This Privacy Policy (the “Policy”) explains how information about you (information that directly identifies you) and information that makes you identifiable (“personal information”) is collected, used and disclosed by Correlate AS, Org. No. 915 464 505 (“Company,” “we” or “us”) in connection with our website at www.correlate.com (the “Site”), application services at app.correlate.com (the “App”) and our application services offered in connection with the Site (collectively App with the Site, the “Service”). By visiting the Site, registering for an account on the App, or otherwise using the Service, you signify that you have read, understood and agree to the collection, storage, use and disclosure of personal information as described in this Policy and agree to be bound by our Terms of Service.
We are the responsible entity (“data controller”) for the processing of your personal data as described in this Privacy Policy. We care about our customers and their privacy and undertake to respect and protect your personal data and privacy in accordance with applicable laws, industry rules and other related standards. In order to help you understand the way in which we collect and use your personal information, we have listed below our core privacy values when it comes to processing your personal data.
You may always reach out to us on matters of privacy and data protection by contacting us at privacy@correlate.com.
1. Collection of Personal Information
At Correlate AS, we prioritize the privacy and security of our users. Our collection of personal information is essential for providing a personalized and efficient experience on our Service. We collect various categories of personal data in the following ways:
Directly Provided Information:
Registration Information: When you register for an account on our App, we collect essential details such as your name, email address, telephone number, password, and potentially location data generated by your activities like search queries and location sharing.
Payment Information: For purchases or payments made through our App, such as subscriptions, we collect your credit card details and other payment-related information.
Inquiries and Feedback: Any personal information you provide when contacting us, including contact details and the content of your communications, is collected to address your inquiries and improve our service.
Information Collected Through Service Use:
Integration with Third-Party Services: After registration, if you connect to third-party services like Dropbox, OneDrive, Google Drive, Outlook, or Gmail, we collect information related to the files, documents, emails, or other data you connect to or transmit through our Service.
User Content: Any information you create, edit, or transmit as part of your use of the Service, known as “User Content”, is stored and collected. This includes any personal information you choose to include within the User Content.
Automated Data Collection:
We use cookies and similar technologies to automatically collect information about your interaction with our Service. This helps us tailor the user experience to your preferences and improve our services.
Your decision to provide personal information is voluntary, but please note that certain information, such as your name, address, payment information, and details about your requested Services, may be necessary for fulfilling our contractual obligations to you. We are committed to collecting only what is necessary and handling your personal information with the utmost care and in compliance with applicable data protection laws.
Information Collection from Third Parties and Automated Technologies
Information from Third Parties
At Correlate AS, we understand the importance of integrating our Service with various third-party sites and services to enhance your experience. Our collection of information from these third parties includes:
Third-Party Login Information: When you use third-party accounts (like Dropbox, OneDrive, Google Drive, Outlook, or Gmail) to login or integrate with our Service, we collect information such as your name, email address, access tokens, and other account-related data.
User Content Sharing: If you share or export User Content with third-party services, or when integrating our Service with these services, we may receive information including usernames, IP addresses, device identifiers, profile information, contacts, or email addresses.
Data Dependence on Privacy Settings: The information we receive from third-party services is subject to your privacy settings with these services, over which we have no control. We encourage you to review your privacy settings on these platforms to understand how your data is shared.
Information from Other Sources
Additional Data Sources: We may obtain information about you from other sources, like third-party information providers or through mergers and acquisitions. This information is combined with data we already have, and handled in accordance with this Privacy Policy.
Automated Data Collection
Our Service employs various automated data collection technologies:
Cookies: We use cookies to uniquely identify your browser, device, and to collect information such as your IP address, device identifiers, browser settings, and service usage patterns. Cookies also help us remember information to avoid re-entering it during subsequent visits.
Log Files: Each time you access our Service, log files record data such as your actions, IP address, browser type, device identifiers, and interactions with our Service’s features.
Clear Gifs: Employed in our Service and emails, clear gifs collect information about your actions, IP address, browser type, and how you interact with our Service, helping us to understand usage patterns.
Mobile Device Information: We collect identifiers like UDID, IDFA, or Google Ad ID, as well as information about your mobile carrier, device type, and operating system when you access our Service via mobile devices.
Analytics: We use tools like Google Analytics to measure traffic, usage trends, and to understand user demographics. For details on Google’s data usage, visit Google’s partner site policy.
Usage of Collected Data
The data collected through these technologies is used to:
- Enhance your experience by remembering information for subsequent visits.
- Provide personalized content, including targeted advertising.
- Identify you across multiple devices.
- Monitor and improve the effectiveness of our Service.
- Gather aggregate metrics like visitor counts and usage patterns.
- Diagnose and fix technology issues.
- Plan for and enhance our Service.
Cookie Management
You have control over how cookies are managed on your devices:
Browser Settings: Most browsers allow you to be notified when you receive a cookie, giving you the choice to accept it, disable existing cookies, or set your browser to reject cookies. Please note that rejecting cookies may impact your experience, as some Service features may not function properly.
Email Settings: You can set your email options to prevent the automatic downloading of images, which may contain tracking technologies.
Advertising and Third-Party Data Collection
We and our third-party partners may use cookies and other technologies for advertising purposes. For more information, please see “Third-Party Data Collection and Online Advertising” below.
How We Use Information
At Correlate AS, we are committed to using the personal information we collect in a responsible and transparent manner. We collect, process, combine, retain, and store personal and other types of information for various purposes, as detailed below:
- Operation and Service Provision: We use your information to operate our Service effectively and to provide you with all the features and functionalities of the Service. This includes managing your account, facilitating file categorization, search, sharing, and other core service activities.
- Payment Processing: Your payment information is used to process transactions when you make purchases or payments within our App, ensuring a seamless financial transaction experience.
- Communication: We use your information to communicate with you, respond to your inquiries, notify you of changes to the Service, and handle any account-related matters. This includes sending updates, alerts, and administrative messages.
- Marketing and Advertising: Your personal information may be used to market our products or services to you and provide you with information or updates we believe may interest you. Note that while we use your personal information for these purposes, we do not use User Content for serving ads and never share User Content with third parties for marketing or advertising unless explicitly submitted by you for that purpose.
- Analytics and Research: Information collected is used for analytics and research purposes to understand how our Service is used and to make improvements. This helps us in enhancing user experience and developing new features.
- Policy Enforcement and Legal Compliance: We utilize information to enforce this Privacy Policy, resolve disputes, fulfill our obligations, and protect our rights and interests, and those of third parties. This includes complying with legal and contractual requirements.
- Fulfilling User-Provided Purposes: We process personal information for purposes explicitly provided by you. For instance, if you submit information for a specific reason, we use the information for fulfilling that purpose.
- Legal and Lawful Purposes: We may use your personal information for any other lawful purpose, or for other purposes to which you consent.
Our approach to using your information is guided by our commitment to ensuring your privacy and adhering to the highest data protection standards. We strive to use your information to improve our Service and to deliver a more personalized and efficient experience.
Sharing of Information
At Correlate AS, we are transparent about how we share personal information with third parties. We ensure that such sharing aligns with the purposes outlined in this Policy and adheres to appropriate data protection standards. The sharing of information includes, but is not limited to, the following scenarios:
- Service Providers and Partners: We share information with service providers, subcontractors, partners, vendors, consultants, and others who assist us in fulfilling the purposes mentioned in this Policy. This includes services such as targeted advertising, payment processing, postal services, back-office functions, and site traffic analysis. Our current partners include Microsoft, Google, Hubspot, Segment, Amplitude, Hotjar, Mixpanel, LinkedIn, Facebook, SendGrid, Stripe, Sentry, and others that we may add in the future.
- Affiliates and Related Companies: Personal information may be shared with our affiliates, parent companies, subsidiaries, and other related entities for the purposes stated in this Policy.
- Legal and Regulatory Compliance: We may disclose information in response to court orders, subpoenas, requests from law enforcement, or government entities, even without notice to you, where permitted by law.
- Business Transfers: In events such as mergers, divestitures, restructuring, reorganizations, dissolutions, or other sales or transfers of assets, personal information held by us may be among the transferred assets.
- Consent-Based Sharing: We may share information with other third parties when we have your explicit consent to do so.
- Legal Obligations and Protection of Rights: We may share information with third parties to comply with laws or regulations, enforce this Policy, defend against third-party claims or allegations, or protect against harm to our rights, property, or safety, as well as that of our users or the public. This includes preventing fraud and illegal activity.
- Anonymized Information: We may share information with third parties in an aggregated or anonymized form that does not personally identify you.
- AI Model Data Sharing: By agreeing to our Privacy Policy, you also consent to the data sharing practices outlined by OpenAI’s guidelines. This means that the only data shared with AI models is the input provided in your user prompts. Such data is temporarily stored for operational purposes and is not utilized for training AI models. To fully understand your consent, please access OpenAI’s data handling and storage policies here: [https://openai.com/policies/privacy-policy].
We are committed to ensuring that your personal information is handled responsibly and in alignment with your expectations and privacy rights. This sharing is integral to providing you with a comprehensive Service experience and is conducted with the utmost consideration for your privacy and security.
Use of Your Google Information
Correlate AS responsibly utilizes Google services, including the Gmail API and Google Drive, under the following conditions:
- OAuth Authentication: Users can securely link their Google accounts to our Service using OAuth authentication, allowing us access to your Google account data without revealing your password.
- Google Data Use and Transfer:
-
- Service Functionality: We utilize Google Data for activities like sorting and filtering files as allowed by the API, enhancing search capabilities through the Elastic Search engine, and tracking user file interactions.
- Advertising Restrictions: We do not use Google Data for advertising purposes, in compliance with Google’s policies.
- Human Access to Data: Access to your Google Data by our personnel is strictly limited and occurs only under specific conditions such as with your explicit consent, for security purposes, or when complying with legal requirements.
Google’s Limited Use Policy Requirements:
- Our use of information from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use Policy requirements listed under Google API Services User Data Policy.
Use of Your Microsoft Information
Correlate AS also integrates with Microsoft services, such as Microsoft’s Outlook Mail API, under these guidelines:
- OAuth Authentication: Integration with Microsoft services is facilitated through OAuth authentication, providing secure access to your Microsoft account data without compromising your password.
- Microsoft Data Use and Transfer:
- Service Functionality: We employ Microsoft Data to provide essential features of our Service, which includes managing user-provided content and ensuring effective service operations.
- No Advertising Use: In line with Microsoft’s terms, we do not utilize Microsoft Data for any form of advertising.
- Restricted Human Access: Human access to Microsoft Data within our team is allowed only under specific circumstances such as user consent, security needs, or legal compliance.
- Compliance with Microsoft’s Terms of Use:
- Our handling of Microsoft Data complies with Microsoft’s terms and conditions, ensuring responsible and secure usage.
General Provisions for Data Use:
User Data Management: We are committed to managing and securing user data with utmost responsibility and in compliance with data protection standards. Our user data management practices empower users with the ability to request access to, rectification, and deletion of their personal data through our dedicated support channels. Additionally, we accommodate data portability requests on demand. It is important to note that if users choose not to share personal data, their access will be limited to only the public boards of our system.
Data Storage and Security: All user data, including that from integrations with Google and Microsoft services, is securely stored in our Database. We do not use Local Storage for storing files and emails; instead, these are maintained within our integrations. Our data retention policy does not entail the deletion of data after one year, and there is no separate module-based storage system in place. Anonymized data, collected for analytics purposes, is stored indefinitely, ensuring ongoing improvement and enhancement of our services.
Legal Basis for Processing Personal Data
At Correlate AS, we process your personal data on several legal bases, ensuring compliance with applicable laws and regulations, especially those laid down by the European Union:
- Contractual Necessity: We process personal data as necessary for the performance of our contractual obligations to you. This includes using your data to manage your account, provide the Service, and fulfill any direct requests or inquiries.
- Legal Obligations: When required by EU law or other applicable legal obligations, we process your personal data. This includes compliance with legal, regulatory, and statutory requirements, which may involve fraud prevention and detection.
- Legitimate Interests: We process your data where it aligns with our legitimate interests, provided these do not infringe upon your rights and freedoms. Our legitimate interests include:
- Responding to your requests and inquiries.
- Conducting business administration tasks such as statistical analysis.
- Providing the Service functionalities, such as file management, search capabilities, and user collaboration.
- Ensuring the security and integrity of our Service.
- Consent: In certain instances, we process your personal data based on your freely given, specific, informed, and unambiguous consent. You have the right under EU Data Protection Law to withdraw this consent at any time. Withdrawal of consent may impact our ability to provide certain service functionalities to you.
We retain your personal data only as long as necessary for the purposes for which it is processed or as required by law. Our approach to data processing is guided by a commitment to safeguarding your privacy and maintaining the highest standards of data protection.
Information Access and Correction
Correlate AS acknowledges your right to access and modify your personal information. Our commitment to data transparency and user control is reflected in the following procedures:
- Account Information Modification: If you have registered an account with Correlate AS, you are empowered to directly edit your registration information using the features and functionalities available within the Service. Additionally, changes to information linked to your Google or Microsoft profiles can be made through their respective profile settings.
- User Content Editing: Should your User Content contain personal information, our Service provides the capability for you to edit or delete this information, as well as the User Content itself, ensuring your continued control over the data you share.
- Requesting Access, Correction, or Deletion: We understand that not all personal information is readily accessible or modifiable via the Service. To request access to, correction of, or deletion of personal information that is not directly amendable:
- Please forward your request to us via email at support@correlate.com.
- Upon receiving your request, we will conduct a review process. This may involve requesting additional information from you to verify your identity.
- While we strive to accommodate your requests, please be aware that certain limitations or legal obligations might affect our ability to fulfill them completely.
- Please forward your request to us via email at support@correlate.com.
Our processes are designed to ensure that you have meaningful control over your personal data while aligning with legal and regulatory requirements. We are committed to facilitating your data rights in an efficient and user-friendly manner.
Your Choices
At Correlate AS, we respect your autonomy in managing your personal information and offer several choices to control how your data is used:
- Marketing Emails:
- We occasionally send marketing emails. If you prefer not to receive these, you can opt-out by following the unsubscribe instructions in the emails or by contacting us at support@correlate.com. We aim to process your opt-out request within 10 business days.
- Please note that opting out of marketing communications does not affect the receipt of service-related emails, such as account or subscription communications and responses to your inquiries.
- Third-Party Data Collection and Online Advertising:
- Our service may involve third-party data collection and online advertising. This includes allowing networks, social media companies, and other services to collect information about your interactions with our Service.
- The data collected is used for tailoring advertisements to your interests across various platforms and devices. It is typically gathered through technologies like cookies and social media plug-ins.
- You can manage cookie settings and opt out of interest-based advertising through your browser or device settings. Additionally, resources like the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA) provide tools for opting out of such advertising.
- Opting out may not stop advertisements completely but will prevent tailored ads based on your interests.
- Google Analytics and Advertising:
- We utilize Google Analytics for advanced features like Remarketing, Impression Reporting, and Demographics and Interest Reporting. These use a combination of first-party and third-party cookies to inform and optimize ad displays based on your site visits.
- To control Google advertising preferences or opt out of specific Google advertising products, you can use the Google Ads Preferences Manager (here) or the NAI’s online resources.
- Please be aware that while we strive to offer comprehensive choices, some aspects of data collection and usage are necessary for the effective functioning of our Service. For any further queries or assistance regarding opting out, please reach out to us at support@correlate.com.
Rights of EU Residents
As a resident of the European Union, you are entitled to certain rights under the General Data Protection Regulation (GDPR) with regard to your personal information that Correlate AS holds. These rights include:
- Right to Object: You have the right to object to processing based on our legitimate interests, particularly if it relates to your specific situation. This includes the right to object to marketing activities.
- Right of Access: You have the right to access your personal information held by us.
- Right to Rectification: If your personal information is inaccurate or incomplete, you have the right to have it rectified without undue delay.
- Right to Erasure: You have the right to request the erasure of your personal information in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
- Right to Restriction: In certain situations, such as when the accuracy of your personal information is contested, you have the right to request a restriction on its processing.
- Right to Portability: You have the right to move, copy, or transfer your personal information from one organization to another in a secure manner.
To exercise any of these rights, please contact us at the contact details provided at the end of this Policy. Additionally, as an EU resident, you have the right to lodge a complaint with your local data protection authority. Further information can be found at European Data Protection Authorities.
Data Processor and Controller Roles
Correlate AS primarily acts as a data processor, processing personal information based on the instructions of our clients and providers of Third-Party Accounts, who are the data controllers. However, in instances where we collect business contact information from our clients or when our services are used by individuals unaffiliated with any controller, we act as a data controller. In such cases, the aforementioned rights and GDPR compliance are applicable to the processing of your information.
Data Protection Measures at Correlate AS
At Correlate AS, we are committed to safeguarding the personal information we collect. While we cannot guarantee absolute security, we implement what we believe to be commercially reasonable and industry-standard measures to protect your personal data:
- Security Measures: We adopt various security technologies and procedures designed to help protect your personal information from unauthorized access, use, or disclosure. This includes, but is not limited to, encryption, firewalls, and secure server facilities.
- Transmission Risks: We acknowledge that the transmission of information via the internet is not completely secure. Therefore, any transmission of personal information to our Service is at your own risk. While we strive to protect your personal information, we cannot guarantee its absolute security during transmission.
- User Responsibility: The safety and security of your information also depend on you. It is crucial to safeguard your account password and to ensure it remains confidential. We recommend logging out after using the Service, especially when accessing it from public or shared devices.
- Prompt Response to Security Breaches: In the event of any compromise to your account credentials or if you suspect unauthorized access to your account, we urge you to inform us immediately at privacy@correlate.com. We are dedicated to taking prompt action in such circumstances.
- Limitation of Liability: While we are committed to protecting your privacy, we are not responsible for the circumvention of any privacy settings or security measures on the Service, including illegal acts by third parties such as hacking.
Our approach to data protection is a balanced effort between employing robust protective measures and reminding users of their role in safeguarding their personal information. We continuously assess and update our security practices to adapt to the evolving digital landscape.
Data Storage and International Transfer
At Correlate AS, we understand the importance of secure and lawful handling of your personal information, which includes considerations around data storage and transfer:
- Global Data Storage: Your personal information may be stored and processed in the United States or in any other country where Correlate AS, its subsidiaries, affiliates, or service providers have facilities. This global network of data storage is integral to providing a seamless service experience.
- Data Transfer Considerations:
- International Transfers: If you are located in the European Union or other regions with data protection laws different from U.S. law, be aware that we may transfer personal information to countries or jurisdictions that may have different data protection standards.
- Contractual Performance: The initial transfer of your personal information to Correlate AS is a fundamental part of our contract with you, allowing us to provide the services you expect.
- International Transfers: If you are located in the European Union or other regions with data protection laws different from U.S. law, be aware that we may transfer personal information to countries or jurisdictions that may have different data protection standards.
- Safeguards for Data Transfer:
- Onward Transfer Guarantees: For any subsequent transfer of your personal information, we commit to implementing appropriate safeguards. This includes entering into agreements that ensure such transfers adhere to the standards required within the European Union.
- Transfers Outside the EU: In cases where personal information is transferred from the EU to third-party countries not recognized as having adequate data protection, Correlate AS will utilize agreements based on the EU Standard Contractual Clauses to ensure the protection of your data.
- Onward Transfer Guarantees: For any subsequent transfer of your personal information, we commit to implementing appropriate safeguards. This includes entering into agreements that ensure such transfers adhere to the standards required within the European Union.
- Commitment to Data Protection: Our approach to data storage and international transfer is guided by our commitment to safeguarding your personal information and complying with applicable data protection laws. We continuously evaluate and update our data transfer practices to maintain this commitment.
By using Correlate AS’s services, you acknowledge and consent to the storage and transfer of your personal information as described in this policy.
Data Retention
Correlate AS retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, support our business activities, operate the Service, respond to your requests, or comply with legal obligations. Specifically:
- Business and Operational Use: Personal data is retained for the duration required to support our business functions and provide our Service to you.
- System-Recorded Data: Data recorded by our system is stored locally for one year. Additionally, this data is retained on servers, either ours or those of third-party suppliers, for as long as necessary to fulfill its purpose.
- Anonymized Data: We indefinitely store anonymized data, used exclusively for analytics and service improvement purposes.
Information from Children
Correlate AS is committed to protecting the privacy of children and complies with the General Data Protection Regulation (GDPR) Article 8 concerning the collection of personal data from children:
- Age of Consent: In accordance with GDPR, our Service does not target and is not intended to attract children under the age of 16. We do not knowingly collect personal information from children under 16 without the requisite consent.
- Children Under 16: If a child is under the age of 16, the processing of personal data is only lawful if consent is given or authorized by the holder of parental responsibility over the child.
- Variation by Member State: Please note that the age threshold may vary depending on the laws of the Member State. The minimum age for such consent is not below 13 years as per Member State law.
- Parental Responsibility: If you are a parent or guardian and believe that your child under the age of 16 has provided us with personal information without appropriate consent, please contact us at support@correlate.com. Upon confirmation, we will take steps to remove such information from our databases.
Third-Party Websites
- Our Service may include links to third-party websites and online services. Please be aware that these links are provided for your convenience and information.
- Our Privacy Policy does not apply to third-party websites or services. We encourage you to review the privacy policies of any third-party sites or services before providing personal information to them.
Updates to this Policy
- We will inform you of any significant changes to our privacy practices through a notice on our website or through other communication methods as described in our Terms of Service.
- Any significant changes will be indicated by an updated “Last Revision Date” at the end of the Policy.
- Your continued use of the Service following the posting of changes to this Policy will mean that you accept and agree to the changes.
Contacting Us
For any inquiries or questions regarding this Privacy Policy or our privacy practices, please reach out to us at privacy@correlate.com.
Last Revision Date
This Privacy Policy was last revised on January 19, 2024.