Gretel Privacy Policy

Effective date: December 19, 2022

Thanks for entrusting Gretel Labs, Inc. (“Gretel”, “we,” “us” or “our”) with your data, your projects, and your personal information. Holding on to your private information is a serious responsibility, and we want you to know how we’re handling it. To make this Privacy Policy easier to read, our websites, products and services and other offerings are collectively called the “Services.” 

The short version

As described below: We use your personal information as this Privacy Policy describes. No matter where you are, where you live, or what your citizenship is, we provide a high standard of privacy protection to all our users around the world, regardless of their country of origin or location.

Of course, the short version and the Summary below don’t tell you everything, so please read on for more details.

What personal information Gretel collects

Personal information users provide directly to Gretel

Registration Information

We require some basic personal information at the time of account creation, such as your email address. When you initially register for Gretel, we ask you to connect with a valid GitHub or Gmail account and email address.

Payment Information

If you sign on to a paid account with us, we collect your full name, address, and credit card information. Please note, Gretel does not process or store your credit card information, but our third-party payment processor does.

Profile Information

You may choose to give us more information for your account profile, such as your full name, an avatar which may include a photograph, your biography, your location, your company, and a URL to a third-party website. This information may include personal information. Please note that your profile information may be visible to other users of our Services.

Personal information Gretel automatically collects from your use of the Services

Transactional Information

If you have a paid account with us, we automatically collect certain information about your transactions on the Services, such as the date, time, and amount charged.

Usage Information

We may automatically collect information regarding your use of our Services, such as the pages you view, the referring site, your IP address and session information, and the date and time of each request. This is information we collect from every visitor to our website, whether they have an account or not. This information may include personal information.

Cookies and Similar Technologies Information

As further described below, in the “Our use of cookies and tracking” section, we may automatically collect information from cookies and similar Technologies (such as cookie ID and settings) to keep you logged in, to remember your preferences, and to identify you and your device.

Device Information

We may collect certain information about your device, such as its IP address, browser or client application information, language preference, operating system and application version, device type and ID, and device model and manufacturer. This information may include personal information.

Personal information we collect from third parties

Gretel may collect personal information from third parties. For example, we collect name and email address data when you register via a GitHub or Gmail account. Gretel does not purchase personal information from third-party data brokers.

Social media platforms 

Our Services may contain social media buttons or links, such as Discord, GitHub, Twitter, LinkedIn, YouTube, which might include widgets such as the “share this” button or other interactive mini programs). These features may collect personal information such as your IP address and which page you are visiting on our Services, and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policy of the company providing it.

What personal information Gretel does not collect

We do not intentionally collect “Sensitive Personal Information”, such as personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. If you choose to store any Sensitive Personal Information on our servers, you are responsible for complying with any regulatory controls regarding that data.

If you are a child under the age of 13, you may not have an account on Gretel. Our Service is not directed to children under 13  (or other ages as required by local law), and Gretel does not knowingly collect personal information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will have to delete any personal information we have collected from you, unless we have a legal obligation to keep it, and to close your account. We don’t want to discourage you from learning to code, but those are the rules. Please see our Terms of Service for information about account termination. Different countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not have an account on Gretel.

If you are a parent or guardian and believe your child has uploaded personal information to Gretel without your consent, you may contact us as described in “Contacting Gretel” below. 

We do not intentionally collect personal information that is stored in your data projects or other free-form content inputs. Any personal information within a user’s data project is the responsibility of the data project owner.

How Gretel uses your personal information

  • We may use your information for the following purposes:
  • We use your registration information to create your Account, and to provide you the Services.
  • We use your payment information to provide you with the paid Services, or any other Gretel paid service you request.
  • We use your personal information, specifically your username, to identify you on Gretel.
  • We use your profile information to fill out your account profile and to share that profile with other users if you ask us to.
  • We use your personal information to respond to support requests.
  • We use your personal information and other data to make recommendations for you, such as to suggest projects you may want to follow or contribute to. 
  • We may use your personal information to invite you to take part in surveys, beta programs, or other research projects, subject, where required by law, to your consent .
  • We use your usage information and device information to better understand how our users use Gretel and to improve our Services.
  • We may use your personal information if it is necessary for security purposes or to investigate possible fraud or attempts to harm Gretel or our users.
  • We may use your personal information to comply with our legal obligations, protect our intellectual property, and enforce our Terms of Service.
  • We limit our use of your personal information to the purposes listed in this Privacy Policy. If we need to use your personal information for other purposes, we will ask your permission first.

Our legal bases for processing personal information

To the extent that our processing of your personal information is subject to certain international laws (including, but not limited to, the European Union’s General Data Protection Regulation (GDPR)), Gretel is required to notify you about the legal basis on which we process personal information. Gretel processes personal information on the following legal bases:

Contract Performance:

  • When you create a Gretel account, you provide your registration information. We require this information for you to enter into the Terms of Service agreement with us, and we process that information on the basis of performing that contract. We also process your username and email address on other legal bases, as described below.
  • If you have a paid account with us, we collect and process additional payment information on the basis of performing that contract.

Consent:

  • We rely on your consent to use your personal information under the following circumstances: when you fill out the information in your user profile; when you decide to participate in a Gretel training, research project, beta program, or survey; and for marketing purposes, where applicable. All of this personal information provided for these purposes is entirely optional, and you have the ability to access, modify, and delete it at any time. You may withdraw your consent at any time.

Legitimate Interests:

  • Generally, the remainder of the processing of personal information we perform is necessary for the purposes of our legitimate interest, for example, for legal compliance purposes, security purposes, or to maintain ongoing confidentiality, integrity, availability, and resilience of Gretel’s systems and Services.

If you would like to request deletion of personal information we process on the basis of consent or if you object to our processing of personal information, you may contact us at security@gretel.ai . You can also force deletion of all data yourself by deleting your account and data projects directly via the Services.

How we share the information we collect

We may share your personal information with third parties under one of the following circumstances:

With your consent

We share your personal information, if you consent, after letting you know what information will be shared, with whom, and why. 

With service providers

We share personal information with a limited number of service providers who process it on our behalf to provide or improve our Services. Our service providers perform payment processing, data hosting, customer support ticketing, network data transmission, security, and other similar services. Our service providers may process data outside of the United States or the European Union.

For security purposes

If you are an authorized User (as defined in the Gretel Subscription Services Agreement) of an organization that has purchased Gretel’s Services, Gretel may share your username, usage information, and device information associated with with an owner and/or administrator of such organization who has agreed to the Gretel Subscription Services Agreement or applicable customer agreements, to the extent that such information is provided only to investigate or respond to a security incident that affects or compromises the security of that particular organization.

For legal disclosure

Gretel strives for transparency in complying with legal process and legal obligations. Unless prevented from doing so by law or court order, or in rare, exigent circumstances, we make a reasonable effort to notify users of any legally compelled or required disclosure of their information. Gretel may disclose personal information or other information we collect about you to law enforcement if required in response to a valid subpoena, court order, search warrant, a similar government order, or when we believe in good faith that disclosure is necessary to comply with our legal obligations, to protect our property or rights, or those of third parties or the public at large.

Retention

We will retain your personal information for as long as your account is active or as long as needed to provide you the Services after which time it shall be deleted, subject to our right to retain and use such personal information necessary to comply with our legal obligations, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, and to enforce our agreements.

Change in control or sale

We may disclose or transfer your personal information if we are involved in a merger, sale, or acquisition of corporate entities or business units, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of personal information, and we will notify you on our Services or by email before any transfer of your personal information. 

Aggregate, non-personally identifying information

We share certain aggregated, non-personally identifying information with others about how our users, collectively, use Gretel, or how our users respond to our other offerings and new features. For example, we may compile statistics on the API activity across Gretel.

Please note that some unrevised information may remain in our records after revision of such information or deletion of your account, or in cached and archived pages. Some information may remain viewable elsewhere to the extent that it was copied or stored by other users. We may use any aggregated data derived from or incorporating your personal information after you delete your information for usage activity, but not in a manner that would identify you personally.

Other important information

Data Project Content

Gretel personnel do not access private data projects unless required for security purposes, to assist the data project owner with a support matter, to maintain the integrity of the Services, to comply with our legal obligations, or as otherwise described in the Terms of Service. 

Our use of cookies and tracking

What are cookies and other tracking technologies?

This part of the Privacy Policy explains what cookies, pixel tags, and other tracking technologies  (collectively, “Technologies”) are and how we use them, the types of Technologies we use, i.e., the information we automatically collect through your use of our Services and using these Technologies, how that information is used, and how to manage the cookie settings.

• Cookies. Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser. These cookies help us make the Services function properly, make it more secure, provide better user experience, and understand how the Gretel Services perform and to analyze what works and where it needs improvement.

• Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in our Services that collects information about engagement on our Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.

How do we use Technologies?

Gretel uses cookies to make interactions with our service easy and meaningful. Like most online services, our Service uses first-party and third-party Technologies for several purposes. First-party Technologies are mostly necessary for the Services to function the right way, and they do not collect any of your personal information. 

The third-party Technologies used on our Services are mainly for understanding how the Services performs, how you interact with our Services, keeping our Services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our Services.

Our uses of these Technologies fall into the following general categories:

  • Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular behavior on the Services, prevent fraudulent activity, improve security, or allow you to make use of our functionality;
  • Performance-Related. We may use Technologies to assess the performance of our Website and Service, including as part of our analytic practices to help us understand how individuals use our Services;
  • Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
  • Advertising- or Targeting-Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third-party digital properties. Please see description in the table below for further details. 
  • Analytics. We may use Technologies and other third-party tools to process analytics information on our Services, e.g., evaluate our users’ use of Gretel, compile statistical reports on activity, and improve our content and Website performance. We also use our own internal analytics software to provide features and improve our content and performance. These Technologies allow us to better understand how our Services are used and to continually improve and personalize our Services. Please see description in the table below for further details.

Third-Party Technologies list

Who serves it What it does More information
Google Analytics Analytics - We use Google Analytics to analyze the use of our website. For more information about Google’s privacy practices, please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your information, please click here.
Hotjar Analytics - We use Hotjar’s session replay analytics services to record your interaction with our website. For more information about how Hotjar uses your personal information, please visit the “Personal Data collected from a visitor of a Hotjar Enabled Site” section of Hotjar’s Privacy Policy. To learn more about how to opt-out of Hotjar’s use of your information, please click here.
Google Ads Advertising - We use Google Ads to track advertisements and measure website visits and conversions. For more information about opting out of the ads, see https://adssettings.google.com/u/0/authenticated
LinkedIn Advertising - We use LinkedIn to track conversions and website visits from our advertisements displayed on LinkedIn. For more information about LinkedIn’s privacy practices, please see https://www.linkedin.com/legal/privacy-policy
Facebook Advertising - We use Facebook to track conversions and website visits from our advertisements displayed on Facebook. For more information about Facebook’s privacy practices, please visit Facebook’s Data Policy
To learn more about how to opt-out of Facebook’s use of your information, please click here while logged in to your Facebook account.
Twitter Advertising - We use Twitter to track conversions and website visits from our advertisements displayed on Twitter. For more information about Twitter’s privacy practices, please see: https://twitter.com/en/privacy
HubSpot Analytics - We use HubSpot for marketing automations and analytics. Learn more through HubSpot’s privacy policy: https://legal.hubspot.com/privacy-policy

In addition to this, different browsers provide different methods to block and delete the placement of Technologies used by websites on your device. You can change the settings as your browser or device permits to block/delete the Technologies. Listed below are the links to the support documents on how to manage and delete Technologies from the major web browsers. However, if you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt out of personalized advertisements on some mobile applications by following the instructions for Android, iOS, and others.

Chrome: https://support.google.com/accounts/answer/32050

Safari: https://support.apple.com/en-in/guide/safari/sfri11471/mac

Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectslug=delete-cookies-remove-info-websites-stored&redirectlocale=en-US

Internet Explorer: https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc

If you are using any other web browser, please visit your browser’s official support documents. 

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.

How Gretel secures your information

Gretel takes all measures reasonably necessary to protect personal information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of personal information.

Gretel enforces a written information security program. Our program:

  • aligns with industry-recognized frameworks;
  • includes security safeguards reasonably designed to protect the confidentiality, integrity, availability, and resilience of our users’ data;
  • is appropriate to the nature, size, and complexity of Gretel’s business operations;
  • includes incident response and data breach notification processes; and
  • complies with applicable information security-related laws and regulations in the geographic regions where Gretel does business.

By using our Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach impacting your personal information, we may attempt to notify you if required by law electronically by posting a notice on our Services, by mail, or by sending an email to you.

Transmission of data on Gretel is encrypted using HTTPS (TLS). Our service is hosted within Amazon Web Services utilizing a high level of physical and network security, and all data stored at rest is encrypted.

No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of personal information.

Your privacy choices and rights 

  • Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below. How we communicate with you. We use your email address to communicate with you including but not limited to promotional emails. For example, if you contact our Support team with a request, we respond to you via email.  Depending on your settings, Gretel may occasionally send notification emails about changes in a data project you’re watching, new features, requests for feedback, important policy changes, or to offer customer support. We also send marketing emails, based on your choices and in accordance with applicable laws and regulations. There’s an “unsubscribe” link located at the bottom of each of the marketing emails we send you. Please note that you cannot opt out of receiving important communications from us, such as emails from our Support team or system emails, but you can configure your notifications settings in your profile to opt out of other communications. Our emails may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email.
  • “Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

Please note you must separately opt out in each browser and on each device. 

Your Privacy Rights.  In accordance with applicable law, you may have the right to:

  • Access to and Portability of Your Personal Information, including: (i) confirming whether we are processing your Personal Information; (ii) obtaining access to or a copy of your personal information; and (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine-readable format (also known as the “right of data portability”);
  • Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;
  • Request Deletion of your personal information; 
  • Request Restriction of or Object to our processing of your personal information where the processing of your personal information is based on our legitimate interest or for direct marketing purposes; and
  • Withdraw your Consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing, and will not affect the lawfulness of processing before the withdrawal.
  • Lodge Complaint with Supervisory Authority.  If your personal information is subject to the applicable data protection laws of the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority or attorney general if you believe our processing of your personal information violates applicable law.
  1. EEA Data Protection Authorities (DPAs)
  2. Swiss Federal Data Protection and Information Commissioner (FDPIC)
  3. UK Information Commissioner’s Office (ICO)

If you would like to exercise any of these rights, please contact us at security@gretel.ai. We will process such requests in accordance with applicable laws.

International data transfers  

All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.

If we transfer personal information that originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses. 

For more information about the safeguards we use for international transfers of your personal information, please contact us at security@gretel.ai

Supplemental notice for California residents 

This Supplemental California Privacy Notice only applies to our processing of Personal Information that is subject to the California Consumer Privacy Act of 2018, as updated by the California Privacy Rights Act (once effective on January 1, 2023), together with its implementing regulations (collectively, the “CCPA”). The CCPA provides California residents with the right to know what categories of personal information Gretel has collected about them and whether Gretel disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months. California residents can find this information below:

Category of Personal Information Collected by Gretel Category of Third Parties Personal Information is Disclosed to for a Business Purpose Is the Personal Information Shared with Any Third Parties for Cross-Context Behavioral Advertising?
Identifiers
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
- Advertising networks
- Data analytics providers
- Service providers
Yes, to advertising networks but only for the purpose of understanding how you are interacting with our website
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
A name, address, credit card number, debit card number, or any other financial information. Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. Note: Some personal information included in this category may overlap with other categories.
- Advertising networks
- Data analytics providers
- Service providers
Yes, to advertising networks but only for the purpose of understanding how you are interacting with our website
Commercial information
Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Advertising networks
- Data analytics providers
- Service providers
- Other Users/Public
Yes, to advertising networks but only for the purpose of understanding how you are interacting with our website
Geolocation data
Physical location or movements (e.g., zip code, IP address).
- Data analytics providers
No

The categories of sources from which we collect Personal Information and our business and commercial purposes for using Personal Information are set forth in “What personal information Gretel collects” and “How Gretel uses your personal information” above, respectively.

“Sales” of Personal Information under the CCPA

In the preceding twelve months, Gretel has not “sold” any personal information (as defined by the CCPA), nor does Gretel have actual knowledge of any “sale” of Personal Information of minors under 16 years of age. 

Cross-Context Behavioral Advertising under the CCPA 

California residents have the right to opt out of the “sharing” of their Personal Information for “cross-context behavioral advertising” (as such terms are defined in the CCPA). Gretel may share your personal information for “cross-context behavioral advertising” when it uses advertising partners that set Technologies on your device for “interest-based” or “personalized advertising.” More details can be found above in Our use of cookies and tracking. 

You may opt-out of Gretel’s sharing of your Personal Information for cross-context behavioral advertising by selecting “Do Not Share My Personal Information” in the cookie policy banner and by turning off all advertising-based cookies.

Additional Privacy Rights for California Residents

Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.     

Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us as set forth in “Contacting Gretel” below.

Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling your request. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, or to answer questions regarding your Account and use of our Service.

If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth in “Contacting Gretel” below. We will process such requests in accordance with applicable laws.     

De-Identified Information. If we create or receive de-identified information, we will not attempt to reidentify such information, except to comply with applicable law.

Accessibility. This Privacy Policy uses industry-standard technologies and was developed in line with the World Wide Web Consortium’s Web Content Accessibility Guidelines, version 2.1. If you wish to print this policy, please do so from your web browser or by saving the page as a PDF.

California Shine the Light. The California “Shine the Light” law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties.     

Supplemental notice for Nevada residents 

If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at security@gretel.ai with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in “Contacting Gretel” below.

Resolving complaints

If you have concerns about the way Gretel is handling your User Personal Information, please let us know immediately. We want to help. You may contact us at security@gretel.ai with the subject line “Privacy Concerns.” We will respond promptly.

Changes to our Privacy Policy

Although most changes are likely to be minor, Gretel may change our Privacy Policy from time to time. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. For changes to this Privacy Policy that are not material changes or that do not affect your rights, we encourage users to check our Services and this Privacy Policy frequently. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use our Services after the new Privacy Policy takes effect.

Contacting Gretel

Questions regarding Gretel’s Privacy Policy or information practices should be directed to: 

Gretel Labs, Inc. 
Legal/Privacy Department
8910 University Center Lane, Suite 400
San Diego, CA 92122
security@gretel.ai