Privacy Policy
KATMAI PRIVACY POLICY
Last Updated: March 29, 2024
At Katmai Tech Inc. (referred to in this policy as “Katmai,” “we,” “us” or “our”), your privacy and the security of your information is very important to us. We have prepared this Privacy Policy to describe the type of Personal Information (as defined below) we collect and process about visitors to our website at www.katmaitech.com (the “Site”), representatives of our potential and current customers, such as businesses or other organizations that sign up for the Services (as defined below) and grant privileges to users on their account (such businesses or organizations, an “Account Owner”) and other individual users who access our conferencing software and services whether via our Site or through our mobile application (the foregoing individuals referred to in this policy as “you,” “your” or “user”). This Privacy Policy also contains disclosures with respect to how we collect, use and disclose such information and the rights and choices available to control such processing.
This Privacy Policy is effective as of the date that this Privacy Policy is posted. Any links that we provide to third-party websites or services are provided for your convenience and information. We do not own, operate, control or endorse such third party properties and this Privacy Policy does not apply to any such unaffiliated sites or services. If you visit any linked third party sites or services, please review any applicable privacy policies. We are not responsible for the content of such unaffiliated sites, any use of such sites or services nor the privacy practices of any third parties.
For the purposes of this Privacy Policy, “Personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, as well as any other information related to a particular individual that constitutes “personal information” or “personal data” under applicable privacy or data protection laws. For the avoidance of doubt, data that has been aggregated or deidentified (as such terms are defined under applicable privacy or data protection laws) and cannot identify, directly or indirectly, an individual, is not Personal Information.
If the EU Regulation (EU) No. 2016/679 (“GDPR”) or the UK GDPR as defined in the Data Protection Act 2018 (“UK GDPR”) applies to our processing of your Personal Information, please see below the section titled “European Data Protection Specific Information” for additional information regarding our collection and processing of your Personal Information.
What Categories of Personal Information Do We Collect?
The type of Personal Information Katmai collects and processes depends on how you interact with us via our Site, through our mobile application, and/or when you use the Katmai conferencing software and services (collectively, the “Services”), whether on behalf of yourself or in a commercial capacity when you act on behalf of your employer or organization. If you can’t or choose not to provide us with the Personal Information we reasonably require, we may be unable to display the Site to you in a manner that you require or to otherwise provide you with the information or Services you have requested.
Generally, we collect and/or process, and in the previous twelve (12) months have collected and/or processed, the following categories of Personal Information from or about you:
- Identifiers, such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name or other similar identifiers;
- Professional or employment-related information, such as your name, business name and job title, business or personal email address and business or personal mobile or other telephone number;
- Commercial information, such as records of services purchased and obtained and other transaction/purchase history;
- Financial information, such as payment card information and billing address collected and processed via our third party payment processor(s);
- Device information, such as information collected about the computer, phone or other device used to access and interact with our Services, including device identifiers, the name of the mobile device operator or Internet service provider, browser type, language and time zone, etc.; and
- Internet, usage or other electronic network activity information, such as user and/or Account Owner communication content (including recordings and chats); audio and video settings; screen sharing settings and other settings and configuration information; call and video history including phone numbers and address book information; browsing history, search history; diagnostic data including voice recording, telemetry, call and video metadata (including data and time of call/video, duration of call/video); support data including data provided by Account Owners, their employees or other users in connection with technical support such as chats, phone calls, support tickets, attachments to tickets (such as screenshots which may include content data), location including approximate location; information regarding a user’s interaction with the Site or Services (such usage and communication patterns that include access logs that track the date and time an individual user is using or logged into a certain Katmai workspace, for how long an individual user is logged into or located within the Katmai workspace or in a specific sound zone, the frequency of clicks on a screen share, etc.), or other general activity and diagnostic information (the foregoing information, collectively, “Usage Information”).
From What Resources Do We Collect Your Personal Information?
We collect, and in the previous twelve (12) months have collected, your Personal Information from the following sources:
- From you directly, such as when you (i) create an account with us via the Site, (ii) access and use our products or Services, (iii) request technical support, (iv) subscribe to learn more about our Services or (v) contact and/or contract with us in connection with your role as an employee, director, officer or other representative of a prospective or current Account Owner;
- From the Account Owner, such as when you access the Site or Services via an account to which you have been granted access by the Account Owner or via a guest pass provided by an Account Owner or another authorized user;
- From your device, such as when you visit our Site or access our Services, depending on the permissions you or the Account Owner has set;
- Automatically through cookies and other similar technologies, such as browser and flash cookies, web pixels or other similar technologies, as further described in our Cookie Policy; or
- From third party vendors/service providers, such as payment processors, IT service providers, cloud storage providers, data analytics providers, marketing or advertising partners and networks, etc.
For What Purposes Do We Use and Process Personal Information?
We use the Personal Information we collect for the purposes set forth below:
- To provide the Site and perform the Services, and to further conduct other internal operations necessary to run our business and provide services to you;
- To conduct research, analytics and development, including undertaking internal research to provide, develop, customize, maintain and improve the Site and Services;
- To provide usage reports to Account Owners, including Usage Information to provide the Account Owner with specific account metrics;
- To communicate with you about our Site or Services, including to update you on changes to your account or to respond to you when you contact us, or to inform you of changes to our policies and terms;
- To engage in marketing and advertising activities, including targeted advertising;
- To facilitate payments, including through our third party payment processor;
- To maintain account integrity and security, as well as to detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal;
- To engage in business transactions, in the event we engage in a corporate sale, merger, reorganization, financing due diligence, bankruptcy, receivership sale of assets, dissolution, transition of service to another provider, or similar event; or
- To satisfy legal and compliance obligations, including to comply with applicable law or respond to valid legal process, including from law enforcement or government agencies, to investigate or participate in civil discovery, litigation, or other adversarial legal proceedings, protect you, us, and others from fraudulent, malicious, deceptive, abusive, or unlawful activities, and to enforce or investigate potential violations of our Terms of Service or policies.
Additionally, we may use non-identifying information (including deidentified or aggregated data (as such terms are defined under applicable privacy or data protection laws) about your use of the Site or our Services to understand and analyze the usage metrics and trends and preferences of our users, to monitor, analyze the effectiveness of or otherwise improve the Site or Services, and to improve fraud detection and information security, without restriction. Where we process de-identified information, we take reasonable measures to ensure such information cannot be associated with a particular consumer or household, commit to maintain and use such information in anonymized form and not attempt to re-identify such information and contractually mandate third parties to whom we disclose such information to adhere to the same obligations.
For What Purposes and To Whom Do We Disclose Personal Information?
In addition to any disclosure for which we have received your express consent, we disclose, and have in the previous twelve (12) months disclosed, your Personal Information to the following categories of third parties for the following business or commercial purposes:
- Account Owner. If applicable, we disclose and have disclosed Personal Information to the Account Owner for account activation, verification, management, analytics and servicing. Specifically and depending on their agreement with us, an Account Owner is able to create and/or access the profile information for all users on their account and any users to whom they have extended guess passes to enter their Katmai workspace. Additionally, Account Owners are able to access (i) registrant information, (ii) Usage Information and (iii) information about which users sent and received chats or other messages within a Katmai workspace, including the content of such messages. Please see the privacy notice of the relevant Account Owner (which granted you access to the Site or Services) for more details on that Account Owner’s processing of your Personal Information.
- Such Personal Information may include: Identifiers, Professional or employment related information, Commercial information or Device Information.
- Other Katmai users. We disclose and have disclosed your Personal Information to other Katmai users as necessary to provide the Services.
- Such Personal Information may include: Identifiers or Professional or employment related information.
- Third party vendors/developers. We disclose and have disclosed Personal Information to third party vendors or service providers such as information technology consultants, fraud prevention providers, marketing and advertising partners (including digital marketing agents), data analytics providers, cloud storage providers, payment processors, third party app developers, etc. to develop, provide, support and improve the Site and Services, to maintain and service accounts or provide customer service, for storage services, for payment processing services or other transactional services, for marketing and advertising purposes, for business continuity purposes, to protect against fraud or abuse or for other internal operations necessary to run our business or provide services to you.
- Such Personal Information may include: Identifiers, Professional or employment related information, Commercial information, Device Information or Usage Information.
- External advisors. We disclose and have disclosed Personal Information to our lawyers, accountants, auditors or other external advisors for internal operations necessary to run our business.
- Such Personal Information may include: Identifiers, Professional or employment related information, Commercial information, Device Information or Usage Information
- For legal purposes. Where required or permitted by applicable law or regulation, we disclose or will disclose Personal Information to law enforcement agencies, parties to disputes, regulatory or tax authorities and other governmental or public agencies or authorities, including to respond to subpoenas or court orders, judicial processes or regulatory inquiries or investigations, or otherwise if we believe in good faith that such disclosure is necessary to comply with a legal obligation or request or to enforce our terms and conditions.
- Such Personal Information may include: Identifiers, Professional or employment related information, Commercial information, Device Information or Usage Information
- Potential Business Partners. We may disclose Personal Information to actual or prospective acquirers and investors, their representatives and other relevant participants in connection with, or during negotiations of, any sale, merger, acquisition, restructuring, or change in control involving all or a portion of Katmai’s business or assets, including in connection with bankruptcy or similar proceedings.
- Such Personal Information may include: Identifiers, Professional or employment related information, Commercial information, Device Information or Usage Information
For How Long Do We Retain Your Personal Information?
We retain your Personal Information for no longer than reasonably necessary to fulfill the purpose(s) set forth in this Privacy Policy, unless a longer retention period is required under applicable law. We consider the following criteria to determine our data retention periods:
- The type of information collected and the purposes for which it was collected;
- Whether you or the Account Owner have requested retention or deletion of such information;
- Whether we have a legitimate reason to retain such data;
- Whether we have a legal obligations to retain such information (e.g., for backups, archiving and prevention of fraud or abuse) or where such retention is required by law; and
- Whether it is advisable in light of our legal position or where we have a reasonable belief that we have a legitimate reason to do so.
How do we protect your Personal Information?
The security and confidentiality of your Personal Information is important to us. That’s why we have technical, administrative and physical controls in place that are designed to protect your Personal Information from unauthorized access, use and disclosure. Even so, despite our reasonable efforts, no security measure is ever completely sufficient, perfect or impenetrable.
You are also responsible for keeping your Personal Information secure. We strongly recommend that you keep passwords unique from other identifiers such as your login information or account ID to help protect your privacy. In addition, you should make sure you only use trusted wireless connections in transmitting any Personal Information.
Your Privacy Rights
As noted above, we and our service providers may use cookies and other similar online technologies, including electronic images known as “web bugs” (sometimes called transparent GIFs, clear GIFs, or beacons). To opt-out of or withdraw consent with respect to our collection and processing of your Personal Information via cookies or other similar technologies for marketing or targeted advertising purposes, please visit our Cookie Management Tool. Please note that if your browser permits, you may configure your browser to refuse or delete cookies, or to alert you when cookies are being sent. Please consult the corresponding instructions of the manufacturer for more detailed information on the actual procedure. If you choose to turn off cookies, however, some parts of the Site may not function properly. Even if you block or delete cookies, not all of the tracking that we have described in this Privacy Policy will stop.
Additionally, we use Google Analytics or a similar service that uses cookies to help us analyze how users use the Site. That use may be subject to the Google Analytics Terms of Use and Google Privacy Policy. Please click here for more information about how Google uses information from sites or apps that use their services.
Responding to Do Not Track Signals. Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. These browser features are still not uniform, so we are not currently set up to respond to those signals.
California’s Shine the Light Law
In addition, under California’s Shine the Light Law (California Civil Code Section 1798.83), if you are a California resident and your business relationship with us is primarily for personal, family or household purposes, you may request certain data regarding our disclosure, if any, of Personal Information to third parties for the third parties’ direct marketing purposes. We do not share Personal Information with third parties for such third parties’ direct marketing purposes.
Minors and Children Under 13
Our Site is not intended for or directed at minors or children under the age of 13 and therefore we do not knowingly collect any Personal Information from or knowingly track the use of our Site by any individual under the age of 18. If you believe we might have any information (including Personal Information) from or about an individual under the age of 18, please contact us by phone at (917) 300-8267 or by email at privacy@katmaitech.com.
How to Contact Us:
If you have any questions or complaints, or you wish to send us comments about this Privacy Policy, please contact us: by phone at (917) 300-8267 or by email at privacy@katmaitech.com.
How Will You Know If We Amend This Privacy Policy?
We may amend this Privacy Policy at any time. If we make any material change to this Privacy Policy, we will prominently post the updated Privacy Policy and indicate at the top of the Privacy Policy when it was updated. If you disagree with our Privacy Policy changes, you may choose not to use or access our Site or Services, or request that we delete your account.
JURISDICTION-SPECIFIC PRIVACY NOTICE
European Data Protection Specific Information
The following disclosures apply solely with respect to Personal Information processing activities that are subject to the GDPR or the UK GDPR.
Legal Basis for Processing Personal Data
Depending on the specific Personal Information concerned and the factual context, when we process Personal Information, we rely on the following legal bases as applicable:
- As necessary for our contract: When we enter into a contract directly with you or the Account Owner, we process your Personal Information on the basis of our contract in order to prepare and enter into the contract, as well as to perform and manage the contract (i.e., providing our Services to you, as well as facilitating and processing payments, communicating with you about our Site, mobile application, or Services, complying with contractual obligations, and related administration). Where we are relying on this legal basis, we may not be able to provide you with all Services if we do not process your Personal Information;
- Consistent with consent: We rely on your prior consent in order to use certain types of cookies (e.g., analytics cookies we use to perform analysis of our website usage). Where required by law, we also rely on your prior consent to conduct online marketing, including email marketing. You have the right to withdraw your consent at any time by visiting our Cookie Management Tool. We may also rely on consent where required by law or where we are processing any special category data such as biometric data.
- As necessary to comply with our legal obligations: We process your Personal Information to comply with the legal obligations to which we are subject. This may include detecting, investigating, preventing, and stopping fraudulent, harmful, unauthorized, or illegal activity and includes compliance with applicable data protection laws. If we do not process your Personal Information for these purposes, we may not be able to provide you with all Services;
- As necessary for our (or others’) legitimate interests: We process your Personal Information based on such legitimate interests to (i) enter and perform the contract with the Account Owner; (ii) develop, test, and improve our Services; (iii) ensure authentication, integrity, security, and safety of accounts and Services, including detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal; and (iv) comply with non-EU and non-UK laws, regulations, codes of practice, guidelines, or rules applicable to us and respond to requests from, and other communications with, competent non-EU and non-UK public, governmental, judicial, or other regulatory authorities, as well as meet our corporate and social responsibility commitments, protect our rights and property and the ones of our customers, resolve disputes, and enforce agreements. If we do not process your Personal Information for these purposes, we may not be able to perform activities that are necessary for our legitimate interests, and, depending on the circumstances, provide you with all Services.
Data Subjects Rights
Your rights in relation to your Personal Information processed by us as a controller specifically include:
- Right of access and/or portability: You have the right to access any Personal Information that we hold about you and, in some circumstances, have that data provided to you or transfer that data to another provider;
- Right of erasure: In certain circumstances, you have the right to the erasure of Personal Information that we hold about you (for example, if it is no longer necessary for the purposes for which it was originally collected);
- Right to object to processing: In certain circumstances, you have the right to request that we stop processing your Personal Information;
- Right to rectification: You have the right to require us to correct any inaccurate or incomplete Personal Information;
- Right to restrict processing: You have the right to request that we restrict processing of your Personal Information in certain circumstances (for example, where you believe that the Personal Information we hold about you is not accurate or lawfully held).
To exercise your rights or if you have any other questions about our use of your Personal Information, please contact us: by phone at (917) 300-8267 or by email at privacy@katmaitech.com. Please note that we may request you to provide us with additional information in order to confirm your identity and ensure that you are entitled to exercise your rights.
You also have the right to lodge a complaint to a data protection authority. For more information, please contact your local data protection authority.
International Data Transfers
Your Personal Information may be transferred, stored (for example, in a data center), and processed outside of the country or region where it was initially collected where Katmai or its service providers have customers or facilities, including in countries outside of the European Economic Area and the UK. Such countries may have data protection rules that are different and less protective than those of your country.
Where Personal Information of users in the EU or the UK is being transferred to a recipient located in a country outside the European Economic Area or the UK which has not been recognized as having an adequate level of data protection, we ensure that there is a transfer solution in place to legitimise such transfer (such as the European Commission’s standard contractual clauses under Article 46(2) of the GDPR). Please contact us if you would like to receive a copy of such standard contractual clauses or request further information in that respect. Where relevant and permissible under the applicable data protection law, we may also rely on one of the derogations under Article 49 of the GDPR or the UK GDPR to transfer your personal data (such as transfer of data that is necessary for the performance of our contract with you).