ActiveCollab LLC (“ActiveCollab”, “we“, ”us“, or ”our“) is committed to the lawful, transparent, and fair handling of your personal data and your data privacy. We treat everything related to your personal data with integrity and respect.
When we refer to “ActiveCollab”, “we”, or “us” in this policy, we mean ActiveCollab LLC, which controls the data ActiveCollab collects when you use our services. ActiveCollab offers a collaborative tool, used for project management. References to our product in this policy include our self-hosted and cloud-based tool, website, mobile apps, and desktop app. Together with our support, they are referred to as Services in this policy.
The scope of this policy, along with our Terms of Service and Security Policy, determine how we process your personal data, and they also determine your rights and obligations as our users.
DefinitionsPersonal data is any information relating to an identified or identifiable natural person (‘data subject’). In a nutshell, any data that can identify or point in the direction of a living person.
Processing is any operation or set of operations which are performed on personal data or sets of personal data, whether or not by automated means.
Under this policy, ActiveCollab may be the data controller (“controller”) or the data processor (“processor”) of your personal data, depending on the context of personal data you provide.
A controller can be the natural or legal person, public authority, agency, or another body, which, alone or jointly with others, determines the purposes and means of the processing of personal data. ActiveCollab is a controller when using personal data for the purposes of marketing, reporting, and incentive programs. We do this only when we have a legitimate interest, or when you’ve given us your consent.
A processor can be a natural or legal person, public authority, agency, or another body which processes personal data on behalf of the controller. ActiveCollab is a Processor in cases of user authorization, providing customer support, profile, invoicing and billing functionality, and in other scenarios as defined in our Terms of Service.
End Users are users who are not direct users of our Services, meaning they are not the ones being charged for our Services, and there is an administrator or organization administering the Services to them.
Cookies are very small files that are placed on your device when you visit a website. These files usually contain data like the site’s name and a unique user ID. They can be easily viewed and deleted. Cookies are used for a variety of purposes and, since some cookies are used for identifying the user, all cookies are subject to the GDPR.
SummaryYour privacy matters. That’s why our policies are all about transparency. In this Policy, we will explain how we collect, use, and share your information. We will also explain how and where we store your data and how we process it. In the next section of our Policy, we will cover these questions:
- What data we collect about you
- How we use your information/personal data
- ActiveCollab as a processor of User/Client Data
- How we share your information
- Service Processors
- How and where we store and process your information
PrinciplesWhat follows are the principles regarding the data we collect.
5.1 What personal data we collect about youWe collect your data only when you provide it to us while using our Services, and when our third-party processors, which we have appropriate contracts with that are subject to EU regulations, provide it to us. We encourage you to read below our detailed list of all the data we collect and which purposes we do it for.
Many of our features and options require some personal data (essential features and options like communication email and invoicing details), but for non-essential features, you can choose not to provide us your personal data (username, profile picture, etc.). Bear in mind that, in certain situations, providing data is required by law.
Account and profile information
When you register for a trial account, we ask for your email only. When you switch to a paid account, we need more information for billing purposes. In both cases, we collect data for account personalization - it is optional for you to add a profile photo and other details.
Your content provided through our websites
We collect the content you upload while using our websites, including our social media channels. This refers to the feedback you give on our surveys, promotions, events.
Data needed for support channels
When you experience a problem or need assistance, you may need to contact our Support. Whatever the context is (email, ticket, social media channels, audio/video call, chat), you will be asked to provide information related to the problem. This means providing any type of data (contact information, problem explanation, screenshots, etc.) which is necessary for troubleshooting and which may speed up the process of resolving the issue. This process is defined in our Terms of Service, and any issue-related details are necessary in order to provide you with our support services.
When you register for a paid account, we collect your payment and billing details through secure payment processing services. We collect information about you or your billing representative: billing information (name and contact information), payment address and payment details (credit card or bank account number).
Your content uploaded through our products
Using our products (web app, desktop app, mobile apps) means uploading your content for collaboration purposes.
The content you upload on your cloud account is stored on our servers, and only you can access it. In specific cases, when troubleshooting is needed, our Support may need to check your instance - with your explicit consent and login details. We don’t have any information about the content you upload on your self-hosted account since that content is uploaded to your own servers.
Your use of the Services
We collect information about you while you’re using our Services. We basically keep track of your visits and interactions with our Services. This information includes the features and add-ons you use, details about your collaborating activity, details about your device and operating system, browser type.
Cookies and other tracking technologies
Data from other sources
We also receive data about you from third-party services. This happens when you link or integrate our Services with a third-party service, or when you give consent to other services to use your information. For example, we use third-party service for payment and billing purposes, or our advertising and market research partners provide us with information about your interests and engagements with our Services and online ads. You can see the list of all our third-party processors in section 5.5 of this policy.
5.2 How we use your personal dataBased on the purpose, here we explain how we use your data.
To provide the Services and personalize your experience
We need your data so we can provide our Services to you. Basic activities include transaction processing, authentication, providing customer support, operating and maintaining the Services. For example, we use your email and the photo you provided to identify you to other users on your account. We also use your data to personalize your experience by offering you relevant features and making recommendations.
Research and development
We always strive to improve our Services and integrate them better with other apps you use. That means we use data we collect about how you (and other people) use our Services to shorten the onboarding process, identify trends in user behavior, and create a map of activity patterns. This helps us pinpoint the exact areas for future improvement. Along with this data, we also use all the feedback we get for precise troubleshooting and creating a more friendly and engaging user experience. We keep relying on legitimate interest when it comes to beta testers as well, and the feedback we get from them is solely for the purpose of improving and developing our services.
To communicate with you about the Services
In order for you to successfully use our Services, we create certain communications to shorten your learning curve and create a satisfactory user experience. These communications include onboarding emails, transactional emails, purchase confirmations, subscription expiration reminders, responses to comments, requests and questions, complete customer support service, technical notices and updates, security alerts, administrative messages, promotions, new features. Depending on your settings, we send you email notifications about collaborating activity on your account.
When you sign up for our Services, you agree to these communications, and in most cases, you can’t opt-out of them. When the opt-out option is available, you will find it within the communication itself or in the settings section of your account.
For marketing, promotion, and engagement
We create promotional content that may be of specific interest to you, and that is why we send it via email or display it in our ads. This is why we use your contact information and information about how you use our Services - so the content is as relevant to you as possible. Those ads appear on different websites and platforms (like Facebook and Google). All this content has a purpose of driving engagement and helping you use our Services to the fullest. Besides emails and ads, we also create survey requests, newsletters, informational product content.
To provide Customer Support
When it comes to Support, there are different scenarios in which we need your data, e.g., to assist you with different kinds of requests and needs, to resolve technical issues you reported, to analyze crash details, to repair and improve our Services. When you give us your information, it is shared only with our experts (employees), only for the purpose of giving feedback and resolving the issues as soon as possible, as defined in our Terms of Service.
Security and safety reasons
There are situations when, for certain safety and security reasons, we need to use the data about you and your use of our Services - e.g., to verify accounts, to monitor suspicious or fraudulent activity, to identify violations of our policies.
Legitimate interest and legal rights
We use your data when we need to protect our legal rights, interests, and the interests of others, as well as when we’re required by law to do so. In these cases, as always, we use your data only when necessary.
With your consent
There are specific purposes, not listed above, that require your consent so we can use data about you. We always ask for your permission in these cases (e.g., quoting you on our sales website, or publishing your customer story on our blog). When you give us consent to use your data for a specific purpose, you have the right to change your mind at any time, but if any processing has already taken place, it will stay unaffected.
5.4 How we share your dataWhen we collect or process your data, our employees here at ActiveCollab are in charge of handling it. Depending on the context, purpose, and data type, members of different teams are in charge. All our employees have gone through extensive and proper training programs, so they are aware of relevant privacy principles and law requirements.
We will never share your data, unless in the ways discussed below.
Sharing with other Service users
When you sign up and start using our Services, other users on your account will be able to see your data. Some of the collaboration features display some or all of your profile information. For example, when you comment on a task, we email subscribers to the task with the comment, your name, and your profile photo.
Sharing with third-party apps
We work with third-party apps to make our Services more integrated and collaboration-friendly for you, our users. When you add new functionality or change the behavior of the Services by enabling third-party apps, you may give those apps access to your data, such as name, email, and any content you decide to share. What you share with those apps and on their websites is governed by their policies, not this one.
Sharing with third-party widgets
Sharing with law enforcement
Sharing with your consent
When you give us your consent, we will share your data with third parties. For example, we might share, with your consent, your name and the name of your company as part of the testimonial on our website. You can revoke your consent at any given moment, just contact us and send us your request.
Sharing in business transfers
If a merger, sale of company assets, financing, or acquisition of all or a portion of ActiveCollab to another company happens, you will be notified via email. This will inform you about the choices you may have regarding the situation.
Sharing with third-party service processors
In the next section, we listed all the third-party processors we have contracts with. We work with them to provide website and application development, hosting, maintenance, backup, storage, payment processing, and other services for us, which may require them to access or use some data about you. When these Service Providers require to access information about you to perform services on our behalf, they do so under instruction from us, including abiding by policies and procedures designed to protect your information.
5.5 Service ProcessorsSometimes we use third-party processors to process some or all of your personal data. Here we listed all of them. We made sure that we’ve signed contracts only with third-party processors who are GDPR compliant. These third-party processors have access to your personal data only to perform these tasks on our behalf, and are obligated not to disclose or use it for any other purposes.
Help Scout: our Customer Care team uses this help-desk software to stay in touch with you. This software uses only your email and name, for the purpose of us getting back to you, assisting with your requests, and resolving the issues you might have. Here you can read how Help Scout deals with privacy.
Crisp: this is a messaging platform our Customer Care team uses to chat with you. Crisp uses only your email, and we chat with you wherever you start a conversation over our website or straight from our app. The most frequent case is the need for customer support.
Stripe: this tool processes your payments to us. We use it for billing purposes only. Stripe collects your payment details (credit card or bank account number), along with your name and payment address. In case payment and billing details are different, they are both collected. Also, if you’re not the one making the payment, the mentioned data of your billing representative is collected. For more information on how Stripe deals with privacy, read this.
FastSpring: this is a cloud-based eCommerce that we use as a billing platform. Like Stripe (mentioned above), Fastspring collects your payment details (credit card or bank account number), along with your name and payment address. In case payment and billing details are different, they are both collected. Also, if you’re not the one making the payment, the mentioned data of your billing representative is collected. For more information on how FastSpring deals with privacy, read this.
Google Analytics: this is a web analytics service that tracks and reports website traffic. Google uses the collected data to track and monitor the use of our Services. It may use the data to contextualize and personalize the ads of its own advertising network. For more information about Google’s privacy practices, read this.
MailChimp: we use this marketing automation platform for staying in touch with you via email. This occurs when we send you our newsletter or include you in our incentive program. This is where you can read more about MailChimp’s policy.
Google Drive: this is a service developed by Google, and we use it for file storage. This is the place where we temporarily keep your data for the purposes of reporting, customer care, feedback analysis, usability testing, marketing, incentive programs. For more information about Google’s security policy follow this link.
Zoom: this is a cloud platform we use for video calls. With your permission, sometimes we record video calls, only for the purposes of improving our customer care and sales process. Videos along with your name and number (if given) are always deleted within 2 weeks.
Skype: this software temporarily collects only your number when you leave us a message. We use that data only to get back to you and for no other reason. After a successful call, your number is deleted.
5.6 SecurityWe’ve designed our platform to offer you a secure-by-default experience. When it comes to customer data security, encryption, storage, and backups, everything we do is described in our Security Policy. We encourage you to read it and contact us if you have any questions or concerns.
In case of a data breach, we will follow the implemented procedures which ensure we will inform you and respond to the data breach in a timely manner.
5.7 How and where we store and process your dataWhere we store and process your data
Personal data collected by ActiveCollab is stored and processed in the United States, Canada, France, and in Serbia, where ActiveCollab’s operating facility is located. Our primary storage locations are in Canada and the USA, with an offsite backup in France. We make sure that the data we collect under this privacy statement is processed according to the provisions of this policy, our Terms of Service, and the requirements of applicable law wherever the data is located.
How we handle data transfers
We transfer, process, and store your data from your region to Serbia or wherever our third-party processors operate, only with the purpose of providing you with our Services. Serbia is not a member of the European Economic Area, but we use a variety of legal mechanisms and contracts to ensure that your rights and protections travel and apply with your data.
When you cancel your account, we’ll delete all of your data in the following 30 days.
Rights of data subjectsWe will always make sure you’re allowed to correct, amend, delete, or limit the use of your data. You can update your data directly within your account settings section. However, if you’re unable to do that, please contact us to make the required changes. Also, if you want to exercise any of the rights listed below, contact us. Keep in mind that, if you are an end user, you may need to contact your administrator to assist with your requests first.
Right to be informed
You can ask for details about the collection and use of your data at any time. This also includes the purposes for processing your data, retention periods for that personal data, and who it will be shared with.
A right of access and rectification
A right of access is your right to access all the personal data we hold about you, and your right to obtain information about how we share, store, secure and process that data. A right of rectification is your right to request correction of any inaccurate personal data we hold about you.
Right to delete personal data and data retention
This is your right to request the deletion of all personal data we hold about you. This right is subject to certain limitations under applicable law. If we fulfill your request, you might not be able to use our Services any longer. Your data will be deleted from all our storage devices and servers in the following 30 days after the fulfillment of your request.
Right to data portability
This is your right to request a copy of the personal data we hold about you, in a commonly used electronic format, and the right to transmit it to another party.
Right to restrict personal data processing
This is your right to request restriction of how and why we use or process your personal data.
Right to object to processing justified on legitimate interest grounds
This is your right to object to how or why we process your personal data.
Right to withdraw consent
You have the right to withdraw your consent at any time. This action won’t affect the lawfulness of processing based on consent before its withdrawal.
Right to not be subject to Automated Decision-Making
This is your right not to be subjected to a decision based solely on automated processing, including profiling.
This right is limited and not applicable in cases when the decision is: authorized by law (e.g., for the purposes of fraud); based on your explicit consent; necessary because of the contract between an organization and you.
Right to submit complaints or report abuse for EU-based users
If you think that the processing of your personal data infringes applicable laws, you have the right to lodge a complaint with a supervisory authority in your country of residence.
If you need to report abuse, or if you have any questions about exercising the rights listed above, we strongly advise you to contact us.
Children & minorsEven though our website and Services are not designed for children under 16 years old, we realize that a child under the age of 16 might try to access our Website and Services. We do not knowingly collect personal data from children under the age of 16. If you are under 16 years old, don’t use or provide any data on our Website and Services. If we find out that we’ve collected or received personal data from a child who is under 16 years old, we will delete all that data within a reasonable period of time. Before we remove any data, we may ask for proof of identification to prevent malicious removal of account information. If you believe we might have information about or from a child who is under 16 years old, contact us at firstname.lastname@example.org. You acknowledge that we don’t verify the age of our users nor do we have any liability to do so.
Other optional elements that you should consider adding to the policy
10.2 Do not trackActiveCollab is a collaboration tool. People want and need to know who they are working with and talking to, which is why our Services don’t respond to DNT signals. There’s a wide range of other tools to control data collection and usage. You can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving marketing from us as described above.
10.3 Notice to End UsersIf our Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the end-users and/or Service sites over which it has control. This means that you should direct your questions about data privacy to your administrator since your use of the Services is subject to that organization’s policies. Administrator organization’s security policies may be different from ours, and we are not responsible for it.
If you are a member of a team administered by an organization, or if you use an email address provided by an organization to access the Services, then the administrator of that team, or the owner of the domain associated with your organizational email address (e.g. your employer) may assert administrative control over your account and use of the Services at a later date. Administrators are able to control and restrict your access and privileges within our apps. In some cases, they might even be able to edit your account information and control integrations with third-party apps. If you need any clarifications or more information, contact your organization, or learn more by reading the organization’s policies.