This Privacy Policy was last updated and effective as of March 9th, 2020
  1. Welcome to Switchbit!
  2. Switchbit, Inc. (“Switchbit”, “we”, or “us”) is a software company that sells tools for companies to understand, implement, and manage their privacy obligations to their consumers and to control how they store and process data to make compliance with those obligations easy.

    This Privacy Policy applies to your use of Switchbit’s tools, services, and platform, including any associated Switchbit mobile or desktop applications, switchbit.com and other Switchbit websites (collectively “the Services”, and any websites specifically, the “Websites”), as well as your relationship with Switchbit.

    By accessing or using the Services, you are agreeing to this Privacy Policy and concluding a legally binding agreement between yourself and Switchbit. If you do not agree with this Privacy Policy, please do not access or use the Services.

    You should read our Privacy Policy in full to understand what data we collect, how we use it, and the circumstances where we may share it. Please note if that you reside in the EU or other regions outside the US, information collected through our Services will be transferred to and processed in the US or elsewhere. While Switchbit participates in the EU-US and Swiss Privacy Shield program as described below, these locations may not have the same data protection laws as the country in which you initially used our Services. By using our Services, you consent to any transfer and processing in accordance with this Privacy Policy. If you have any questions, please contact us at privacy@switchbit.com.

    This Privacy Policy may change over time. If we make changes to it, we will post the modified Privacy Policy on our website, www.switchbit.com/privacy. We encourage you to visit this page periodically to learn of any updates.

  3. Information We Collect
  4. We collect personal information (or personal data) and non-personal information from you when you use our Services. As further described in this section, we may receive personal information about you that you submit through the Services or that is provided to us by a third party; we also may receive personal information about you automatically as you use the Services.

    Information you Provide Us: We receive personal information about you that you choose to provide to us, including when you create an account; search for or purchase our offerings; configure settings; communicate with us; or otherwise use our Services.

    Information from our Customers: Our customers (“Customers”) may share information with us so that we can provide them with services. Each Customer chooses what information it shares, which may, for example, include personal information (“Customer Data”).

    Usage and Log Data: When you interact with our Services, we may collect information from your device or web browser when you interact with the Services. For example, when you interact with the Services, we may log and store your IP address and technical information about your usage like your device ID, browser type, how you progressed through the Services, where you abandoned it, etc. We can use your IP address to determine your general location.

    App Data: If you use a Switchbit application, on mobile or other platforms, we may collect analytic information about your device, such as IP address, device ID, OS version, and the clickstream.

    Information from Public Sources or Third Parties: We may receive additional information about you from public or third-party sources. For example, we may receive marketing, sales generation, and recruitment information from service providers or partners.

  5. How We Use Your Personal Information
  6. We collect, use, process, and store your personal information:
    • To provide the Services.
    • To personalize the Services.
    • To receive and process job applications for jobs with us.
    • To process data with machine learning algorithms, which helps us build, personalize, and improve the Services.
    • With respect to Customer Data, in accordance with our contracts with our Customers.
    • For internal business purposes, such as to improve our Services.
    • To detect, investigate and prevent harmful, fraudulent, and illegal activity and security issues and protect the rights and property of Switchbit and others.
    • To enable communications through the Services.
    • To contact you about additional Switchbit services you might be interested in, unless you opt-out (see “How to Opt-Out of Email Communications”).
    • As required by applicable law, legal process, or regulation.
    • For purposes as disclosed at the time you provide your information, with your consent, and as further described in this Privacy Policy.
  7. When We May Share Your Personal Information
  8. We will only share your personal information with third parties under the following circumstances:
    • With your consent or if you choose to share.
    • With affiliated businesses, agents, or vendors that are contractually engaged to provide us with services, such as email management. These companies are obligated by contract to safeguard any personal information they receive from us.
    • With respect to Customer Data, in accordance with our contracts with our Customers.
    • With any of our affiliated companies, including a parent company, subsidiaries, joint ventures, or other companies under common control with us (in which case we will require such entities to honor this Privacy Policy).
    • If we believe that disclosure is reasonably necessary to comply with a law, regulation, valid legal process (e.g., subpoenas or warrants served on us), or governmental or regulatory request to protect the security or integrity of the Services; and/or to protect the rights, property, or safety of Switchbit, its employees, customers, users, or others. If we are going to release your data, we will do our best to provide you with notice in advance by email, unless we are prohibited by law from doing so.
    • In the event we go through a business transition (such as a merger, acquisition by another company, bankruptcy, or sale of all or a portion of our assets, including, without limitation, during the course of any due diligence process), your personal information will likely be among the assets transferred. By providing your personal information, you agree that we can transfer such information in those circumstances without your further consent. Should such a business transition occur, we will make reasonable efforts to request that the new owner or combined entity (as applicable) follow this Privacy Policy with respect to your personal information. If your personal information would be used contrary to this privacy policy, we will request that you receive prior notice.
  9. When We Use and Share Non-Personal Information
  10. We use and share your non-personal, de-identified or aggregated data in a variety of ways, including to improve the Services.

  11. Cookies and Tokens
  12. We use tracking technologies, such as cookies, local storage, and pixel tags as described further below.

    Cookies and Local Storage
    Cookies and local storage may be set and accessed on your computer. Upon your first visit to the Services, a cookie or local storage will be sent to your computer that uniquely identifies your browser. "Cookies" and local storage are small files containing a string of characters that is sent to your computer's browser and stored on your device when you visit a website. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent; however, if you reject cookies, you may not be able to sign in to the Services or take full advantage of our Services. Additionally, if you clear all cookies on your browser at any point after setting your browser to refuse all cookies or indicate when a cookie is being sent, you will have to again reset your browser to refuse all cookies or indicate when a cookie is being sent. Our Services use the following types of cookies for the purposes set out below:

    Type of Cookie
    Purpose
    Analytics and Performance Cookies
    These cookies are used to collect information about traffic to our Services and how users use our Services. The information gathered does not identify any individual visitor. The information is aggregated and therefore anonymous. It includes the number of visitors to our Services, the websites that referred them to our Services, the pages that they visited on our Services, what time of day they visited our Services, whether they have visited our Services before, and other similar information. We use this information to help operate our Services more efficiently, to gather broad demographic information and to monitor the level of activity on our Services. We use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how our Services works. You can find out more information about Google Analytics cookies here. You can find out more about how Google protects your data here. You can prevent the use of Google Analytics relating to your use of our Services by downloading and installing the browser plugin available via this link.
    Essential Cookies
    These cookies are essential to provide you with services available through our Services and to enable you to use its features. For example, they allow you to log in to secure areas of our Services and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
    Functionality Cookies
    These cookies allow our Services to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details, remembering which polls you have voted in and in some cases, to show you poll results, and remembering the changes you make to other parts of our Services which you can customize. These cookies also enable us to identify you across various screens and devices as you login and use our Services, as well as enable us to work with partners to resolve your digital identities and personalize your experiences across our Services, our partners and customers, and across channels. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.
    Flash
    A Flash cookie is a data file placed on a device via the Adobe Flash plug-in that is built into or downloaded by you onto your device. Flash cookies are used for various purposes, including, without limitation, enabling a Flash feature and remembering your preferences. For more information about Flash and the privacy choices(delete the comma that is currently here) Adobe offers, visit this link. If you choose to adjust your Flash privacy settings on your device some features of the Services may not function properly.
    Pixel Tags
    We also use "pixel tags," which are small graphic files that allow us and third parties to monitor the use of the Services and collect usage data. We may also insert pixel tags on third parties’ website. A pixel tag can collect information such as the IP address of the computer that downloaded the page on which the tag appears; the URL of the page on which the pixel tag appears; the time (and length of time) the page containing the pixel tag was viewed; the type of browser that retrieved the pixel tag; and the identification number of any cookie previously placed by that server on your computer. We use pixel tags to collect information about your visit, including the pages you view, the links you click and other actions taken in connection with our sites and Services and use them in combination with our cookies to provide offers and information of interest to you. We may also use pixel tags to collect data related to a website visit. Similar functionality may be enabled in a mobile app through the use of an SDK (Software Development Kit). Pixel tags also enable ad networks to serve targeted advertisements to you when you visit the Services or other websites. In addition, we use a variety of other technologies that collect similar information for security and fraud detection purposes.

    You can also find more information about cookies and how they work, what cookies have been set on your computer or mobile device and how to manage and delete them at http://www.allaboutcookies.org and http://www.youronlinechoices.com.

    To be clear, Switchbit does not, and cannot, track your activity when you are not using the Services and does not collect activity about your online activity after you leave the Services.

  13. How to Opt-Out of Email Communications
  14. To stop receiving notifications or promotions, please click the unsubscribe link found at the bottom of each email or update your account preferences. For users in the European Economic Area (“EEA”): We only send marketing communications to users located in the EEA with your prior consent. Please see the section “GDPR: Information For EEA Users” below.

  15. Storage, Security and How to Remove Your Information
  16. We use industry-standard technical, administrative, and physical controls to protect your data. While we take reasonable precautions against possible security breaches, no website or internet transmission is completely secure and we cannot guarantee that unauthorized access, hacking, data loss, or other breach will never occur.

    We will process and store your personal information only for the period necessary to achieve the purpose of the storage, or as permitted by law. The criteria used to determine the period of storage of information is the respective statutory retention period. After the expiration of that period, the corresponding information is routinely deleted, as long as it is no longer necessary for the fulfillment of a contract or the initiation of a contract.

  17. Deactivating Your Account
  18. You can choose to deactivate your account so that you are no longer viewable on the Services. You can request deactivation through the Services or by sending a message to privacy@switchbit.com.

  19. Third-Party Links
  20. The Services may contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies, which may differ substantially from ours, and that we do not accept any responsibility or liability for their activities or the content of their privacy policies.

  21. California Privacy Rights
  22. This section, which supplements the rest of this Privacy Policy, applies to a resident of California, containing disclosures required by the California Consumer Privacy Act (“CCPA”) and applies only to “personal information” that is subject to the CCPA.

    Switchbit does not, and will not, sell personal information. Switchbit has not disclosed or sold any personal information to third parties for a business or commercial purpose in the preceding 12 months.

    Personal Information We Collect and Disclose for a Business Purpose
    Without limiting the description of the information we collect, we collect the categories of personal information about California consumers identified in the chart below.

    Categories of Personal Information
    Examples
    Collected in Prior 12 Months
    A. Personal and online identifiers
    A real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
    Yes
    B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
    A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
    Yes
    C. Protected classification characteristics under California or federal law
    Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
    Yes
    D. Commercial or transactions information
    Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
    Yes
    E. Biometric information
    Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
    Yes
    F. Internet or other similar network activity
    Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
    Yes
    G. Geolocation data
    Physical location or movements.
    Yes
    H. Sensory data
    Audio, electronic, visual, thermal, olfactory, or similar information.
    No
    I. Professional or employment-related information
    Current or past job history.
    Yes
    J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
    Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
    No
    K. Inferences drawn from other personal information.
    Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
    Yes
    Categories of Sources
    We collect the personal information identified as collected in the chart above from the following categories of sources:
    • Consumers.
    • Customers.
    • Collected by our Services.
    • Inferred by our Services.
    • Service providers.
    Why We Collect, Use, and Share California Information
    We use and disclose the personal information identified as collected in the chart above for our commercial and business purposes, as further described in this Privacy Policy.
    These commercial and business purposes include, without limitation:
    • Our commercial purposes, which include:
    • To provide the Services.
    • To personalize the Services.
    • To receive and process job applications for jobs with us.
    • To process data with machine learning algorithms, which helps us build, personalize, and improve the Services.
    • With respect to Customer Data, in accordance with our contracts with our Customers.
    • For internal business purposes, such as to improve our Services.
    • To detect, investigate and prevent harmful, fraudulent, and illegal activity and security issues and protect the rights and property of Switchbit and others.
    • To enable communications through the Services.
    • To contact you about additional Switchbit services you might be interested in, unless you opt-out (see “How to Opt-Out of Email Communications”).
    • As required by applicable law, legal process or regulation.
    • Our business purposes as identified in the CCPA, which include:
    • Auditing related to our interactions with you.
    • Legal compliance.
    • Detecting and protecting against security incidents, fraud, and illegal activity.
    • Debugging.
    • Performing services (for us or our service providers) such as account servicing, processing orders, and payments, and analytics.
    • Internal research for technological improvement.
    • Internal operations.
    • Activities to maintain and improve our services.
    • Other one-time uses.

    Recipients of California Personal Information
    We disclose, and have disclosed in the last 12 months, all of the categories of personal information identified as collected in the chart above to the categories of third parties listed below for business purposes:

    • Service providers.
    • Internet service providers.
    • Data analytics providers.
    • Operating systems and platforms.

    Your Rights Regarding Personal Information
    California residents have certain rights with respect to the personal information collected by businesses. If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations:
    • For certain categories of personal information, the right to request a list of what personal information (if any) we disclosed to third parties for their own direct marketing purposes in the preceding calendar year and the names and addresses of those third parties.
    • The right to know the categories and specific pieces of personal information we collect, use, disclose, and sell about you, the categories of sources from which we collected your personal information, our purposes for collecting or selling your personal information, the categories of your personal information that we have either sold or disclosed for a business purpose, and the categories of third parties with which we have shared personal information;
    • The right to request that we delete the personal information we have collected from you or maintain about you.
    • The right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.
    To exercise any of the above rights, please contact us using the following information and submit the required verifying information, as further described below:
    • By email at privacy@switchbit.com.
    • By mail at Switchbit, Inc., Attn: Privacy, 23 Geary Street, Suite 600, San Francisco, CA 94108.

    Verification Process and Required Information
    We may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled. For example, we may require you to provide, at a minimum, at least two data points that we determine to be reliable for the purpose of verifying your identity. We will then typically attempt to match the identifying information provided by you to the personal information already maintained by us to verify the request. If you have a password-protected account on the Services, we may verify your identity through the existing authentication practices for your account, in which case we will require you to re-authenticate yourself before we disclose or delete your personal information.

    Authorized Agent
    You may designate an authorized agent to make a CCPA request on your behalf by verifying your identity, as described above, and provide written permission for the authorized agent to act on your behalf.

    Minors’ Right to Opt-In
    Switchbit does not sell the personal information of minors under 16 years of age.

    Non-Discrimination
    Switchbit will not discriminate against a user because the user exercised any of the user’s rights described above or afforded to it under applicable data privacy law.

  23. Nevada Privacy Rights
  24. This section, which supplements the rest of this Privacy Policy, applies to residents of Nevada.

    Under Nevada law, Nevada residents may submit a request directing us not to make certain disclosures of personal information we maintain about them. To exercise this right, please contact us:

  25. Privacy Shield Information for EU and Swiss Individuals
  26. Switchbit complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, and Switzerland to the United States pursuant to the Privacy Shield. Switchbit has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit http://www.privacyshield.gov .

    In compliance with the Privacy Shield Principles, Switchbit commits to resolve complaints about your privacy and our collection or use of your personal data pursuant to the Privacy Shield. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Switchbit at the contact address below:

    • Switchbit, Inc., Attn: Privacy, 23 Geary Street, Suite 600, San Francisco, CA 94108.

    Within the scope of this Privacy Policy, if a privacy complaint or dispute cannot be resolved through Switchbit, Inc.’s internal processes, Switchbit, Inc. has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe under the Privacy Shield Dispute Resolution Procedure, please submit the required information to VeraSafe here.

    In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles.

    The Federal Trade Commission has jurisdiction over Switchbit’s compliance with the Privacy Shield.

    With respect to human resources data received from European Union member countries, Switchbit commits to cooperate with the EU Data Protection Authorities and the Swiss Federal Data Protection and Information Commissioner in conformity with the Supplemental Principles on Human Resources Data and the Role of the Data Protection Authorities and will comply with any advice given by such authorities.

    The Privacy Shield Principles describe Switchbit’s accountability for personal data that it subsequently transfers to a third-party agent. Under the Privacy Shield Principles, Switchbit shall remain liable if third-party agents process the personal data in a manner inconsistent with the Privacy Shield Principles, unless Switchbit proves it is not responsible for the event giving rise to the damage.

    Note that Switchbit may be required to release the personal data of EU and Swiss individuals whose data is pursuant to the Privacy Shield in response to legal requests from public authorities, including to meet national security and law enforcement requirements.

  27. GDPR: Information for EEA Users
  28. This section only applies to our European Economic Area (“EEA”) users.

    Individuals located in the European Economic Area (EEA) have certain rights in respect of your personal data, including:

    • The right of access to your personal data.
    • The right to correct or rectify any inaccurate personal data.
    • The right to restrict or oppose the processing of personal data
    • The right to erase your personal data.
    • The right to personal data portability.

    As a Switchbit user:

    • We rely on your consent as a lawful basis for processing personal data to provide you with marketing or promotional communications.
    • We process personal data in order to provide you with services as requested by you or to perform our contract with you as described in this document, including:
    • To enable the Services to function as expected; and
    • To communicate with you in response to customer service inquiries and to deliver non-promotional, service-related emails.
    • Additionally, we process personal data based on our “legitimate interests” in providing you the Services including:
    • To protect against fraud.
    • Network and information security.
    • To offer the Services.

    In some cases, Switchbit may process personal data pursuant to a legal obligation or to protect your vital interests or those of another person.

    Switchbit will offer EEA and Swiss individuals whose personal data has been transferred to us the opportunity to choose whether the personal data we have received may be used or disclosed for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses or disclosures of their personal data by contacting us at privacy@switchbit.com.

  29. Exercising Rights, Contact Us and Accessing Your Information
  30. Switchbit users may exercise their rights regarding their personal information as follows:

    • You can access your personal information through your account settings in the Switchbit platform or by contacting us at privacy@switchbit.com.
    • You may withdraw your consent to receive cookies or tokens by adjusting your browser settings.
    • You may withdraw your consent to receive marketing or promotional communications at any time by clicking the “unsubscribe” link found within Switchbit email updates and changing your contact preferences. Please note, you will continue to receive essential account-related information, even if you unsubscribe from promotional emails.

    VeraSafe has been appointed as Switchbit's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are unable to reach Switchbit at privacy@switchbit.com, VeraSafe can be contacted on matters related to the processing of personal data under GDPR. To make such an inquiry, please contact VeraSafe using this contact form or via telephone at +420 228 881 031.

    Alternatively, VeraSafe can be contacted at:
    VeraSafe Netherlands BV, Keizersgracht 391 A, 1016 EJ Amsterdam, The Netherlands

    If you have any questions about our privacy practices, or if you wish to make a request, please contact us at either:
    Switchbit, Inc., Attn: Privacy, 23 Geary Street, Suite 600, San Francisco, CA 94108.