Decalab, Inc. d/b/a DecaReach (“DecaReach”, “we”, “us” or “our”) provides lead intelligence software and contact management services through decareach.io and any subdomains, successors, and browser extensions (collectively, the “Service(s)”).
INFORMATION DECAREACH COLLECTS
DecaReach operates as a lead intelligence / contact management platform, and therefore some of the data we collect and use is not retrieved directly by DecaReach. Rather, certain data is retrieved from (publicly available) websites or other business partners and sources.
Things you create or provide to us The data we collect includes: (i) data about DecaReach customers (“User(s)”), i.e. when you create a DecaReach account, you may provide us with personal information such as name, organization, and contact info; and (ii) data about contacts / contacts that Users add to the Service, i.e. contact contact info, social profile URL, email address, name and telephone number (“contact(s)”). The term “you” and “your” will refer to Users or contacts, as applicable.
If you aren’t signed in to a DecaReach account, you might choose to provide us with information — like an email address to receive updates about our Services.
We also collect the content you create, upload, or receive when using the Services. This includes things like campaign messages and information about contacts you upload to the Service.
Information we collect as you use our service
Your apps, browsers & devices
We collect information about and from the apps, browsers, and devices you use to access the service, which helps us provide features like automatic product updates, scheduled email campaigns, contact enrichment in your CRM, and higher quality customer support. Learn more about the information we collect from your apps and how we keep it safe on our Security page.
The information we collect includes, without limitation, unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, and application version number. We also collect information about the interaction of your apps, browsers, and devices with our services, including IP address, crash reports, system activity, and the date, time, and referrer URL of your request.
We collect this information when the Service on your device contacts our servers — for example, when you source a contact.
We collect information about your activity in our Services, which we use to do things like recommend campaign message templates or provide helpful features. The activity information we collect may include:
- Purchase activity
- Sourcing activity
- Recordings of User app activity
- People with whom you communicate or share content
- Third party app data you’ve synced with your DecaReach Account
Your location information
We collect information about your location when you use our services, which helps us offer features like setting campaigns to send in your time zone. The types of location data we collect depend in part on your device and account settings.
Third Party & Public Information
In some circumstances, DecaReach may collect information about contacts from trusted third party or publicly available sources for the purposes described below. We use various technologies to collect and store information, including cookies, pixel tags, local storage, such as browser web storage or application data caches, databases, and server logs.
WHY DECAREACH COLLECTS DATA
We use data to build better services
To provide our services
We use data to deliver the Services, like processing the contacts from your Contact Management System (“CRM”) in order to help you engage them for future roles.
Maintain & improve our services
We use the data we collect to ensure our Services are working as intended, such as tracking outages or troubleshooting issues reported to us. We also use information to make improvements to the Services — for example, understanding which messaging follow-up frequencies work best for lead relationship building. Further, we may collect and combine the information we receive from Users, publicly available sources (like Google Search or social networks), or trusted third parties to enhance, optimize and enrich DecaReach’s contact database. For example, we use open web services and APIs to gather information about contacts and enrich it (e.g. by adding links to contacts’ verified social network profiles), which allows Users to have access to the most current and up-to-date contact information.
Develop new services
We may use the information we collect to help us develop new services. For example, understanding Users’ communication patterns with contacts over periods of time on DecaReach helped us design and launch DecaReach Network.
Provide personalized services
We may use the information we collect to customize the Services for you, including providing recommendations, personalized content, and customized campaign strategies. For example, DecaReach may collect information about contacts you contacted so we can help you avoid contacting the same contact again too soon.
We don’t share personally identifiable User information with other customers or third parties, such as User names or emails, unless a User grants us permission to do so.
We use data for analytics and measurement to understand how the Services are used. For example, we analyze data about your visits to the Service to optimize product design. And we also use data about your interactions with contacts to help Users understand the performance of contact campaigns.
Communicate with you
We use information we collect, like your email address, to interact with you directly. For example, we may send you a notification if we detect suspicious activity, like an attempt to sign in to your DecaReach account from an unusual location. Or we may let you know about upcoming changes or improvements to our Services. And if you contact DecaReach, we’ll keep a record of your request in order to help solve any issues you might be facing.
Protect DecaReach, our users, and the public
We use information to help improve the safety and reliability of the Service. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm DecaReach, our Users, contacts or the public.
We use different technologies to process your information for these purposes, including automated systems to analyze content and provide you with better features. And we analyze your data to help us detect abuse such as spam, malware, and illegal content.
YOUR PRIVACY CONTROLS
You have rights regarding the information we collect and how it's used
We respect your privacy rights and therefore you, whether you’re a User or a contact, may contact us at any time and we shall work diligently to respect your choices and requests regarding your Personal Information. The list below provides you information Users and contacts may need to exercise their rights under applicable privacy and data protection regulations:
Right of Access
You may request to access your Personal Information and obtain a copy of Personal Information which is being processed by DecaReach, including: purposes of processing; categories of Personal Information processed; recipient(s) of Personal Information; length of time during which the Personal Information will be stored; and information on data transfers.
Right of Rectification
You may request to change, update or complete any missing data we process about you, by contacting firstname.lastname@example.org . Please note that we may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
Right of Erasure
Users or contacts may at any time withdraw consent to our processing of User or contact Personal Information. In this case, if there is no overriding legitimate interest for continuing the processing of such Personal Information (e.g. to comply with our legal obligations, resolve disputes, enforce our agreements, etc.) and the Personal Information is no longer necessary in relation to the purpose for which it was originally collected, we will erase your data. You may withdraw your consent by contacting us at email@example.com.
Right of Restriction of Processing
You may request us to restrict processing of your Personal Information if one of the following applies: (i) the accuracy of the Personal Information is contested by you; (ii) the processing is unlawful; or (iii) if we no longer need the Personal Information. Such request will be made by contacting us at firstname.lastname@example.org.
Right to Data Portability
You have the right to receive your Personal Information in a structured, commonly used and machine-readable format. Such request may be made by contacting us at email@example.com.Exporting, removing & deleting your information
You can export a copy of content in your DecaReach account if you want to back it up or use it with a service outside of DecaReach. You can also request to delete certain content from certain DecaReach services based on applicable law.
To delete your information, please contact us at firstname.lastname@example.org.
We try to ensure that our services protect information from accidental or malicious deletion. Because of this, there may be delays between when you delete something and when copies are deleted from our active and backup systems. Additionally, note that in some cases, we retain data for limited periods when it needs to be kept for legitimate business or legal purposes.
SHARING YOUR INFORMATION
When you share your information
You may use DecaReach to share information with third parties, whether they are people in your organization or contacts you reach out to. For example, you may share your reply-to email address with a contact so they can respond to your campaign. Further, when you share information publicly, your content may become accessible through search engines, such as Google Search.
When DecaReach shares your information
We do not share personally identifiable information with companies, organizations, or individuals outside of DecaReach except in the following cases:With your consent
We may share personal information outside of DecaReach when we have your consent. For example, if you use DecaReach to add a contact to a campaign that is connected to your CRM, we’ll share your information with your CRM for the purpose of attributing the contact to you and enriching the contact profile in your CRM.With domain administrators
If you work for an organization that uses DecaReach, your account administrator may have access to your DecaReach account. We may build out functionality that allows the account administrator to:
- Access and retain information stored in your account, like your email
- View statistics regarding your account, like how many apps you install
- Change your account password
- Suspend or terminate your account access
- Receive your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
- Restrict your ability to delete or edit your information or your privacy settings
For external processing
For legal reasons
We may share personal information outside of DecaReach if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:
- Meet any applicable law, regulation, legal process, or enforceable governmental request.
- Enforce our Terms of Service, including investigation of potential violations.
- Detect, prevent, or otherwise address fraud, security, or technical issues.
- Protect against harm to the rights, property or safety of DecaReach, our users, or the public as required or permitted by law.
Non-personally Identifiable information
Subject to the Limits on Restricted Scope Gmail data section below, we may share non-personally identifiable information –– i.e. information that is recorded about users that no longer reflects or references an individually-identifiable user –– publicly and with our customers, advertisers, developers, or other partners. For example, we may share non-personally identifiable information about contact trends and the general use of our Services. For clarity, this excludes any data obtained via Gmail API Restricted Scopes.
Limits on Restricted Scope Gmail data
In general, we only request access to the minimal, technically feasible scope of access that is necessary to implement existing features or services, and limit access to the minimum amount of data needed.
- The Service will only use access to read, write, modify, or control email message bodies (including attachments), metadata, headers, and settings to allow you and other active Service users in your organization who have authorization (“Authorized User(s)”) to compose, send and process email campaigns, and read replies and reply to those campaigns, and will not transfer this Restricted Data to others that don’t have explicit consent unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
- The Service will not use this Restricted Data for serving advertisements.
- The Service will not allow humans who are not Authorized Users to read this Restricted Data unless:
- we have your affirmative agreement for specific email messages,
- doing so is necessary for security purposes such as investigating abuse or bugs,
- to comply with applicable law, or
- for the Service’s internal operations (and even then only when the data have been aggregated and anonymized).
KEEPING YOUR INFORMATION SECURE
We build security into our services to protect your information DecaReach is built with strong security features that continuously protect your information. The insights we gain from maintaining our Services help us detect and automatically block security threats from ever reaching you. And if we do detect something risky that we think you should know about, we’ll notify you and help guide you through steps to stay better protected.
We work hard to protect you and DecaReach from unauthorized access, alteration, disclosure, or destruction of information we hold, by:
- Using encryption to keep your data private while in transit
- Using encryption to keep your most sensitive data (API keys and access tokens) private at rest
- Using Google OAuth, a secure authentication system for user login. Learn more about why we use Google OAuth on our Security page
- Reviewing our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems
- Restricting access to personal information to DecaReach employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
DATA RETENTION POLICY
Certain data you can delete whenever you like, some data is deleted automatically, and some data we retain for longer periods of time when necessary. When you delete data, we follow a deletion policy to make sure that your data is safely and completely removed from our servers or retained only in anonymized form.
Personally identifiable User data collected by DecaReach is retained only as long as is necessary to provide the Services (“Processing Date”), which varies depending on the type of data and how its being used. Please note that we may retain the information we collect for as long as needed to provide the Services and to comply with our legal obligations, resolve disputes and enforce our agreements.
Please note that information about you in DecaReach may be acquired from public facing web platforms. In some cases, you may encounter your details again after request for removal if they were re-collected over the web or contributed by other partners. Please email email@example.com if you find your information has been re-added to DecaReach.
COMPLIANCE WITH REGULATORS & DATA TRANSFERS
We utilize servers around the world and your information may be processed on servers located outside of the country where you live. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this policy.
When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.
DecaReach has designated Raj Sheth as its Data Protection Officer (“DPO”). To contact DecaReach’s DPO, please email raj [at] decareach [dot] io and include “Attn: DPO” in the subject line.
ABOUT THIS POLICY
The information practices of other companies and organizations that use or connect with our Services Services offered by other companies or individuals, including products or sites that may be linked from our Services
Changes to this policy
If you have questions or concerns regarding this Policy, please contact us by email at firstname.lastname@example.org, or:
Decalab, Inc. d/b/a DecaReach
Attn: Data Protection Officers