Medullar Solutions Inc. Privacy Policy

Overview of essential details

This overview encapsulates the main highlights from our privacy notice. For a more comprehensive understanding of any of these subjects, click the link provided after each key detail or navigate to the relevant section using the table of contents below.

• What type of personal data do we handle? Depending on your interaction with us and our services, as well as the selections you make and the features you use, we might handle personal information.
• Do we handle any sensitive personal data? We refrain from handling sensitive personal information.
• Do we obtain any information from third parties? We may keep or combine third party information with the personal details we have previously collected from you, a process referred to as "data supplementation".
• How do we manage your information? Your information is utilized to enhance, manage, and deliver our services, communicate with you, prevent fraud, and comply with legal requirements. We may process your information for additional purposes if you consent, and only when there is a legitimate legal basis.
• How do we safeguard your information? We employ organizational and technical measures to secure your personal information. However, we must acknowledge that no online transmission or storage method can be completely impervious to breaches, and we cannot absolutely guarantee that unauthorized individuals won't be able to compromise our security measures.
• What rights do you have regarding your information? Your geographical location may grant you specific rights concerning your personal information under the relevant privacy legislation.
• How can you exercise your rights? You can easily assert your rights by reaching out to us directly to privacy@medullar.com. We will assess and respond to any request in accordance with the prevailing data protection regulations.

Data Collection

We gather and handle the subsequent information:

• Voluntary Information: When you register, utilize our services, or interact with us, you may voluntarily supply personal details such as:
  • Email address, full name, company affiliation, job title, etc.
  • Payment specifics (handled through www.stripe.com).
  • Information that you provide when you voluntarily fill in forms on our websites.
  • Information used to identify you during the planning and execution of corporate events tied to our marketing activities, such as user conferences.
  • Archives and duplicates of your communications (including email addresses and usernames) when you reach out to us.
  • Your answers to any surveys we may request you to fill out for the sake of research.
  • Specifics concerning transactions conducted via our websites or in connection with orders for our services.
• Technical details: This includes information associated with your Medullar login, browser details, time zone settings, types and versions of browser plugins, your operating system, and the platform you're on. To bolster security and prevent unauthorized systems from accessing your account, we also collect data about your geolocation and system ID.

Our services are designed not to collect any data that passes through them. Instead, they only retain minimal information in a secure and encrypted cache to enhance search speeds. This information might consist of:

• Specific folder IDs (in the case of OneDrive searches)
• Thumbnail URLs for some OneDrive and Box results
• Domain details for Confluence
• The user's calendar list for Google Apps
• Email details for Google Apps
• Object structure within the Salesforce connector
• Encrypted search results (only kept for 5 min.)

Should there be any changes to this functionality in the future, this document will be promptly updated to reflect those modifications. For any additional information or inquiries, please reach out to us at security@medullar.com, and we'll provide detailed information as needed.

You might also share information in your capacity as a contributing user, which could be published or shown (henceforth called "posted") in the public sections of our websites, on the Medullar community or social networks sites, or sent to other users of our websites or third parties. Please be aware that any user contributions you post are shared with others at your own discretion and risk.

Medullar use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements

How does Medullar use your personal information

Medullar employs the personal information you share with us to display content on our websites, orchestrate and conduct marketing activities, and offer our services.

We may utilize this information in various ways, including:

• Showcasing our websites and their contents to you.
• Enabling your engagement in interactive features found on our websites.
• Enhancing your experience while using our websites, services, and participating in marketing activities.
• Administering your access to the services we provide.
• Fulfilling our duties and exercising our rights stemming from any agreements made between you and us, such as those related to billing and collection.
• Sending you updates about your account and/or subscription, including reminders about expiration and renewals.
• Informing you of any modifications to our websites or services.
• Supplying information or services you've requested from us.
• Engaging with you about marketing activities, possibly including promotional material.
• Distributing promotional content and other communications about our products or Services.
• Compiling a roster of current and potential users and subscribers for our offerings.
• Gathering data on the utilization of our landing website.
• Mitigating instances of fraud or misuse.
• Adhering to legal or regulatory mandates.
• Pursuing any other objectives, we specify when collecting information.
• Serving any specific requests or needs you present to us.
• Fulfilling any other purposes, provided we have your consent.

How does Medullar collect your personal information

Medullar may gather personal information directly from you in the following manners:

• Completing forms on our websites, like account registration, service subscription, or comment posting.
• Creating an account or adding a new user to access our services.
• Conducting transactions on our websites, such as placing an order for our services.
• Performing search queries within our websites.
• Posting messages on our websites, either in public sections or directly to other users or third parties.
• Utilizing our publicly accessible blogs.
• Contacting us outside our websites, through channels like email.
• Seeking help from our support team.
• Answering surveys, we present for research.
• Supplying information to be displayed on public sections of our websites.
• Transmitting information to other users or third parties as a user contribution.
• Registering or participating in our marketing activities.
• Third parties and enhancement of data.

Third-Parties and data supplementation

As permitted by law, Medullar might gather personal details about you from third-party sources. We might retain or link this information with the personal data we already possess about you (a process known as "data supplementation"). This assists us in refining our websites and offering superior, more personalized services. It also helps us update, grow, and analyze our records, identify new clients, and present products and services that may intrigue you. If we merge such third-party information with existing data, we'll handle the combined information following this Privacy Policy and any additional restrictions by the data source.

The third-party sources we might employ have included or could encompass:

• Social networks if you mention our services or authorize Medullar to access your information.
• Our partners, with whom we might present co-branded services, sell, or distribute our services, or undertake joint marketing efforts.
• Publicly available data or information in the public domain.

Examples of the personal information that might be obtained from public sources or bought from third parties and merged with existing data include:

• Contact details from third-party sources to validate your address for fraud prevention or communication.
• Data acquired from third parties, like social media platforms or conference attendee lists, combined with existing information to create more personalized advertising and products.

We disclaim responsibility for the accuracy of information supplied by third parties or their policies and practices.

Handling of financial data

We engage third-party payment processors to manage payments made to us. During this process, we do not keep any personally identifiable or financial data, such as credit card numbers. Instead, all such information is provided directly to our third-party processors, which currently include Stripe. Stripe's privacy policy can be found at https://stripe.com/us/privacy.

Handling of marketing data

We are committed to ensuring that you receive relevant and valuable information from us. To facilitate this, we utilize the services of Constant Contact, a reputable third-party email marketing provider. When you opt-in to receive marketing emails from us, your email address is shared with Constant Contact solely for the purpose of distributing these communications.

We assure you that Constant Contact employs robust security measures to protect your data, and the platform complies with data privacy laws and regulations. The sharing of your email address with Constant Contact allows us to offer you a more personalized and efficient communication experience. It's important to note that your email address will not be used for any other purposes by Constant Contact, nor will it be shared with any additional third parties. You can always opt-out of our marketing emails at any time if you no longer wish to receive them.

Does Medullar Automatically Collect Personal Information?

Within Medullar, we must differentiate between two components. The first is our primary website (www.medullar.com), where, like many websites, Medullar automatically collects specific information as you browse and engage with our landing website. This collection aids in enhancing and personalizing our website, and marketing activities, as well as in preventing fraud or abuse. Such information might be compiled and preserved in log files.

The automatically collected information may encompass:

• Type of browser
• Referral and exit pages
• Operating system
• Date and timestamps
• Browsing behavior and patterns

The second component is our services, comprising the extension and search website. Here, we do not engage in any tracking of user activities.

Cookies

On www.medullar.com, we employ cookies or analogous technologies to scrutinize trends, manage our landing website, monitor user navigation, and collect demographic details about our entire user base.

In our main service, we utilize cookies solely to recognize your browser and to save the refresh token. This allows us to monitor which browsers are permitted or not within our application, enhancing your security. As a user, you can decide which browsers may access your account and which cannot.

A cookie is a tiny fragment of data placed on your device when you visit specific websites. Although you can manage the use of cookies at the individual browser level, disabling them might restrict your ability to access features or functions on our websites or services.

What are the legal grounds for processing your information?

We process your personal information only when necessary and when there's a valid legal reason to do so under applicable law. This could be with your consent, to adhere to laws, to offer you services, to fulfill contractual obligations, to safeguard your rights, or to pursue our legitimate business interests.

If you reside in the EU or UK, the following applies to you:

Under the General Data Protection Regulation (GDPR) and UK GDPR, we must disclose the legal grounds we depend on to handle your personal information. We may base the processing of your information on the following:

• Consent: If you've granted us explicit permission to use your information for a particular aim, we may process it. You have the right to revoke this consent at any time.
• Legitimate Interests: We may process your information when it aligns with our legitimate business goals and doesn't override your rights and basic freedoms. Examples include sending special offers, personalizing advertising, and improving user experience.
• Legal Obligations: If it's necessary for legal compliance, such as cooperating with law enforcement or legal proceedings, we may process your information.
• Vital Interests: We may process your information when necessary to safeguard your essential interests or those of another party, like in potential safety threat scenarios.

If you reside in Canada, the following applies to you:

We may process your information with your explicit permission for a specific purpose, or where your consent can be deduced. You can withdraw consent at any time.

In rare cases, we might process your information without consent under Canadian law, such as:

• If immediate collection is in an individual's best interest and timely consent is unattainable.
• For fraud investigation and prevention.
• During specific business transactions if conditions are met.
• If the information is part of a witness statement for insurance claims.
• To identify and communicate with the next of kin of deceased, ill, or injured persons.
• If reasonable grounds exist to suspect financial abuse of an individual.
• If obtaining consent would jeopardize information accuracy or breach investigation, and collection is reasonable for legal investigations.
• If legally required to comply with subpoenas, warrants, or court orders.
• If the information was created during professional activities and collection aligns with its original purpose.
• Solely for journalistic, artistic, or literary purposes.
• If the information is publicly available as specified by regulations.

How and when does Medullar share my personal information with others?

Medullar may distribute your personal information to select third parties. This distribution is rooted in our association with those third parties, your approval, or legal or contractual obligations compelling us to share such information.

We may disseminate your personal information in the following ways:

• To business partners and service providers: Including Stripe, which support our operations. These entities are contractually obligated to maintain the confidentiality of personal information and may only utilize it for the specific purposes we disclose.
• When engaging in our community forum: Please be aware that information shared in public areas of our websites may be accessible to any user.
• In business transitions: Such as mergers, restructuring, or asset sales, where personal information might be transferred. Notifications of ownership changes or alterations in the use of your information will be sent via email or displayed on our websites.
• For legal compliance: Including court orders, investigations, regulatory requests, or to satisfy national security or law enforcement requirements.
• To enforce agreements: Such as our Terms of Service, including billing and collection.
• For protection purposes: If we deem it essential to safeguard Medullar's rights, property, or safety, or that of our subscribers or others, including fraud prevention and credit risk reduction.
• With your consent.
• For statistical purposes: Medullar may share aggregated data devoid of personal data with third parties.

You may access our website using sign-in services like Github, Google, or Microsoft profiles and others. These services verify your identity and allow you to share personal details like your name and email address, which we may collect as you log into our websites through these services.

Occasionally, we may link to other websites with different privacy practices. If you provide personal information to those sites, it will be governed by their privacy policies. Therefore, we urge you to review the privacy policy of any website you visit.

What is the duration of Medullar's retention of my personal information?

Medullar may hold onto your personal information for a duration that aligns with the initial reason for its collection. For example, we might keep your information as long as you have an active account to utilize our websites or services, or in accordance with the terms laid out in our subscription agreements, and for a sensible time frame following that. Additionally, your personal information may be retained during the time required for Medullar to fulfill our legitimate business goals, carry out audits, adhere to legal responsibilities, settle disputes, and implement our contractual terms.

What measures does Medullar take to secure my Information?

Medullar employs suitable technical and organizational safeguards designed to protect your personal information from accidental loss, unauthorized access, modification, or disclosure. While we put in place and maintain security protocols that align with our business practices, it's essential to recognize that no security system is foolproof or completely immune to breaches. Thus, any transmission of personal information is undertaken at your risk. You can request us the latest details about our security measures at Medullar's Security Compliance email: security@medullar.com.

Additionally, it's your responsibility to ensure the safety of your information. We cannot be held accountable if you bypass any privacy settings or security protocols on our websites. If we provide you with (or you select) a password to access specific sections of our websites, the confidentiality of this password is your responsibility. Avoid sharing your password with others.

Be cautious when divulging information in public areas of our websites, such as community forums or message boards. Any information you disclose in these areas can be accessed by any user of our websites. Since we cannot control how other users may interact with the information you choose to share, we cannot guarantee that unauthorized parties will not be able to view your contributed information.

What options and rights do I have regarding the utilization of my personal information?

When you engage with our websites, services, and marketing activities, you explicitly consent to the gathering and utilization of your personal information in accordance with this Privacy Policy. This does not interfere with lawful processing under relevant laws grounded on other legal justifications such as contractual obligations, compliance with prevailing laws, or legitimate objectives.

Should you receive marketing or promotional communications from us, you have the option to opt out at any time. You can do so by:

• Following the unsubscribe instructions contained within the email if the promotion was sent via email.
• Navigating to the Medullar preference page under your profile.
• Accessing the email preferences in your account settings within the services user interface dashboard.
• Sending an email to the address provided in the Contact Information section above.

By exercising these options, you can ensure greater control over how your personal information is handled.

Right to access or modify personal information

You possess the right to access and modify your personal information. To review or amend your information, you can sign into the relevant website or service and navigate to your account profile page, usually labeled as "My Account," or reach out to us through the Support Center. Alternatively, you can email us at the address provided in the Contact Information section above.

Right to erase personal information ("Right to be forgotten")

You are entitled to request the deletion of your personal information, and we are obliged to erase it under the following circumstances:

• The information is no longer required for the purposes for which it was gathered or processed.
• You revoke consent upon which the processing relies, and there is no other lawful basis for the processing.
• You challenge the processing, and there are no prevailing legitimate reasons for the processing.
• The information has been processed unlawfully.
• The information must be erased to comply with a legal obligation within the European Union or a Member State law to which Medullar is subject.

Should you wish to request the removal of your personal information from our websites or services, you can sign into the relevant website or service and contact us through the Support Center. Alternatively, you can email us at the address provided in the Contact Information section or request the closure of your account. We will respond to your request within 30 days.

Please note that there may be instances where we are unable to delete your personal information. If this occurs, we will inform you that we are unable to fulfill your request and explain why.

Right to data portability

You possess the right to obtain or transfer a copy of your personal information under the following conditions:

The legal basis for the processing relies on your consent or the necessity of the processing for the execution of a contract to which you are a party, and personal information is processed through automated means.

The copy will be delivered to you in a standard machine-readable format, and you may also request that we transmit it to another entity, if it is technically feasible to do so.

Should you wish to request a copy of your personal information, you can sign into the relevant website or service and reach out to us through the Support Center.

Alternatively, you can email us at the address provided in the Contact Information section above.

Right to limit personal information processing

You possess the right to seek limitations on the processing of your personal information under the following circumstances:

• If you dispute the accuracy of the personal information, until we have taken adequate measures to correct or confirm its accuracy,
• If the processing is unlawful, but you prefer that we not erase the personal information,
• If we no longer require the personal information for the purposes of processing, yet you need the information for the initiation, execution, or protection of legal claims,
• If you have opposed processing based on legitimate interest grounds, pending an assessment as to whether Medullar's legitimate reasons for continued processing prevail.

In situations where personal information processing is restricted in this manner, we will only process it with your consent, or for the initiation, execution, or protection of legal claims. This right includes the limitation of your personal information processing to merely include the storage of the information (e.g., during the period when Medullar evaluates whether you are eligible to have your personal information erased).

Should you wish to request the limitation of processing of your personal information, you can sign into the relevant website or service and contact us through the Support Center. Alternatively, you can email us at the address provided in the Contact Information section above.

Right to object to processing based on legitimate interest grounds.

When we process personal information based on legitimate interest, you possess the right to object to this processing. If you do object, we must cease this processing unless we can demonstrate compelling legitimate reasons for the processing that surpass your interests, rights, and freedoms, or if the processing is required for the initiation, execution, or protection of legal claims. While we believe we can substantiate such compelling legitimate reasons, we will assess each situation individually.

Should you wish to object to the processing of your personal information, you can sign into the relevant Website or Service and reach out to us through the Support Center or email us at the address provided in the Contact Information section above.

Right to be informed of safeguards for transfers to third countries or international organizations

For information regarding the safeguards implemented to protect your personal information during transfer outside the European Economic Area, please refer to the Terms of Service. In cases of transfers to countries without an adequacy decision by the European Commission, Medullar ensures appropriate protection through contractual obligations.

Right to revoke consent

If you have granted us consent to process your personal information, you reserve the right to withdraw this consent at any time. This withdrawal won't impact the legality of the processing based on consent before it was revoked.

• You can execute this withdrawal by:
• Utilizing specific browser settings and opt-out choices discussed in this Privacy Policy to limit the personal information you share with us or our third-party associates.
• Signing into the suitable website or service and reaching out to us via the Support Center.
• Following the unsubscribe guidance in email communications.
• Using the Medullar preference page.
• Adjusting email preferences in your account settings within the services user interface dashboard.
• Emailing us at the address listed in the Contact Information section above.

Right to File Complaints or Report Misuse

You also possess the right to file a complaint with a regulatory authority, specifically in your country of residence, if you believe that our processing of your personal information violates applicable laws.

To report any abuse, kindly email us at abuse@medullar.com.

California Privacy Provisions

Under California Civil Code Section § 1798.83, users residing in California who utilize our websites and services may choose to prevent the sharing of their personal information with third parties for direct marketing objectives. To initiate this request, you can sign into the relevant website or service and contact us through the Support Center or email us at the address provided in the Contact Information section above.

Please be aware that even if California residents opt to restrict the sharing of personal information, they may continue to receive specific offers directly from us, as permitted by law.

Handling of DO-NOT-TRACK (DNT) features

Many web browsers, as well as some mobile operating systems and applications, offer a Do-Not-Track ("DNT") option or setting that you can enable to indicate your preference to prevent your online browsing activities from being tracked and recorded. However, as of now, there is no established uniform standard for recognizing and implementing DNT signals. Therefore, we currently do not acknowledge or respond to DNT signals from browsers or any other mechanism that automatically conveys your choice to opt-out of online tracking. Should a universally accepted standard for online tracking be developed and become obligatory in the future, we will update this privacy notice to reflect our adherence to that standard.

Will this document be updated?

We reserve the right to modify this privacy notice at our discretion. Any changes will be marked by a revised date, and the new version will become effective immediately upon being made available. Should we implement significant alterations to this notice, we may choose to inform you by either prominently displaying an announcement about the changes or by directly contacting you with a notification. We advise you to regularly review this privacy notice to stay informed about how we are safeguarding your information.

Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@medullar.com.