Effective October 14, 2021.
This Policy applies to all of Embarkable websites, products and services, and any point of contact you might have with Embarkable.
For the rest of this document, these will be referred to as Online Services.
This document is a sister-document to our Terms of Service documents. Please make sure you read both carefully before accessing or using a Embarkable Online Service.
We have made a commitment to be good citizens. We consider protecting and respecting your personal information as an essential part of that responsibility.
Our business model is a very traditional one: we provide products and services, and customers pay us for them. In other words, you are the customer, NOT the product.
Embarkable is a small organization, based in the USA. We've been around since 2021 and are bootstrapped, profitable, and aim for longevity over growth. We believe in forming long-term relationships with our customers, our employees, and our communities. It all starts with trust.
Below is a complete description of data we collect, and what we do with the data. Every piece of information collected is done with a specific purpose, such as to provide our Services to you and to fulfill our legal obligations. If it's not listed here or in our Terms of Service, we don't do it.
We call data that identifies — or that could reasonably be used to identify — you as an individual as "Personal Data."
This data includes:
Contact details, such as name, email address, company. Financial data such as credit/debit card number. Other personal data, such as IP address, or your image and voice if you participate in a recorded meeting or event with us.
When purchasing directly from Embarkable we collect data from you in order to complete the transaction and provide you access to our Online Service. To make it as secure as possible, your credit card information (including number, expiration date and CVC security code) is sent securely to our payment processor directly from your browser. The processor validates it and sends us a validation code we can use to finish the purchase.
In the case of our Subscription Services (Embarkable Web App) the processor stores your credit card information as well as your billing contact information in order to process your monthly or annual automatic renewals, or to allow you to upgrade or downgrade your subscription without re-entering a credit card number.
We never have access to, nor store your full credit card information.
The payment processor code we use also sets a cookie in your browser, to remember your info for future purchases. You can delete or block that cookie if you wish; our website will continue to work.
We require you to enter your billing information. This data, as well as the last four digits of your credit card which is sent to us by our payment processor, is stored in our transaction database in order to maintain our financial records. This information appears on your invoice, which can be accessed by anyone who has been sent the URL link to your invoice. We make the invoice links purposefully long and hard to guess for added security, and we prevent search engines from indexing them.
We automatically email the public invoice link following the purchase to the email address(es) you have provided.
The history of changes to the billing contact information on the invoice made by you or our team is logged and stored.
Subscription Service records may include more than one billing contact. These email addresses and related billing contact information can be updated at any time and the history of changes is logged in your Embarkable account.
The data we collect, including Personal Data, is not shared with third parties, except for the purposes of determining the validity of a payment. In this case we may share the name and email address associated with the purchase with the credit card holder, your company’s accounting department, or with our payment processor when responding to a chargeback.
We only send emails to the email addresses we collect to communicate account activity such as purchase confirmation and subscription status (renewal, cancellation, etc.).
For our Online Services that have the concept of a "User Account", we store your name, email address, company name and if you upload it, a photo to use as your avatar.
We use this information to identify you as a user of the Online Service.
We store passwords only for Online Services with separate Embarkable "User Accounts." We never store these passwords in the clear. No-one can see them. We either save them in our database using best-practice cryptographic hashing, or go through a 3rd party authentication provider (see below).
It is your sole responsibility to keep your user name, password, and other sensitive information confidential. If you become aware of any unauthorized use of your account or any other breach of security, you must notify Embarkable immediately.
If you forget your password, we send you a secure link via email that lets you reset it.
Embarkable staff will never change a password for you, nor change the Owners (as defined in the Terms of Service) or Billing Administrators. Please refer to our documentation to learn how to assign or revoke these roles yourself.
If you send us an email to an address that ends in '@Embarkable.io', use one of the in-app contact forms, or use one of the online forms on our website Embarkable.io, or send us a crash report, we collect your name and email address and any additional information and documents you send us in your correspondence.
We keep that data in our help desk software indefinitely. The customer interaction history helps us provide you with better customer service and helps us research how to improve our products and services.
We also use this information to proactively contact you if we see from our logs that you're having an issue with our Services, or if we resolved an issue you reported. If you had expressed interest in them, or we think you might benefit from it, we also email you to notify you of beta programs or user research interviews.
If you chose to sign up for our newsletter, we ask you to enter your email address, so that we can send you the newsletter. We keep your email address in our newsletter service provider until you unsubscribe via the link included in every newsletter.
We have various forms available on our websites. These forms capture your name, email address, and other information in accordance with what form you are using (employment form, help form, scheduling free online office hours, etc.).
We may keep some of this data indefinitely but you are free to request us to delete it, of course (see How to Access or Control Your Data below).
We use Google Analytics to help us in our marketing and product design efforts, but we only track aggregate and anonymized data. The Google Analytics code we use saves up to 4 cookies on your computer. You can delete or block those any time you wish, our website will continue to work.
We collect the IP addresses of everyone who visits our site or uses our Services. This information is used for debugging and DDOS prevention, and kept in our logs for 2 weeks.
In order to keep your Personal Data as secure as possible, we don't own any servers of our own. Instead, we rely on best-in-class third-party services to store your data more securely than what we would be able to do ourselves.
Here's the list of our vendors we use, and links to their privacy policies:
|Google Workspace||Google Sheets: Store data from Embarkable.io online forms, as well as customer lists for beta programs, user research, and similar. Gmail: Stores copies of our Customer Support emails||USA||Google Workspace Security and Trust|
You have the right to request a copy of your information, to object to our use of your information, to request the deletion or restriction of your information, or to request your information in a structured, electronic format.
Embarkable.io Web App gives you a way to access your personal information and correct it, via User Settings or a billing page.
Most of our Online Services give you a way to download or delete your data at any time. Once you delete your data, unless specified otherwise, we keep it in our backups for up to 60 days, then destroy it with no way to recover it. For archival, support and/or bug fixing purposes, we may save your data for longer than 60 days.
If you have any questions or concerns or would like to invoke your rights regarding your Personal Data, such as requesting a copy of your data or rectifying or deleting data, don't hesitate to email us at email@example.com.
To protect your privacy and security, we will take reasonable steps to verify your identity before granting access or making corrections. We use this procedure to better safeguard your information. You can correct factual errors in your personally identifiable information by sending us a request that credibly shows error.
We will respond as quickly as possible, and certainly within 30 days.
In certain circumstances we may need to retain certain information for record-keeping purposes, to complete transactions or to fulfill obligations dictated by the law, including tax or regulatory requirements, or other lawful purposes.
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
For the Embarkable Services that have the concept of Owners (as defined in Terms of Service), they will be able to see your account information.
For Online Services some Embarkable employees will also have access, according to the following guidelines:
Protecting the privacy of the very young is especially important. For that reason, we rarely include photos of children on our social media. In the rare case that we do, explicit parental permission has been granted for this purpose. Furthermore, we never collect or maintain information on our Online Services from those we actually know are under 16, and no part of our Online Services are structured to attract anyone under 16. If we become aware that a child under 16 has provided us with Personal Data, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us at firstname.lastname@example.org.