Privacy Policy
PRIVACY POLICY
PRIVACY POLICY
ContractSafe LLC (“We”, “Our” or “Us”) is committed to protecting your privacy and providing you with a safe online experience. This Privacy Policy covers the collection, use and disclosure of information collected through the website https://www.contractsafe.com/ (“Site”) and the services offered through the Site and platform (“Services”). The use of information collected through our Services shall be limited to the purpose of providing the service for which you have engaged Us. By using the Site and Services, you consent to the data practices described in this policy.
PRIVACY PRINCIPLES
We take your privacy very seriously. That’s why we adhere to the following principles:
- Notice – We tell you what information we collect, how we use it, how our users and Customers use it and when and how we share it.
- Choice –We will offer individuals the opportunity to choose (opt-out) whether their Personal Data is (a) to be disclosed to a third party (other than our third party processors), or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
- Accountability for Onward Transfers. We take steps to gain assurances from our processors that they will safeguard Personal Data consistent with this policy and take steps against to stop disclosure in violation of this policy..
- We will take reasonable precautions to protect Personal Data in our possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
- Data Integrity & Purpose Limitation. We will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. We will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.
- Upon request, we will grant individuals reasonable access to Personal Data that we hold about them, and we will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
- Resource, Enforcement And Liability. We will conduct compliance audits of our relevant privacy practices to verify adherence to this policy. Any employee that we determine is in violation of this policy will be subject to disciplinary action up to and including termination of employment. We also have procedures for dispute resolution and binding arbitration in certain cases where a data subject believes that we have not complied with the law with respect to the application of our privacy policy.
WHAT DO WE COLLECT:
Cookies
When you visit our Site we use cookies, or similar technologies like single-pixel gifs and web beacons, to record and log data. We use both session-based and persistent cookies. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. They are unique and allow us to do site analytics and customization, among other similar things. If you access our Site through your browser, you can manage your cookie settings.
Use of Cookies
The Site uses “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your local storage by a Web page server. Cookies are useful to personalize your online experience.
Disabling Cookies
Most web browsers automatically accept cookies, but if you prefer, you can edit and manage your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to disable and manage your cookies settings. If you disable cookies you may still browse public areas of the Site, but some features and Services may not function.
For more information on how we use cookies and your choices, please refer to our Cookie Policy.
Personal Data Collected: Categories of Data
“Personal Data” means any information relating to or which can be reasonably connected to an identified or identifiable natural person. We collect Personal Data from users of the Services (“Customers”).
ContractSafe collects personally identifiable information, such as:
- First name
- Last name
- Institutional affiliation
- Email address
- Phone number
- User history
- Location (beacon)
- Time zone
- IP address
- User actions
- Credit card information by our third party processors for billing and invoice purposes
There is also information about your computer hardware and software that is automatically collected by ContractSafe on our website. This information can include your:
- IP address
- Browser type, domain names,
- Access times
- Referring Web site addresses
- User actions
This information, which does not identify individual users, is used by us for the operation of the Services, to maintain the quality of the Service, and to provide general statistics regarding use of the Site. We do not link this automatically-collected data to personally identifiable information except as set forth herein.
Data Provided by Customers Into ContractSafe’s Services
Data Collected through the ContractSafe Services via uploading of their contracts (“Content”) may include third party personally identifiable information collected and processed under the direction of our Customers, who are the controllers of that data. We have no ownership of this information of individuals whose personally identifiable information may be processed as part of the use of our Services.
An individual who seeks access to their data, seeks to correct, amend or delete inaccurate data or wishes to opt-out of or remove Personal Data provided by a ContractSafe Customer should direct his/her query to the ContractSafe Customer he/she interacts with directly (the data controller). If a ContractSafe Customer requests that we remove personally identifiable information on their behalf, we will respond to their request within 30 days.
ContractSafe may transfer personal information to other companies that help us provide our Services. Transfers to subsequent third parties are covered by the provisions in this policy regarding notice and choice and the service agreements with our Customers.
Customers who use the Services may submit the personal information of other individuals at their organization to register them as authorized users. It is the Customer’s obligation, as the data controller, to inform its authorized users about the purposes for which information about them is collected and may be used in the Services.
Customers who use the contractsafe.eu and contractsafe.ca services will have their Content stored within the European Union in Ireland and within Canada, respectively. Customers who use contractsafe.com will have their Content stored in the United States.
Log Files – Tracking Data
We and our third-party service providers may collect certain tracking information about your use of our Site and Services. For example, we collect:
- Log information (including your dates/time of access and related data)
- Cookies
HOW DO WE USE YOUR PERSONAL DATA?
Providing the Services
ContractSafe collects and uses your personal information to operate the ContractSafe Site and deliver the services you have requested. ContractSafe may also use your personally identifiable information to inform you of other products or services available from ContractSafe and its affiliates.
Customer Support
ContractSafe both directly and through its third party processors collect site analytics information detailed below and combine it with your email address and other information you provide using fields or sign-in for the purpose of providing customer service and follow up on the Services. ContractSafe may also access Content solely for the purpose of providing Customer Support.
Site Analytic Collection
ContractSafe collects certain information automatically and stores it in log files or other files. This information includes:
- IP addresses
- Browser type
- Internet service provider (ISP)
- Referring websites (e.g. search engines, Facebook, LinkedIn)
- Exit pages
- Operating system
- Date/time stamp
- Data Types
We use automated devices and applications, such as Google Analytics, to evaluate usage of our Site. We also may use other analytic means to evaluate, train and improve our Services that use or process the Services using Content . We use these tools to help us improve our Services, performance and user experiences.
Google Analytics
Google Analytics provides Us reports with website trends without identifying individual visitors. Site usage is tracked using Google Analytics in accordance with their Privacy Policy. However, if you do not want your data to be used by Google Analytics, you may opt-out by installing Google Analytics Opt-out Browser Add-on.
Passwords and Logins (Unique Identifier)
Passwords and usernames are used for user authentication.
Direct Marketing and Opt-Out
We use User Personal Data to communicate with you regarding the provision of the Services, but also to let you know about additional features and services we provide that may be of interest to you. If you do not wish to receive marketing communications, you may opt out at any time.
Opt-Out
You may also sign up for blog updates from our Web site. In both of these cases, we will use your name and email address to send these materials to you. You may choose to stop receiving these communications by following the unsubscribe instructions included in these emails, via our webform or you can contact us at:
Email: support@contractsafe.com
Phone: (310) 349-3193 or (877) 719-4500
Mail: 23823 Malibu Road, Suite 50-197, Malibu, CA 90265
INFORMATION SHARING
ContractSafe does not sell, rent or lease its customer lists to third parties. Further, we believe that we do not disclose your Personal Data to any third party in a manner that would be considered a “sale” under applicable laws. We will share your personal information with trusted third parties only in the ways that are described in this privacy policy.
Processing your payment
ContractSafe does not store your payment information. Customer subscription level is recorded in our application and passed to other systems only to verify the account for customer support purposes.
Assisted credit card transactions, used when Customers provide us with their credit card payment; ContractSafe will record the subscription level and provide the subscription level to Invoiced and Stripe, which processes the payment and renewals. ContractSafe does not store credit card information separately from Invoiced and Stripe. Access to Invoiced and Stripe is limited to key ContractSafe personnel; such access is personally identifiable to specific individuals and password protected to maintain control over access and preserve accountability for misuse.
Payments information is collected by our banking service providers, Chase and Silicon Valley Bank, in the course of receiving payments made by check/ACH.
Law Enforcement and Internal Operations
Personal Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary
- to respond to claims asserted against ContractSafe or to comply with the legal process (for example, discovery requests, subpoenas or warrants. However, please note that we have a policy of challenging government access to data in court prior to disclosing it and will attempt to notify data subjects of any such request, to the extent not prohibited by law. We will also endeavor to inform data exporters if we believe in good faith that we believe we can no longer comply with this commitment).
- to enforce or administer our policies and agreements with users;
- for fraud prevention, risk assessment, investigation, customer support, product development and de-bugging purposes;
- or to protect the rights, property or safety of ContractSafe's users or members of the general public.
We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to any third-party request to compel disclosure of your information.
Third-Parties
In addition, ContractSafe may share data with trusted partners and subprocessorsto help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to ContractSafe, and they are required to maintain the confidentiality of your information.
The following third party processors collect personal data directly on our behalf:
We use Cloudmailin to collect your Content and transmit it to be analyzed and stored by us as part of the Services. Cloudmailin does not store your Content. Processing takes place in the United States and the European Union. We have executed a data processing addendum with EU Standard Contractual Clauses with Cloudmailin.
We use HubSpot to collect data on forms and follow up on requests. Hubspot is a developer and marketer of software products for inbound marketing and sales. Its products and services provide tools for social media marketing, content management, web analytics and search engine optimization. As a data processor acting on our behalf, Hubspot analyzes your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information visit their privacy policy. Hubspot uses the following methods to authorize transborder data transfers into the United States for processing: EU Standard Contractual Clauses, Binding Corporate Rules.
We use Pendo to provide support information and services for our users. This includes the ability to store and track usage statistics. In particular, we utilize Pendo.io, Inc. (“Pendo”) to collect data for analytics and support purposes when you visit our Site or use our Services. As a data processor acting on our behalf, Pendo analyzes your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. We may also use Pendo as a medium for communications through messages within our product(s). Processing takes place in the United States. We have entered into a Data Processing Addendum with them. For more information on the privacy practices of Pendo, please visit their privacy policy. Pendo’s services are governed by Pendo’s terms of use.
We use Invoiced for subscription management and billing. We provide a limited amount of your information (such as billing information, subscription information, and payment history) to Invoiced, Inc. (“Invoiced”) for subscription management and billing purposes. Processing takes place in the United States. We have entered into a Data Processing Addendum with them. For more information on the privacy practices of Invoiced, please visit their privacy policy.
We utilize Stripe as a payment gateway for payments. Data Processing takes place in the United States. Users should review Stripe’s security policy before initiating transactions on the Site.
Business Transfer
ContractSafe may sell, transfer, merge or otherwise share some or all of its assets, including your Personal Data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. Under such circumstances, ContractSafe will use commercially reasonable efforts to notify its users if their personal information is to be disclosed or transferred and/or becomes subject to a different privacy policy.
SECURITY OF YOUR PERSONAL INFORMATION
How is my data protected?
ContractSafe secures your personal information from unauthorized access, use or disclosure. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. When sensitive information (such as log-in credentials) is submitted, it is protected through the use of encryption.
Reasonable administrative, technical, and physical security measures taken, include but are not limited to:
- SOC2 Type I certification
- Restricting access to Personal Data protected by passwords, which are restricted and revoked when staff departs
- Restricting access to Personal Data to key ContractSafe staff on a need to know basis
- Regular staff privacy and security training
- Requiring key contractors sign non-disclosure agreements (NDA’s)
- Continuous intrusion detection
- Daily vulnerability scans
- Regular penetration testing
- Regular backups at offsite location
- Web application firewall
- All data and passwords are encrypted
- Data is only available via SSL
- Data centers that are certified for ISO 27001, FedRAMP, DoD CSM.
- Malware detection
For more information on how we protect information, please go to our security statement.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the security of any information we store, process, or transmit.
YOUR CHOICES
Right to Review or Change Your Data
If your personal information changes, you may correct, update, amend, remove, or ask to have it removed by making the change on your user account settings page or by contacting us by phone or email at the contact information available on our Web site.
We will retain your information for as long as your account is active, as needed to provide you the Services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
If you are located in the European Economic Area (EEA) or the United Kingdom and you would like to review or change Personal Data that is not available through your profile, please contact us via our webform or at:
Email: support@contractsafe.com
Right to Withdraw Consent
You have the right to withdraw consent where such consent is required to share or use data and you may request that we delete your Personal Data.
If you receive communications from us and no longer wish to receive them, please follow the removal instructions in the email or change your account settings.
Right to Remove
You can delete your Personal Data by logging into your account and deleting your account. However, since your Personal Data is required for us to provide the Services to you, deleting it will also terminate your access to the services. Deleting your Personal Data does not mean that all of it will be removed. We take steps to delete Personal Data and Content that is no longer necessary in relation to provide the Services by deleting it within 12 months of you terminating your account.
If you are located in the EEA and wish to make a request for removal (Right to Be Forgotten), you may contact us via our webform or at:
Email: support@contractsafe.com
If we are legally required to comply with such a request, we will confirm your identity and delete your personal data in such time frame as required by law.
We may be required by law or to retain it to exercise or defend legal claims, or contractual obligations with our customers to retain some information in connection with our obligation to provide the Services. We may de-identify and anonymize some data for purposes of retaining it.
Data Portability
If you are located in the EEA and you would like us to transmit your Personal Data to another company providing similar services, we will work with them to do so upon request and verification of such request with both the requestor and the company receiving the Personal Data.
Right to Redress
If you are located in the European Economic Area (EEA) or United Kingdom and you believe we have violated any data protection laws, please contact us immediately at support@contractsafe.com We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this policy within forty-five (45) days of receiving a complaint and you have the right to file a complaint with your local data protection authorities to the extent they have jurisdiction.
Transnational Transfer of Data
If you are using the contractsafe.eu service, your Content will be stored in Ireland but may be processed in the United States. If you are providing your Personal Data to us directly to use our Services, we will transmit your data, including your Personal Data, to the United States in order to fulfill our contractual obligations to you.
Privacy Principles
The privacy principles in this Policy are based on the on a set of principles and the EU General Data Protection Directive 95/46/EC, on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
- Notice
When we collect Personal Data directly from individuals in the EU, Switzerland and/or other applicable countries, we will inform them about the purposes for which we collect and use their Personal Data, the types of third parties (other than Agents), if any, to which we disclose that information, and the choices and means, if any, that we offer individuals for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to us, or as soon as practicable thereafter, and in any event before we use the information for a purpose other than that for which it was originally collected. If we receive Personal Data from our affiliates or other entities in the EU, Switzerland and other countries with which we do business, we will use such information in accordance with the notices such entities provided and the choices made by the individuals to whom such Personal Data relates.
- Choice
We will offer individuals the opportunity to choose (opt-out) whether their Personal Data is (a) to be disclosed to a third party (other than an Agent), or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
For Sensitive Personal Data, we will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to (a) the disclosure of the information to a third party, or (b) the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. We will provide individuals with reasonable methods to exercise their choices. We may disclose personal information to third parties in the following instances:
Website Consultants and Service Providers. We may disclose personal information to third party consultants and service providers (such as providers of hosting services, support, maintenance and remedial and repair services) to the extent that they require access to our databases, or the information contained in our databases, to service us and our customers
Enforcement of Rights / Security. We reserve the right to release personal information (i) when we are under legal compulsion to do so (e.g. we have received a subpoena) or we otherwise believe that the law requires us to do so, (ii) when we believe it is necessary to protect and/or enforce the rights, property interests, or safety of us, our customers or others, or (iii) as we deem necessary to resolve disputes, troubleshoot problems or prevent fraud .
Reorganization or Sale. In the event that our company is merged with or becomes part of another organization, or in the event that our company is sold or it sells all or substantially all of its assets or is otherwise reorganized, the information you provide may be one of the transferred assets to the acquiring or reorganized entity.
As Otherwise Allowed by Law. We may transfer personal information to third parties where we are expressly authorized by applicable law to do so. We also may be required to disclose an individual's personal information in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.
- Accountability For Onward Transfers
We will obtain assurances from our Agents that they will safeguard Personal Data consistently with this Policy. If we have knowledge that an Agent is using or disclosing Personal Data in a manner contrary to this Policy, we will take reasonable steps to prevent or stop the use or disclosure.
- Security
We will take reasonable precautions to protect Personal Data in our possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
- Data Integrity & Purpose Limitation
We will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. We will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.
- Access
Upon request, we will grant individuals reasonable access to Personal Data that we hold about them, and we will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
- Resource, Enforcement And Liability
We will conduct compliance audits of our relevant privacy practices to verify adherence to this Policy. Any employee that we determine is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.
THIRD PARTY LINKS
Our Site includes links to other Web sites whose privacy practices may differ from ContractSafe’s practices. If you submit personal information to any of those sites, your information is governed by their privacy policies. ContractSafe is not responsible for the privacy statements or other content on Web sites outside of the ContractSafe web site.
UPDATES TO THE PRIVACY POLICY
This policy may be amended from time to time, consistent with applicable data protection and privacy laws and principles including, but not limited to the requirements of English law, the EU General Data Protection Directive and other applicable data protection laws. We will notify you of changes to this policy either through email, posting on our website, via our Services, or other means. We will notify Customers if we make changes that materially affect the way we handle Personal Data that we previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.
SUPPLEMENTAL CALIFORNIA AND NEVADA PRIVACY POLICY
This section solely applies to residents of Nevada and California.
We do not knowingly collect the Personal Data of consumers, as defined in the California Consumer Privacy Act (CCPA). As a “Service Provider” under CCPA, we may come into possession of consumer Personal Data and will treat such data in accordance with the CCPA to the extent we are required to do so.
While the specifics as to what “sale” of consumer Personal Data is, still unsettled at this time, we believe that do not disclose your Personal Data to any third party in a manner that would be considered a “sale” of Personal Data of consumers under the CCPA (or its regulations or similar legislation from other states) or “sharing” of Personal Data under any successor legislation to CCPA . We only disclose or share Personal Data as set forth in this Privacy Policy.
Categories of California Data Collected
We collect the following categories of Personal Data from the customers and authorized users of our Service and website:
- First name
- Last name
- Institutional affiliation
- Email address
- Phone number
- User history
- Location (beacon)
- Time zone
- IP address
- User actions
- Credit card information by our third party processors for billing and invoice purposes
- Device ID
Categories of Sources from Which We Collect Personal Data
The sources from which we may have collected personal information about you or your use of the Services are:
- Directly from you;
- From other sources (such as Company affiliates and/or business partners or companies doing business with you using the Services); and
- Through your use of the Services;
More details concerning the business and commercial purposes are set forth in the “How We Use Your Personal Information” section. We may disclose the categories of personal information identified in this California Privacy Notice about our California consumers for our operational purposes where the use of such personal information is reasonably necessary and proportionate to achieve the operational purpose for which the personal information was collected or processed or for another operational purpose that is compatible with the context in which the personal information was collected.
Categories of Third Parties with Whom We Shared the Personal Information
The categories of third parties, as defined by the CCPA, with whom we share personal information include our business partners, data analytics and the third parties doing business with you.
Categories of Personal Information sold, shared or Disclosed for a Business Purpose
We may disclose for a business purpose (each as defined under CCPA) any or all of the personal information collected from and about you as set forth in the How Do We User Your Personal Data and Shared Information sections.
Your California Privacy Data Subject Rights
If you are a California resident who is considered a “consumer” in your dealings with us and to the extent CCPA or its successor legislation and regulations apply to us, you may have certain rights. California law may permit you to request that we:
- Provide you the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
- Provide access to and/or a copy of certain information we hold about you.
- Delete certain information we have about you.
You may have the right to receive information about the financial incentives that we offer to you (if any). You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide the Services to you and for compliance with applicable law. If you ask us to delete certain information, you may no longer be able to access or use the Services.
If you would like to exercise any of these rights, please visit our “Do Not Sell My Information” webform or contact us at (877) 719-4500. You will be required to verify your identify before we fulfill your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.
If you are a consumer who has provided Personal Data to us, you also have the right to opt out of the sale of your personal information. California law broadly defines sale such that it may include allowing third parties to receive certain information, such as cookies, IP address (combined with other Personal Data) and/or browsing behavior, to deliver targeted advertising. If you would like to opt out, you may do so through our webform or by calling us at (877) 719-4500.
YOUR CALIFORNIA PRIVACY RIGHTS UNDER THE SHINE THE LIGHT LAW
California residents who have an established business relationship with ContractSafe may make a written request to ContractSafe about whether ContractSafe has disclosed any Personal Information to any third-parties for the third-parties' direct marketing purposes during the prior calendar year. To make such a request, please send an email, call or write us:
Email: support@contractsafe.com
Phone: (310) 349-3193 or (877) 719-4500
Mail: 23823 Malibu Road, Suite 50-197, Malibu, CA. 90265
NOTICE FOR NEVADA RESIDENTS
Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.
We do not engage in such activity; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by email to: support@contractsafe.com or via our webform. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.
CONTACT INFORMATION
If you believe that ContractSafe has not adhered to this Statement or have questions, please contact us at:
Email: support@contractsafe.com
Phone: (310) 349-3193 or (877) 719-4500
Mail: 23823 Malibu Road, Suite 50-197, Malibu, CA 90265
EFFECTIVE: December 15, 2023
“I couldn't believe we were already up and running in just 30 mins."
Contract relief is waiting.
Gain control of your contracts today. Take the first steps in just a few minutes.
Request a Demo
23823 Malibu Road, Suite 50-197
Malibu, CA 90265
Subscribe for Updates