Privacy Notice

Effective date: January 15, 2024

Last Updated: January 25, 2024

At Gradly Inc. (“Gradly,” “us,” or “we”), we respect and safeguard the privacy of our customers and individuals who use our website, products, and services. Please carefully review this Privacy Notice (“Notice”) to understand how we collect, utilize, store, share, process, and protect personal information across our website, products, and services. This Notice also outlines the rights and choices available to individuals concerning their personal information and provides contact information for reaching Gradly to learn more about our privacy practices.

Established in 2024, Gradly is an enterprise data solution utilized for training machine learning models. Our Artificial Intelligence (“AI”) enabled labeling tools, partners, and Application Programming Interface (“API”) aid developers and organizations in annotating their data.

This Notice delineates how we collect, use, store, share, protect, and otherwise process personal information across Gradly products, services, the Gradly website at www.gradly.org (“Site”), and through other standard business practices (collectively, “Services”).

For the purposes of this Notice, personal information refers to any information related to an identified or identifiable individual. Examples of personal information include names, email addresses, and phone numbers.

This Notice is applicable to all Gradly prospective and current customers, including free tier and paying customers utilizing our Services. It also pertains to end-users of our customers, partners, and other individuals from whom we collect personal information while providing our Services and operating our Site. This Notice does not cover personal information related to Gradly employees and job applicants.

We gather a limited amount of personal information from individuals through their use of our Services or with their consent. In some instances, we receive information directly from individuals, such as names and email addresses when they register for our Services. In other cases, we acquire information through individuals' use of our Services or from third parties. We collect various types of personal information in the situations described below.

Registration and Account Information – When you create a Gradly account, we collect your name, phone number, email address, company role/title, username, and password. You provide this information directly during the account registration process.

Product Demonstrations – When you request a product demonstration through our Site, we collect your name, company email address, job title, phone number, and other company-related details.

Customer Support – When users of our Services submit support issues, we collect their email addresses and details regarding the support issue.

Customer and Business Partner Information – We gather personal information from individuals working for our customers or business partners, including suppliers, vendors, and other collaborators. This information includes names, job titles, department and organization names, business email addresses, business mailing addresses, and business phone numbers.

Third Parties – We obtain information about individuals from certain third-party services for marketing purposes. This information is sourced from sales intelligence software firms and publicly available resources like LinkedIn.

Marketing Activities – We collect personal information from individuals during our participation in events, conferences, and other business meetings. This information includes business contact details such as names, email addresses, and phone numbers.

Browser and Device Information – We automatically collect information from users of our Services and Site visitors, including unique device identification numbers, operating system versions, browser types, pages viewed, links clicked, IP addresses, visit dates and times, and the frequency of Site visits.

We may aggregate and anonymize received information to generate reports on Site activity and statistics. We utilize Google AdWords to collect and analyze such information. For more details, please refer to our Cookie Notice.

For additional information on limiting Gradly’s collection and use of personal information, please see the “Your Choices and Rights” section below.

We employ collected personal information for the following purposes:

Communication – We may contact you to respond to your inquiries, requests, and important notices via email or our live chat service on our Site. This includes providing customer support and informing you about new features and updates to our Services.

Service Provision – We use collected information to register, administer, and manage your account, verify your identity, and provide our Services to users. We may also use your information to diagnose and resolve issues with our Site or Services.

Marketing – We use your collected information to market our Services, such as sending you email communications about our products and offerings. To learn more about how we collect information when you visit our Site, refer to our Cookie Notice.

Legal Compliance – We use your information as necessary to conduct appropriate compliance and security checks, including enforcing contracts and agreements with our customers or complying with applicable law enforcement obligations.

We disclose your personal information only to select recipients for specific purposes, including:

Service Providers and Other Third Parties – We engage a limited number of third-party service providers to assist us in providing our Services to you. We share personal information with these third parties, business partners, vendors, service providers, suppliers, consultants, and Workforce Partners who require access to your information to support us in delivering our Services. Gradly does not share personal information with third parties for direct marketing purposes.

Please note that before engaging a new service provider, we subject them to security and privacy compliance reviews and onboarding processes to ensure the secure and compliant processing of your personal data. The transfer of your personal data to Gradly is safeguarded through various means, including the obligations in the Standard Contractual Clauses that we include in our Data Protection Agreements with third-party vendors and customers, as well as supplementary measures implemented to protect Customer Personal Data outlined in our Data Transfer Impact Assessment. We also adhere to the Department of Commerce’s EU-U.S. Data Privacy Framework (DPF). For further details on the secure transfer of your personal data, please consult the “Supplemental Notice for EEA, UK, and Switzerland Residents” section below and our Data Transfer Impact Assessment.

Third-Party Responsibilities – Each third party with whom we share personal information is responsible for maintaining its own privacy notice and practices related to the use and protection of personal information. Gradly requires third-party service providers, acting on our behalf or with whom we share personal information, to implement appropriate security measures according to industry standards. We always ensure that any third parties with whom we share personal information are subject to privacy and security obligations consistent with this Notice and applicable laws.

Legal, Regulatory, and Compliance Purposes – We may share your information as required by law, including responding to lawful requests from public authorities, meeting national security or law enforcement requirements, investigating fraud, complying with subpoenas, bankruptcy proceedings, or similar legal processes.

Sale, Merger, or Acquisition – In the event we sell or transfer all or a portion of our business or assets, we will make reasonable efforts to direct the transferee to use your personal information in a manner consistent with the terms of this Notice.

We employ reasonable and appropriate physical, technical, and administrative safeguards to prevent unauthorized use, access, loss, misuse, alteration, or destruction of your personal information. Our policies and procedures undergo regular reviews to ensure they effectively uphold our commitment to safeguarding your personal information. Additionally, we mandate that third-party service providers, who may act on our behalf or with whom we share your information, also demonstrate appropriate security measures in accordance with industry standards.

Gradly utilizes U.S.-based data hosting service providers to store the data we collect from individuals and employs appropriate technical measures to secure this data. We adhere to strict privacy and security compliance practices to ensure that your personal information remains protected from unauthorized access and unlawful processing. For more information about our specific controls to safeguard your information, please visit our Privacy & Security Program page.

While we implement robust security safeguards, it is essential to acknowledge that absolute security cannot be guaranteed in all scenarios. If you have any questions regarding the security of our Services, please do not hesitate to reach out to us at support@gradly.org.

Where applicable or legally required, we provide explanations about how we utilize your personal information, enabling you to make informed choices regarding your data's usage. You can communicate your preferences during the information collection process and modify your selections at any time by contacting us directly.

Marketing emails – You can opt out of receiving marketing emails by following the unsubscribe instructions provided in these emails or by contacting us at support@gradly.org.

Account information – To deactivate or delete data associated with your Gradly account, please contact us at support@gradly.org.

Accessing, Correcting, and Updating Your Information You may possess certain rights concerning the personal information we collect about you. To update your preferences, correct your information, limit the communications you receive from us, or make a request to exercise your data rights, please reach out to us as indicated in the "Contact Us" section below.

In compliance with applicable law, including the General Data Protection Regulation ("GDPR") and other privacy regulations, you may have the right to:

Request access to specific personal information we maintain about you.

Request the correction, update, or amendment of inaccurate or incomplete personal information.

Request the erasure, restriction of use, or objection to the processing of particular personal information.

Exercise your right to data portability, which allows you to request a copy of your data.

In some cases, you can withdraw consent previously provided to us or object to the processing of your personal information, and we will respect your preferences going forward.

Exercising Your Rights Should you wish to exercise any of these rights mentioned above, please visit our website (www.gradly.org) and submit a request using our online support function or contact us as specified in the "Contact Us" section below. To protect your privacy and maintain security, we take steps to verify your identity before granting you access to your information. We may also decline your access request, but if we do so, we will provide an explanation for our decision.

Please note that in specific situations, your requests and choices may be subject to limitations. For example, if fulfilling your request would expose information about another individual or if you request the deletion of information that we are legally required to retain.

If you have unresolved concerns, you may have the right to file a complaint with a data protection authority or supervisory authority in the country or region where you reside, work, or believe your rights have been violated. For any questions, please contact us as specified in the "Contact Us" section below.

We employ cookies and similar technologies to collect information about your browsing activities when you navigate our Site. Cookies enhance interactions with our Site, making your experience smoother and faster. They also assist in trend analysis, administration of our Services, and tracking of activity and interactions with our Site. For comprehensive information on how we employ cookies and instructions on managing cookies, please refer to our Cookie Notice.

We do not respond to web browser "Do-Not-Track" signals, and we do not serve targeted advertisements within our Services at this time.

If you are an individual from the European Economic Area ("EEA"), we collect and process your personal information only when we have a legal basis under applicable EU laws. The legal basis depends on the Services you use and how you use them. Therefore, we collect and use your personal information only for the following purposes:

To fulfill our contractual obligations to you.

To operate our business, including improving and developing our services, preventing fraud, enhancing user experience, or other legitimate interests; and/or

As required by law.

For queries about the legal basis for processing, please refer to the "Your Choices and Rights" section or contact us at the address specified in the "Contact Us" section.

International Data Transfers To provide our exceptional Services, including technical support, we may disclose your personal information to countries outside of your data residence. In particular, we may transfer the personal information you provide to the United States and other countries where our affiliates, business partners, and service providers are located.

Gradly ensures the protection of your personal information in accordance with this Notice and applicable data protection laws. When sharing personal information of customers in the European Economic Area, the UK, or Switzerland, we ensure protection through the following mechanisms:

Incorporating both the European Commission-approved Standard Contractual Clauses (SCCs) and the UK-approved International Data Transfer Addendum into Data Protection Agreements (DPAs) with us.

Implementing SCCs with our third-party service providers, guaranteeing equal or greater data protection under applicable laws.

Applying supplementary measures to protect personal data as outlined in our Data Transfer Impact Assessment

Upholding certification to the U.S. Department of Commerce's EU-U.S. Data Privacy Framework (DPF). For more details, please refer to the "Data Privacy Framework Certification" section below :

Utilizing other appropriate legal mechanisms to safeguard data transfers.

For questions or concerns about international data transfers, please contact us at privacy@gradly.com.

Data Privacy Framework Certification Gradly has self-certified its commitment to comply with the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) as established by the U.S. Department of Commerce. We rely on the following frameworks for the processing of personal data transfers in unique data residencies:

The EU-U.S DPF for personal data transfers from the European Union and European Economic Area.

The UK Extension to the EU-U.S. DPF for personal data transfers from the United Kingdom and Gibraltar and

The Swiss-U.S. DPF for personal data transfers from Switzerland.

These collectively constitute the "DPF Principles," which govern our data privacy practices. In the event of conflicts between the terms in this privacy policy and the EU-U.S. DPF Principles, UK Extension, and/or the Swiss-U.S. DPF Principles, the DPF Principles shall take precedence. To learn more about the Data Privacy Framework (DPF) program and to view our certification.

In accordance with the Data Privacy Framework, Gradly commits to addressing and resolving complaints concerning the collection and use of your personal information in line with the Data Privacy Framework Principles. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received under the Data Privacy Framework should initially contact Gradly at privacy@gradly.com with the subject "Data Privacy Framework."

Gradly also pledges to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner's Office (ICO), as well as the Swiss Federal Data Protection and Information Commissioner (FDPIC), with regard to unresolved complaints about our handling of human resources data received under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in the context of the employment relationship.

Under specific conditions, as elaborated on the Data Privacy Framework website, you may have the option to invoke binding arbitration when other dispute resolution avenues fail to satisfactorily address your concerns. Please be aware that Gradly, Inc. remains subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Onward Transfers If Gradly transfers information to a third-party service provider acting as Gradly's agent, Gradly continues to assume responsibility under the DPF Principles if the agent processes the information in a manner inconsistent with the DPF Principles, unless Gradly is not liable for the event leading to the damage.

Complaints Your concerns are important to us, and mechanisms for addressing them are readily available. If you have concerns or wish to file a complaint, you have the option to contact a data protection authority in your country or region. This applies to your habitual residence, workplace, or if you believe there has been an alleged breach of applicable data protection law. A comprehensive list of EEA data protection authorities is available. You can also reach out to the UK Information Commissioner's Office.

This section provides additional details about the personal information we collect about individuals and the rights afforded to them under various applicable U.S. state data protection and privacy laws, including:

The California Consumer Privacy Act (CCPA)

The Colorado Privacy Act (CPA)

The Connecticut Data Privacy Act (CTDPA)

The Virginia Consumer Data Protection Act (VCDPA).

The personal information that we have collected and disclosed for a business purpose (including to our service providers) in the past 12 months falls into the following categories, specifically established under the CCPA:

Identifiers/Contact information, such as your real name, postal address, unique personal identifier, online identifier, internet protocol address, and email address.

Information under Cal. Civ. Code §1798.80(e), such as your name, address, telephone number, or any financial information.

Commercial information, such as information related to products or services you have purchased.

Internet or other electronic network activity information, such as information regarding your interaction with Gradly Products.

Geolocation data, such as approximate location data based on your IP address.

Audio, electronic, visual, or similar information, such as audio recordings of calls with you.

Inferences drawn from the information above, such as aggregated metrics and

Account log-in credentials, allowing access to your account.

For more information about the categories of personal information we collect, please see the "Personal Information We Collect" section above.

Additional Privacy Rights for California Residents Non-Discrimination — California residents have the right not to receive discriminatory treatment by us for exercising their rights conferred by the CCPA.

Authorized Agent — Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us as set forth below.

Verification — To protect your privacy, we will take steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include asking you to log in to your account or verify your email address.

If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as specified in the "Contact Us" section below. We will process such requests following applicable laws. As defined by the CCPA, Gradly does not sell personal information of California residents, nor do we have knowledge of any sale of personal information of minors under 16 years of age.

Additional Privacy Rights for Nevada Residents If you are a resident of Nevada, you have the right to opt out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise your right by contacting us as specified in the "Contact Us" section below with the subject line “Nevada Do Not Sell Request,” and providing us with your name and the email address associated with your Gradly account. As defined by Nevada Revised Statutes Chapter 603A, Gradly does not sell personal information of Nevada residents.

Our Services are not directed to children under the age of 13, and we do not knowingly collect information from children under the age of 13. Gradly Services are not intended for individuals under the age of 13. If you become aware that a child under the age of 13 has provided us with personal information contrary to these rules, please contact us as specified in the "Contact Us" section below.

Certain third-party services, websites, or applications that you use or navigate to and from our Services may have separate user terms and privacy policies independent of this Notice. This includes websites owned and operated by our customers or partners, among others. We are not responsible for the privacy practices of these third-party services or applications. We recommend carefully reviewing the user terms and privacy statement of each third-party service, website, and/or application before usage.

We periodically update this Privacy Notice to describe new features, products, or services and how those changes impact our utilization of your information. If we make substantial alterations to this Privacy Notice, we will provide notifications through our services and/or directly notify you.

If you have inquiries or complaints about this Notice or our practices regarding information handling, please reach out to us at support@gradly.org.

We will investigate and attempt to resolve any such complaint or dispute concerning the use or disclosure of your personal information.