PRIVACY POLICY

Xirsys, LLC (“Xirsys,” "we," "us," or "our") respects your privacy and is committed to protecting the Personal Data it collects. The purpose of this Privacy Policy is to inform you of how we protect your privacy when accessing or using Xirsys' Services.

This Privacy Policy applies to Xirsys' Services that link to, or reference, this Privacy Policy, and describes the ways Xirsys collects and uses your personal information and the choices you have regarding collection, use, maintenance, access and transmission of your personal information. Capitalized terms not expressly defined in this Privacy Policy shall have the meaning found in the Terms of Service. By utilizing the Xirsys Service, including, without limitation, the website or otherwise providing your Personal Data to Xirsys via any other means, you or the entity you represent ("you" or "your") accept and consent to the rights, obligations and practices described in this Privacy Policy.

1. Who does the Privacy Policy apply to?

This Privacy Policy applies to all Clients of, and Visitors to the Xirsys Service. In the case of Clients, Client shall be responsible for (i) informing their End Users, if any, of the existence of this Privacy Policy, as well as any amendments, updates or modifications made to this Privacy Policy and (ii) agreeing to this Privacy Policy, as amended, updated or modified from time to time, on behalf of his, her or its End Users.

2. What Personal Data is Collected by Xirsys?

Xirsys considers any information that can be used to directly or indirectly identify you to be Personal Data, including without limitation, Personal Data that is accessed, collected, maintained, transmitted and/or used by Xirsys in the normal course of our business, and is subject to the provisions of this Privacy Policy and applicable law.

3. How is Personal Data Collected by Xirsys?

Xirsys collects and logs your IP address, the time and duration of your visit, the time and duration of the pages on Xirsys' website that you view (where applicable) and information about your computer system, such as your browser type and operating system, whenever the Xirsys Service is accessed or used by you. In the case of Clients, we collect, maintain, transmit and/or use Personal Data provided by you in your account, including without limitation, your full name, Xirsys identification number, billing data and contact information.

Xirsys utilizes third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as sign-up date and some personal information like your email address) to Intercom, Inc. (“Intercom”) and utilize Intercom to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Intercom analyzes your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information on Intercom's use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy. We may also use Intercom as a medium for communications, either through email, or through messages within our product(s). As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience. For more information on the privacy practices of Intercom, please visit https://www.intercom.com/terms-and-policies#privacy. Intercom’s services are governed by Intercom’s terms of use which can be found at https://www.intercom.com/terms-and-policies#terms. If you would like to opt out of having this information collected by or submitted to Intercom, please email privacy@xirsys.com.

Xirsys also collects anonymous usage information on Visitors to its website through use of Google Analytics. Google Analytics may employ third party tracking cookies to gather anonymous browser, operating system, geographic, and website navigation information.

Xirsys also uses AdRoll who may place cookies on Visitor’s browsers for targeted advertising purposes. If you would like to opt out of having your information collected by or submitted to AdRoll, please email privacy@xirsys.com.

Use of the Xirsys Dashboard interface requires the acceptance of cookies for login session management purposes. Xirsys will likely place a cookie on your hard drive during the web visit. A cookie is a unique alphanumeric identifier that Xirsys uses to determine the number of unique Visitors that view its website, whether or not those Visitors are repeat Visitors, and the source of the visits. Cookies cannot be executed as code or used to deliver a virus. Other servers cannot read cookies and personal information cannot be gathered from cookies. Cookies are simply an identifier shared between you and Xirsys to allow Xirsys to improve the services Xirsys offers to you through its website. If you do not wish cookies to be placed on your computer, then they can be disabled in your web browser. The option to do so is normally found in your browser's "security settings" section. However, please note, permanently disabling cookies in your browser may hinder your use of Xirsys' website as well as other website and interactive services.

A web beacon, also known as a web bug, is a small graphic (usually 1 pixel x 1 pixel), that is embedded in a web advertisement, email, or page on Xirsys' website, which is invisible to you. When you view a page on Xirsys' website, an e-mail or an advertisement, your web browser will request the web beacon from a web server, which in turn will set a cookie in your web browser containing a unique identifier. This unique identifier will be linked to log information that is used to track your usage of Xirsys' website in order to determine the effectiveness of content and advertising campaigns.

Xirsys does not collect personal information about you as part of a web visit, but web visit information may be tied to other information (including personal information) that Xirsys collects from you via chat, web forms, and the other means Xirsys describes in this Privacy Policy.

4. Why Does Xirsys Collect Personal Data?

For Clients
Xirsys may use your Personal Data to handle orders, process your service requests, deliver products and services, process payments, communicate with you about orders, provide access to secure areas of Xirsys’ website, and to enable Xirsys to review, develop and continually improve the products and services that it provides. Xirsys also uses this information to prevent or detect fraud or abuses of Xirsys’ website and to enable third parties to carry out technical, logistical or other functions on its behalf.

For Visitors
Xirsys uses Personal Data to send information about Xirsys to Visitors and to contact them when necessary. Visitors have discretion as to whether to grant information to Xirsys upon Xirsys’ request for information.

For Financial Information
Xirsys may ask Clients to enter credit card or account information in order to process orders for services placed with Xirsys. Financial information provided via its website is transferred over a secure connection via Stripe, Inc., a payment processing company. Xirsys does not collect this information and will not authorize the release of the information to anyone not directly involved in processing the transaction. This information may be encrypted and stored for logging purposes by Stripe, Inc.
Credit card numbers are used by Stripe, Inc. only for processing payments and are not used for any other purposes. Xirsys will ensure that appropriate security and confidentiality measures are in place in safeguarding your personal data.

For Use Information
Xirsys uses website use information to measure interest in and develop its web pages and marketing plans, customize the content you view on your web visits based on your activity during past visits, and administer Xirsys' website. In addition:
• Xirsys uses a Visitor's IP address to help diagnose problems with its servers, and to administer its website.
• Xirsys uses cookies to help it recognize Visitors as unique Visitors when they return to Xirsys' website. Xirsys also uses cookies to tailor content or advertisements to match your preferred interest; avoid showing Visitors the same advertisements repeatedly; compile anonymous, aggregated statistics that allow Xirsys to understand how users use its site and to help it improve the structure of its website (Xirsys cannot identify Visitors personally in this way); and count the number of anonymous users of its websites.
• Xirsys uses web beacons to count the number of times that its advertisements and web-based e-mail content are viewed. Xirsys combines web beacon information with cookies to track activity on its website originating from advertisements and web-based e-mail content.

For Support Information
Xirsys uses information that you provide to it via telephone calls, chat, e-mail, web forms and other communications to correspond with you about services you may be interested in purchasing. If you elect to purchase a service online using a web form, Xirsys will use the information to establish your account. Information you submit in writing, such as chat, e-mail, and web form information is archived and may be tied to information that Xirsys collects about your web visits.

5. Xirsys' Disclosure of Personal Data to Regulatory Agencies

Xirsys transfers Personal Data to third parties, including without limitation, law enforcement agencies and consumer reporting agencies, under the following normal business procedures:
• If you breach the Terms of Service or other applicable Service Level Agreement, or if Xirsys is under a duty to disclose or share your personal data in order to comply with any legal obligation, Xirsys may disclose your information to a relevant authority. Disclosure may include, but is not limited to, exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. In particular, Xirsys may release the information it collects to third parties when Xirsys believes that it is appropriate to comply with the law, to enforce its' legal rights, to protect the rights and safety of others, or to assist with industry efforts to control fraud, spam or other undesirable conduct.
• Xirsys may release the information it collects to third parties, where the information is provided to enable such third party to provide services to Xirsys, provided that the third party has agreed to use at least the same level of privacy protections described in this Privacy Policy, and is permitted to use the information only for the purpose of providing services to Xirsys.

6. User Choice

Subject to applicable law, you have the choice to and right to limit, restrict or deny Xirsys' ability to share your Personal Data with third parties or use of your Personal Data for a purpose that is materially different from the purpose for which it was originally collected or authorized by you. In order to exercise your right to choose, please contact us at privacy@xirsys.com, or via postal mail or facsimile using contact information found on Xirsys' Contact page. Please note, in the absence of any notice to the contrary, you expressly grant Xirsys permission to share your Personal Data at Xirsys' discretion.

7. Security and Integrity of your Personal Data

Xirsys intends to protect and secure your Personal Data in accordance to the terms of this Privacy Statement and the Terms of Service, and has implemented physical, administrative and technical measures designed to protect your Personal Data from unauthorized access, use or disclosure. These industry-standard safeguards include without limitation encryption of password and/or cryptographic key-based authentication controls on servers which house personal information, browser-based secure sockets layer encryption, and other storage system access control mechanisms to protect the integrity of internal databases and prevent unauthorized access.
Xirsys requires all Xirsys business partners and vendors to provide the same or greater protections for any Personal Data that is disclosed by Xirsys in furtherance of our provision of the Xirsys Service to you. To learn more about Xirsys' contractor requirements, please contact us at privacy@xirsys.com.

8. Access to your Personal Data

You control access to Personal Data maintained or stored by you via Xirsys' web-based interface for account management. You may update your information at any time. You may cancel your account at any time and may request that your personal information be deleted from Xirsys' databases, with the exception of: network access logs, which may be stored for any duration of time at Xirsys' discretion, cases where financially fraudulent or otherwise illegal activity is deemed to have occurred (as determined by Xirsys management or law enforcement officials), in which case personal information may be retained indefinitely for purposes of ongoing investigation and prevention of fraud recurrence, or cases where a violation of the Terms of Service and applicable Service Level Agreement has resulted in cancellation of your account (as defined by revocation of your permission to utilize Xirsys' services), in which case personal information may be retained indefinitely for purposes of prevention of further use of Xirsys' services in the future by the offending individual.
Upon request, Xirsys will grant you reasonable access to Personal Data maintained by Xirsys about you. In addition, we will take reasonable steps to correct, amend or delete information that is demonstrated by you to be inaccurate, incomplete or processed in violation of applicable law. Unless required by law, Xirsys will not permit you to access the Personal Data of any data subject other than yourself.

9. International Transfers of Personal Data

Xirsys is headquartered in the United States of America (the "US") and provides its Service internationally. By utilizing the Xirsys Service, you expressly consent to Xirsys' access, maintenance, transmission and/or use of your Personal Data outside of your country of residence, regardless of location or jurisdiction.
In addition to its obligations under US law, Xirsys supplements the protection of the international transfer of your Personal Data by observing numerous industry best practices of data encryption.

10. Sensitive Information

Xirsys will not intentionally collect or maintain, and requests that you do not provide, any information regarding your medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs or other sensitive information. If you store any data or information that is sensitive and/or violates any other law or regulation, such information and compliance with applicable privacy laws remains solely your responsibility. Xirsys is not responsible for any sensitive information stored by you on its system.

11. Children's Online Privacy Protection

Xirsys' services are not designed for or directed to children under thirteen (13) years of age and Xirsys will not intentionally collect or maintain information about anyone under thirteen (13) years of age.

12. Data Service

You are solely responsible for ensuring compliance with any and all applicable privacy guidelines and regulations for all jurisdictions in which you may operate with respect to appropriate practices for the collection, storage, and dissemination of personal information using the Xirsys Service. In no event shall Xirsys be held liable for your failure to adopt and/or practice appropriate measures for safeguarding personal information stored within or transmitted through the Xirsys Service.

13. Dispute Resolution

Please direct any complaints regarding this Privacy Policy to us at privacy@xirsys.com, or via postal mail or facsimile using contact information found on Xirsys' contact page. We will attempt to resolve any such complaints in a reasonably timely manner and in accordance with this policy.

14. Enforcement

If you believe your Personal Data has been used in a way that is not consistent with this Privacy Policy, or if you have further questions regarding this Privacy Policy, please contact our Custodian of Records via email or by writing us at the following address:
Custodian of Records
Xirsys LLC
25061 Avenue Stanford, Suite 10
Santa Clarita, CA 91355

15. Definitions

"Custodian of Records" means the Xirsys employee described in Section 14 of this Privacy Policy.
"Terms of Service" means the Xirsys data processing and Terms of Service published here, as amended at Xirsys' sole and absolute discretion from time to time.
"IP" means any internet protocol address, including without limitation, unique and non-unique network addresses.
"Personal Data" means any information relating to a data subject that you or your End Users directly or indirectly provide to us as part of the Xirsys Services or any data subject's use of any Xirsys Service.
"Privacy Policy" means this policy, as amended at Xirsys' sole and absolute discretion from time to time.
"Visitor" or "Visitors" means any individual(s) or entity(ies) that accesses, maintains, transmits, develops, acquires, operates or otherwise uses any Xirsys Service but is not a Client.

16. Changes

Amendments to this Privacy Policy may be made at any time and you should check back frequently for any changes. Xirsys will also provide public notice of amendments to this Privacy Policy on the appropriate Xirsys Service. Unless otherwise directed by you in writing to the Custodian of Records, you agree that Xirsys shall have the right and ability to amend this Privacy Policy at Xirsys' sole and absolute discretion, and that you waive any requirement for specific or expressed acknowledgement or agreement to any such amendments or modifications. This Privacy Policy was last updated on May 22, 2018.

17. Verification

Xirsys utilizes the self-assessment approach to assure its compliance with its Privacy Policy. Xirsys regularly verifies that the Privacy Policy is accurate and in conformity with applicable local and international law.

This policy was last modified May 22, 2018.