Nacelle Privacy Notice
Effective Date: 6/1/2020
This Privacy Notice applies to personal information processed by Nacelle, Inc. (“Nacelle,” “we,” “us,” and “our”) through our website https://getnacelle.com/ and related Nacelle offerings. To make this Privacy Notice easier to read, our website and related offerings are collectively called the “Services.”
An Important Note: Unless otherwise stated, this Privacy Notice does not apply to any of the personal information that Nacelle products or services process.
PERSONAL INFORMATION WE COLLECT
The categories of personal information we collect depend on how you interact with our Services.
Information You Provide to Us
Account Information. If you create an account with Nacelle, we will collect personal information such as your name and email address in order to provision your account.
Your Communications with Us. We collect personal information from you such as your email address, phone number, or mailing address when you request information about or a demo of our products and services, sign up for marketing from us, register for our newsletter, or otherwise communicate with us.
Surveys. We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include personal information.
Interactive Features. We may offer interactive features such as blogs and social media pages. We and others who use our Services may collect the information you submit or make available through these interactive features. Any content you provide on the public sections of these features will be considered “public” and is not subject to the privacy protections referenced herein. By using these interactive features, you assume the risk that the personal information provided by you may be viewed and used by third parties for their own purposes.
Conferences, Trade Shows, and Other Events. We may attend conferences, trade shows, and other events where we collect personal information from individuals who interact with or express an interest in Nacelle. If you provide us with any information at one of these events, we will use it for the purposes for which it was collected.
Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
Job Applications. We may post job openings and opportunities on the Services. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and process the information contained therein to assess your suitability, aptitude, skills, and qualifications for employment with Nacelle.
Information Collected Automatically
Automatic Data Collection. We may collect certain information automatically when you use the Services. This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information (including inferred location based off of your IP address), Internet service provider, mobile carrier, pages that you visit before, during and after using the Services, information about the links you click, information about how you interact with the Services, including the frequency and duration of your activities, and other information about how you use the Services. In some cases, information we collect may be associated with your name and email address.
Cookies. Cookies are small text files placed in device browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about engagement on the Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
Analytics. We may use Google Analytics and other service providers to collect and process analytics information on our Services. For more information about how Google uses data, please visit www.google.com/policies/privacy/partners/. You can opt out of Google Analytics’ collection and processing of data generated by your use of our website by going to http://tools.google.com/dlpage/gaoptout.
Information from Other Sources
We may obtain information about you from other sources, including from third party services and organizations. For example, if you access our Services through a third-party application such as a third-party login service, we may collect information about you from that third-party application that you have made available via your privacy settings.
HOW WE USE YOUR INFORMATION
We use your personal information for a variety of business purposes, including:
To Provide the Services or Information Requested, such as:
Fulfilling our contract with you;
Responding to questions, comments, and other requests;
Allowing you to register for events and webcasts;
Providing access to certain areas, functionalities, and features of our Services; and
Answering requests for customer or technical support.
Administrative Purposes, such as:
Pursuing legitimate interests, such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
Measuring interest and engagement in our Services;
Improving the Services;
Developing new products and services;
Ensuring internal quality control and safety;
Authenticating and verifying individual identities;
Carrying out audits;
Communicating with you about your account, activities on our Services and Privacy Notice changes;
Preventing and prosecuting potentially prohibited or illegal activities;
Enforcing our agreements; and
Complying with our legal obligations.
Marketing Our Products and Services. We may use personal information to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law.
If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us at any time as set forth below.
Consent. We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
Use De-identified and Aggregated Information. We may use personal information and other data about you to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified location information, information about the device from which you access our Services, or other analyses we create. De-identified and/or aggregated information is not personal information, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.
Share Content with Friends or Colleagues. Our Services may offer various tools and functionalities. For example, we may allow you to provide information about your friends through our referral services. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services.
Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular site behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality;
Performance Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services;
Functionality Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
Advertising or Targeting Related. We may use first party or third-party Technologies, including cross-device tracking, to deliver content, including ads relevant to your interests, on our Services or on third party sites.
DISCLOSING YOUR INFORMATION TO THIRD PARTIES
We may share your personal information with the following categories of third parties:
Service Providers. We may share any personal information we collect about you with our third-party service providers. The categories of service providers to whom we entrust personal information include service providers for: (i) the provision of the Services; (ii) the provision of information, products, and other services you have requested; (iii) marketing and advertising; (iv) payment and transaction processing; (v) customer service activities; and (vi) the provision of IT and related services.
Business Partners. We may provide personal information to business partners to provide you with a product or service you have requested. We may also provide personal information to business partners with whom we jointly offer products or services.
Affiliates. We may share personal information with Nacelle’s affiliated entities.
Advertising Partners. Through our Services, we may allow third party advertising partners to set Technologies and other tracking tools to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit third party services within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.” If you prefer not to share your personal information with third party advertising partners, you may follow the instructions below.
APIs and Software Development Kits. We may use third party APIs and software development kits (“SDKs”) as part of the functionality of our Services. APIs and SDKs may allow third parties including advertising partners to collect your personal information in order to provide content that is more relevant to you. For more information about our use of APIs and SDKs, please contact us as set forth below.
Disclosures to Protect Us or Others. We may access, preserve, and disclose any information we store in association with you to external parties if we, in good faith, believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others’ rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation and prosecution of suspected or actual illegal activity.
Disclosure in the Event of Merger, Sale, or Other Asset Transfer. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
INTERNATIONAL DATA TRANSFERS
All information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, the People’s Republic of China, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.
General. You may be able to opt out of certain uses of your personal information.
Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to our Terms of Service or this Privacy Notice).
“Do Not Track”. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Cookies and Interest-Based Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android and iOS.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these websites and learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, http://www.youronlinechoices.eu/, https://youradchoices.ca/choices/, and www.aboutads.info/choices/.
Please note you must separately opt out in each browser and on each device.
YOUR PRIVACY RIGHTS
In accordance with applicable law, you may have the right to: (i) request confirmation of whether we are processing your personal information; (ii) obtain access to or a copy of your personal information; (iii) receive an electronic copy of personal information that you have provided to us, or ask us to send that information to another company (the “right of data portability”); (iv) object to or restrict our uses of your personal information; (v) seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed personal information; (vi) withdraw your consent; and (vii) request erasure of personal information held about you by us, subject to certain exceptions prescribed by law. If you would like to exercise any of these rights, please contact us as set forth below. In some cases, your authorized agent may also contact us on your behalf.
We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.
We store the personal information we receive as described in this Privacy Notice for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
SECURITY OF YOUR INFORMATION
We take steps to ensure that your information is treated securely and in accordance with this Privacy Notice. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services, by mail or by sending an email to you.
THIRD PARTY WEBSITES/APPLICATIONS
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third party websites or applications is at your own risk.
The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we learn that we have collected a child’s personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.
This section only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA provides California residents with the right to know what categories of personal information Nacelle has collected about them and what categories of third parties Nacelle has disclosed their personal information to for a business purpose in the preceding 12 months (e.g., to a service provider). California residents can find this information below:
The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth above.
California residents also have certain rights in their personal information which are covered above in “YOUR PRIVACY RIGHTS”. For purposes of the CCPA, we do not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age. California residents have the right not to receive discriminatory treatment by Nacelle for the exercise of their rights conferred by the CCPA.
If you are located in the European Economic Area or the United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.
CHANGES TO OUR PRIVACY NOTICE
We may revise this Privacy Notice from time to time in our sole discretion. If there are any material changes to this Privacy Notice, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Notice if you continue to use the Services after the new Privacy Notice takes effect.
BUG BOUNTY POLICY
This policy provides the terms for a bug bounty program for those individual security researchers that provide contributions to manage the security of our systems in support of our users. Please note this is an interim program and is subject to modification, updates and cancellation as we develop our program. Until such time as we develop and publish our program, we require researchers to abide by the terms of this document. If you follow terms outlined below, we will not initiate or recommend legal or other action against you in response to your report.
I. What we expect from you
You must disclose the full vulnerability that you discover by submitting to email@example.com
You must not exploit the vulnerability you discover for any reason. You must not access, copy, or exfiltrate data for accounts that you do not own. Doing so may result in legal action and/or a report to law enforcement.
You must give us reasonable time to investigate, confirm and mitigate an issue you report to us before you make public any information about any vulnerabilities from your report.
You must make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) unauthorized access to or destruction of data.
You must make a good faith effort to avoid any attacks that interrupt, disrupt or degrade our services. DDoS/spam attacks are not covered by this program and will result in legal action and/or a report to law enforcement.
You must not use scanners, or any automated tools to find vulnerabilities without our consent.
You must not conduct non-technical attacks such as phishing, social engineering or physical attacks against our employees, customers or infrastructure.
You are not eligible to participate in this program if you are a resident of or make your submission from a country against which the United States has issued export sanctions or other trade restrictions, including Iran, Cuba, North Korea, Sudan and Syria, or if you are otherwise subject to restrictions as determined by the U.S. Office of Foreign Assets Control or other government agency.
You are not eligible if you are an employee or contractor of us or our affiliates, or an immediate family member of a person employed or contracted by us or our affiliates, or less than 18 years old.
II. What can you expect from us
We will respond as quickly as possible to your initial vulnerability report and keep you updated throughout the process as we work to verify and remediate the issue. Due to complexity and other factors, some vulnerabilities will require longer to address. In these cases, the vulnerability may need to remain non-public for a longer time to ensure that our security team has an adequate amount of time to address the vulnerability.
We will not take legal action against you if you have acted in good faith.
III. Ethical Hacking
You must act in good faith when investigating and reporting vulnerabilities to us. Acting in good faith includes:
Upholding the terms listed here. Failure to abide by the terms set forth here could result in non-payment and/or legal action and/or a report to law enforcement if warranted.
Respect our users’ privacy. You should only interact with accounts that you own, or with explicit permission from the account holder. If you encounter user information that you do not have permission to access during the course of your research you must:
Stop immediately. Any further action is unauthorized by this program.
Report access to user information immediately to us through [Insert contact information]
Do not use, save, copy, store, transfer, share, disclose or otherwise retain any such information
Cooperate with further requests from us
No extortion. Any vulnerability reporting should be done with no conditions or strings attached. We reserve the right to determine what we believe to be a reasonable payout for your efforts, and pay you accordingly. Any attempt at extortion or ransom may result in legal action and/or a report to law enforcement.
Status Quo. You should never leave a system in a more vulnerable state than you found it. This means you should not be conducting testing or other activities that degrades, damages, destroys, or harms data within our systems or otherwise negatively impacts our users.
If you have any questions about our privacy practices or this Privacy Notice, or if you wish to submit a request to exercise your rights as detailed in this Privacy Notice, please contact us at:
520 Broadway, Floor 2 Santa Monica CA 90401