Effective date: December 19, 2022
The short version
Of course, the short version and the Summary below don’t tell you everything, so please read on for more details.
What personal information Gretel collects
Personal information users provide directly to Gretel
We require some basic personal information at the time of account creation, such as your email address. When you initially register for Gretel, we ask you to connect with a valid GitHub or Gmail account and email address.
If you sign on to a paid account with us, we collect your full name, address, and credit card information. Please note, Gretel does not process or store your credit card information, but our third-party payment processor does.
You may choose to give us more information for your account profile, such as your full name, an avatar which may include a photograph, your biography, your location, your company, and a URL to a third-party website. This information may include personal information. Please note that your profile information may be visible to other users of our Services.
Personal information Gretel automatically collects from your use of the Services
If you have a paid account with us, we automatically collect certain information about your transactions on the Services, such as the date, time, and amount charged.
We may automatically collect information regarding your use of our Services, such as the pages you view, the referring site, your IP address and session information, and the date and time of each request. This is information we collect from every visitor to our website, whether they have an account or not. This information may include personal information.
Cookies and Similar Technologies Information
We may collect certain information about your device, such as its IP address, browser or client application information, language preference, operating system and application version, device type and ID, and device model and manufacturer. This information may include personal information.
Personal information we collect from third parties
Gretel may collect personal information from third parties. For example, we collect name and email address data when you register via a GitHub or Gmail account. Gretel does not purchase personal information from third-party data brokers.
Social media platforms
What personal information Gretel does not collect
We do not intentionally collect “Sensitive Personal Information”, such as personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. If you choose to store any Sensitive Personal Information on our servers, you are responsible for complying with any regulatory controls regarding that data.
If you are a child under the age of 13, you may not have an account on Gretel. Our Service is not directed to children under 13 (or other ages as required by local law), and Gretel does not knowingly collect personal information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will have to delete any personal information we have collected from you, unless we have a legal obligation to keep it, and to close your account. We don’t want to discourage you from learning to code, but those are the rules. Please see our Terms of Service for information about account termination. Different countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not have an account on Gretel.
If you are a parent or guardian and believe your child has uploaded personal information to Gretel without your consent, you may contact us as described in “Contacting Gretel” below.
We do not intentionally collect personal information that is stored in your data projects or other free-form content inputs. Any personal information within a user’s data project is the responsibility of the data project owner.
How Gretel uses your personal information
- We may use your information for the following purposes:
- We use your registration information to create your Account, and to provide you the Services.
- We use your payment information to provide you with the paid Services, or any other Gretel paid service you request.
- We use your personal information, specifically your username, to identify you on Gretel.
- We use your profile information to fill out your account profile and to share that profile with other users if you ask us to.
- We use your personal information to respond to support requests.
- We use your personal information and other data to make recommendations for you, such as to suggest projects you may want to follow or contribute to.
- We may use your personal information to invite you to take part in surveys, beta programs, or other research projects, subject, where required by law, to your consent .
- We use your usage information and device information to better understand how our users use Gretel and to improve our Services.
- We may use your personal information if it is necessary for security purposes or to investigate possible fraud or attempts to harm Gretel or our users.
- We may use your personal information to comply with our legal obligations, protect our intellectual property, and enforce our Terms of Service.
Our legal bases for processing personal information
To the extent that our processing of your personal information is subject to certain international laws (including, but not limited to, the European Union’s General Data Protection Regulation (GDPR)), Gretel is required to notify you about the legal basis on which we process personal information. Gretel processes personal information on the following legal bases:
- When you create a Gretel account, you provide your registration information. We require this information for you to enter into the Terms of Service agreement with us, and we process that information on the basis of performing that contract. We also process your username and email address on other legal bases, as described below.
- If you have a paid account with us, we collect and process additional payment information on the basis of performing that contract.
- We rely on your consent to use your personal information under the following circumstances: when you fill out the information in your user profile; when you decide to participate in a Gretel training, research project, beta program, or survey; and for marketing purposes, where applicable. All of this personal information provided for these purposes is entirely optional, and you have the ability to access, modify, and delete it at any time. You may withdraw your consent at any time.
- Generally, the remainder of the processing of personal information we perform is necessary for the purposes of our legitimate interest, for example, for legal compliance purposes, security purposes, or to maintain ongoing confidentiality, integrity, availability, and resilience of Gretel’s systems and Services.
If you would like to request deletion of personal information we process on the basis of consent or if you object to our processing of personal information, you may contact us at email@example.com . You can also force deletion of all data yourself by deleting your account and data projects directly via the Services.
How we share the information we collect
We may share your personal information with third parties under one of the following circumstances:
With your consent
We share your personal information, if you consent, after letting you know what information will be shared, with whom, and why.
With service providers
We share personal information with a limited number of service providers who process it on our behalf to provide or improve our Services. Our service providers perform payment processing, data hosting, customer support ticketing, network data transmission, security, and other similar services. Our service providers may process data outside of the United States or the European Union.
For security purposes
If you are an authorized User (as defined in the Gretel Subscription Services Agreement) of an organization that has purchased Gretel’s Services, Gretel may share your username, usage information, and device information associated with with an owner and/or administrator of such organization who has agreed to the Gretel Subscription Services Agreement or applicable customer agreements, to the extent that such information is provided only to investigate or respond to a security incident that affects or compromises the security of that particular organization.
For legal disclosure
Gretel strives for transparency in complying with legal process and legal obligations. Unless prevented from doing so by law or court order, or in rare, exigent circumstances, we make a reasonable effort to notify users of any legally compelled or required disclosure of their information. Gretel may disclose personal information or other information we collect about you to law enforcement if required in response to a valid subpoena, court order, search warrant, a similar government order, or when we believe in good faith that disclosure is necessary to comply with our legal obligations, to protect our property or rights, or those of third parties or the public at large.
We will retain your personal information for as long as your account is active or as long as needed to provide you the Services after which time it shall be deleted, subject to our right to retain and use such personal information necessary to comply with our legal obligations, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, and to enforce our agreements.
Change in control or sale
We may disclose or transfer your personal information if we are involved in a merger, sale, or acquisition of corporate entities or business units, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of personal information, and we will notify you on our Services or by email before any transfer of your personal information.
Aggregate, non-personally identifying information
We share certain aggregated, non-personally identifying information with others about how our users, collectively, use Gretel, or how our users respond to our other offerings and new features. For example, we may compile statistics on the API activity across Gretel.
Please note that some unrevised information may remain in our records after revision of such information or deletion of your account, or in cached and archived pages. Some information may remain viewable elsewhere to the extent that it was copied or stored by other users. We may use any aggregated data derived from or incorporating your personal information after you delete your information for usage activity, but not in a manner that would identify you personally.
Other important information
Data Project Content
Gretel personnel do not access private data projects unless required for security purposes, to assist the data project owner with a support matter, to maintain the integrity of the Services, to comply with our legal obligations, or as otherwise described in the Terms of Service.
What are cookies and other tracking technologies?
• Cookies. Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help us make the Services function properly, make it more secure, provide better user experience, and understand how the Gretel Services perform and to analyze what works and where it needs improvement.
• Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in our Services that collects information about engagement on our Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
How do we use Technologies?
The third-party Technologies used on our Services are mainly for understanding how the Services performs, how you interact with our Services, keeping our Services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our Services.
Our uses of these Technologies fall into the following general categories:
- Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular behavior on the Services, prevent fraudulent activity, improve security, or allow you to make use of our functionality;
- Performance-Related. We may use Technologies to assess the performance of our Website and Service, including as part of our analytic practices to help us understand how individuals use our Services;
- Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
- Advertising- or Targeting-Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third-party digital properties. Please see description in the table below for further details.
- Analytics. We may use Technologies and other third-party tools to process analytics information on our Services, e.g., evaluate our users’ use of Gretel, compile statistical reports on activity, and improve our content and Website performance. We also use our own internal analytics software to provide features and improve our content and performance. These Technologies allow us to better understand how our Services are used and to continually improve and personalize our Services. Please see description in the table below for further details.
Third-Party Technologies list
In addition to this, different browsers provide different methods to block and delete the placement of Technologies used by websites on your device. You can change the settings as your browser or device permits to block/delete the Technologies. Listed below are the links to the support documents on how to manage and delete Technologies from the major web browsers. However, if you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt out of personalized advertisements on some mobile applications by following the instructions for Android, iOS, and others.
If you are using any other web browser, please visit your browser’s official support documents.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.
How Gretel secures your information
Gretel takes all measures reasonably necessary to protect personal information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of personal information.
Gretel enforces a written information security program. Our program:
- aligns with industry-recognized frameworks;
- includes security safeguards reasonably designed to protect the confidentiality, integrity, availability, and resilience of our users’ data;
- is appropriate to the nature, size, and complexity of Gretel’s business operations;
- includes incident response and data breach notification processes; and
- complies with applicable information security-related laws and regulations in the geographic regions where Gretel does business.
By using our Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach impacting your personal information, we may attempt to notify you if required by law electronically by posting a notice on our Services, by mail, or by sending an email to you.
Transmission of data on Gretel is encrypted using HTTPS (TLS). Our service is hosted within Amazon Web Services utilizing a high level of physical and network security, and all data stored at rest is encrypted.
No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of personal information.
Your privacy choices and rights
- Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below. How we communicate with you. We use your email address to communicate with you including but not limited to promotional emails. For example, if you contact our Support team with a request, we respond to you via email. Depending on your settings, Gretel may occasionally send notification emails about changes in a data project you’re watching, new features, requests for feedback, important policy changes, or to offer customer support. We also send marketing emails, based on your choices and in accordance with applicable laws and regulations. There’s an “unsubscribe” link located at the bottom of each of the marketing emails we send you. Please note that you cannot opt out of receiving important communications from us, such as emails from our Support team or system emails, but you can configure your notifications settings in your profile to opt out of other communications. Our emails may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email.
- “Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Please note you must separately opt out in each browser and on each device.
Your Privacy Rights. In accordance with applicable law, you may have the right to:
- Access to and Portability of Your Personal Information, including: (i) confirming whether we are processing your Personal Information; (ii) obtaining access to or a copy of your personal information; and (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine-readable format (also known as the “right of data portability”);
- Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;
- Request Deletion of your personal information;
- Request Restriction of or Object to our processing of your personal information where the processing of your personal information is based on our legitimate interest or for direct marketing purposes; and
- Withdraw your Consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing, and will not affect the lawfulness of processing before the withdrawal.
- Lodge Complaint with Supervisory Authority. If your personal information is subject to the applicable data protection laws of the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority or attorney general if you believe our processing of your personal information violates applicable law.
- EEA Data Protection Authorities (DPAs)
- Swiss Federal Data Protection and Information Commissioner (FDPIC)
- UK Information Commissioner’s Office (ICO)
If you would like to exercise any of these rights, please contact us at firstname.lastname@example.org. We will process such requests in accordance with applicable laws.
International data transfers
All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.
If we transfer personal information that originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.
For more information about the safeguards we use for international transfers of your personal information, please contact us at email@example.com
Supplemental notice for California residents
This Supplemental California Privacy Notice only applies to our processing of Personal Information that is subject to the California Consumer Privacy Act of 2018, as updated by the California Privacy Rights Act (once effective on January 1, 2023), together with its implementing regulations (collectively, the “CCPA”). The CCPA provides California residents with the right to know what categories of personal information Gretel has collected about them and whether Gretel disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months. California residents can find this information below:
The categories of sources from which we collect Personal Information and our business and commercial purposes for using Personal Information are set forth in “What personal information Gretel collects” and “How Gretel uses your personal information” above, respectively.
“Sales” of Personal Information under the CCPA
In the preceding twelve months, Gretel has not “sold” any personal information (as defined by the CCPA), nor does Gretel have actual knowledge of any “sale” of Personal Information of minors under 16 years of age.
Cross-Context Behavioral Advertising under the CCPA
Additional Privacy Rights for California Residents
Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us as set forth in “Contacting Gretel” below.
Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling your request. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, or to answer questions regarding your Account and use of our Service.
If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth in “Contacting Gretel” below. We will process such requests in accordance with applicable laws.
De-Identified Information. If we create or receive de-identified information, we will not attempt to reidentify such information, except to comply with applicable law.
California Shine the Light. The California “Shine the Light” law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties.
Supplemental notice for Nevada residents
If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at firstname.lastname@example.org with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in “Contacting Gretel” below.
If you have concerns about the way Gretel is handling your User Personal Information, please let us know immediately. We want to help. You may contact us at email@example.com with the subject line “Privacy Concerns.” We will respond promptly.
Gretel Labs, Inc.
8910 University Center Lane, Suite 400
San Diego, CA 92122