Privacy Policy

Spin.AI

Last Revision Date: January 8, 2024

This Privacy Policy of Spin Technology, Inc. (“Company”, “we”, “us”, or “our”) applies to our website as well as to the products, services, and platforms provided by us. This policy explains and defines our privacy practices for the information we collect from users when they visit our websites https://spin.ai/ and https://spinbackup.com (“Website”), contact us, or use or purchase our products and services. All capitalized terms not defined herein are defined in our Terms of Service.

We aim to limit our collection of Personal Information to only such Personal Information as required for legitimate purposes. We do not sell, rent, trade or otherwise disclose your Personal Information to third parties, other than as described in this Privacy Policy. We take appropriate security measures to protect your Personal Information and we respect your right to access your Personal Information or have it corrected or deleted, at your request. If you have any questions, or want to know exactly what Personal Information we keep about you, please contact us at privacy@spin.ai.
  1. Modification of Privacy Policy.

We reserve the right to modify this Privacy Policy at any time, and without prior notice, by posting an amended Privacy Policy that is always accessible by clicking on the “Privacy Policy” link on this Website’s home page. Your continued use of this Website indicates your acceptance of the amended Privacy Policy. Regarding Personal Information, if any modifications are materially less restrictive on our use or disclosure of the Personal Information previously disclosed by you, we will notify you by email or by means of a notice on this Website before implementing such revisions with respect to such information.

  1. Collection of Anonymous, Passive Information.

2.1 We reserve the right to monitor your use of this Website. As you navigate through this Website, certain anonymous information may be passively collected (that is, gathered without you actively providing the information) using various technologies, such as cookies, Internet tags or web beacons, and navigational data collection (log files, server logs, clickstream). The following is the list and a brief explanation of passive information collection methodologies, which we may use from time to time to better understand how this Website is being used.

2.2. A “cookie” is a text file that this Website sends to your browser in the form of a text file. The information generated by the cookie about your use of this Website (including your IP address) will be transmitted to us and stored. Most browsers automatically accept cookies, but they usually can be modified to decline cookies if you prefer; however, certain features of this Website may not work without cookies.

2.3 “Session” cookies are temporary bits of information that are used to improve navigation, block visitors from providing information where inappropriate (the Website “remembers” previous entries of age or country of origin that were outside the specified parameters and blocks subsequent changes), and collect aggregate statistical information on the Website. They are erased once you exit your web browser or turn off your computer.

2.4 “Persistent” cookies are more permanent bits of information that are placed on the hard drive of your computer and stay there unless you delete the cookie. Persistent cookies store information on your computer for a number of purposes, such as retrieving certain information you have previously provided, helping to determine what areas of the Website you may find most valuable, and customizing the Website based on your preferences on an ongoing basis. Persistent cookies placed by this Website in your computer do not hold Personal Information.

2.5 You can set your browser to accept all cookies, to reject all cookies, or to notify you whenever a cookie is offered so that you can decide each time whether to accept it or not. To learn more about cookies and how to specify your preferences, please search for “cookie” in the “Help” portion of your browser.

2.6 An Internet Protocol (IP) address is a number assigned to your computer by your Internet service provider so you can access the Internet and is generally considered to be non-Personal Information (some exceptions apply), because in most cases an IP address is dynamic (changing each time you connect to the Internet), rather than static (unique to a particular user’s computer). The IP address can be used to diagnose problems with a server, report aggregate information, determine the fastest route for your computer to use in connecting to the Website, and administer and improve the Website.

2.7 “Internet tags” (also known as Web Beacons, single-pixel GIFs, clear GIFs, invisible GIFs, and 1-by-1 GIFs) are smaller than cookies and tell a website server information such as the IP address and browser type related to a visitor’s computer. Tags may be placed both on online advertisements that bring people to a website and on different pages of a website. Such tags indicate how many times a page is opened and which information is consulted.

2.8 “Navigational data” (log files, server logs, and clickstream data) are used for system management, to improve the content of the Website, market research purposes, and to communicate information to visitors.

  1. Use and Sharing of Anonymous, Passive Information.

Tis Website may make full use of passively collected anonymous information, including without limitation the right to use such information to provide better service to Website visitors, customize the Website based on your preferences, compile and analyze statistics and trends, and otherwise administer and improve this Website for your use. We reserve the right to share this anonymous, passive information in aggregated form.

  1. Use of Third Party Cookies.

We reserve the right to use web analytics services provided by third parties. These web analytics services use their own cookies that collect anonymous, passive information about your use of this Website (see explanation of cookies in Collection of Anonymous, Passive Information above). We use this information for the purpose of evaluating your use of this Website, compiling reports on Website activity, and providing you with services. These web analytics services may also transfer this information to third parties if required to do so by law. We do not have access or control over such cookies.

  1. Collection of Personal Information. 

“Personal Information,” also known as personal data or personally identifiable information, is any information related to an identifiable person.

Company may collect Personal Information from you when you: 

  • sign up for an account;
  • fill out a survey or request a Demo form; and
  • reach out to the Company via Contact Form, Support Form, or Intercom Form. 

Personal Information we may collect: name, physical address, email address, phone number, company name, profile picture and any Personal Information you choose to provide to us voluntarily. 

When you try to sign up to be our partner, we may collect the following company information from you: company name (name of parent company if this one is a division or subsidiary), type of business, primary contact details, tax ID, contact information of your legal support, and other company related information. 

Please keep in mind that we do not collect your payment information. When you make a payment via the Website, our partner BrainTree collects and processes that information on our behalf. 

Using and Sharing Your Personal Information: General Policy and Exceptions.

6.1 Company may use Personal Information for responding to and processing inquiries, orders and service requests or generally for any other purpose related to the original purpose for which the Personal Information was collected. Company also may use Personal Information to support your relationship with Company by designing services suitable to your needs, as well as to provide general product or service support and updates, and/or to alert you about new product or service offerings as they become available. This Information may also be used to provide you with notices about your purchases, your use of the products or services, and to carry out Company’s obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection purposes.

We will not share, sell, or rent your Personal Information to others. The only exceptions to this general policy: (i) are described in the subsections below, and (ii) if you explicitly approve such usage through our Website. We may at times combine your Personal Information with passively collected information in order to personalize this Website and offers we may present to you, but we will only do so where and to the extent explicitly approved by you.

6.2 Affiliates and Service Providers.

We reserve the right to provide Personal Information to our affiliates or subsidiaries, or trusted service providers for the purpose of payment processing, hosting our servers or processing or archiving Personal Information for us. We require that these parties agree to privacy and security safeguards for such Personal Information that are consistent with this Privacy Policy. These companies are authorized to use your Personal Information only as necessary to provide these services to us.

6.3 Acquisition; Bankruptcy.

In the event that we are acquired by or merged with a third party entity, we reserve the right to transfer such Personal Information as part of such merger, acquisition, sale, or other change of control. In the unlikely event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we reserve the right to transfer such Personal Information to protect our rights or as required by law. You will be notified via email and/or a prominent notice on our Website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.

6.4 Enforcement; Legal Process.

Company reserves the right to transfer such information if we have a strong belief that access, usage, preservation or disclosure of such information is reasonably necessary (i) to satisfy any applicable law, regulation, legal process or enforceable governmental request,(ii) to investigate or enforce violations of our rights or the security of our Website, or (iii) to protect your safety or the safety of others.

  1. Your Content

“Your Content” shall mean your email messages, files, contact lists, calendars, and metadata. Company will not view, access or use Content, including Personal Information within Content, except as needed to actually provide our products or services, as authorized by you in connection with product or service support.  Depending on the products and services you request, we may require you to provide us with  full access to your Content. Sometimes we may only need “read only” or “edit” permissions. We request access to your Content in order to perform services like Backup, Recovery, Scanning, Monitoring, Blocklist/Allow List Management, User management, etc. Please keep in mind that Company is not a data controller (as defined under EU  GDPR) of any Content.

In the course of providing product or service support requested by a Customer, Company may have incidental access to Content. Any Customer request for product or service support will be deemed express permission for us to access your Content as needed for the limited purposes of providing the requested product or service support. 

Moreover, our automated system analyzes your Content to provide you with relevant product or service features such as sensitive data search, incident response monitoring results, data audit results, and ransomware detection. This analysis occurs during the backup process.

We highly recommend all account owners including SB Staff members to not store within their accounts in any form, be it via a table, script, function, file, pdf, image or any other means: Social Security Numbers (SSNs), credit card numbers, passport numbers, bank account numbers or bank account routing numbers.

  1. Transfer of Personal Information Outside Your Country of Residence.

Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this Privacy Policy. We also comply with certain legal frameworks relating to the transfer of data, such as the European frameworks described below.

Any Personal Information which we may collect on this Website will be stored and processed in our servers located in the United States, Australia, and Europe. If you reside outside of these areas, by using this Website you consent to the transfer of Personal Information outside your country of residence.

  1. Data Protection & Security.

We follow generally accepted industry standards to protect your Personal Information. To read more on how we protect your Personal Information please visit our Data Protection and Security page. 

Unfortunately, no data transmission over the Internet or method of data storage can guarantee 100% protection. While we strive to protect your Personal Information by following generally accepted industry standards, we cannot ensure or warrant the absolute security of any information you transmit to us. 

  1. Data Retention.

We will only keep your Personal Information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements) or up until such time when you withdraw your consent for processing it. When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it, or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

  1. Marketing Emails, Other Communications & Opt-Out Option. 

With your consent you will receive updates, newsletters, surveys, offers, ads and other promotional materials from us via your email. You may indicate a preference to stop receiving further communications or notifications from us by following the unsubscribe link provided in the email you receive. Despite your indicated preferences, we may send you service related communication, including notices of any updates to Website’s Terms of Service, Privacy Policy, or other statements.

  1. Links to Other Sites Including Online Ads.

Occasionally, at our discretion, we may include or offer ads on our Website. These ads may contain links that would lead to third party or affiliate websites. We encourage you to read privacy policies of such third parties or affiliates before buying any product or service from them. Nonetheless, we seek to protect the integrity of our Website and services and welcome any feedback about these third party websites.

  1. Blog; Support Form; Feedback.

Our Website offers publicly accessible blog, when anyone can leave a comment. You should be aware that any information you provide in a comment may be read, collected, and used by the public. To request removal of your Personal Information from our blog, contact us at privacy@spin.ai. In some cases, we may not be able to remove your Personal Information, in which case we will let you know that we are unable to do so and why.

We also have a Support Form, where you may leave any comment to us. If you leave any feedback, review, or suggestion about the Website or our products and services (collectively, “Feedback”) via the Website, phone or email, you hereby assign to Company all rights in the Feedback and agree that Company shall have the right to use such Feedback and related information in any manner it deems appropriate. We will treat any Feedback you provide to us as non-confidential and non-proprietary. You agree that you will not submit to us any information or ideas that you consider to be confidential or proprietary.

  1. Social Media Features

Some parts of our Website includes social media features, such as the Facebook Like button and widgets, such as the Share This button or interactive mini-programs that run on our Website. These features may collect your IP address, and tell us which pages you are visiting on our Website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party. Your interactions with these features are governed by the privacy policy of the companies providing it.

  1.  Children’s Online Policy.

We are committed to protecting children’s Personal Information and comply with the strictest privacy laws (COPPA, EU GDPR, UK GDPR) out there. We do not knowingly collect or solicit Personal Information from anyone under the age of majority. If you are a minor, please do not send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected Personal Information from a minor, we will delete that information as quickly as possible. Please contact us if you believe we may have collected information from a minor.

  1. EU-U.S., the UK Extension to the EU-U., and Swiss-U.S. Data Privacy Framework.

Company complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Company has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  Company has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Company is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). You may also refer a complaint to your local data protection authority and we will work with them to resolve your concern. In certain circumstances, the Data Privacy Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Data Privacy Framework Principles. 

  1. Model Contract Clauses. 

The European Commission has approved the use of model contract clauses as a means of ensuring adequate protection when transferring data outside of the EEA. By incorporating model contract clauses into a contract established between the parties transferring data, personal data is considered protected when transferred outside the EEA or the UK to countries which are not covered by an adequacy decision. We rely on these model contract clauses for data transfers. 

  1. Your Rights Under EU and UK GDPR.  

The European General Data Protection Regulation (“GDPR”) is a regulation in EU law on data protection and privacy for all natural persons accessing the Internet from the European Union and the European Economic Area, whatever their nationality or place of residence is. It also addresses the transfer of personal data outside the EU and EEA areas. 

Because the UK left the UE, the UK now has its own version of GDPR known as the UK-GDPR. It is almost identical to EU GDPR. Therefore, we combined the rights of those who access or use this Website from the European Union, the European Economic Area, and the UK under one section. 

If you are accessing and using the Website from the European Union, the European Economic Area, or the UK, you have the following rights with regard to your Personal Information:

  1. the right to be informed about what kind of information about you is collected, stored, processed and disclosed by us (that is why we have compiled this Privacy Policy for you);
  2. the right of access (you can request us to provide you verbally or in writing with the type of information we store about you and we have a month to respond to your request); 
  3. the right to rectify (amend/correct) any Personal Information about you that is inaccurate;
  4. the right to erasure (some conditions apply, see Data Retention section below);
  5. the right to restrict processing your Personal Information, however, if you restrict us from processing a part of your Personal Information that is essential to our provision of the Website, you may be asked to terminate your subscription or services and stop using the Website;
  6. the right to data portability (the right to data portability allows users of the Website to obtain and reuse their Personal Information for their own purposes across different services; you may request us to transmit your Personal Information directly from our servers to another company’s servers and we will do so if it is technically feasible);
  7. the right to object (for example, you have an absolute right to stop us from using your Personal Information for direct marketing – read our opt-out instructions below; you may express your objection verbally or in writing and we have a month to respond to any such objection; we might still continue processing your Personal Information if we are able to show that we have a compelling reason for doing so);
  8. the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that affects you significantly.

We represent and warrant that your Personal Information is:

  1. processed lawfully, fairly and transparently;
  2. collected only for specific legitimate purposes; 
  3. collection of personal data is adequate, relevant and limited to what is necessary;
  4. accurate and kept up to date (with your help); 
  5. stored only as long as is necessary; and
  6. is secure and kept in confidence.

Data Retention: Generally, your Personal Information will be erased when (i) it is no longer needed for its original processing purpose, (ii) you withdraw your consent for us to store by deleting your Account, (iii) there is no preferential justified reason for the processing of your Personal Information and you object to our processing of your Personal Information, or (iv) erasure of your Personal Information is required in order to fulfill a statutory obligation under the UK law, EU law or the right of the EU Member States. Therefore, we will make sure your Personal Information will be erased under all of the above-mentioned circumstances. You may request us to erase your Personal Information verbally or in writing and we have one (1) month to respond to any such request. 

Data Breach Notification: Should there be a personal data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we will notify you and appropriate supervisory authority without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it.

  1. Changing, Deleting And Updating Personal Information.

Upon request, we will permit you to request or make changes or updates or delete your Personal Information. We request identification prior to approving such requests. We reserve the right to permit you to access your Personal Information in any account you establish within our Website for purposes of making your own changes or updates. Should you need to make any changes to your Personal information, you may send us your request by contacting us at privacy@spin.ai

  1.  Independent Recourse Mechanism

In compliance with the Data Privacy Framework Principles, Spin Technology commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Spin Technology at: privacy@spin.ai

Spin Technology has further committed to refer unresolved Data Privacy Framework complaints to Judicial Arbitration and Mediation Services, Inc (JAMS), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/ for more information or to file a complaint. The services of JAMS are provided at no cost to you.