Privacy Policy

The data we collect and what we do with it.
This Privacy Policy ("Policy") applies to all products, services, and websites operated by Crowdstack, Inc. and its related entities, including Social Strata, Inc. ("Crowdstack", "we", "us", "our"), when you:

  • Visit websites that display or link to this Policy;
  • Receive communications from us, including emails phone calls, or texts; and
  • Enter into service agreements/subscriptions.

This Policy does not apply to the extent that we process Personal Data in the role of a service provider on behalf of our customers. We are not responsible for the privacy or data security practices of our customers, which may differ from those explained in this Privacy Policy. That said, we have provided our customers with tools to ensure member privacy in our applications.

Crowdstack, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Crowdstack, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Crowdstack, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the Data privacy framework website.

Collectively, we refer to the EU-U.S Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Framework as the "Principles".

Information That We Collect

Information That You Provide Us: When you sign up for any account or service operated by us, we store all information that you provide to us. This may include personal information like email addresses, your name, passwords, phone numbers, birth date, gender, and address information. For services that require payment, we also collect credit card information, which is stored in encrypted form on secure servers, including PCI-compliant third-party vendors.

If you register and grant access to a third party social network (e.g., Facebook) or integrated service (e.g., Google), we will collect the personal information directly associated with those accounts. This includes your name, email address and the unique identifier provided by the service. The information collected from these third parties will be managed in accordance with this privacy policy.

Browser Cookies: When you use one of our services, we may store certain information in browser cookies. These cookies identify your browser and allow us to enhance your online experience. Most browsers are configured to accept cookies, but you may change your browser's settings so that you are informed every time a cookie is set, or to prevent cookies from being set at all. Please note, however, that many of our services do not function properly if cookies are disabled. Advertisers or other third parties do not have access to our cookies. However, such advertisers may set their own cookies. Such cookies are subject to the advertisers' own privacy policies, not this Policy.

Analytics: On sites that we own (e.g. crowdstack.com), we track overall usage and traffic on our own sites, including page views, visits, IP addresses, and traffic sources, using third party services like Google Analytics. We do not use Google Analytics (or any other third party analytics services) on Crowdstack Pro customer sites. For all other services, however, we use Google Analytics to track usage and traffic on an aggregated basis, including page views, visits, and traffic sources.

Visit Information Via Server Logs: We record information on our server logs from your browser, including your IP address, cookie information, and page request.

User Communications: Any email or written correspondence that you send us may be stored.

Transaction Records: Data from any monetary transaction taking place via our service may be stored.

Uses of Collected Information

We use collected information to enhance your experience online, authenticate you when you sign in, send notifications, fulfill your requests for services, contact you, customize the advertising or content that you see, and provide anonymous reporting for internal and external clients.

Do Not Track Notice

We do not track your activity between sites using our services, or from one of our sites to another; therefore "do not track" requests are not applicable for our platforms and services. If you are on a site hosted by us that is serving third party ads, that particular ad partner is responsible for its response to your browser's Do Not Track request.

Information Sharing

We do not share personal information with other individuals, organizations, or companies outside of our company and its related entities, unless we have your consent or unless:

  • We are working with trusted partners who agree to abide by the rules of this Policy or have signed a confidentiality agreement.
  • We are transmitting data in order to fulfill a service. For instance, credit card transactions are routed through transaction partners like Recurly and other financial transaction processing firms. Also, we may use Akismet to detect spam, and provide information such as your display name, email address and and IP address, but only for sites using our Comment Spam features. This information is only conveyed in order to render service, however, and is not shared for any other purpose.
  • We respond to subpoenas, court orders, or legal process, in response to a lawful request by public authorities (including to meet national security or law enforcement requirements), or to establish or exercise our legal rights or defend against legal claims.
  • We believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, or potential threats to the physical safety of any person.
  • If we are involved in a merger, acquisition, or any form of sale of some or all of its assets that does not involve a related entity, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

We are not responsible for the processing of your personal information by any third party, other than those third parties acting as our subcontractors to process data on our behalf. We remain liable and responsible for the data processing undertaken by our subcontractors on our behalf.

Note that we may share certain aggregated, non-personal information, such as demographic information, browser type, and usage statistics. In such cases, the information does not identify you personally.

Profile information collected by sites hosted by us is collected by the sites themselves. Thus, you should review the privacy policy for each site before joining sites hosted by us.

While we do not provide any personal information to advertisers, it is possible that, if you view a certain ad, it may have been delivered to you based on targeting demographic criteria (for example, men who are between 18-24 years of age). Please note that in such situations, the advertiser does not know any specific personal information about you. You understand, however, that the advertiser will make the assumption that you meet its particular targeting criteria. We may also share conversion data with advertisers.

Data Integrity

We process personal information only for the purposes for which it was collected, and in accordance with the Principles. We review our data collection, storage, and processing practices to ensure that we only collect, store, and process the personal information needed to provide our services. We depend on our users to update or correct their own personal information.

Your Rights

Depending where you reside, you have certain rights related to your personal data. The rights available to you depend on our reason for processing personal information. Please note that these rights are also subject to local data protection laws and regulations, and that these rights do not apply in all situations.

Your rights include:

  • Right of access.You have the right to know what personal data of yours we are processing.
  • Right to rectification/erase. You have the right to ask us to update, correct, supplement or erase that personal data that we hold about you.
  • Right to restriction of processing. You have the right to request that we limit how we process your personal data.
  • You have the right to oppose our processing of your personal data.
  • Right to data portability. You have the right to ask that we provide you with the personal data that we hold about you in a structured, machine-readable format.
  • Right to Object. You have the right to object how we use your personal information for direct marketing; however, we do not use personal information for direct marketing.
  • Right To Lodge Complaint. You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you attempt to resolve any issues with us first.

To exercise your rights, please contact us at [email protected]. We respond to all legitimate requests and will contact you if we need additional information from you in order to honor your request. Additionally, some registered users may update their user settings, profiles, organization settings and event registrations by logging into their accounts and editing their settings or profiles.

Your Rights Relating to Customer Data

We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those explained in this Privacy Policy. If your data has been submitted to us by or on behalf of one of our customers and you wish to exercise any rights you may have under applicable data protection laws, please inquire with them directly. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.

Data Transfer

We are a U.S.-based business that operates on a global basis. This means that your personal information may be transferred to and stored in the United States, which may be subject to different standards of data protection than your country of residence.

We take appropriate steps to ensure that transfers of personal information are in accordance with applicable law, are carefully managed to protect your privacy rights and interests and limited to countries which are recognized as providing an adequate level of legal protection or where alternative adequate arrangements are in place to protect your privacy rights.

Enforcement

We periodically review our compliance with the Principles. If you have questions or concerns, please contact us at: Crowdstack, Inc., ATTN: Crowdstack Privacy Administrator, 1985 Riviera Drive, Suite 103-122, Mount Pleasant, SC 29464, USA. If you contact us at this address with your concerns/questions, we will respond. We will also cooperate with the appropriate regulatory authorities to resolve any complaints regarding the transfer of personal information that cannot be resolved between us and you.

Confidentiality and Security

We restrict access to personal information to our employees, contractors, related entities, and agents who need to access the information in order to operate, sustain, improve, or repair our services. These individuals are bound to confidentiality agreements and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. We take appropriate security measures to protect your information. These measures include physical, electronic, and procedural safeguards, as well as software/system security reviews.

DISPUTE RESOLUTION UNDER THE EU-U.S. DPF, THE UK EXTENSION TO THE EU-US DPF, AND SWISS-U.S. DPF

If your dispute or complaint cannot be resolved through our internal process, we have agreed to cooperate with and participate in, the dispute resolution procedures of the EU Data Protection Authorities, the UK ICO, and the Swiss Federal Data Protection and Information Commission. You may contact the relevant EU Data Protection Authority here to seek independent recourse: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

You may contact the UK ICO here: https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/.

You may contact the Swiss FDPIC here: https://www.edoeb.admin.ch/edoeb/en/home/datenschutz/datenschutz-services.html.

BINDING ARBITRATION

If your dispute or complaint cannot be resolved by us, nor by the panel established by the EU Data Protection authorities or through the U. S. Department of Commerce, you may have the right to require that we enter into binding arbitration pursuant to the Recourse, Enforcement and Liability Principle and Annex I.

REGULATORY OVERSIGHT

We are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Geographic-Specific Privacy Laws and Regulations

  • California Consumer Privacy Act (“CCPA”)

    We are classified as a “service provider”, not a “business” or “third party”, with respect to your use of the Service. That means we process any data you share with us only to provide the Service. We will not retain, use, disclose, or sell any of that information for any other commercial purposes. In addition, we do grant rights to your information as detailed in this Privacy Policy.

  • General Data Protection Regulation (“GDPR”)

    The European Union has stronger privacy laws than the United States and a core tenet of the GDPR is that any EU personal data transferred out of the EU must be protected to the same level as guaranteed under EU law. We aspire to protect all personal data - no matter where it is processed and/or stored. For EU based customers, we provide options for processing data within the EU for some of our service plans. In addition, we can provide a standard Data Processing Addendum (DPA) that is GDPR-compliant.

  • Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados Pessoais

    We grant rights to your personal data in accordance with Brazil’s General Data Protection Law. In addition, we do not collect sensitive data (which is data that relates to racial or ethnic origin, religious beliefs, political opinion, affiliation to unions or political, philosophical or religious organizations, health information, sexual preference, or genetic and biometric data) or use anonymized data to formulate behavioral profiles of a particular natural person, if that person is identified.

Changes to This Policy

We may revise this Policy in the future. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address on your account.

Questions/Comments

If you have any questions or comments, or wish to file a complaint regarding our Policy, please contact us at:

Crowdstack, Inc.
Crowdstack Privacy Administrator
1985 Riviera Drive
Suite 103-122
Mt. Pleasant, SC 29464 USA

Last updated May 30, 2024
Start For Free