Last updated: 27 October 2020

Salto Labs Inc.  (“Salto”, “our”, “we” or “us”) offers to its customers (each, a “Customer”) an online Software-as-a-Service platform (the “Solution”), which is intended to assist Customers in their management, monitoring and configuration of their business applications (“Business Applications”), by collecting, analyzing and changing data therefrom. In addition, our Website located at https://Salto.io/ offers its visitors (respectively “Website” and “Visitors”), information on our company, technology and information concerning our Solution, as well as demos and trials of our Solution (if such are made available). The Website together with the Solution and related services, except if specifically designated otherwise, shall be referred to herein as the “Services”.

 

Salto respects the privacy of the users of our Services (“User”, “You” or “Your”). Users include: (I) first user of the Solution that identifies itself as associated with Customer (“Customer’s Admin”), (II) end-users invited by Customer and/or by Customer Admin (namely employees and any other Customer personnel) who use or access the Services under Customer’s account (the “End User(s)”), (III) and Visitors. This Privacy Policy (the “Privacy Policy”) is intended to describe our practices regarding the information we may collect from you when you use or access our Services, the ways in which we may use such information, and the choices and rights available to you.

 

This Privacy Policy supplements and shall be read in conjunction with our Terms of Use (the “Terms of Use”) and our Cookie Policy (the “Cookie Policy”), and may be supplemented by additional privacy statements, terms or notices provided to you. Capitalized terms that are not defined herein, shall have the meaning ascribed to them in our Terms of Use.

1. YOUR CONSENT

PLEASE READ THIS PRIVACY POLICY BEFORE ACCESSING AND/OR USING THE SERVICES. BY ACCESSING OR USING THE SERVICES, YOU AGREE TO THE TERMS AND CONDITIONS SET FORTH IN THIS PRIVACY POLICY, INCLUDING TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION (AS DEFINED BELOW). IF YOU DISAGREE TO ANY TERM PROVIDED HEREIN, YOU MAY NOT ACCESS OR USE THE SOLUTION AND/OR THE WEBSITE.

Please note: you are not obligated by law to provide us with any Personal Information. You hereby acknowledge and agree that you are providing us with Personal Information as described in this Privacy Policy at your own free will. You hereby agree that we may collect and use such Personal Information pursuant to this Privacy Policy and any applicable laws and regulations.

TO THE EXTENT THAT YOU PROVIDE US WITH ANY PERSONAL INFORMATION RELATED TO ANY THIRD PARTY OR ANY OTHER PERSON OR ENTITY WHICH IS NOT YOU, INCLUDING INFORMATION RELATED TO ANY OF YOUR PERSONNEL, COLLEAGUES OR CUSTOMERS, YOU ARE SOLELY RESPONSIBLE TO RECEIVE AND HEREBY REPRESENT THAT YOU HAVE AND UNDERTAKE THAT YOU SHALL HAVE AT ALL TIMES, MAINTAINED AND RECEIVED, THE CONSENT, AUTHORITY, PERMISSION AND APPROVAL OF SUCH PERSONS AND PROVIDED THEM WITH SUFFICIENT DISCLOSURES, TO ALLOW SALTO TO ACCESS, STORE, COLLECT, ANALYZE AND PROCESS SUCH PERSONAL INFORMATION AS DETAILED HEREIN.

 

2. SCOPE AND APPLICABILITY

This Privacy Policy applies only to the information we collect in connection with your use of the Services. This Privacy Policy does not apply to the information we collect in connection with your access or use of the open source products ("OS Products") made available by Salto or otherwise when you receive services from us, such as support services with respect to such use or access of the OS Products, which are separately governed by the Open Souce Product Privacy Policy.


3. WHAT TYPES OF INFORMATION DO WE COLLECT?

1. We divide the information we access and collect into two categories: Personal Information and Non-Personal Information. In this section, we describe each of the two categories of information which we may collect, and the applicable circumstances under which such collection is performed.

  • Non-Personal Information: “Non-Personal Information” is information which may be made available to us, or collected automatically via your use of the Services, that does not enable us to identify the person from whom it was collected, or to whom such data pertains. Non-Personal Information usually consists of technical and aggregated usage information which is not linked to a specific individual.

  • Personal Information: “Personal Information” is information that pertains or relates to a specific individual, where such individual is identified or may be identified with reasonable efforts or together with additional information, we have access to. Identification of an individual also includes the association of such an individual with a persistent identifier such as a name, an identification number, persistent cookie identifier, etc., i.e. an identifier that does not expire at the end of your session in our Services.  Personal Information does not include information that has been anonymized or aggregated; provided that such information can no longer be used to identify a specific natural person. 

2. We collect Personal Information from you and any devices (including mobile devices) you use when you: use or access our Services, register for an account with us, provide us information on a web form or other text field, update or add information to your account, request and receive a demo session, register for a free trial of the Solution, or otherwise use any of the free tools we may make available on our Website and thereby receive our respective analysis (the “Report”), or through correspondence you and we conduct with each other through any channel of communication.

 

More specifically we collect and use the following categories and types of Personal Information in the following respective circumstances: 

1. Personal Information you provide us actively and voluntarily when you use or interact with our Services: 

This category refers to any information, data or content you actively and voluntarily create or provide through the Services such as:

  • Contact information such as full name, email address, position, company and any other information you actively input through our Services’ online forms and text fields and in your correspondence with us through various channels of communication, including when you register for an account with us or when you update your account details.
  • The contents of Users’ interaction with our customer support which may include text/video/audio recording and transcripts of such communications.

2. Personal Information we automatically obtain when you use or interact with our Services:

The information we obtain through the Services when Users access or interact with the Services, which is derived, learned, or detected as a result of such access and/or interaction, such as:

  • Technical information with respect to the devices and software you use to access our Services such as screen size, operating system, type of end-user device, device ID, etc.
  • Usability information with respect to your use of the Services and your engagement, such as clickstream, event and log data, page visits, and different segmentation we apply when we consider your engagement with our Services.
  • Impression and attribution information which mainly includes information concerning your navigations from and to our services, such as http referrals, IP address, advertiser ID.
  • Information concerning your use and configuration of Business Applications to which you connect the Services, and the analysis and other output we provide with respect thereto.  

 

We perform such automatic collection through: (i) use of cookies, web beacons, and similar technologies; and (ii) unique identifiers you provided us with, such as email, ID number, full name or other unique identifiers that generally only identify a computer, device, browser or application.

Keep in mind - Most mobile devices, operating systems and browsers, allow their user to control or disable the use of certain collectible information including location services, by any application, in the device's settings menu.

 

  1. Personal information collected from other sources:
  • Information from social networks. When using social login to log-in to the Services, we may have access to your public profile (if applicable). We collect your information from your social network account only if and to the extent you provided your permission for such collection.
  • We may also collect personal information concerning you, from third parties who have assured us that they have obtained your consent for such provision of information. For example, we may collect and use your contact information from a Customer or Customer Admin if they used the Services to invite you to their Customer’s account as an End User, as allowed by applicable national laws.

 

For avoidance of doubt, any Non-Personal Information connected or linked to any Personal Information shall be deemed as Personal Information as long as such connection or linkage exists.

We do not collect any Personal Information from you or related to you without your approval, which is obtained, through various means, including through your acceptance of this Privacy Policy.

4. WHY DO WE COLLECT AND PROCESS YOUR INFORMATION?

We may use information that we collect and receive about you for the following purposes:

  • To provide, operate and improve our Services and related offers and to manage our business.
  • To provide our Users with a better user experience, more fitted to their specific needs.
  • To be able to contact Users who requested such contact to be made, for the purpose of providing them with further information on Salto and its Services or otherwise to provide them ;
  • To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities, whether suspected or actual;
  • To comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates.
  • To be able to send Users our newsletters and information in connection with the Services, where Users registered to receive such messages, or otherwise to provide important notices with respect to Services to which Users have registered; 
  • To market our Services to Users or potential Users, and to be able to track and evaluate our marketing activities and their results and attribute different marketing achievements to the respective marketing efforts. 
  • To act upon and comply with requests you may make pursuant to this Privacy Policy and the privacy laws that apply to you. 
  • To perform functions or services as otherwise described to you at the time of collection;

Important – Allowing the Services to connect to your Business Application accounts, may also allow us to have access to view and edit the underlying data of your Business Applications accounts, i.e. the data that you manage through your use of the Business Applications (“Underlying Data”). Processing of such Underlying Data is not required for us to provide you with the Services and we undertake that we will NOT process such Underlying Data or otherwise make any use of it. 


5. WHAT ARE OUR LEGAL GROUNDS FOR COLLECTING YOUR PERSONAL INFORMATION?

  1. With your consent: We ask for your agreement to process your information for the specific purposes stated herein and you have the right to withdraw your consent at any time. For example, we ask for your consent to connect your Business Applications accounts (which may contain Personal Information) to the Services and you may at any time withdraw such consent; 
  2. In the scope of providing the Services: We collect and process your Personal Information in order to provide you with the Services which are tailored to your needs and requirements.   
  3. Legitimate interests: We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for purposes like detecting, preventing or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with our Services; protecting against harm to the rights, property or safety of our Services, our Users or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; and in order to comply and/or fulfil our obligations under applicable laws, regulation, guidelines, industry standards and contractual requirements, legal process, subpoena or governmental request. 


6. WHO DO WE SHARE YOUR INFORMATION WITH AND WHY?

We keep the information processed by us in strict confidence and we may only share information with third parties (or otherwise allow them access to it) in very limited circumstances and for very specific purposes, as described below:

  1. Internally – We may share information with our family of companies, as well as our employees, for the purposes described in this Privacy Policy and in accordance with Section 5 above. In addition, should Salto or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, your information may be shared with the parties involved in such event under strict security conditions, for the purpose of evaluating such event and in accordance with the terms of this Privacy Policy. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have, either through a prominent notice on our Services or by contacting you directly through contact details you have provided us.
  1. Protecting Rights and Safety – We may share your information to enforce this Privacy Policy and/or the Terms of Use or any other agreement between Salto and you with respect to the Solution, including investigation of potential violations thereof; to detect, prevent, or otherwise address fraud, security or technical issues; or otherwise, if we believe in good faith that this will help protect the rights, property or personal safety of any of our users, or any member of the general public.
  1. Third Parties & Business Partners –We partner with certain third parties to provide selected services that are used to facilitate and enhance the Services and your use thereof (“Service Providers"). Such Service Providers may have access to, or process on our behalf personal information which we collect, hold, use, analyze, process and/or manage. These Service Providers include among others, hosting, database and server co-location services (e.g. AWS), data analytics services (e.g. Segment.IO), session replay records for analytic purposes such as crashes, functionality and usability (e.g. DataDog, Hotjar), development operations (e.g. LaunchDarkly, Atlassian Jira), data and cyber security services, fraud detection and prevention services,user authentication services (e.g. Auth0) e-mail and text message distribution and monitoring services (e.g. Twilio), billing providers (e.g. Chargify), payment processors (e.g. Stripe), dispute resolution providers, customer support and call center services (e.g. Intercom and Zendesk), and our business, legal and financial advisors. We remain responsible for any personal information processing done by Service Provider on our behalf, except for events outside of our and/or their  reasonable control, and except with respect to Service Providers with whom you are contractually engaged, either  through a prior separate contractual engagement and/or through acceptance of their privacy policy and terms of use if such are referenced under section ‎___ below.
  1. Law Enforcement – We may cooperate with government and law enforcement officials to enforce and comply with the law. We may therefore disclose any information to government or law enforcement officials as we believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party’s property and legal rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable. 

For avoidance of doubt, we may share anonymized/de-identified information with any other third party, at our sole discretion.

7. WHERE DO WE TRANSFER OR STORE YOUR INFORMATION?

Information regarding the Users may be maintained, processed and stored by us and our authorized affiliates and service providers in the United States, EU and in Israel.

While the data protection laws in the above jurisdictions may be different than the laws of your residence or location, please know that we, our affiliates and our service providers that store or process your personal information on our behalf are each committed to keep it protected and secured, pursuant to this Privacy Policy and industry standards, regardless of any lesser legal requirements that may apply in their jurisdiction.

Specifically, each of our Third Party Service Providers which store or process your Personal Information either: (i) assured us that they provide adequate safeguards to protect your rights to privacy including where applicable, by undertaking to comply with the EU Standard Contractual Clauses; (ii)  where applicable, hold and process such information on our behalf in jurisdictions which have been determined to ensure an adequate level protection by the EU Commission; (iii) perform such processing pursuant to your consent and acceptance of their privacy policy as further detailed in this Privacy Policy. 

By providing your information, you expressly consent to the place of storage and transfer described above, including transfers outside of the jurisdiction in which the information was provided.


8. WHAT ARE MY RIGHTS?

If applicable to you under your country’s jurisdiction, you may have certain rights in connection with your Personal Information and how we handle it. You can exercise your rights at any time by contacting us via any of the methods set out in Section 16 below. Those rights may include, but are not limited to, the following:

  1. Right of access. You may have a right to know what information we hold about you and, in some cases, to have the information communicated to you. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information. 
  2. Right to correct Personal Information. We endeavor to keep the information that we hold about you accurate and up to date. Should you realize that any of the information that we hold about you is incorrect, please let us know and we will use our best efforts to correct it as soon as we can.
  3. Data deletion. In some circumstances and under certain laws and regulations, you may have a right to request that some portions of the Personal Information that we hold about you be deleted or otherwise anonymized/de-identified.
  4. Data portability. In some circumstances and under certain laws and regulations, you may have the right to request that data which you have provided to us is provided to you, so you can transfer or port it elsewhere.

 

California Privacy Rights: Residents of California please see our California Privacy Rights Statement for information about California Privacy Rights, and other required disclosures, if any.


9. DO YOU USE COOKIES OR SIMILAR TRACKING TECHNOLOGIES?

  1. When you access or use the Services, Salto may use industry-wide monitoring and tracking technologies such as "cookies" or “pixel tags” (or similar technologies), which store certain information on your computer ("Local Storage") and which will allow us to enable automatic activation of certain features, and make your service experience much more convenient and effortless. The Local Storage is created per session and may be deleted by you, or you may configure your browser to not accept any such local storage items. 

For example, these technologies enable us to: (i) provide you with the Services, (ii) keep track of our users’ preferences and authenticated sessions, (iii) secure our website by detecting abnormal behaviors, (iv) identify technical issues and improve the overall performance of the Services, and (v) deliver targeted advertisements that are more tailored to their audience and track ad performance (For more information about this practice, click here: http://www.aboutads.info/choices/).

Such tracking technologies may include, Pixel tags (also commonly known as web beacons), transparent images, iFrames, cookies, or Java script placed on our Website or our advertisements and emails, that are used to understand how you interact with the Website, with such advertisements and emails. To learn more about our use of Cookies and other tracking technologies, please see our Cookie Policy [LINK]. It is important to note that some of these tracking technologies are provided to us by our Services Providers who collect and process personal information in the scope of the services that they provide us.

  1. Please note – in certain cases such Services Providers may collect and process personal information, in a scope which is broader than the scope of collection and processing required for the purposes set forth above. This means that sometimes these Services Providers have access to more of your personal information than we do. In such cases, all such excess collections and processing are performed pursuant to and under a direct contractual relationship you have with such Service Providers, as detailed below and any rights you may have with respect to such information, collected by such Services Providers, shall be governed by such contractual relationship. Otherwise, the terms of this Privacy Policy shall fully apply.

We may also use Google Adwords, Facebook, Twitter and LinkedIn’s functionality of re-marketing tracking cookies and pixel-based retargeting. This means that if you provide your consent to Google, Facebook, Twitter or LinkedIn (the “Social Ad Platforms”) to be provided with personalized commercial offers, you may be served with ads based on your use of the Website, outside of the Website and across the internet. In such event the Social Ad Platforms, will place cookies or pixels on your web browser and use such technologies to serve you ads based on past visits to our Website.

Please visit the Social Ad Platforms’ individual privacy policy to find out how they use such information:

If you wish to opt-out of such re-targeting and tracking functionality of the Social Ad Platforms, you may do so at the following links:

In addition, if you wish not to receive ads from us based on your use of the Site, please send us an e-mail to [support@salto.io] and we will respond within a reasonable timeframe and in accordance with applicable laws.

  1. By accepting this Privacy Policy and using the Services you hereby consent that the following third party Services Providers shall collect and process your personal information in accordance with their respective privacy policy to which you hereby agree: Google analytics, Segment, Hotjar.

 

Learn more about your choices and how to opt-out of tracking technologies:

In order to delete or block any tracking technologies, please refer to the “Help” area on your internet browser for further instructions, or You may also opt out of third party tracking technologies by following the instructions provided by each third party service provider in its privacy policy listed above or visiting www.youronlinechoices.eu or http://www.aboutads.info/choices/. Please note however that deleting any of our tracking technologies or disabling future tracking technologies may prevent you from accessing certain areas or features of our Website, or may otherwise adversely affect your user experience. Please also note that we do not respond to the ‘Do Not Track’ setting on your browser as the protocol and form for such setting has not yet been generally accepted.

10. HOW DO YOU KEEP MY INFORMATION SECURE?

We take great care in implementing and maintaining the security of the Services and of your Personal Information. We have implemented administrative, technical and physical safeguards to help prevent unauthorized access, use or disclosure of your Personal Information. Your information is stored on secure servers and isn’t publicly available. We limit access of your information only to those employees, third party service providers or partners on a “need to know” basis, and strictly in order to enable us to perform the agreement between you and us. 

Despite these measures, Salto cannot provide absolute information security or eliminate all risks associated with Personal Information, and security breaches may happen. If there are any questions about security, please contact us at privacy@salto.io.


11. HOW LONG WILL YOU RETAIN MY INFORMATION?

We will retain your Personal Information only for as long as necessary to achieve the purposes for collection and processing set forth above. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. If you withdraw your consent to our processing of your Personal Information, we will delete your Personal Information from our systems (except to the extent retaining such data in whole or in part is necessary to comply with any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our affiliates).


12. HOW DO YOU PROTECT THE PRIVACY OF CHILDREN?

To use our Services, Users must be over the age of eighteen (18). Therefore, we do not knowingly collect Personal Information from individuals under the age of eighteen (18) and we do not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that individuals under the age of eighteen are not using the Services. If you believe that we might have any information from or about an individual under the age of eighteen (18), please contact us at privacy@salto.io. In the event that it comes to our attention that a person under the age of eighteen (18) is using the Services, we may prohibit and block such User from using the Services and will make all efforts to promptly delete any Personal Information with respect to such User.

If you are submitting to the Services any Personal Information pertaining to any minor child, you hereby represent and warrant that you have received all the necessary legal consents or approvals or that you are the parent or legal guardian and have the actual authority and legal right to upload, submit, disclose or otherwise share such Personal Information and/or any other form of sensitive information, on the minor’s behalf.


13. HOW DO WE USE THE INFORMATION OF JOB CANDIDATES?

We welcome qualified candidates to apply to any of the open positions posted on our Services by sending us your contact details and CV or resume (“Candidate Information”). Since privacy and discreetness are very important to our candidates, we are committed to keep Candidate Information private and will use it solely for our internal recruitment purposes (including for identifying candidates, evaluating their applications, making hiring and employment decisions, and contacting candidates by phone or in writing).

Please note that we may retain Candidate Information submitted to us even after the applied position has been filled or closed. This is done so we could re-consider candidates for other suitable positions and opportunities at Salto; so we can use the Candidate Information as a reference for future applications; and in case the candidate is hired, for additional employment and business purposes related to their employment with us.

 
14. UPDATES TO THIS PRIVACY POLICY

This Privacy Policy is subject to changes from time to time, in our sole discretion. The most current version will always be posted on our Services (as reflected in the “Last Revised” heading). You are advised to check for updates regularly. We will provide notice of substantial changes of this Privacy Policy on the homepage of the Services and/or we will send you an e-mail regarding such changes to the e-mail address that you may have provided to us. Such substantial changes will take effect seven (7) days after such notice was provided on our Services or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of the Services after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

15. GENERAL INFORMATION

This Privacy Policy, its interpretation, and any claims and disputes related hereto, shall be governed by the laws of the State of California, without respect to its conflict of law principles. Any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court of competent jurisdiction located in San Francisco, California.

This Privacy Policy was written in English and may be translated into other languages for your convenience. If a translated (non-English) version of this Privacy Policy conflicts in any way with the English version, the provisions of the English version shall prevail.


16. HOW CAN I CONTACT YOU?

If you wish to exercise any of the aforementioned rights, or receive more information, please contact us using the details provided below:

 

Salto 

Email: privacy@salto.io

Address: 94 Yigal Alon Street, Tel Aviv, Israel