User Privacy Policy

9 minute read
Last updated May 01, 2018

This User Privacy Policy sets out our commitment to protecting the privacy of Personal Information provided to us or otherwise collected by us, offline or online including through this website (the “Services”) for logged in and identified users.

In this User Privacy Policy “you” means any party that provides Personal Information to us and “we” or “us” means Dovetail Research Pty Ltd (ABN 84 615 270 025).

Please read this User Privacy Policy carefully. By providing Personal Information to us, you consent to our collection, holding, use and disclosure of your Personal Information in accordance with this User Privacy Policy. Please contact us if you have questions, our contact details are at the end of this User Privacy Policy. If you do not wish to provide Personal Information to us, then you do not have to do so.

Definitions

Throughout this User Privacy Policy:

User: means any person who has registered an account on our Services, either through creating a new team themselves or being invited to an existing team by a Customer.

Personal Information is as defined in the Privacy Act 1988 (Cth) (Privacy Act). The Privacy Act defines ‘Personal Information’ as:

“Information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.”

Project/Projects: means any research project created by a User on the Services.

Customer Data: means any content added by a User to the Services.

What information you provide to us

As a User of the Services, you provide information to us. This includes:

  • profile information like your name, email address, and profile photo;
  • content you provide through the Services, for instance projects, notes, tags, files;
  • when you subscribe to our paid services, your billing details including your address;
  • details of services we have provided to you or that you have enquired about;
  • your responses to questionnaires, surveys, or requests for feedback; and
  • additional Personal Information that you provide to us directly or indirectly through your use of our Services, associated social media platforms or accounts from which you permit us to collect information.

What information we log about you

We log information about your access and use of our Services. This includes:

  • your communications with our Services;
  • your behavior through analytics events;
  • your Internet Protocol (IP) address;
  • your approximate geographic location;
  • the storage of Internet cookies;
  • the type of browser you are using;
  • the type of device you are using; and
  • the type of operating system you are using.

How we use information we collect

We collect and use your information:

  • to enable you to access and use our Services;
  • to enable you to create Projects via the Services;
  • to enable you to add Customer Data to Projects via the Services;
  • to process your payments where you have signed up to a paid service;
  • to contact and communicate with you;
  • to improve our Services through research and development;
  • to prevent and address technical problems;
  • to provide you with support services if requested;
  • for internal record keeping; and
  • for advertising and marketing, including to send you information about our products and services.

If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:

  • we need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
  • it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
  • you give us consent to do so for a specific purpose; or
  • we need to process your data to comply with a legal obligation.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.

Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.

How we share information we collect

Dovetail is collaborative cloud product built for teams. This means sharing information with others through the Services, and with certain third parties.

We share information we collect about you in the ways discussed below, including in connection with possible business transfers, but we are not in the business of selling information about you to advertisers or other third parties.

Where we disclose your Personal Information to third parties for the purposes listed below, we will confirm that the third party’s privacy policies and procedures are in accordance with the Privacy Act.

Sharing with other users

Certain information will be shared with other members of your team. These people are usually colleagues you work with day-to-day, or clients you have added to your team.

The information shared with teammates includes:

  • profile information like your name, email address, and profile photo; and
  • content you add to the Services, for example files, notes, projects, and tags.

Sharing with third parties

As part of providing our Services, we use third party services to store and process your Personal Information. This includes third parties that store data outside of Australia.

We share your data with third party services in the following ways:

  • Amazon Web Services for hosting, logging, and storage.
  • ChartMogul for storing payment analytics information.
  • Heroku for hosting, logging, and storage.
  • Mailchimp for sending you promotional emails and product news.
  • Mixpanel for tracking your behavior through analytics events.
  • Sendgrid for sending you transactional email communication.
  • Stripe for storing your billing details, address and postcode.

For more information on our use of third parties, including the geographic location of each, see our list of Data Subprocessors.

Other third party disclosure

In addition, we may disclose Personal Information to:

  • credit reporting agencies and courts, tribunals and regulatory authorities where you fail to pay for goods or services provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
  • third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia.

If there is a change of control of our business or a sale or transfer of business assets, we reserve the right to transfer our user databases, together with any Personal Information and non-Personal Information contained in those databases, to the extent permissible by law. This information may be disclosed to a potential purchaser. We would seek to only disclose information in good faith.

Your rights

Choice and consent: If you choose to provide us with your Personal Information, you consent to the terms in this User Privacy Policy, and to us disclosing or receiving your Personal Information for these purposes.

Your provision of third party information: If you provide us with third party Personal Information then you warrant to us that you have the third party’s consent.

Restrict: If you have previously agreed to us collecting and using your Personal Information, you may change your mind at any time by contacting us at the email address listed in this User Privacy Policy. This may mean no longer using the Services.

Access: You may request details of Personal Information that we hold about you, in certain circumstances set out in the Privacy Act 1988 (Cth) (Privacy Act). We may refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please edit your Personal Information or contact us. We rely in part upon customers advising us when their Personal Information changes. We will respond to any request within a reasonable time. We will endeavour to promptly correct any information found to be inaccurate, incomplete or out of date.

Deletion: You may request to have your account deleted along with any Personal Information you have added to the Services. It may take up to 14 days for your Personal Information to be completely removed from our system, backups, and third parties.

Complaints: If you believe that we have breached the Australian Privacy Principles and wish to make a complaint about that breach, please contact us by email setting out details of the breach. We will promptly investigate your complaint and respond to you in writing setting out the outcome of our investigation, what steps we propose to take to remedy the breach and any other action we will take to deal with your complaint.

Unsubscribe: You may opt out of non-transactional or non-account related promotional emails by clicking the “unsubscribe” link located at the bottom of our communications.

Data storage, transfer, and security

Dovetail hosts data with hosting service providers in numerous countries including the United States and Australia. We are committed to ensuring that the information you provide is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

No information transmitted over the Internet can be guaranteed to be secure. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that Personal Information that we collect will not be disclosed in a manner that is inconsistent with this User Privacy Policy.

Where data is transferred over the Internet, the data is encrypted using industry standard SSL (HTTPS), with HTTP Strict Transport Security (HSTS) enabled.

Data breach notification

In the event where a data breach is likely to result in serious harm to any of the individuals to whom the information relates, we will provide a statement to the Commissioner notifying of the data breach as soon as practicable after we become aware of the breach. We will also notify affected individuals as soon as practicable after preparing the statement for the Commissioner.

Our Services may contain links to other websites of interest. We do not have any control over those websites. We are not responsible for or liable for the protection and privacy of any information which you provide whilst visiting such websites, and such websites are not governed by this User Privacy Policy.

International users

If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your Personal Information to Australia and the United States to us.

By providing your Personal Information, you consent to any transfer and processing in accordance with this Policy.

Amendments

This User Privacy Policy may be amended, including with changes, additions and deletions, from time to time in our sole discretion. Your continued use of our Services following any amendments indicates that you accept the amendments.

You should check this User Privacy Policy regularly, prior to providing Personal Information, to ensure you are aware of any changes, and only proceed to provide Personal Information if you accept the new User Privacy Policy.


For questions and notices, please email legal@dovetailapp.com.