Owner and Data Controller

Deeper Signals Inc.

430 West 34th #16E

New York, NY

10001

Owner contact email: privacy@deepersignals.com

Effective Date: December 14, 2022

Last Updated: Aug 28, 2024

Deeper Signals (“we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy (“Policy”) outlines our practices regarding the collection, use, and protection of personal data and our compliance with the EU-U.S. Data Privacy Framework (DPF), UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Principles.

Compliance with Data Privacy Framework (DPF)

Deeper Signals complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Deeper Signals has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPFPrinciples) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Deeper Signals has also certified to the U.S.Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

 

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Our role in your privacy 

Deeper Signals acts as the “data controller” of the personal data you provide to us. This means that we determine how personal data is processed and are responsible for protecting it from harm. 

When and how we collect data

We collect your personal data when you create an account with us or otherwise share data with us on our website. Here are ways in which we collect your data: 

  • You browse any page or submit a form through our website (such as to download our whitepaper)
  • You request a demo of Deeper Signals
  • You use our services or contact us for customer support
  • You receive transactional emails from us or opt-in to marketing messages
  • You communicate with us via social media

If you share the data of another person on our website, you must make sure you have that person’s consent to both the disclosure and processing of their personal data in accordance with this Policy.

Personal data may either be freely provided by you or, in certain cases, collected automatically when using this website. Some data requested by us is mandatory and failure to provide this data may make it impossible for us to provide our services to you. In cases where we specifically states that data is not mandatory, you are free not to share this data without impacting the functioning of our website or services. If you are uncertain about what data is mandatory, please contact us at the email listed below in the “Contact Us” section. 

Types of data we collect

The types of data we collect may depend on the reason for collection. Here are the different types of data we may collect from you: 

  • Contact details (Your first and last name, email address)
  • Usage information (Your or your end users’ responses to personalized assessments)
  • Technical information (Device information such as your IP address, browser type and version and information about your visits to our website including pages viewed)

In addition to the above, we also use cookies (small, encrypted data files stored and sent by your browser whenever you visit our website) to store and retrieve your login status, assessment results, and various website settings. Some of the cookies are account-specific while others are not. For more information about cookies, please see our Cookie Policy section below. 

Why we collect your data

We only use your data for certain reasons and where we have a legal basis to do so. Here are the reasons we collect your data: 

  • To calculate and display your personality assessment results
  • To send you account-related messages, such as password recovery emails
  • To identify you and ensure the security of your account, such as by verifying you own the email linked to your account
  • To provide you with content and services relevant to you 
  • To respond to your questions or issue reporting or otherwise to provide customer support
  • To conduct website analytics to optimize our services and your experience by testing features, managing landing pages, etc. (For example, we may measure the time you spend on a certain page before and after a design change in order to understand whether we need to tweak anything.)
  • Where required, to respond to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including court orders, subpoenas, or other lawful requests by public authorities to meet national security or law enforcement requirements

How we secure your data

We have technical, administrative, and physical security measures in place that are designed to protect your personal data from unauthorized access, disclosure, use, and modification. Some of these measures include regular penetration testing, audits, and encryption. We regularly review our security procedures to consider appropriate new technology and methods. 

Please be aware that, despite our best efforts, no security measure is 100% perfect or impenetrable and any information you provide to us is at your own risk.

If you believe your privacy has been breached, please contact us immediately at security@deepersignals.com

Where we store your data

The personal data we process is stored on Deeper Signals servers located in Germany and in any data processing facilities operated by the third-party service providers identified in this Policy. 

If we store or transfer data outside the EEA, we take all steps necessary to ensure that your privacy rights are protected and that we are complying with all applicable requirements related to such data transfers. Typically, this means we will enter into Standard Contractual Clauses, where required, before transferring any personal data. 

How long we retain your data

The retention period for your data will depend on the purpose and legal basis for which it was collected. 

In the context of business-to-consumer interactions, when we collect your personal data for purposes related to the performance of the services we provide to you, we will retain that data for a period of 2 years following your last interaction with Deeper Signals or until you request that we delete your data, whichever occurs first. 

In the business-to-business context, Personal data collected from you as a result of a contract with an organization that employees you is owned by your employer (who acts as the data controller of your data). As such, this data will be retained until the applicable data processing agreement with the organization obligates us to delete or return your data. 

If we collect your personal data for our legitimate interests, we will retain your data for as long as needed to fulfill these interests. For more information on what these legitimate interests may include, please review the EEA, UK, and Switzerland section of this Policy, or contact us at security@deepersignals.com

If you have given us consent to process your data, we may retain such data until you explicitly withdraw your consent or until we no longer have a justifiable reason to retain such data. 

Notwithstanding the above retention periods, we may retain your personal data for a longer period if we are required to do so for the performance of a legal obligation. 

Once the applicable retention period ends, all personally identifiable data will be permanently deleted or anonymized. 

Third parties who process your data

We partner with third parties to provide you with our services. When we do this, it may be necessary for us to share your data with these parties. In these cases, your data will only be shared when strictly necessary and in line with the safeguards and practices outlined in this Policy. 

All third-party transfers are conducted in compliance with the DPF Principles. Our organization is liable in cases of onward transfers to third parties. We ensure that any third party acting as an agent on our behalf will comply with the DPF Principles and provide the same level of protection for personal data as required by the DPF Principles.

Below you will find a list of our current third-party service providers. Please note this list is subject to change, so it is important that you periodically review it.


Hosting

Amazon Web Services (AWS) - Privacy Notice

Data collected/shared: Various types of data, such as contact information, as specified in the AWS Privacy Notice

Purpose: This is a web hosting provider we use to store data securely in the cloud. 

Place of processing: EEA

Where service is used: Deeper Signals Application

Functionality

Google OAuth (Google LLC) - Privacy Policy

Data collected/shared: Various types of data, such as contact information, as specified in the Google Privacy Policy

Purpose: This allows you to authenticate your identity via Google. 

Place of processing: EEA or US

Where service is used: Deeper Signals Application

Google Fonts - Privacy Policy

Data collected/shared: Various types of data, such as usage data, as specified in the Google Privacy Policy

Purpose: This is a typeface visualization service that allows our website to incorporate content of this kind on its pages. 

Place of processing: US

Where service is used: Deeper Signals website

Other third-party service providers

Google Analytics with anonymized IP - Privacy Policy

Data collected/shared: Contact details. Data regarding your usage of the Deeper Signals website.

Purpose: This is a web analysis service, which is used to track use of our website and prepare reports on user activity.  This integration anonymizes IP addresses of those individuals located in the EEA by shortening the individual’s IP address.  Opt-out

Place of processing: US

Where service is used: Deeper Signals website

Stripe - Privacy Policy

Data collected/shared: Various types of data, such as transaction data, as specified in the Stripe Privacy Policy

Purpose: This is the payment processing platform we use to manage purchases of our services and offerings. 

Place of processing: US and EEA

Where service is used: Deeper Signals application

Chargebee - Privacy Notice

Data collected/shared: Various types of data, such as contact information, as specified in the Chargebee Privacy Notice. 

Purpose: This is a subscription management system that helps us handle the subscription lifecycle, including recurring billing and invoicing. 

Place of processing: US and EEA

Where service is used: Deeper Signals application

CookiePro by OneTrust - Privacy Notice

Data collected/shared: Your cookie preferences

Purpose: CookiePro provides the cookie preference tool on the Deeper Signals website

Place of processing: US and EEA

Where service is used: Deeper Signals website

Grafana - Privacy Policy

Data collected/shared: Every user interactions with the Deeper Signals App.

Purpose: A multi-platform open-source analytics and interactive visualization web application for logs

Place of processing: EEA

Where service is used: Deeper Signals application

HotJar - Privacy Policy

Data collected/shared: No identifiable information shared.

Purpose: A product experience insights tool that gives behavior analytics and feedback data

Place of processing: EEA

Where service is used: Deeper Signals application

Sentry - Privacy Policy

Data collected/shared: No identifiable information shared.

Purpose: Application performance monitoring and error tracking.

Place of processing: US

Where service is used: Deeper Signals application

Cookie Policy 

We use cookies when you interact with us to enable our website to recognize when you visit and to track your preferences in relation to your use of our website. We also use cookies to carry out activities that are strictly necessary for the operation of our website, such as to save your language preferences and to optimize your browsing experience.  

There are different types of cookies we may use, including ‘session’ cookies that delete themselves when you leave Deeper Signals and ‘persistent’ cookies that remain stored on your device until you delete them or until they reach a specified expiration date. Persistent cookies help us recognize you when you return so we can provide a tailored experience. 

You can block and delete cookies through your browser settings. Additionally, you can manage your cookie preferences on our website by using our cookie banner (managed by CookieBot). However, please be aware, certain functions and features of our website will not be accessible if you block or reject cookies, including essential cookies. 

Where third parties use cookies, we have no control over how those cookies are used. In these cases, it is advised that you refer to the applicable cookie policies of these third parties. 

Your privacy rights and choices

You have certain rights when it comes to the processing of your data, including: 

  • The right not to provide us with your personal data. If you choose not to share your data, you can continue to use our website, but we may not be able to provide certain services to you. 
  • The right to object to our processing of your data. You have the right to object to the processing of your data at any time. 
  • The right to restrict processing of your data. Under certain circumstances, you have the right to restrict the processing of your data. In this case, Deeper Signals will not process your data for any purpose other than storing it. 
  • The right to rectify the data we hold about you. At any time, you can verify that the data we hold about you is accurate and, if it is not accurate, you have the right to ask for the data to be updated or corrected. Additionally, if you have an account with us, you can update most of your personal data including your email address, profile name, and demographic information. 
  • The right to access the data we hold about you. You can request supplementary information about the data we process about you, our purposes for processing, and how long the data will be stored. 
  • The right to be forgotten. You have the right to have your personal data deleted or otherwise removed. This right does not always apply. If this right does not apply, we will communicate this to you when you ask us to delete your data.  
  • The right to data portability. If you wish to transfer your data to another controller, we will provide your data to you in a structured, commonly used and machine-readable format. Where it is technically feasible, upon request we will directly provide your data to another controller for you.
  • The right to withdraw consent. Where you have previously provided consent to the processing of your data, you may withdraw such consent at any time by contacting us at hello@deepersignals.com.
  • The right to lodge a complaint. If you have a complaint about how we process your data, please contact us so we can address your concern(s). However, if we fail in this, you can lodge a complaint with your local Data Protection Supervisory Authority or with the UK Information Commissioner’s Office. 

If you’d like to exercise any of the above rights, please email us at security@deepersignals.com. Please send the request from the e-mail address associated with your account in order for us to process it. These requests can be exercised free of charge and will be addressed by Deeper Signals as early as possible and always within one month.

We are committed to resolving any complaints about our collection or use of your personal data. EU, UK, and Swiss individuals with inquiries or complaints should contact us at security@deepersignals.com. We also agree to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and Information Commissioner (ICO) to investigate unresolved complaints.

Federal Trade Commission (FTC) Jurisdiction

Our organization is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Binding Arbitration

Under certain conditions, individuals may invoke binding arbitration for complaints regarding DPF compliance. We are obligated to arbitrate claims and follow the terms set forth in Annex I of the DPF Principles. Individuals may deliver notice to our organization and follow the procedures and conditions set forth in Annex I of the Principles.

“Do Not Track” Disclosure

Deeper Signals does not currently respond to “Do Not Track” requests. We will continue to monitor industry activity in this area and will reassess our practices as needed. 

Changes to this Policy

Deeper Signals reserves the right to make changes to this Privacy Policy at any time. We recommend you check this page often, referring to “last updated” date at the top of this Policy. In the event that we make material changes that impact your rights and/or use of our services, we will provide notice to you via email. 

Should these changes affect the processing activities performed on the basis of your consent, Deeper Signals shall collect new consent from you as required.

EEA, UK, and Switzerland Addendum

This EEA, UK, and Switzerland Addendum (“Addendum”) applies to you if you use our services while in the EEA, UK, or Switzerland. 

Legal Basis for processing

When we process your personal data, we only do so for one or more of the following reasons: 

  • Performance of a contract, such as to process payments and provide our services you’ve requested
  • As necessary to comply with legal obligations that we are subject to 
  • Processing is necessary for Deeper Signal’s legitimate interests, including to communicate with you about changes to our services and to improve or analyze our services
  • When we have your consent to process. If you have previously given consent to our processing of your data, you can freely withdraw such consent at any time by emailing us at security@deepersignals.com. If you do withdraw your consent, and if we do not have another legal basis for processing your information, then we will stop processing your personal data. If we do have another legal basis for processing your information, then we may continue to do so subject to your legal rights.

Should you have any questions about the legal bases we rely on and when we rely on them, Deeper Signals will clarify the specific legal basis that applies to our processing of your personal data. 

California Addendum

This California Addendum (“California Addendum”) explains how we collect, use, retain, and otherwise process personal data about California residents. Additionally, this California Addendum explains the rights California residents have under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). This California Addendum only applies to information collected about California residents (“you”). 

Categories of personal data collected

Deeper Signals may have collected the following categories of personal data within the last twelve (12) months. The personal data collected depends on the services used by you:

  • Contact details (Your first and last name, email address)
  • Usage information (Your or your end users’ responses to personalized assessments)
  • Technical information (Device information such as your IP address, browser type and version and information about your visits to our website including pages viewed)

Categories of personal data sold

Within the meaning of the CCPA, Deeper Signals does not sell any personal data. 

How we collect personal data

Personal data may either be freely provided by you or, in certain cases, collected automatically when using this website. For further details on this, please review our Privacy Policy. 

How we use personal data

We use the personal data we collect for the business purposes disclosed within our Privacy Policy.

Your California rights

As a California resident, you have the following rights related to your personal data: 

  • The right to request: (1) the categories and specific pieces of personal data we have collected about you, (2) the categories of sources we collect your personal data from, (3) our business or commercial purpose for collecting and/or selling your personal data, and (4) the third parties we share your personal data with. Additionally, to the extent that we sell your personal data, you may request that we disclose the above information to you. 
  • The right to delete: You have the right to request that we delete any personal data that we collect about you. 
  • The right to opt-out of the sale of your personal data: You have the right to opt-out of the sale of your personal data. To exercise this right, please email security@deepersignals.com.
  • The right to not be discriminated against: We will not discriminate against you if you choose to exercise any rights granted to you through the CCPA.