Effective: May 25, 2018
When we talk about “LEANSTACK,” “we,” “our,” or “us” in this policy, we are referring to LEANSTACK, Inc., the company which provides the Services. When we talk about the “Services” in this policy, we are referring to our online workplace productivity tools and platform. Our Services are currently available for use via a web browser or applications specific to your desktop or mobile device.
Information we collect and receive
1. Customer Data
Content and information submitted by users to the Services is referred to in this policy as “Customer Data.” As further explained below, Customer Data is controlled by the organization or other third party that created the account (the “Customer”). Where LEANSTACK collects or processes Customer Data, it does so on behalf of the Customer. Here are some examples of Customer Data: lean canvases, experiment reports, and validation plans. A user may also choose to enter information into their profile, such as first and last name, job, a photo and a phone number.
If you join an organization and create a user account, you are a “user,” as further described in the User Terms of Service. If you are using the Services by invitation of a Customer, whether that Customer is your employer, another organization, or an individual, that Customer determines its own policies regarding storage, access, modification, deletion, sharing, and retention of Customer Data which may apply to your use of the Services. Please check with the Customer about the policies and settings it has in place.
2. Other information
LEANSTACK may also collect and receive the following information:
Account creation information. Users provide information such as an email address and password to create an account.
Organization setup information. When a Customer creates an account using the Services, we collect an email address, a company name, domain details (such as leanstack.com/organization-name), and password.
Billing and other information. For Customers that purchase a paid version of the Services, our corporate affiliates and our third party payment processors may collect and store billing address and credit card information on our behalf or we may do this ourselves.
Services usage information. This is information about how you are accessing and using the Services, which may include administrative and support communications with us and information about the teams, people, features, content, and links you interact with, and what third party integrations you use (if any).
Log data. When you use the Services our servers automatically record information, including information that your browser sends whenever you visit a website or your mobile app sends when you are using it. This log data may include your Internet Protocol address, the address of the web page you visited before using the Services, your browser type and settings, the date and time of your use of the Services, information about your browser configuration and plug-ins, language preferences, and cookie data.
Device information. We may collect information about the device you are using the Services on, including what type of device it is, what operating system you are using, device settings, application IDs, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings.
Geo-location information. Precise GPS location from mobile devices is collected only with your permission. WiFi and IP addresses received from your browser or device may be used to determine approximate location.
Services integrations. If, when using the Services, you integrate with a third party service, we will connect that service to ours. The third party provider of the integration may share certain information about your account with LEANSTACK. However, we do not receive or store your passwords for any of these third party services.
Third party data. LEANSTACK may also receive information from affiliates in our corporate group, our partners, or others that we use to make our own information better or more useful. This might be aggregate level information, such as which IP addresses go with which zip codes, or it might be more specific information, such as about how well an online marketing or email campaign performed.
Cookies are small text files sent by us to your computer and from your computer or mobile device to us each time you visit our website or use our desktop application. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.
Some cookies are associated with your account and personal information in order to remember that you are logged in and which teams you are logged into. Other cookies are not tied to your account but are unique and allow us to carry out site analytics and customization, among other similar things. If you access the Services through your browser, you can manage your cookie settings there but if you disable some or all cookies you may not be able to use the Services.
LEANSTACK sets and accesses our own cookies on the domains operated by LEANSTACK. In addition, we use third parties like Google Analytics for website analytics. You may opt-out of third party cookies from Google Analytics on its website.
What can you do if you don't want cookies to be set or want them to be removed, or if you want to opt out of interest-based targeting?
Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. In some browsers you can set up rules to manage cookies on a site-by-site basis, giving you more fine-grained control over your privacy. What this means is that you can disallow cookies from all sites except those that you trust.
Browser manufacturers provide help pages relating to cookie management in their products. Please see below for more information.
For other browsers, please consult the documentation that your browser manufacturer provides.
You can opt out of interest-based targeting provided by participating ad servers through the Digital Advertising Alliance (http://youradchoices.com). In addition, on your iPhone, iPad or Android, you can change your device settings to control whether you see online interest-based ads.
If you limit the ability of websites and applications to set cookies, you may worsen your overall user experience and/or lose the ability to access the services, since it will no longer be personalized to you. It may also stop you from saving customized settings, like login information.
Does LEANSTACK respond to Do Not Track Signals?
Our Sites and Services do not collect personal information about your online activities over time and across third-party websites or online services. Therefore, “do not track” signals transmitted from web browsers do not apply to our Sites or Services, and we do not alter any of our data collection and use practices upon receipt of such a signal.
We are committed to keeping your e-mail address confidential. We do not sell, rent, or lease our subscription lists to third parties, and will not disclose your email address to any third parties except as allowed in the section titled Disclosure of Your Information.
We will maintain the information you send via e-mail in accordance with applicable federal law.
In compliance with the CAN-SPAM Act, all e-mails sent from our organization will clearly state who the e-mail is from and provide clear information on how to contact the sender. In addition, all e-mail messages will also contain concise information on how to remove yourself from our mailing list so that you receive no further e-mail communication from us.
Our emails provide users the opportunity to opt-out of receiving communications from us and our partners by reading the unsubscribe instructions located at the bottom of any e-mail they receive from us at anytime.
Users who no longer wish to receive our newsletter or promotional materials may opt-out of receiving these communications by clicking on the unsubscribe link in the e-mail.
How we use your information
We use your information to provide and improve the Services.
1. Customer Data
LEANSTACK may access and use Customer Data as reasonably necessary and in accordance with Customer’s instructions to (a) provide, maintain and improve the Services; (b) to prevent or address service, security, technical issues or at a Customer’s request in connection with customer support matters; (c) as required by law or as permitted by the Data Request Policy and (d) as set forth in our agreement with the Customer or as expressly permitted in writing by the Customer. Additional information about LEANSTACK confidentiality and security practices with respect to Customer Data is available at our Security Practices page.
2. Other information
We use other kinds of information in providing the Services. Specifically:
To understand and improve our Services. We carry out research and analyze trends to better understand how users are using the Services and improve them.
To communicate with you by:Responding to your requests. If you contact us with a problem or question, we will use your information to respond.Sending emails. We may send you Service and administrative emails. We may also contact you to inform you about changes in our Services, our Service offerings, and important Service related notices, such as security and fraud notices. These emails and messages are considered part of the Services and you may not opt-out of them. In addition, we sometimes send emails about new product features or other news about LEANSTACK. You can opt out of these at any time.
Billing and account management. We use account data to administer accounts and keep track of billing and payments.
Communicating with you and marketing. We often need to contact you for invoicing, account management and similar reasons. We may also use your contact information for our own marketing or advertising purposes. You can opt out of these at any time.
Investigating and preventing bad stuff from happening. We work hard to keep the Services secure and to prevent abuse and fraud.
This policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable user or Customer of the Services.
1. Customer Data
Customer provides us with instructions on what to do with Customer Data. A Customer has many choices and control over Customer Data. For example, Customer may provision or deprovision access to the Services, enable or disable third party integrations, manage permissions, retention and export settings, transfer or assign teams, share lean canvases, or consolidate teams or lean canvases with other teams or organizations. Since these choices and instructions may result in the access, use, disclosure, modification or deletion of certain or all Customer Data, please review the Help Center pages for more information about these choices and instructions.
2. Other information
If you have any questions about your information, our use of this information, or your rights when it comes to any of the foregoing, contact us at [email protected].
In addition, the browser you use may provide you with the ability to control cookies or other types of local data storage. Your mobile device may provide you with choices around how and whether location or other data is collected and shared. LEANSTACK does not control these choices, or default settings, which are offered by makers of your browser or mobile device operating system.
Sharing and Disclosure
1. Customer Data
LEANSTACK may share Customer Data in accordance with our agreement with the Customer and the Customer’s instructions, including:
With third party service providers and agents. We may engage third party companies or individuals to process Customer Data.
With affiliates. We may engage affiliates in our corporate group to process Customer Data.
With third party integrations. LEANSTACK may, acting on our Customer’s behalf, share Customer Data with the provider of an integration added by Customer. LEANSTACK is not responsible for how the provider of an integration may collect, use, and share Customer Data.
2. Other information
LEANSTACK may share other information as follows:
About you with the Customer. There may be times when you contact LEANSTACK to help resolve an issue specific to a team of which you are a member. In order to help resolve the issue and given our relationship with our Customer, we may share your concern with our Customer.
With third party service providers and agents. We may engage third party companies or individuals, such as third party payment processors, to process information on our behalf.
With affiliates. We may engage affiliates in our corporate group to process other information.
3. Other types of disclosure
LEANSTACK may share or disclose Customer Data and other information as follows:
During changes to our business structure. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of LEANSTACK's assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
To comply with laws. To comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
To enforce our rights, prevent fraud and for safety. To protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.
We may disclose or use aggregate or de-identified information for any purpose. For example, we may share aggregated or de-identified information with our partners or others for business or research purposes like telling a prospective LEANSTACK Customer the average number of canvases created within a LEANSTACK team or partnering with research firm or academics to explore interesting questions about innovation practices.
We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
To learn more about current practices and policies regarding security and confidentiality of Customer Data and other information, please see our Security Practices; we keep that document updated as these practices evolve over time.
Our Services are not directed to children under 13. If you learn that a child under 13 has provided us with personal information without consent, please contact us.
We may change this policy from time to time, and if we do we will post any changes on this page. If you continue to use the Services after those changes are in effect, you agree to the revised policy.
International Contractual Terms
European Union Model Clauses. LEANSTACK offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of Customer Data. A copy of our standard data processing addendum, incorporating Model Clauses, is available here.
Data Protection Officer
To communicate with our Data Protection Officer, please email [email protected].
Identifying The Data Controller And Processor
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, Customer is the controller of Customer Data. In general, LEANSTACK is the processor of Customer Data and the controller of Other Information.
Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information. You can usually do this using the settings and tools provided in your Services account. If you cannot use the settings and tools, contact Customer for additional access and assistance.
To the extent that LEANSTACK's processing of your Personal Data is subject to the General Data Protection Regulation, LEANSTACK relies on its legitimate interests, described above, to process your data. LEANSTACK may also process Other Information that constitutes your Personal Data for direct marketing purposes and you have a right to object to LEANSTACK's use of your Personal Data for this purpose at any time.
Data Protection Authority
Subject to applicable law, you also have the right to (i) restrict LEANSTACK's use of Other Information that constitutes your Personal Data and (ii) lodge a complaint with your local data protection authority.
5409 Montview Street,
Austin, TX 78756