Privacy

Cameyo Privacy Notice

Effective Date: June 13, 2024 

This Privacy Notice explains how Cameyo, Inc. (collectively, “Company” or “we”) collects and processes the personal information of its users (“user”, “you” or “your”) in relation to (i) our website (“Website”); and (ii) our products, any software furnished or used by Company in connection with our services, and related services, as applicable (collectively, the “Services”).  

We may offer the Services either directly or via our authorized partners, including but not limited to resellers, distributors, or other similar representatives. Where we refer to our “customers” in this Privacy Notice, we also mean our partners, resellers, distributors, or our other similar representatives and their customers.

If European Union (EU), UK or Swiss data protection law applies to the processing of Service Data relating to you, you can review the EU Privacy Standards and GDPR section below to learn more about your rights and compliance with these laws by us.

Service Data We Collect

We process Customer Data and Service Data in order to provide the Services. This Privacy Policy applies solely to Service Data and does not apply to Customer Data. “Customer Data” is data submitted, stored, or sent via the Services by our customers or their end users. For additional information related to Customer Data processing, please refer to your relevant customer agreement.  “Service Data” is the personal information we collect or generate during the provision and administration of the Services, excluding any Customer Data. 

Service Data includes:

  • When you engage us to use our Services or sign-up to the Services, and to provide support as agreed. We collect and process your contact information and billing information when you engage us to use our Services or sign-up to the Services and to provide support. If you are a representative of a business that wishes to use, or is already using, our Services, we will collect contact information such as your name, title and company name, contact information, i.e., email address and phone number, and information relating to the potential or existing engagement and any support agreed between us and that business.
  • Payments and transactions. We keep reasonable business records of charges, payments, and billing details and issues.
  • Settings and configurations. We may record your configuration and settings, including usernames, resource identifiers, and attributes. This includes service and security settings for data and other resources.
  • Technical and operational details of your usage of the Services. We collect information about usage, operational status, software errors and crash reports, authentication details, quality and performance metrics, and other technical details necessary for us to operate and maintain the Services and related software. This information may include device identifiers, identifiers from cookies or tokens, and IP addresses.
  • Your direct communications. We keep records of your communications and interactions with us and our partners, for example, when you send us an inquiry, provide feedback, or sign up to get a demo or to receive news and updates from us.
  • When you visit the Website. We collect analytics information about your interaction with the Website, such as device identifiers and identifiers from cookies or tokens.

Why We Process Service Data

We and our affiliates process Service Data for the following purposes:

  • Provide the Services. Service Data is primarily used to deliver the Services. This requires processing of Service Data for purposes such as billing for the services you use, ensuring those Services are delivered or working as intended, detecting and avoiding outages or other problems you might experience, and securing your data and Services.
  • Make recommendations to optimize use of the Services. We use Service Data to provide you and our customers with recommendations and personalized services. This includes suggesting ways to better secure your account or data, options to reduce service charges or improve performance, and information about new or related products and features. We also evaluate your response to our recommendations.
  • Maintain, improve and develop our services. We evaluate Service Data to help us maintain and improve our services, such as improving their security, performance, and functionality and developing new services and features. As we optimize our services for you, this will improve them for other customers and vice versa.
  • Provide and improve other services you request. We use Service Data to deliver and improve other services that you and our other customers request, including providing product demonstrations, or to manage event or product registrations.
  • Measure performance.  We use Service Data to measure performance so that we can identify when the Services are malfunctioning and provide required fixes, or when maintenance is required to address performance drops or other issues experienced by our customers.
  • Assist you, including support. We use Service Data to provide the technical support that you and our customers request, and to assess whether we have met your needs. We also use Service Data to improve our online support, and to communicate with you and our customers. This includes sending notifications about updates to the Services, and responding to support requests.
  • Protect you, us, our users, and the public. We use Service Data to improve the safety and reliability of our services by detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm you, us, our users, our customers, and the public. These activities are an important part of our commitment to secure our services. 
  • Internal reporting and analysis.  We use Service Data for internal reporting and analysis of applicable product and business operations. 
  • Comply with legal obligations. We use Service Data to comply with our legal obligations, for example, where we are responding to a legal process or an enforceable governmental request, or to meet our financial record-keeping obligations.

To achieve these purposes, we use Service Data together with information collected from other Company products and services.  Manual collection and review of Service Data may also occur, such as when you interact directly with our billing or support teams. 

Where Service Data Is Stored

Company maintains servers around the world and Service Data may be processed on servers located outside of the country where our users and customers are located.  Data protection laws vary among countries, with some providing more protection than others.  Regardless of where your information is processed, we apply the same protections described in this Privacy Notice. We also comply with certain legal frameworks relating to the transfer of data, such as the frameworks described below.

  • Adequacy decisions

The European Commission has determined that certain countries outside of the European Economic Area (EEA) adequately protect personal data, which means that data can be transferred from the European Union (EU), Norway, Liechtenstein, and Iceland to that third country without any further safeguard being necessary. The UK and Switzerland have approved similar adequacy decisions. We rely on those adequacy decisions in some cases.

  • Standard contractual clauses

Standard contractual clauses (SCCs) are written commitments between parties that can be used as a ground for data transfers from the EU to third countries by providing appropriate data protection safeguards. SCCs have been approved by the European Commission and can’t be modified by the parties using them (you can see the SCCs adopted by the European Commission here, here, and here). Such clauses have also been approved for transfers of data to countries outside the UK and Switzerland. Where required, we rely on SCCs for data transfers.   

How We Secure Service Data

Our Services are offered with strong security features to protect your data. We work hard to protect you from unauthorized access, alteration, disclosure, or destruction of information we hold, including:

  • Encrypting Service Data at rest and while in transit between our facilities. 
  • Regularly reviewing our Service Data collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems; and 
  • Restricting access to Service Data to our employees, contractors, and agents, including our affiliates’ employees, contractors, and agents, who need that Service Data in order to process it for us. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

How We Share Service Data

We do not share Service Data with companies, organizations, or individuals outside of our affiliates, except in the following cases:

  • When you procure third-party services

We share your information when you choose to procure a third-party service or application that requests access to your information.

  • With your consent

We share your information where we have obtained your consent to do so.

  • With your administrators and authorized resellers

When you use the Services, your administrator and resellers authorized to manage your or your organization’s account will have access to certain Service Data. For example, they may be able to:

  • View account and billing information, activity and statistics
  • Change your account password
  • Suspend or terminate your account access
  • Access your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
  • Restrict your ability to delete or edit your information or your privacy settings
  • For external processing

We do not sell your Service Data to any third parties.  We may share your Service Data with trusted third-party providers to process it for us as we instruct them, in compliance with this Privacy Notice and appropriate privacy and security measures in our contracts with them.

  • For legal reasons

We share Service Data if we have a good-faith belief that access to, or use, preservation, or disclosure of the Service Data is reasonably necessary to:

  • Comply with applicable law, regulation, legal process, or enforceable governmental request.
  • Enforce applicable agreements, including investigation of potential violations.
  • Detect, prevent, or otherwise address fraud, security, or technical issues.
  • Protect against harm to the rights, property or security of us, our affiliates,, our customers, users, and the public as required or permitted by law.

If we are involved in a reorganization, merger, acquisition, or sale of assets, we’ll continue to ensure the confidentiality of your Service Data.

Access to Service Data

Your organization may allow you to access and export your data in order to back it up or transfer it to a third-party service. Some Services may enable you to directly access and download the data you have stored in the services.  You may be able to access certain categories of Service Data directly from the Services, such as your billing contact information, payment and transaction information, or certain product and communication settings and configurations.

Deletion Or Retention Of Service Data

We retain Service Data for different periods of time depending on the type of data, how we use it, and how you configure your settings. When we no longer need such data, we delete or anonymize it.

For each type of Service Data and processing operation, we set retention timeframes based on the purposes for which we process it, and ensure that the information is kept for no longer than necessary. We retain most types of Service Data for a set period of up to 180 days (the exact number depends on the specific type of data). However, some data may be kept for longer periods where there is a legitimate business need. We generally have longer retention periods (which can be over a year) for Service Data that is kept for the following purposes:

  • Security, fraud and abuse prevention. We retain Service Data to protect us, our affiliates, users, customers, and the public from security threats (including when it is necessary to protect against fraudulent attempts to gain access to user accounts), or to investigate violations of applicable agreements. Usually, the Service Data retained where there is reason to suspect fraud or abuse would include device identifiers, identifiers from cookies or tokens, and IP addresses. 
  • Complying with legal or regulatory requirements. We retain Service Data when required by an enforceable legal process, such as a lawful subpoena. 
  • Complying with tax, accounting or financial requirements. When we process a payment for you, or when you make a payment to us, we retain Service Data about those transactions (including billing information), typically for a minimum of five years, as required for tax or accounting purposes, or to comply with applicable financial regulations.

At the end of the applicable retention period, we follow detailed protocols to make sure that the Service Data is securely and completely deleted from our active systems or retained only in de-identified form. After completion of these steps, copies of the data may remain for a limited period in our encrypted backup systems (which we maintain to protect this information from accidental or malicious deletion and for outage and disaster recovery purposes), before being overwritten by new backup copies.

EU Privacy Standards and GDPR

Exercising your data protection rights

If European Union (EU), UK, or Swiss data protection law applies to the processing of Service Data relating to you, you have certain rights, including the rights to access, correct, delete and export that information, and to object to or request that we restrict processing of your personal information.

Cameyo, Inc. is the data controller responsible for Service Data.  If you want to exercise your data protection rights with regard to Service Data we process in accordance with this Privacy Notice, and are not able to do so via the tools available to you or your organization’s administrator, you can contact us.

You can always contact your local data protection authority if you have concerns regarding your rights under local law.

Our grounds for processing your Service Data

When we process the Service Data described in Service Data We Collect for the purposes described in Why We Process Service Data (both sections are above), we generally rely upon legitimate interests in (i) fulfilling the contractual obligations that we owe to you or your employer to provide the Services, (i) in offering the best services we can, (iii) improving the Services to meet our customers’ needs, (iv) to protect against harm to the rights, property and safety of the Company and our affiliates; and where necessary for our, our affiliates’, and third parties’ legitimate interests to protect against harm to our users, our customers and the public, including criminal acts and rights violations, and (v) where we have a legal obligation to do so.  In some cases we may seek your consent to send you marketing communications.

Additional information (Switzerland) 

If Swiss data protection law applies to the processing of your Service Data, the following additional information is relevant:

Please see the section titled Where Service Data is Stored (above) for information on where we and our affiliates process Service Data. We also disclose your Service Data to service providers, partners and other recipients (see the section titled How We Share Service Data) that are located or process information in any country in the world.

We comply with certain legal frameworks relating to the transfer of information as set out in the section titled Where Service Data is Stored (above). We may also transfer your information to a third country based on an exception provided for by the Swiss Federal Data Protection Act.

An exception may apply in the event of legal proceedings abroad; in cases of overriding public interest or if the performance of a contract with you or in your interest requires disclosure; if you have consented; if the information has been made generally available by you and you have not objected to the processing; if the disclosure is necessary in order to protect the life or the physical integrity of you or a third party and we can’t get consent within a reasonable period of time; or if the information originates from a register provided for by Swiss law which is accessible to the public or to persons with a legitimate interest, provided that the legal conditions for the consultation of such register has been met in the specific case.

Brazil Requirements

If Brazilian data protection law applies to the processing of your personal information, you have certain rights, including the rights to access, correct, delete or export that information, as well as to object to or request that we restrict processing of that information. You also have the right to object to the processing of your information or to export your information to another service.

For users based in Brazil, the data controller responsible for information we collect under this Privacy Notice is Cameyo, Inc. If you want to exercise your data protection rights with regard to personal information we process in accordance with this Privacy Notice and are not able to do so via the tools available to you or your organization’s administrator, you can contact us. And you can contact your data protection authority if you have concerns regarding your rights under Brazilian law.

In addition to the purposes and grounds described in this Privacy Notice, we may process personal information on the following legal grounds:

  • Where necessary for the performance of a contract with you or your employer

We may process your information where necessary for us to enter into a contract with you or to comply with our contractual commitments to you.

  • When we’re complying with legal obligations

We’ll process your information when we have a legal obligation to do so.

  • When we’re pursuing legitimate interests

We may process personal information based on our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. This means that we process your information in the interests of providing the Services you request; making recommendations to optimize use of the Services; maintaining and improving the Services; providing and improving other services you request; assisting you; and protecting against harm to the rights, property or safety of us and our affiliates, our users, our customers, and the public, as required or permitted by law.

U.S. State Privacy Law Requirements

Some U.S. state privacy laws require specific disclosures for state residents.  These laws may include:

  • California Consumer Privacy Act (CCPA) (as amended by the California Consumer Privacy Act Regulations (CCPR);
  • Virginia Consumer Data Protection Act (VCDPA);
  • Colorado Privacy Act (CPA);
  • Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA); and
  • Utah Consumer Privacy Act (UCPA)

This Privacy Notice is designed to help you understand how we handle Service Data:

  • We explain the categories of Service Data we collect and the sources of that Service Data in Service Data We Collect. 
  • We explain the purposes for which Company collects and uses Service Data in Why We Process Service Data. 
  • We explain when we may disclose Service Data in How We Share Service Data. We do not sell your Service Data to any third parties. We also do not “share” your personal information as that term is defined in the CCPA, as amended by the CPRA. 
  • We explain how we retain Service Data in Deletion Or Retention of Service Data. Company may also de-identify personal information about you. When we de-identify personal information, we maintain policies and technical measures to avoid re-identifying that information.

U.S. state privacy laws also provide the right to request information about how we collect, use, and disclose Service Data. And they give you the right to access your Service Data, sometimes in a portable format;  correct Service Data; and to request that we delete that Service Data. They also provide the right to not be discriminated against for exercising these privacy rights.  We provide the information and tools described in Access to Service Data so you can exercise these rights. When you use them, we’ll validate your request by verifying your identity.

If you have questions or requests related to your rights under U.S. state privacy laws, you (or your authorized agent) can also contact us. And if you disagree with the decision on your request, you can ask us to reconsider it by responding to the team’s email.

Some U.S. state privacy laws require a description of Service Data practices using specific categories. This table uses these categories to organize the information in this Privacy Notice.

Categories of Service Data we collect Business purposes for which Service Data may be used or disclosed Parties with whom Service Data may be used or disclosed
  • Identifiers and similar information such as your username, name, phone number, address, and job titles, as well as unique identifiers tied to the browser, application, or device you’re using. 
  • Demographic information, such as your preferred language and age. 
  • Commercial information such as records of charges, payments, and billing details and issues. 
  • Technical and operational details of your usage of Services, such as information about your usage, operational status, software errors and crash reports, authentication details, quality and performance metrics, and other technical details necessary for us to operate and maintain Services and related software. This includes device identifiers, identifiers from cookies or tokens, and IP addresses. 
  • Approximate Location data, as may be determined by IP address, depending in part on your device and account settings. 
  • Audio, electronic, visual, and similar information, such as audio recording of your calls with our technical support providers. 
  • Inferences drawn from the above, like aggregated performance metrics for a new product feature to determine product strategy.
  • Protecting against security threats, abuse, and illegal activity. We use and may disclose Service Data to detect, prevent and respond to fraud, abuse, security risks, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our services, we may receive or disclose information about IP addresses that malicious actors have compromised. 
  • Auditing and measurement. We use Service Data for analytics and measurement to understand how our services are used, and to provide you and our customers with recommendations and tips. We may disclose non-personally identifiable information publicly and with partners, including for auditing purposes. 
  • Maintaining our services. We use Service Data to provide Services and related technical support, and other services you request, and ensure they are working as intended, such as tracking outages or troubleshooting bugs and other issues that you report to us. 
  • Product development. We use Service Data to improve Services and other services you request, and to develop new products, features and technologies that benefit our users and customers. 
  • Use of service providers. We disclose Service Data with service providers to perform services on our behalf, in compliance with this Privacy Notice and other appropriate confidentiality and security measures in our contracts with them. For example, we may rely on service providers to help provide technical support. 
  • Legal reasons. We also use Service Data to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement.

We do not disclose Service Data to third-party companies, organizations, or individuals except in the following cases:

 

When you procure third-party services. We disclose Service Data to third-parties when you or our customers choose(s) to procure a third-party service or use a third-party application that requests access to your Service Data.

 

With your consent. We’ll disclose Service Data to third-parties where we have obtained your consent.

 

With your administrators and authorized resellers. When you use the Services, your administrator and resellers authorized to manage your or your organization’s account will have access to certain Service Data.

 

For external processing. We disclose Service Data to trusted third-party providers to process it for us as we instruct them and in compliance with this Privacy Notice and appropriate privacy and security measures in our contracts with them. 

 

For legal reasons. We disclose Service Data to third-parties when we have a good-faith belief that access to or disclosure of that Service Data is reasonably necessary to:

 

  • Comply with applicable law, regulation, legal process, or enforceable governmental request. 
  • Enforce applicable agreements, including investigation of potential violations. 
  • Detect, prevent, or otherwise address fraud, security, or technical issues. 
  • Protect against harm to the rights, property or safety of us, our affiliates, our customers, users, and the public, as required or permitted by law.

Japan Requirements

If Japanese data protection law (the Act on the Protection of Personal Information, “APPI”) applies to the processing of your Service Data, we provide the following additional information for users of the Services residing in Japan.

Controller of Service Data. Service Data is controlled primarily by Cameyo, Inc.

Purpose of collection and use of Service Data. We collect and use Service Data for the purposes set out in the notice, above.

Measures undertaken to protect retained personal information.

Establishment of general policy

Company established and published this Privacy Notice outlining our general policy relating to Service Data.

 

Establishment of internal policy relating to handling of personal data

Company and our affiliates established internal policies about handling measures and persons in charge and their responsibility etc. with regard to the acquisition, utilization, records, provision, deletion, etc., of personal data.

 

Internal organization as security control action

Company and our affiliates have large security and privacy teams responsible for developing, implementing, and reviewing internal personal data handling processes. Company’s and our affiliates’ employees are trained to report suspected incidents involving personal data, which may be done through various channels such as through dedicated email addresses or digital platforms. A dedicated team assesses reported incidents, and as appropriate a coordinated team is assigned to manage the overall incident, including liaising with Legal and the product team as part of the investigation and response. The team on-call for an incident is assigned on a daily rotation. Incident responses may follow either a standard or an expedited route, depending on the severity and priority assigned to the incident.

 

Personnel measures as security control action

Company and our affiliates conduct periodical training for its employees about matters to consider when handling personal data.

 

Physical measures as security control action

Company and our affiliates take measures to prevent unauthorized persons from accessing personal data in any situation and to prevent theft or loss of devices and electronic media for handling personal data.

 

Technical measures as security control action

Please see How we Secure Service Data and Deletion or Retention of Service Data, above, for further information on the security measures undertaken to secure, retain, and delete Service Data.

Research of external environment

Data protection laws vary among countries, with some providing more protection than others. Company and our affiliates have established a personal information protection system to ensure your information is accorded protections equivalent to APPI, as described in this Privacy Notice. We also comply with certain legal frameworks relating to the transfer of data, such as the European frameworks described above. For more detail, please see Data Transfer Frameworks, above. Further, with regard to the location of our data centers storing Service Data, please see Where Service Data is Stored (above). There may be cases where Company entrusts the processing of information to subprocessors or its subsidiaries or affiliates. With regard to locations of our offices, subsidiaries, subprocessors and affiliates, please contact us.

 

Contact information. For users of the Services residing in Japan that have any inquiries or requests about your Service Data related rights under applicable law, please contact us.


Updates to this Notice

We change this Privacy Notice from time to time.  We always indicate the date the last changes were published and we offer access to archived versions for your review. If changes are significant, we’ll provide a more prominent notice (including, for certain cases, email notification of Privacy Notice changes).