Effective Date: October 1, 2022
Data protection and privacy
Keeping customer data safe and secure is a huge responsibility and a top priority for AlwaysRank, LLC (dba: ReallyGoodData).
Our primary data centers are in the United States, hosted on Amazon AWS. All data is backed up daily and backups are stored for 35 days. Files customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure. Our software infrastructure is updated regularly with the latest security patches.
Encryption in transit and at rest
Over public networks we use SSL certificates issued by R3. The connection uses AES_128_CBC for encryption, with SHA2 for message authentication and ECDHE_RSA as the key exchange mechanism.
Any files you upload to us are stored and encrypted at rest. Our storage system uses AES-256/ SHA-256 encryption. Files are encrypted with AES-256.
Our backups of your data are encrypted by AWS KMS CMKs and are protected by hardware security modules (HSMs) that are validated by the FIPS 140-2 Cryptographic Module Validation Program. Amazon S3 server-side encryption uses one of the strongest block ciphers available to encrypt your data, 256-bit Advanced Encryption Standard (AES-256)
Security Policies and Standards
Our application runs on Amazon’s AWS cloud infrastructure. Publicly available documentation of the AWS System and Organization Controls 3 (SOC 3) report can be found here: https://d1.awsstatic.com/whitepapers/compliance/AWS_SOC3.pdf.
Amazon AWS meets the standards set by the ISO, complying with ISO/IEC 27001:2013:
- Systematically evaluate information security risks, taking into account the impact of threats and vulnerabilities.
- Design and implement a comprehensive suite of information security controls and other forms of risk management to address customer and architecture security risks.
- Have an overarching management process to ensure that the information security controls meet our needs on an ongoing basis.
Amazon’s ISO/IEC 27001:2013 certification can be found here: https://d1.awsstatic.com/certifications/iso_27001_global_certification.pdf
We utilize a third party credit card payment processing provider to collect payment information, including your credit card number, billing address and phone number. The third party service provider, and not AlwaysRank, LLC (dba: ReallyGoodData), stores your payment information on our behalf.
We submit a self assessment (SAQ A 3.2.1) for PCI compliance, which is good for one year each time. A copy of our PCI compliance certificate is available upon request, after completing an NDA.
The Information we Collect
AlwaysRank, LLC (dba: ReallyGoodData) collects a variety of information that you provide directly to us. We process your information when necessary to provide you with the Services that you have requested when accepting our Terms of Service, or where we have obtained your prior consent, or where we have a legitimate interest to do so. For example, we may have a legitimate interest to process your information for security, testing, maintenance, and enhancement purposes of the Services we provide to you, or for analytics, research, and reporting purposes. Without your information, we cannot provide you with the Services you have requested or you may be limited in your use of the Services.
1. Information You Provide to Us
AlwaysRank, LLC (dba: ReallyGoodData) collects information from you through:
- Account and product registration and administration of your account
- The AlwaysRank, LLC (dba: ReallyGoodData) Services that you use
- Requests or questions you submit to us via forms or email (e.g., support forms, sales forms, user research participation forms)
- Your communications and dealings with us
- Your participation in AlwaysRank, LLC (dba: ReallyGoodData) sweepstakes, contests, or research studies
- Uploads or posts to the Services
- Requests for customer support and technical assistance
Information from and about you. The types of information we collect will depend upon the Services you use, how you use them, and what you choose to provide.
The types of data we collect directly from you may include:
User or Account information. Including but not limited to:
- Name, company name, company logo, address, telephone number and email address
- Optional information, such as a photograph, that you elect to associate with your account (your “Profile Information”)
- Log-in details and password, if you create a AlwaysRank, LLC (dba: ReallyGoodData) account
- Any email requests or questions you submit to us
- User-generated content you post in public online AlwaysRank, LLC (dba: ReallyGoodData)
Content. In using the Services, you may upload or input various types of content, including but not limited to: promotions, tasks, attachments, project names, team names, company information and conversations (together, the “Content”). If you are using the Services in connection with an account created by a AlwaysRank, LLC (dba: ReallyGoodData) Customer (e.g., employer, organization, or an individual), we collect and process the Content you submit on behalf of the Customer. As described more throughout this Policy, our Customers, and not AlwaysRank, LLC (dba: ReallyGoodData), determine their own policies regarding storage, access, modification, deletion, sharing, and retention of Content which may apply to your use of the Services.
For example, a Customer may provide or remove access to the Services, enable or disable third party integrations, manage permissions, retention and export settings, transfer or assign teams, or share projects. Please check with the Customer about the policies and settings that they have instituted with respect the Content that you provide when using the Services.
Payment Information. If you are a user of our paid service, we will utilize a third party credit card payment processing company to collect payment information, including your credit card number, billing address and phone number. The third party service provider, and not AlwaysRank, LLC (dba: ReallyGoodData), stores your payment information on our behalf.
Information about others. If you choose to use our invitation service to invite a colleague to the Services, we will ask you for that person’s contact information, which may include their email address or their social network identity, and automatically send an invitation. AlwaysRank, LLC (dba: ReallyGoodData) stores the information you provide to send the invitation, to register your colleague if your invitation is accepted, and to track the success of our invitation service.
2. Information We Automatically Collect
When you use our Services that connect to the Internet, including, but not limited to, when you access the Services via our websites, your mobile devices, and AlwaysRank, LLC (dba: ReallyGoodData) software/applications, we automatically collect certain information as described in this Section. As discussed further below, we and our service providers (which are third party companies that work on our behalf to provide and enhance the Services) use a variety of technologies, including cookies and similar tools, to assist in collecting this information.
Log Files. When you use the Services, our servers automatically record certain information in server logs. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type and settings, referring / exit pages and URLs, number of clicks and how you interact with links on the Services, metadata associated with uploaded Content, domain names, landing pages, pages viewed, mobile carrier, date and time stamp information and other such information.
Device Identifiers. When you access the Services using a mobile device, we may collect specific device information. We also collect information such as the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may associate this device identifier with your account and will use data associated with your device identifier to customize our Services to your device and to analyze any device-related issues.
Location Information. We collect and process general information about the location of the device from which you are accessing the Service (e.g., approximate geographic location inferred from an IP address).
3. Information We Collect From Third-Party Integrations
If you choose to use third-party integrations (e.g., Google Analytics, Shopify, etc.) through the Services or are required to do so by a Customer, such providers may allow us and our service providers to have access to and store additional information about your interaction with those services and platforms as it related to use of the Services. If you do not wish to have this information shared, do not initiate these connections.
4. Information We Collect from Affiliates and Non-Affiliated Third Parties
AlwaysRank, LLC (dba: ReallyGoodData) may receive additional information about you, such as demographic information, from affiliates under common ownership and control, and from third parties, such as business partners, marketers, researchers, analysts, and other parties that we may use to supplement the information that we collect directly from you.
5. Collection of Information Across Devices
Sometimes, we may use the information we collect — for instance, usernames, IP addresses and unique mobile device identifiers — to locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of the Services. If you wish to opt out of our ability to track you across devices, you may install the Google Analytics Opt-out Browser Add-on by clicking here.
COOKIES AND SIMILAR TECHNOLOGIES
To collect the information in the “Information We Automatically Collect” section above, we and our service providers use Internet server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. A web server log is a file where website activity is stored. An SDK is a section of code that we embed in our applications and software to allow third parties to collect information about how users interact with the Services. A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer and login session; (ii) store your preferences and settings; (iii) understand which web pages of the Services you have visited; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform analytics; and (vi) assist with security and administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email, and that are designed to provide usage information like ad impressions or clicks, email open rates, measure popularity of the Services and associated advertising, and to access user cookies. As we adopt additional technologies, we may also gather information through other methods.
Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari).
HOW WE USE YOUR INFORMATION
- Complete a purchase or provide the services you have requested
- Respond to your request for information and provide you with more effective and efficient customer service
- Provide you with product updates and information about products you have purchased from us
- Provide you with service notifications via email and within the Services based on your notification selections
- Contact you by email, postal mail, or phone regarding AlwaysRank, LLC (dba: ReallyGoodData) and third-party products, services, surveys, research studies, promotions, special events and other subjects that we think may be of interest to you
- Customize the advertising and content you see
- Promote use of our Services by your company and others in our advertising and marketing materials, through use of company names and/or company logos
- Help us better understand your interests and needs, and improve the Services
- Synthesize and derive insights from your use of different AlwaysRank, LLC (dba: ReallyGoodData) products and services
- Engage in analysis, research, and reports regarding use of our Services
- Provide, manage, and improve the Services
- Protect our Services and our users
- Understand and resolve app crashes and other issues being reported
Content. You can exercise certain control how your Content is used by/shared with others via your settings on the Services. AlwaysRank, LLC (dba: ReallyGoodData) may view and share your Content only as necessary (i) to maintain, provide and improve the Service; (ii) prevent or address technical or security issues and resolve support requests; (iii) if we have a good faith belief, or have received a complaint alleging, that such Content is in violation of our terms; (iv) as reasonably necessary to allow AlwaysRank, LLC (dba: ReallyGoodData) to comply with or avoid the violation of applicable law or regulation; (v) to comply with a valid legal subpoena or request; and (vi) as set forth in our Subscription Agreement with the Customer or as expressly permitted in writing by the Customer. We may also analyze your User Content in aggregate and on an anonymized basis, in order to better understand the manner in which our Service is being used.
Combined Information. You consent that, for the purposes discussed in this Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy.
Aggregate/De-Identified Data. We may aggregate and/or de-identify information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, sponsors, event promoters, and/or others. By using the Services, you consent to such use.
ONLINE ANALYTICS AND ADVERTISING
We use third-party web analytics services (e.g., Google Analytics) on our Services to collect and analyze the information discussed above, and to engage in auditing, research and reporting. The information (including your IP address) collected by various analytics technologies described in the “Cookies and Similar Technologies” section will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Services, including by noting the third-party website from which you arrive, analyzing usage trends across AlwaysRank, LLC (dba: ReallyGoodData) products and mobile devices, assisting with fraud prevention, and providing certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.
If you receive email from us, we may use certain analytics tools, such as clear GIFs to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.
2. Online Advertising
Third parties or affiliates may administer AlwaysRank, LLC (dba: ReallyGoodData) banner advertising programs and other online marketing on non-AlwaysRank, LLC (dba: ReallyGoodData) websites and services. To do so, these parties may set and access first-party cookies delivered from a AlwaysRank, LLC (dba: ReallyGoodData) domain, or they may use third-party cookies or other tracking mechanisms. For example, a third-party provider may use the fact that you visited the AlwaysRank, LLC (dba: ReallyGoodData) website to target online ads for AlwaysRank, LLC (dba: ReallyGoodData) services to you on non-AlwaysRank, LLC (dba: ReallyGoodData) websites. Or a third-party ad network might collect information on the Services and other websites to develop a profile of your interests and target advertisements to you based on your online behavior. These parties that use these technologies may offer you a way to opt out of ad targeting as described below. You may receive tailored advertising on your computer through a web browser.
If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link or the Digital Advertising Alliance’s Consumer Opt-Out link to opt-out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for display advertising or customize Google display network ads, you can visit the Google Ads Settings page. Please note that we do not control any of the above opt-out links or whether any particular company chooses to participate in these opt-out programs. We are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.
3. Notice Concerning Do Not Track.
There is no uniform or consistent standard or definition for responding to, processing, or communicating Do Not Track signals. At this time the Services do not function differently based on a user’s Do Not Track signal.
HOW WE SHARE YOUR INFORMATION
AlwaysRank, LLC (dba: ReallyGoodData) will share your information in the following ways:
- Service Providers. We may provide access to or share your information with select third parties who perform services on our behalf. These third parties provide a variety of services to us, including without limitation billing, sales, marketing, provision of content and features, advertising, analytics, research, customer service, shipping and fulfillment, data storage, security, fraud prevention, payment processing, and legal services.
- Third-Party Integrations. When you initiate a connection with a third-party integration through the Services, we will share information about you that is required to enable your use of the third-party integration through the Services.
- Public Forums. The Services make it possible for you to upload and share comments or feedback publicly (i.e., outside of the AlwaysRank, LLC (dba: ReallyGoodData) mobile and web app) with other users, such as on the AlwaysRank, LLC (dba: ReallyGoodData) blog. Any information that you submit through such public features is not confidential, and AlwaysRank, LLC (dba: ReallyGoodData) may use it for any purpose (including in testimonials or other AlwaysRank, LLC (dba: ReallyGoodData) marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Such information can be read, collected and/or used by other users, and it could be used to send you unsolicited messages. Accordingly, please take care when using these features of the Services.
- Aggregate/De-Identified Information. From time to time, AlwaysRank, LLC (dba: ReallyGoodData) may share Aggregate/De-Identified Information about use of the Services, such as by publishing a report on usage trends. As stated above, this Policy places no limitations on our use or sharing of Aggregate/De-Identified Information.
- Consent. We may also disclose your information to third parties with your consent to do so. For example, we will display your Profile Information on your profile page and elsewhere on the Services in accordance with the preferences you set in your account. You can review and revise your Profile information at any time.
– Through your account interface, you may opt-out of receiving categories of Services-related notices that are not deemed by AlwaysRank, LLC (dba: ReallyGoodData) to be integral to your use of the Services.
– Depending on whether you are using our free services or are a user of a paid account that belongs to a Customer, you will have certain choices regarding how to make tasks, projects, and teams private. For more information on how this works, please see our help guide.
THIRD PARTY LINKS AND SERVICES
The Services contain links to third-party websites such as social media sites, and also contain third-party integrations. If you choose to use these sites or integrations, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function.
Because these third-party websites and services are not operated by AlwaysRank, LLC (dba: ReallyGoodData), AlwaysRank, LLC (dba: ReallyGoodData) is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your personal and other information will be subject to the privacy policies of the third party websites or services, and not this Policy. We urge you to read the privacy and security policies of these third-parties.
The Services are intended for general audiences and not for children under the age of 13. If we become aware that we have collected personal information (as defined by the Children’s Online Privacy Protection Act) from children under the age of 13, we will take reasonable steps to delete it as soon as practicable.
We may transfer information that we collect about you to third party processors across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring information to a country and jurisdiction that does not have the same data protection laws as your jurisdiction.
If you want to learn more about the information collected through the Services, or if you would like to access or rectify your information and/or request deletion of information we collect about you, or restrict or object to the processing of your information, please contact us using the contact information below.
Where you have provided consent, you may withdraw your consent at any time, without affecting the lawfulness of the processing that was carried out prior to withdrawing your consent. If you are dissatisfied with the way we process your information, you may lodge a complaint with the data protection authority (“DPA”) in your jurisdiction. If you are a resident of France, your DPA is the Commission Nationale de l’Informatique et des Libertes (“CNIL”).If you are a resident of Germany, please see the DPA located in your particular state. If you are a resident of France, you may provide us with instructions regarding the manner in which we may continue to store, erase and share your information after your death, and where applicable, the person you have designated to exercise these rights after your death.
HOW LONG WE STORE YOUR INFORMATION
We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law. You may contact us at any time to request permanent deletion of personal information.
We reserve the right to amend this Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology. We will make the revised Policy accessible through the Services, so you should review the Policy periodically. If we make a material change to the Policy, you will be provided with notice and we will seek your consent to the updated Policy in accordance with legal requirements.
HOW WE PROTECT YOUR INFORMATION
AlwaysRank, LLC (dba: ReallyGoodData) takes technical and organizational measures to protect your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure, and thus we cannot ensure or warrant the security of that information. If you have any questions about security on our Services, you can contact us.