Wyndy does not own your data, nor do we sell you
personal information.
This Privacy Policy describes how we collect, store, share and use the personal information that our customers store on our platform, that we collect on our websites, and that we otherwise use in the operation of our business.
This policy is organized in four sections:
First, we provide an overview of this policy, including a description of what it does (and does not) cover
Second, we describe the types of data that we collect and how we keep that data secure
Third, we discuss how we use and store your data and share it with persons outside Wyndy Last, we explain how you can exercise your legal rights over personal information that we store about you or your customers
We may revise this policy to reflect changes in the law, our platform and business operations. We will notify you of these changes through a message on our website or platform, or by some other reasonable means. The date that this policy was last updated can be found at the beginning of this policy.
If you have any questions about this policy or our data privacy practices, please contact us at privacy@wyndy.co.
What This Privacy Policy Does (and Does Not) Cover
What does this Privacy Policy cover?
This Privacy Policy describes how we process personal data in the operation of our business. In this policy, “Wyndy”, “we”, “us” and “our” refers to the Wyndy app, Copper CRM, Inc. and its affiliates. We categorize this personal data as either Customer PII or CRM Data.
Customer PII means the personal data that we receive through www.wyndy.co and our other commercial, community, and employment channels, such as when you fill out a registration form for a webinar, apply for a job with us, or sign up for a Wyndy account. We use this information to help us run our business and, in the language of the EU’s General Data Protection Regulation (GDPR), we are the “controller” of this information.
CRM Data means personal data that is uploaded, stored or transmitted by or on behalf of one of our customers in connection with their use of our platform. CRM Data does not include service data, which we discuss below under “How do we monitor the use of our platform?”
As discussed in our Terms of Service, our customers retain ownership of their CRM Data, and provide us with a limited license to that data so that we can allow them to make use of our platform and related services. We process CRM Data on behalf of our customers and only in accordance with their instructions. In GDPR terms, we are the “processor” of this information.
Does this policy apply to third-party websites?
Our platform and other websites may contain links to other websites not operated or controlled by Copper CRM, Inc., which we refer to as “third-party sites.” Examples of third-party sites include social media features, such as links to our Facebook, Twitter, Instagram, and LinkedIn pages. This policy does not apply to third-party sites. Your interactions with these third-party sites are governed by the privacy statements of the owners of those websites. You should review those privacy statements to better understand their privacy practices.
How We Collect Data and Keep It Secure
What Customer PII do we collect?
Here is how we collect Customer PII and the types of personal data we collect:
When you visit our website or social media pages, we use cookies to collect information about you that may be considered personal information, including your IP address. You have choices over what cookie information we collect about you. Please see our Cookie Policy for more information.
When you register for events, offers or marketing materials, we collect your contact information. Contact information may include your name, employer name and size, email address, phone number and location information.
When you register for a free trial of our platform, we collect your contact information. If you register for a paid subscription, we also collect your credit card number and billing address. Note that we do not collect or store credit card information directly on our servers, but utilize this information using trusted third-party payment processors.
We collect other information when you use our platform, including operating system, system model, IP address, browser type, domain names and internet service provider (ISP). We may link log files to Customer PII, such as your name and email address. We also collect information about your use of our platform, as described below under “How do we monitor the use of our platform?”
When you access our platform by logging in with your Google account, Google may share information with us, including your user ID associated with that account, an access token necessary to access that service and any information that you have permitted that third party to share publicly or with Wyndy specifically.
When you apply for a job with us, we may collect your contact information, resume and employment history.
We sometimes obtain information from other sources, such as mergers and acquisitions, data brokers, account administrators and other users in your organization, and commercial lists, and may merge this with information we have previously collected.
What CRM Data do we collect?
We process the CRM Data that is stored in our customers’ Wyndy accounts. Our customers control the types of personal data that they store in Wyndy, and we process CRM Data as directed by them. Typically, CRM Data consists of the following:
- Contact information about their contacts.
- When a customer’s Wyndy account is synced to a Google Workspace account, copies of emails and calendar information in Gmail and other applications. For more information, see below under “What
information does Wyndy access from my Google Workspace accounts?”
- Our platform enables you to import contacts included in your email accounts. We do not collect the login credentials for such email accounts.
- When you use our technical support, training or professional services, we collect your contact information and your device and system information.
- Your use of our platform and provision of CRM Data is governed by our Terms of Service. It is your responsibility to ensure that you own or have adequate permissions to store and process personal information on our platform.
Prohibited Data
Our Terms of Service prohibit storing certain types of sensitive or regulated information on our platform or otherwise providing us with this information, including, for example, in support requests or other communications. This information includes credit card, bank account, driver’s license or social security information, information that would be considered “protected health information” under HIPAA, and special categories of data under GDPR, including information about someone’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, health, sex life or sexual orientation. It is our customers’ responsibility to ensure that they and their users comply with these restrictions.
Children’s Data
Use of our platform is only available to persons who are old enough to enter into a legal contract, and access to our platform is not directed to children under 16 years of age. If our policy changes, we will obtain consent from a parent or guardian before we knowingly collect data from anyone under the age of 16 years.
For more information about how our customers use and share their CRM Data, you should refer to their privacy policies. As noted above, if you provide us with personal data on behalf of someone else, you must have their consent or some other legal basis to do so.
What information does Wyndy access from my Google accounts?
One of our platform’s most powerful features is its ability to work seamlessly with Gmail. This section describes how Wyndy and Google applications share information. Google Gmail When you sign up for Wyndy with a Gmail address, our platform will automatically sync with your Gmail account. This means that the platform will access your Gmail emails to create . Our platform will store replies, outgoing mail, email headers, subject line, aliases, time sent, and email bodies. By default, your email subject line and bodies are private, and you may choose to make them visible to other members of your team.
What steps do we take to keep your data secure?
The security of your personal data is important to us. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received.
Under our Terms of Service, we commit to maintain certain administrative, physical and technical controls, and we will not materially reduce the overall effectiveness of these safeguards without our customers’ consent. If you have any questions about the security of your personal data, you can contact us at privacy@wyndy.co.
What additional requirements apply to information collected through our Gmail integration and Google APIs?
Our platform enables you to read messages in your Gmail account. In order to provide you with this service, we obtain, process and store a copy of the Google user data contained in or associated with messages in your Gmail account, such as the email addresses of persons to whom you send or from whom you receive messages in your Gmail account, and the contents of those messages.
We refer to the Google user data described in the immediately preceding paragraph as “Google User Data.” Google User Data is subject to the additional limitations on its use, transfer and accessibility set forth below:
- We will use Google User Data only to provide or improve user-facing features of the Services that are prominent in the Services’ user interface.
- We will only transfer Google User Data to unaffiliated third parties (a) if necessary to provide or improve user-facing features that are prominent in the Services’ user interface, (b) as necessary to comply with applicable law or (c) as part of a merger, acquisition or sale of assets with notice to you.
- We will not use or transfer your Google User Data for serving ads, including retargeting, personalized or interest-based advertising.
- We will not allow humans to read your Google User Data unless we have first obtained your affirmative agreement for specific messages; it is necessary for security purposes (such as investigating a bug or abuse); it is necessary to comply with applicable law; or our use is limited to internal operations and the data (including derivations) have been aggregated and de-identified.
Note that we obtain personal data that is included in your Google User Data from sources other than the messages in your Gmail account. For example, we obtain your email address when you register for the Service. Personal data that we obtain from sources other than messages in your Gmail account is not considered Google User Data for the purposes of this Privacy Policy and is not subject to the additional requirements described above.
Our use and transfer to any other application of information received from Google APIs will adhere to:
Google API Services User Data Policy, including the Limited Use requirements.
How We Use, Store and Share Your Data
How do we use CRM Data?
We process CRM Data in accordance with the instructions of our customers in order to provide them with the services offered through our platform. We also process CRM Data as required by applicable law, including to respond to valid requests by law enforcement authorities, to monitor compliance with our Terms of Service and other policies, and to resolve support requests and maintain our platform.
In some cases, we may use CRM Data in an anonymized manner for machine learning that supports certain product features and functionality within our CRM Platform and for product development purposes. See below under “How do we monitor the use of our platform?”
How do we use Customer PII?
We use Customer PII and other personal data used in the operation of our business for our legitimate interests or when we have a lawful basis to do so. We use Customer PII only as identified in this Privacy Policy or our Terms of Service. Below is a summary of the principal uses we make of Customer PII:
CRM Services
We use Customer PII, including contact information and information about computer systems, to provide the services offered through our platform. For example, we use your name and email address to create and maintain your account and register you on our platform. We also use contact and payment information to process your subscription fees.
Customer Communications
We use your contact information and other Customer PII to communicate and build relationships with our customers. For example, we may contact customers to process, fulfill and follow up on transactions and requests for products, services, support, training and information. We also contact customers to provide them with information about their subscription, such as sending reminders when their subscription (trial or paid) is about to expire.
Product Support
We use Customer PII, including contact information and technical information about computer systems, to provide product support, including troubleshooting and technical support and agreed upon diagnostic, monitoring and management services.
Sales and Marketing
We use Customer PII, including contact information and cookie information, to send sales and marketing communications to customers and potential customers. These communications may include information about new product features, sales promotions, updates to our blogs or new webinars and other information about us and our partners. We also collect information about engagement with our websites and platform to engage in market research, personalize content and advertising and help identify and communicate offers of products, programs and services that may be of interest to you. In some cases, we may send “refer-a-friend” emails on your behalf, subject to your consent.
If you wish to unsubscribe to our marketing communications, you should follow the unsubscribe instructions included in our email communications, or you may contact us at privacy@wyndy.co. We may send you push notifications to your mobile device in order to update you about events or promotions. If you no longer wish to receive such communications, you may turn them off at the device level.
Improve and Operate Our Platform
We collect and use Customer PII, including contact information, product usage data, and log data to measure, analyze and improve our products and services, the effectiveness of our CRM platform and other services, as well as our advertising and marketing. For more information, see below under “How do we monitor the use of our platform?”
Other Uses
We may use Customer PII for other purposes reasonably related to the operation of our business. For example, we use product usage information to enforce our Terms of Service, prevent fraud and other prohibited or illegal activities. Other reasons include to consider an application for employment and to comply with our legal obligations.
How do we monitor the use of our platform?
We collect, record and analyze data and other information about how our customers use our platform to do things like optimize product design. This data may include tracking and recording visits to individual webpages, including in the platform, and interactions with specific components of those webpages.
We may share or publish this service data with third parties in an aggregated and anonymized manner, but we will not include any CRM Data or publicly identify customers or end-users.
We use a variety of third-party tools to measure, monitor and record your usage of our services, including Google Analytics and other event-tracking software. When you visit sites that use Google Analytics, we and Google may link information about your activity from that site with activity from other sites that use Google Analytics services.
How do we share and disclose personal data?
We may share or disclose personal data as follows:
To our service providers and suppliers, who are acting and using your information on our behalf to provide services to our customers and help us with our business activities. For more information, see below under “What personal data do we share with sub-processors?”
To corporate subsidiaries we own or control to support their business and marketing processes:
- Based on a good faith belief that such disclosure is necessary to protect the rights or safety of any person or entity
- Based on a good-faith belief that disclosure is necessary to respond to judicial process, valid government inquiry, or is otherwise required by law such as to comply with a subpoena, bankruptcy proceedings, or similar legal process
- In the event of an acquisition of our company or our assets, your information may be transferred with the company or the asset
- When posted to our community webpages, or to our wikis, forums, blogs, message boards, chat rooms and other social networking environments
- To create aggregated information which does not identify you personally
Except as described above or elsewhere in this Privacy Policy, we do not sell, transfer or otherwise disclose, sell, trade, or otherwise transfer your Personal Data to outside parties.
What personal data do we share with sub-processors?
We share personal data with service providers and suppliers that are acting and using your information on our behalf to provide services to our customers and help us with our business activities. In the language of the GDPR, these service providers and suppliers are our “sub-processors.”
Sub-processors help us process payments, provide customer support, host our platform, analyze data, provide marketing assistance and integrate with third party services. We also use sub-processors to help us provide components of our platform. We may also share Customer PII, including email addresses and other personally identifying information, with service partners that communicate with, monitor or provision our customers on an individual basis to serve as a unique customer identifier.
Sub-processors are authorized to use your personal data only as necessary to provide these services to us. Transfers of personal data to subsequent third parties are covered by the services agreements between us and our sub-processors.
Where do we store your data?
Copper CRM, Inc. uses third-party cloud computing services to host its platform and store and process CRM Data. The servers used to provide these hosting services are located in the United States. Copper CRM, Inc. is unable to accommodate requests to store data in other locations.
CRM Data may be stored or processed on servers located outside your jurisdiction of residence, whose data protection laws may differ from the jurisdiction in which you live. As a result, this information may be subject to access requests from governments, courts, or law enforcement in those jurisdictions according to laws in those jurisdictions.
For information about the steps we take to comply with legal requirements related to our transfer of personal data of EU residents to the United States, see below under “Do we participate in Privacy Shield?”
Do we participate in Privacy Shield?
On July 16, 2020, the Court of Justice of the European Union, or the CJEU, issued a judgment in the Schrems II case (case C-311/18), which invalidated the EU-U.S. Privacy Shield framework as a valid basis for transferring data from the EU to the United States. The CJEU further concluded that the Standard Contractual Clause, or the SCCs, issued by the European Commission for the transfer of personal data to data processors established outside of the EU continue to serve as a valid transfer basis. Wyndy’s Terms of Service automatically applies the protections of SCCs to all Wyndy’s EU-based customers. Customers wishing for a signed copy of the SCCs can obtain one by contacting privacy@wyndy.co. Wyndy continues to monitor the impact of the Schrems II decision and related legal developments, and intends to update its practices and customer terms as appropriate. In the meantime, Wyndy continues to comply with its obligations under Privacy Shield, as discussed below.
Wyndy participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Wyndy is committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom and Switzerland, respectively, in reliance on the Privacy Shield Frameworks, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.
In the context of an onward transfer, Wyndy has responsibility for the processing of personal data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Wyndy remains liable under the Privacy Shield Principles if its agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Wyndy is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Wyndy may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
How long do we store CRM Data?
When a user account is canceled, Wyndy will store CRM Data in accordance with its Terms of Service and this Privacy Policy. In general, we keep a copy of this data for at least 30 days post-termination. After that, CRM Data is purged in accordance with Copper CRM, Inc.’s data deletion policies, generally within 180 days after a customer's subscription expires.
Your Rights Over Your Data
What are your choices regarding your personal data?
You may request to review, correct, delete or otherwise modify any of your personal data. These choices apply to all personal data collected by Copper CRM, Inc., and not only to cookie and marketing data as described in Wyndy's Cookie Policy. If you have registered for an account for our platform, you may generally update your user settings and profile by logging into our platform with your username and password and editing your settings or profile. You can also update the contact details of your contacts stored in the platform at any time.
If you wish to unsubscribe to our marketing communications, you should follow the unsubscribe instructions included in our email communications, or you may contact us at privacy@wyndy.co.
We send you push notifications from time-to-time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level.
Special data management rights belonging to California residents are described below under “California Rights and Choices.”
California Privacy Statement
The following supplemental privacy policy (Supplemental Policy) describes how we process information about residents of California.
Summary of Personal Information That We Collect About You
For individuals who are California residents, the California Consumer Privacy Act requires certain disclosures about the categories of personal information we collect and how we use it, the categories of sources from whom we collect personal information, and the third parties with whom we share it. While we have set out the categories below as required by the California Consumer Privacy Act, you can review the other sections of our Privacy Policy set out above, and other information that describes our data collection and use, which provide additional information about our collection and use of personal data.
Depending on how you interact with us, we may collect the categories of information as summarized in the table below. This Supplemental Policy also does not apply to personal information we collect from employees or job applicants in their capacity as employees or job applicants. It also does not apply to personal information we collect from employees, owners, directors, officers, or contractors of businesses in the course of our provision or receipt of business-related services.
All of the categories of personal information we collect about you (as detailed below) come from the following categories of sources:
- You, including through your use of our Services;
- Automatically collected from you;
- Our affiliate companies;
- Our customers, who may store and process personal information about you inthe Platform; and Other third parties.
- Categories of Personal Information We Collect
- Categories of Personal Information We Collect
- Categories of Third Parties with Which We Share that Information
- Identifiers (such as name, address, email address, employer information)
- Third parties (such as our service providers and integration partners) or your organization (through its purchase of an account with us)
- Our affiliate companies
- Aggregators (such as analytics services)
- Commercial Information (such as transaction data)
- Third parties (such as our service providers)
- Our affiliate companies
- Aggregators (such as analytics services)
- Financial Data (such as billing information)
- Third parties (such as our service providers and integration partners)
- Our affiliate companies
- Internet or Other Network or Device Activity (such as browsing history or app usage)
- Third parties (such as our service providers and integration partners)
- Our affiliate companies
- Aggregators (such as analytics services)
- Location Information (for example, inferred from your IP address)
- Third parties (such as our service providers and integration partners)
- Our affiliate companies
- Aggregators (such as analytics services)
- Professional or Employment-Related Data (such as the name of your employer)
- Third parties (such as our service providers and integration partners)
- Our affiliate companies
- Aggregators (such as analytics services)
- Legally Protected Classifications (such as gender and marital status)
- Third parties (such as our service providers and integration partners)
- Our affiliate companies
- Other Information that Identifies or Can Be Reasonably Associated with You
- Third parties (such as our service providers and integration partners)
- Our affiliate companies
- Aggregators (such as analytics services)
- Categories of Business/Commercial Purposes for Our Use of Your Information
All of the categories of personal information we collect about you (as detailed above) are used for the following purposes:
- Providing our Service (for example, operating our CRM platform, account servicing and maintenance, customer service and support, advertising and marketing, analytics, and communication about our services);
- For our operational purposes, and the operational purposes of our service providers and integration partners;
Improving our existing services and developing new services (for example, by conducting research to develop new products or features);
- Detecting, protecting against, and prosecuting security incidents and fraudulent or illegal activity; Bug detection, error reporting, and activities to maintain the quality or safety of our services; Auditing consumer interactions on our site (for example, measuring ad impressions);
- Short-term, transient use, such as customizing content that we or our service providers display on the services;
- Other uses that advance our commercial or economic interests, such as third-party advertising and communicating with you about relevant offers from third-party partners; and
- Other uses that we notify you about.
California Rights and Choices
Subject to certain restrictions, if you are a California resident, you have the right to request that we disclose the personal information we collect about you, to delete any personal information that we collected from or maintain about you, and to opt out of the sale of personal information about you. As a California resident, you also have the right to designate an agent to exercise these rights on your behalf. This section describes how to exercise those rights and our process for handling those requests, including our means of verifying your identity. If you would like further information regarding your legal rights under applicable law or would like to exercise any of them, please email us at privacy@wyndy.co or by calling us toll-free at (800) 941-0550.
Accessing and Deleting Your Personal Information
Right to request access to your personal information
If you are a California resident, you have the right to request that we disclose the categories of personal information that we collect, use, or sell about you. You may also request the specific pieces of personal information that we have collected about you. However, we may withhold some information where the risk to you, your personal information, or our business is too great to disclose the information.
Right to request deletion of your personal information
If you are a California resident, you may also request that we delete any personal information that we have collected from/about you. However, we may retain personal information as authorized under applicable law, such as personal information required as necessary to provide our services, protect our business and systems from fraudulent activity, to debug and identify errors that impair existing functionality, as necessary for us, or others, to exercise their free speech or other rights, comply with law enforcement requests pursuant to lawful process, for scientific or historical research, for our own internal purposes reasonably related to your relationship with us, or to comply with legal obligations. We need certain types of information so that we can provide our services. If you ask us to delete it, you may no longer be able to access or use our services.
How to exercise your access and deletion rights
California residents may exercise their California privacy rights by visiting our Customer Support center and submit the form located there. While completing this form is the best way to reach us, you may also email us at privacy@wyndy.co.
For security purposes, we may request additional information from you to verify your identity when you request to exercise your California privacy rights.
Sales of Personal Information
California residents may opt out of the “sale” of their personal information. We do not “sell” your personal information as we understand that term to be defined by the California Consumer Privacy Act and its implementing regulations.
Non-Discrimination Rights
California residents have the right to not be discriminated against for exercising their rights as described in this Supplemental Policy. We will not discriminate against you for exercising your CCPA rights.
Contact Information
Copper CRM, Inc.
301 Howard St. #600
San Francisco, CA 94105
Tel. No.: (800) 941-0550
privacy@wyndy.co
