exchange of data between Company’s employees, internal reporting purposes, etc. We enter into contracts with such third parties regarding such services to ensure Personal Data is handled consistent with Company’s Privacy Policy and applicable law.
OTHER POTENTIAL THIRD PARTY DISCLOSURES
Personal Data may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) if Company is involved in a merger, acquisition, or sale of all or a portion of its assets, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify Users about law enforcement or court ordered requests for Personal Data unless otherwise prohibited by law.
3. HOW DOES COMPANY COMPLY WITH THE CHILDREN’S ONLINE PRIVACY PROTECTION ACT AND GDPR REGULATIONS RELATING TO CHILDREN?
Only persons age 18 or older are authorized to subscribe to the Subscription Services and we do not knowingly collect Personal Data from anyone under the age of 18. If a parent or guardian becomes aware that his or her child (a) under the age of 16 in applicable EU Member Countries, or (b) under the age of 13 in the U.S. and applicable EU Member Countries, has provided us with Personal Data without parental consent, he or she should contact Company at legal@monograph.com. We will delete such Personal Data from our files within a commercially reasonable time, but no later than required under the applicable law relating the child’s country of residence.
4. HOW LONG DOES COMPANY RETAIN PERSONAL DATA COLLECTED?
We will retain account and purchase data as long as it is necessary to facilitate Customer’s access and use of the Subscription Services. When a Customer’s account is terminated, Personal Data collected through the Platform will be deleted in accordance with the requirements of applicable law. Personal Data obtained from Site visitors will be maintained as long as it is necessary to provide requested communications and information-based services or until a visitor exercises its right to opt-out of requested communications or information-based services. Anonymized and Pseudo-anonymized data will be retained as long as Company determines such data is commercially necessary for it legitimate business interests.
5. EU GENERAL DATA PROTECTION REGULATION (“GDPR”) NOTICES
Data Controller. The information that we collect, process and/or use through the Platform is controlled by Monograph Inc., Attention: Privacy Department, 165 11th St., San Francisco, California 94103. You may contact us at any time by mail at the above address or by emailing us at legal@monograph.com.
We will only collect and process Personal Data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you), and “legitimate interests.” Where we rely on your consent to process Personal Data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us at legal@monograph.com.
Users within the EU may email Company at legal@monograph.com in order to exercise their GDPR rights to: - Access, review, restrict processing of, or otherwise request erasure of your Personal Data; - Obtain the identity of the source of any Personal Data collected; - Request correction of any errors contained within your Personal Data; - Request transfer your Personal Data to another service provider; - Object to the manner in which your Personal Data is processed; or - Lodge a complaint with a supervisory authority.
Where we rely on your consent to collect Personal Data, you may withdraw your consent either through the opt-out links provided in this Privacy Policy or through the contact information contained within this Section.
For all GDPR-based requests made pursuant to this section, Company will (a) respond as required under applicable law, (b) provide a copy of any requested Personal Data in a structured, commonly used and machine-readable format, and (c) transmit such Personal Data to another service provider without restriction in accordance with applicable law.
6. YOUR CALIFORNIA PRIVACY RIGHTS
California law permits California-resident Customers to request and obtain from Company once a year, free of charge, certain information about their Personally Identifiable Information (“PII”) (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.
7. WHAT IS COMPANY’S SECURITY POLICY?
We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. However, although we endeavor to provide reasonable security for information we process and maintain, no security system can ever be 100% secure.
In addition, Company utilizes a PCI-DSS compliant third party payment processor to ensure the security of Subscriber’s Personal Data. Subscribers should review Stripe’s Security Policy for more information on their security practices. For information relating to data stored by Amazon Web Servers, please see the AWS Cloud Security Policy for more information on its security practices.
8. HOW DOES THE PLATFORM RESPOND TO “DO NOT TRACK” SIGNALS?
“Do Not Track” is a feature enabled on some browsers that sends a signal to request that a website disable its tracking or cross-Platform user tracking. At present, the Platform does not respond to or alter its practices when a Do Not Track signal is received.
9. HOW WILL I BE NOTIFIED OF CHANGES TO YOUR PRIVACY POLICY?
If we make material changes to our Privacy Policy, we will notify you by (1) changing the Effective Date at the top of the Privacy Policy, (ii) sending an email to all active account holders, and (iii) add a banner/notification to the Platform itself. Express consent will be obtained when required for any material changes in Company’s collection and use practices.
10. CONTACT US
If you have any questions regarding your Personal Data or about our privacy practices, please contact us at: Monograph Inc., Attention: Privacy Department, 165 11th St., San Francisco, California 94103 and/or at legal@monograph.com.
Effective Date: June 15th, 2018
This Privacy Policy covers the collection, use, and disclosure of Personal Data/Personally Identifiable Information (as defined by applicable law and hereinafter collectively referred to as “Personal Data”) when visitors and Customers (collectively “Users”) access https://monograph.io (the “Site”) and/or the related applications (collectively the “Platform”).
The Platform is owned and operated by Monograph Inc. a Delaware C-Corporation company (the “Company”) with offices in the United States. Company collects Personal Data from its Users around the world and processes, transfers and stores data within the United States. By checking the “I consent to the Privacy Policy” box and subject to your opt-in/opt-out preferences, you consent to the collection, use and disclosure practices identified in this Privacy Policy.
All capitalized terms and phrases used herein but not otherwise defined shall have the same meanings given to them in Company’s Terms of Service.
1. WHAT INFORMATION IS COLLECTED BY COMPANY AND HOW IS IT USED?
ACCOUNT CREATION INFORMATION
When you sign up for a Subscription Services plan, Users may be asked to enter Customer’s name and email address. Profiles for Subscription Services accounts will also require a Customer’s mailing address, phone number, company, job title, and other company-related details to facilitate purchase of the products and the provision of services. Paid Subscription Services plans will additionally require payment debit and/or credit card or other third party payment processing information to process payments on the Platform. Emails submitted may also be utilized to (i) provide information regarding our services; and/or (ii) communicate material changes to our Terms of Service and Privacy Policy.
EMAIL ADDRESSES
Users may optionally provide their email address to subscribe to our newsletters or to obtain additional information regarding our products and services. Users may unsubscribe at any time through the opt-out link contained within those communications.
COOKIES
Company utilizes cookie technology to gather information on Internet use in order to serve Users more effectively. As described in Section 2, Company also utilizes third party analytics services which may also use tracking cookies to provide information about the use of our Platform. Users can set their browser to remove or reject cookies and/or accept or refuse cookies on the cookie consent banner on the Site itself. You can also manage cookies for any online advertising service via the consumer choice tools created under self-regulation programs, such as the US-based aboutads.info choices page or the European Union (“EU”) based Your Online Choices. Please be advised, however, that some Platform features/services may not function properly without cookies.
2. IS INFORMATION COLLECTED BY OR DISCLOSED TO THIRD PARTIES?
Company does not sell, trade, rent, or lease Personal Data to any third parties. Company utilizes and shares Personal Data with the following data processors:
HOSTING SERVICES
Personal Data collected is shared its website hosting partners, Amazon Web Services and Heroku, to facilitate its cloud hosting services. Customers should click on the hyperlinks of those third party services for more information about their data collection and privacy policies.
IMAGE PROCESSING
Company integrates API’s from imgIX to facilitate image processing and manipulation capabilities of content imported into the Platform as part of the Subscription Services. Personal Data contained within those documents is accessible to imgIX. Users should review the imgIX hyperlink for more information about its data collection and use practices.
MANAGED EMAIL SERVICES
Company utilizes MailChimp to assist in customizing its email marketing campaigns to its Customers. Users should review the hyperlink to MailChimp’s privacy policy for more information about its data collection and use practices.
CUSTOMER COMMUNICATIONS
Company utilizes SendGrid to send transactional and marketing related emails to our Customers. Customer information is processed in accordance with SendGrid's Services Privacy Policy.
CREDIT OR DEBIT CARD INFORMATION
Company does not itself store debit or credit card information on its servers. Company offers Stripe as a third party payment processor to process purchases made through the Platform. For more information on its data collection and use practices of these payment processors, please review Stripe's Privacy Policy.
INTERCOM
Intercom, Inc., a third party analytics service, is utilized to help Company understand the use of our Services and to communicate with Users by sending service-related notifications. Information is collected pursuant to Intercom's Privacy Policy.
CUSTOMER SERVICE – ERROR TRACKING
Company utilizes Rollbar for services-related error monitoring, error notifications and de-bugging purposes. Customer information is processed in accordance with Rollbar's Privacy Policy.
ANONYMOUS DATA – ANALYTICS
- Google Analytics: Company uses Google Analytics as a web analytics tool to track user behavior on its marketing Site. Google Analytics collects anonymized information in accordance with its Privacy Policy. However, if you do not want Google Analytics to track your behavior on the Platform, you may opt-out by installing Google Analytics Opt-out Browser Add-on.
- MixPanel: Company utilizes MixPanel for tracking user-driven events in the web application. MixPanel collects information in accordance with its MixPanel Privacy Policy. You can opt-out of MixPanel’s automatic retention of data collected by clicking here: MixPanel Opt-Out. If you get a new computer, install a new browser, erase or otherwise alter your browser's cookie file (including upgrading certain browsers) you may also clear the MixPanel opt-out cookie.
SHARING SERVICES
Users may follow Company and/or share information on Facebook, Twitter, and LinkedIn, as well as other additional social media/sharing services/sites Users who follow/share on such third party sites are subject to the data collection and privacy practices of such third party sites. Users should click on the applicable Privacy Policies to review for more detail about information collected from these services.
THIRD PARTY APIS
Company may offer Customers the ability to integrate third party services (such as accounting applications) within the Platform via third party API’s. Such integration will require Customers to specifically authorize Company’s access. When authorized to access, Company will store a set of tokenized credentials to use with such third party API and exchange applicable data necessary to enhance features and functionality of the Subscription Services available to Customer.
THIRD PARTY SERVICES – INTERNAL USE
We may share Personal Data with third parties who provide services on our behalf for purposes such as accounting, facilitating the exchange of data between Company’s employees, internal reporting purposes, etc. We enter into contracts with such third parties regarding such services to ensure Personal Data is handled consistent with Company’s Privacy Policy and applicable law.
OTHER POTENTIAL THIRD PARTY DISCLOSURES
Personal Data may also be disclosed to third parties to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) if Company is involved in a merger, acquisition, or sale of all or a portion of its assets, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify Users about law enforcement or court ordered requests for Personal Data unless otherwise prohibited by law.
3. HOW DOES COMPANY COMPLY WITH THE CHILDREN’S ONLINE PRIVACY PROTECTION ACT AND GDPR REGULATIONS RELATING TO CHILDREN?
Only persons age 18 or older are authorized to subscribe to the Subscription Services and we do not knowingly collect Personal Data from anyone under the age of 18. If a parent or guardian becomes aware that his or her child (a) under the age of 16 in applicable EU Member Countries, or (b) under the age of 13 in the U.S. and applicable EU Member Countries, has provided us with Personal Data without parental consent, he or she should contact Company at legal@monograph.com. We will delete such Personal Data from our files within a commercially reasonable time, but no later than required under the applicable law relating the child’s country of residence.
4. HOW LONG DOES COMPANY RETAIN PERSONAL DATA COLLECTED?
We will retain account and purchase data as long as it is necessary to facilitate Customer’s access and use of the Subscription Services. When a Customer’s account is terminated, Personal Data collected through the Platform will be deleted in accordance with the requirements of applicable law. Personal Data obtained from Site visitors will be maintained as long as it is necessary to provide requested communications and information-based services or until a visitor exercises its right to opt-out of requested communications or information-based services. Anonymized and Pseudo-anonymized data will be retained as long as Company determines such data is commercially necessary for it legitimate business interests.
5. EU GENERAL DATA PROTECTION REGULATION (“GDPR”) NOTICES
Data Controller. The information that we collect, process and/or use through the Platform is controlled by Monograph Inc., Attention: Privacy Department, 165 11th St., San Francisco, California 94103. You may contact us at any time by mail at the above address or by emailing us at legal@monograph.com.
We will only collect and process Personal Data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you), and “legitimate interests.” Where we rely on your consent to process Personal Data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us at legal@monograph.com.
Users within the EU may email Company at legal@monograph.com in order to exercise their GDPR rights to: - Access, review, restrict processing of, or otherwise request erasure of your Personal Data; - Obtain the identity of the source of any Personal Data collected; - Request correction of any errors contained within your Personal Data; - Request transfer your Personal Data to another service provider; - Object to the manner in which your Personal Data is processed; or - Lodge a complaint with a supervisory authority.
Where we rely on your consent to collect Personal Data, you may withdraw your consent either through the opt-out links provided in this Privacy Policy or through the contact information contained within this Section.
For all GDPR-based requests made pursuant to this section, Company will (a) respond as required under applicable law, (b) provide a copy of any requested Personal Data in a structured, commonly used and machine-readable format, and (c) transmit such Personal Data to another service provider without restriction in accordance with applicable law.
6. YOUR CALIFORNIA PRIVACY RIGHTS
California law permits California-resident Customers to request and obtain from Company once a year, free of charge, certain information about their Personally Identifiable Information (“PII”) (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.
7. WHAT IS COMPANY’S SECURITY POLICY?
We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. However, although we endeavor to provide reasonable security for information we process and maintain, no security system can ever be 100% secure.
In addition, Company utilizes a PCI-DSS compliant third party payment processor to ensure the security of Subscriber’s Personal Data. Subscribers should review Stripe’s Security Policy for more information on their security practices. For information relating to data stored by Amazon Web Servers, please see the AWS Cloud Security Policy for more information on its security practices.
8. HOW DOES THE PLATFORM RESPOND TO “DO NOT TRACK” SIGNALS?
“Do Not Track” is a feature enabled on some browsers that sends a signal to request that a website disable its tracking or cross-Platform user tracking. At present, the Platform does not respond to or alter its practices when a Do Not Track signal is received.
9. HOW WILL I BE NOTIFIED OF CHANGES TO YOUR PRIVACY POLICY?
If we make material changes to our Privacy Policy, we will notify you by (1) changing the Effective Date at the top of the Privacy Policy, (ii) sending an email to all active account holders, and (iii) add a banner/notification to the Platform itself. Express consent will be obtained when required for any material changes in Company’s collection and use practices.
10. CONTACT US
If you have any questions regarding your Personal Data or about our privacy practices, please contact us at: Monograph Inc., Attention: Privacy Department, 165 11th St., San Francisco, California 94103 and/or at legal@monograph.com.