Privacy & Security
Here at Arcus Foundry, we are committed to protecting the privacy of our customers. We are proud to announce that our platform, Sparkforge is now certified under the EU Data Privacy Framework, which furthers our dedication to ensuring the security and privacy of your personal data when using our platform.
The documents below provide information about our role as a data processor, our customers’ roles as data controllers, and the steps we take to keep data secure. You should review these documents in conjunction with our Privacy Policy, and we recommend that you contact a legal specialist if you require advice or more information.
How our website uses your data
Who we are
Our website address is: https://arcusfoundry.com
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where your data is sent
Visitor comments may be checked through an automated spam detection service.
Privacy Policy
Privacy Policy
Last Updated SEPTEMBER 2023
- Overview
Arcus Foundry LLC. (“Arcus Foundry,” “we,” “us,” and “our”) respects your privacy and is committed to protecting it through compliance with this Privacy Policy (“Privacy Policy”). This Privacy Policy describes how we collect and use your Personal Information when you visit our website at https://www.ArcusFoundry.com or otherwise use the Platform as described further in the Terms of Service, and that you may provide in electronic messages to Arcus Foundry.
Please read this Privacy Policy to understand our policies and practices regarding your Personal Information and how we will handle it. If you do not agree with our policies and practices, do not use the Platform. By accessing or using the Platform, you agree and consent to this Privacy Policy.
Arcus Foundry may change this Privacy Policy at any time, at its discretion. Your continued use of the Platform after we make changes is deemed to be acceptance of and consent to those changes, so please check the Privacy Policy periodically for updates.
This Privacy Policy is subject to and governed by the Arcus Foundry Terms of Service. The Services are part of the Platform and are described further in the Terms of Service.
- The Types of Information That Arcus Foundry Collects About You and How Arcus Foundry Collects Information About You
Arcus Foundry may collect two types of information from you when you visit the Platform: Personal Information and Non-Personal Information (collectively “Information”).
- “Personal Information” refers to data by which you may be personally identified, such as name, email address, employer, job title and department, and telephone number.
- “Non-Personal Information” means data that is about you, but does not identify you specifically. If you do nothing during your visit to our Platform but browse, read pages, or view content, we will gather and store Information about your visit that does not identify you personally.
We collect Information:
- Directly from you when you provide it to us. When you subscribe to a newsletter, create an account, make a purchase or request information from Arcus Foundry, we will ask for things like your name, contact, billing, shipping and communication information, and account ID or credentials in order to fulfill your request. If you set up an appointment with us through the Platform, attend a trade show or event, or otherwise contact us, you may also voluntarily provide similar information. If you submit any Personal Information about other people to us or to our service providers, you are responsible for making sure that you have the authority to do so and to allow us to use their Personal Information in accordance with this Privacy Policy (for example, by You asking for their consent).
- From third parties. We obtain information through partners, vendors, suppliers and other third parties. The parties from whom we obtain information are typically corporate enterprises (although some may also be educational or public enterprises) and they may be located in any of the locations in which we do business. These enterprises largely fall into the following categories: Advertising and marketing companies, data set and information vendors, public database providers, social media platforms, partners, providers of products or services, hosts or vendors at events or trade shows, research partners, or enterprises that use Arcus Foundry Services. We take steps to confirm that information we receive from these third parties has been collected with your consent or that these parties are otherwise legally permitted to disclose your Personal Information to us. We might also obtain information through a partner, or co-create datasets with a partner, as part of our business operations. This kind of data is used for work like improving the Platform and other Arcus Foundry Services, enhancing existing products and developing new capabilities and features. In some cases we combine Personal Information about individuals that we receive from multiple sources, including directly collected from you or through your use of the Platform.
- Automatically as you navigate through the Platform or during the time in which you utilize our Services. We collect information about how you interact with the Platform through the use of cookies, pixel tags, and similar technologies. Please view our separate Cookies Policy for more information on our use of cookies and similar technologies, how you can manage cookies and how we respond to Do Not Track signals.
- How Arcus Foundry Uses Personal Information It Collects About You and the Purposes for the Collection and Use
We use Personal Information that we collect about you or that you provide to us for the following purposes:
- For Functionality and Development of the Platform and Arcus Foundry Services. We use information to provide, offer, and personalize the Platform and other Arcus Foundry Services provided to you. Some information, like your IP address, is used to communicate with your device to provide network connectivity, measure usage levels of the Platform, diagnose server problems and provide security features. Other business purposes that depend on use of your information include data analysis related to testing, modifying, improving or developing new products, services and technologies, and to identify trends. We use cookies to make our websites and the Platform operate, work more efficiently, and provide analytic information. Technologies similar to cookies, such as pixel tags are also used in connection with the Platform. For more information on our use of cookies, please read our Cookies Policy.
- For Customer Support, Platform Updating and Reporting. The Platform may use information to provide Arcus Foundry with updates and reports, and to check that the Platform is working properly. Update functions may automatically check your system to see whether files need to be refreshed, updated, or modernized, in order to provide you with the up-to-date security, versions, features, options and controls associated with your systems or devices. We rely on information to analyze performance and improve and maintain the Platform. We also rely on Personal Information you provide to us to provide you with customer support for the Platform and other Arcus Foundry Services, and to verify eligibility for promotional offers.
- For Business Operations. We use information to operate our business; for example, to perform accounting, auditing, billing, reconciliation, and collection activities. Other business purposes that depend on use of your Personal Information include crime or fraud monitoring and prevention, protecting our legal rights, and performing contractual obligations. We also use Personal Information to contact you to advertise, market and sell Arcus Foundry Services in accordance with your communications preferences.
- To Communicate. We use contact information to send messages; to provide Arcus Foundry Services; to respond to customer service requests; to provide alerts such as security updates or changes in our policies or about subscriptions that are ending; and to send marketing or informational materials like newsletters or white papers, in accordance with your communication preferences. We occasionally conduct surveys, or do focused research or studies which may require you to voluntarily share Personal Information in order to participate. These activities typically have additional notices that provide more information about the use of your Personal Information and to which you may be asked to consent.
- For Advertising and Marketing. We may use Personal Information collected from you, combined with information about what advertisements you viewed and other information we collect, to enable us to provide personalized content and to study the effectiveness of advertising and marketing campaigns. You may choose whether to allow or deny uses or sharing of your device’s location by changing your device settings, but if you choose to deny such uses or sharing, we may not be able to provide you with certain personalized Arcus Foundry Services and content on the Platform.
- For Statistical Purposes to Improve the Platform. We may compile Platform statistics into traffic reports, which help Arcus Foundry understand, anticipate, and respond to user needs. If we learn, for example, of heightened interest in certain aspects of the Arcus Foundry Platform, we are likely to highlight that information on the Platform home page. This Information helps us create a better overall experience for Platform users.
LEGAL BASIS FOR OUR USE (APPLICABLE ONLY TO EEA AND UNITED KINGDOM VISITORS): If you are in the European Economic Area or the United Kingdom, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.
However, we will collect Personal Information from you only where we have your consent to do so, where we need the Personal Information to perform a contract with you, where we have a legal obligation to do so, or where the processing is in our legitimate interests (such as processing for administrative purposes, direct marketing, product development or improvement, preventing fraud or criminal acts and in support of information security) and not overridden by your data protection interests or fundamental rights and freedoms.
If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the time of collection. We will also tell you whether the requirement for that information is mandatory and explain any consequences to you if you do not provide the information.
Similarly, if we collect and use your Personal Information based on our legitimate interests (or those of any third party), we will take reasonable steps to provide clear notice and describe our legitimate interests.
Arcus Foundry is the Data Controller of all Personal Information collected through the Platform in the EEA and the United Kingdom, except with respect to the Services (where Arcus Foundry is the Data Processor) or where a supplemental Privacy Policy says otherwise. The contact details for Arcus Foundry are set out in the “HOW TO CONTACT US” section.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information for any specific processing activity, please contact us using the contact details provided under the “HOW TO CONTACT US” Section below.
RETENTION OF YOUR PERSONAL INFORMATION: We will only retain your Personal Information for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements and for other purposes described in this Privacy Policy. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Information, we consider the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. In some circumstances you can ask us to delete your data: see “YOUR LEGAL RIGHTS” below for further information. And in some circumstances we will anonymize your Personal Information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
- How Arcus Foundry Protects Your Information
The Platform is designed to provide reasonable and appropriate administrative, technical and organizational security measures to protect your Personal Information against risks such as temporary or permanent loss, destruction, and unauthorized or unlawful access, alteration, use or disclosure. We require our suppliers and vendors to apply similar protections when they access or use Personal Information that we share with them. Users of the Platform must also do their part in protecting the data, systems, networks, and service they are utilizing. No technology, data transmission or system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that your password to any Arcus Foundry account has been compromised), please immediately notify us by contacting us using the instructions in the “HOW TO CONTACT US” section below.
- When Arcus Foundry Shares Your Information
We work through our affiliates to provide the Platform and other Arcus Foundry Services. We also work with authorized suppliers and business partners. When we share your Personal Information with these companies, we put in place appropriate measures to limit the use of your information only for legal and authorized purposes that are consistent with this Privacy Policy, as well as appropriate confidentiality and security measures.
We also share information with third parties for advertising and marketing; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of the Platform; and to protect our legal rights. We may disclose Personal Information that we collect or you provide as described in this Privacy Policy:
- With Affiliates and Subsidiaries. For purposes limited to and consistent with this Privacy Policy.
- With Suppliers. Our authorized vendors and suppliers may require Personal Information to provide services we have contracted for, such as product delivery, website hosting, data analysis, IT services, auditing, or customer service. We use a wide variety of software and tools at Arcus Foundry, and we process Personal Information using these tools as a regular course of business. Our contracts with suppliers and vendors include provisions to protect your Personal Information and limit its use.
- With Partners. We occasionally have relationships with third parties that are not suppliers or vendors but are working with us to offer certain opportunities such as marketing and similar promotions, to enable joint products or research studies, or to facilitate services on the Platform. In these cases, additional terms or Privacy Policies may be provided. For third parties or uses not described in this Privacy Policy, we share your information only with a lawful basis to do so.
- For Advertising and Marketing. We share your information with our third-party company partners to prepare and deliver advertising and marketing content, to provide content services and to enable them to provide you with more personalized ads and to study the effectiveness of our campaigns.
In particular, we use third-party companies to communicate regarding goods and services that may be of interest to you, in accordance with your preferences. You may receive this content by a variety of means such as email, phone or when you access and use the Platform or other Arcus Foundry Services, and other websites. Content may be based on information obtained, for example, through prior purchases or transactions, through your device’s physical location, through information about what advertisements and content you have viewed, or through cookies and similar technologies relating to your access to and use of the Platform and other websites. Please read our Cookies Policy for more information. You can choose whether to allow or deny uses and/or sharing of your device’s location by changing your device settings, but if you choose to deny such uses or sharing, our partners may not be able to provide you with the applicable Platform Services and content.
- Sales, Mergers & Acquisitions. We may disclose Personal Information as part of a contemplated or actual corporate transaction such as a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
- With Your Consent. Arcus Foundry may disclose your Personal Information to any other person or entity where you consent to the disclosure. For information about how to decline our advertising and marketing, please see the section entitled “Your Choices & Rights” below.
We also share non-personally identifiable information, such as anonymized or aggregated information, with suppliers for purposes such as analysis, identifying trends in the areas of our products and to help research and develop new Arcus Foundry Services.
Arcus Foundry does not sell any of your Personal Information for monetary compensation.
- Information From Children
We do not knowingly collect, use, or disclose Information from children under 16. If we learn that we have collected the Personal Information of a child under 16—or the equivalent minimum age depending on the jurisdiction, such as 13 in the United States per the Children’s Online Privacy Protection Act—we will take steps to delete the information as soon as possible. If you are under 16, do not provide any Information about yourself to Arcus Foundry, including your name, address, telephone number or email address. If you become aware that Information of a child under 16 years of age has been provided, please use one of the methods provided under the “HOW TO CONTACT US” section below.
- Links to Other Websites and Services
We are not responsible for the practices employed by websites or services linked to or from the Platform, including the information or content contained therein. This Privacy Policy does not address, and we are not responsible for, the policies and practices of third parties or other organizations that are not operating on Arcus Foundry’s behalf, including policies and practices related to privacy and security, data collection, processing, use, storage, and disclosure. This includes: (a) any third party operating any site or service to which the Platform links – the inclusion of a link on the Platform does not imply endorsement of the linked site or service by us or by our affiliates; or (b) any app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer (such as Facebook, Apple, Google, Microsoft, LinkedIn, etc.) – including any Personal Information you disclose to other organizations through or in connection with the Platform or other Arcus Foundry Services.
- Do Not Track
Some browsers incorporate a “Do Not Track” (“DNT”) feature that, when turned on, signals to websites and online services that you do not want to be tracked. At this time, the Platform does not respond to DNT signals.
- YOUR LEGAL RIGHTS
Arcus Foundry respects your rights in how your Personal Information is used and shared. Depending on where you live, you may have rights to request access or corrections to your personal data and make choices about the kinds of marketing materials you receive (or choose not to receive marketing from Arcus Foundry at all). See below for more information, depending on your location.
- European Privacy Rights
If you are in Europe, you may have additional rights under the GDPR, the UK GDPR, or nFADP. Additional choices and rights may be available to you depending on which Arcus Foundry Services you use.
- Access, Correction to or Deletion of Your Information. If you would like to correct or update your Personal Information, or to request access to or deletion of your Personal Information, you may contact us by visiting the Platform or by using the contact details provided under the “HOW TO CONTACT US” section below. If you request a change to or deletion of your Personal Information, please note that we may still need to retain certain information for recordkeeping purposes, and/or to complete any transactions that you began prior to requesting such change or deletion (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase or promotion). Some of your information may also remain within our systems and other records where necessary for compliance with applicable law.
At your request and where the law requires us to do so, we will confirm what Personal Information we hold about you. You may also have a legal right to obtain a copy of your Personal Information. You can make such a request by making a written request in one of the ways described in the “HOW TO CONTACT US” section below. We may charge a processing fee for this service where permitted by law and we will require evidence of your identity before fulfilling your request.
- Data Privacy Rights Specific to Individuals in the European Economic Area, the United Kingdom, and Switzerland. You can object to processing of your Personal Information, ask us to restrict processing of your Personal Information, or request portability of your Personal Information. You can exercise these rights by making a written request in one of the ways described in the “HOW TO CONTACT US” section below.Similarly, if we have collected your Personal Information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect (1) the lawfulness of any processing we conducted prior to your withdrawal, or (2) processing your Personal Information under other legal bases.If you believe we are using your Personal Information in a way that is inconsistent with this Privacy Policy or for more information about your rights, contact your local data protection authority. Additionally, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF, you may contact JAMS Mediation, Arbitration, and ADR Services (https://www.jamsadr.com/eu-us-data-privacy-framework) to address complaints and provide appropriate recourse free of charge to you. Under certain conditions, you may invoke binding arbitration.
- Advertising and Marketing Choices. We give you many choices regarding our use and disclosure of your Personal Information for advertising and marketing purposes. You may access or update your contact details and modify your communication preferences by using one of the methods provided under the “HOW TO CONTACT US” section below. Please also note that if you choose not to receive marketing communications from us, we may still send you communications related to your products or the Platform, such as information about a security update, service issue or product delivery. Some advertising content is delivered through the Platform’s use of cookies and similar technologies. Our Cookies Policy includes more information on Arcus Foundry’s use of such technologies for advertising and other purposes.
- International Compliance
Arcus Foundry is a global company with its headquarters in the United States. As such, we may transfer your Personal Information between the United States and our affiliates and business partners in other countries. We may also transfer your Personal Information to our third party service providers, who may be located in a different country to you.
Arcus Foundry transfers information internationally in order to operate efficiently, to improve performance, and to create redundancies to protect information in the event of an outage or other problem. In so doing, we will process your Personal Information in a way that meets the commitments of this Privacy Policy and complies with the law wherever we transfer it.
Whenever Arcus Foundry transfers Personal Information beyond the country of origin, we will do so in accordance with applicable laws. For Personal Information originating in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland that is transferred to a Arcus Foundry entity outside the EEA, UK, or Switzerland, Arcus Foundry participates in the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and, as applicable, the UK extension to the EU-U.S. DPF, and/or the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). Arcus Foundry commits to the DPF Principles and, as needed, will take additional steps to provide appropriate safeguards for the Personal Information we transfer. The Federal Trade Commission has jurisdiction over Arcus Foundry’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF). Arcus Foundry may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Arcus Foundry is liable in cases of onward transfers to third parties.
- Data Privacy Framework
Arcus Foundry LLC and LeadConnector LLC comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Arcus Foundry has certified to the U.S. Department of Commerce that Arcus Foundry and LeadConnector adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Arcus Foundry has certified to the U.S. Department of Commerce that Arcus Foundry and Leadconnector adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
- California Privacy Rights
This section is addressed to California residents only and provides more information about your rights under the California Consumer Privacy Act or “CCPA” (California Civil Code Section 1798.100 et seq.), as amended. Subject to certain exceptions, the CCPA grants to California residents the rights to: be notified about the collection, use, disclosure, sale or sharing of their Personal Information; request access to, deletion of, or correction of their Personal Information; request to opt out of the “sale” or “sharing” of Personal Information (where such information is sold or shared); limit the use or disclosure of Sensitive Personal Information (as defined under CCPA); and to not be discriminated against for exercising such rights.
Arcus Foundry does not sell your Personal Information. If you wish to exercise your right to opt-out of Arcus Foundry using your Personal Information for cross-contextual targeted advertising purposes (called “sharing” under the CCPA), you may do so by using the details in the “HOW TO CONTACT US” section or the appropriate withdrawal mechanism provided to you on the Platform.
You can request access to, correction of or deletion of your Personal Information by using the details in the “HOW TO CONTACT US” section. If you request a deletion of your Personal Information, please note that Arcus Foundry may still need to retain certain information for recordkeeping purposes, to complete any transactions that you began prior to requesting such deletion, to comply with applicable law, or for other purposes permitted by CCPA. If you submit a request to exercise rights under CCPA, Arcus Foundry will ask you to provide certain information to verify your identity. This information will depend on your prior interactions with Arcus Foundry and the sensitivity of Personal Information at issue. If Arcus Foundry denies your request, we will explain why.
You can designate an authorized agent to make a request under the CCPA on your behalf in certain circumstances. If you use an authorized agent for this purpose, Arcus Foundry may ask you to verify your identity or that you provided the authorized agent signed permission to submit a request under the CCPA. If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and Arcus Foundry will respond to any request from such authorized agent in accordance with the CCPA.
The Privacy Policy describes the categories of Personal Information that Arcus Foundry collects and how Arcus Foundry uses such Personal Information. If Arcus Foundry collects Sensitive Personal Information, we limit our use of the Sensitive Personal Information to uses: (1) you have authorized, (2) that are required to fulfill your requests for goods or services, or (3) that are otherwise allowed by the CCPA or required by other laws or regulations.
The categories of Personal Information collected, disclosed, and sold from California residents over the preceding 12 months and Arcus Foundry’s applicable retention periods include:
Personal Information Category | Retention Period | Business Purpose | Collected | Disclosed | Sold |
Identifiers (such name, address, IP address, email, etc.) | See Section 3 of Privacy Policy: “Retention of Your Personal Information” | For functionality, customer support, business operations, communication, advertising and marketing, and statistical purposes. | Yes | Yes | No |
Personal information defined in Civil Code Section 1798.80(e) (such as signature, SSN, financial information, and insurance information, etc.) | No | No | No | ||
Protected personal information (such as gender, religion, sexual orientation, or disability) | No | No | No | ||
Commercial information (such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, etc.) | See Section 3 of Privacy Policy: “Retention of Your Personal Information” | For development, customer support, business operations, communication, advertising and marketing, and statistical purposes. | Yes | No | No |
Biometric information | No | No | No | ||
Internet or other similar network activity (such as information on a consumer’s interaction with a website, application, or advertisement, etc.) | See Section 3 of Privacy Policy: “Retention of Your Personal Information” | For functionality, business operations, and statistical purposes. | Yes | Yes | No |
Geolocation data | No | No | No | ||
Audio, electronic, visual, thermal, or olfactory information | No | No | No | ||
Professional or employment-related information | No | No | No | ||
Education information | No | No | No | ||
Inferences (such as analytics and preferences | Yes | Yes | No |
- Colorado Privacy Rights
This section is addressed to Colorado residents only and provides more information about your rights under the Colorado Privacy Act or “CPA.” Subject to certain exceptions, the CPA grants to Colorado residents the rights to: be notified about the collection, use, disclosure, or sale of their Personal Information; request access to, deletion of, or correction of their Personal Information; and request to opt out of the use of Personal Information for targeted advertising, sale, or certain profiling.
You can request access to, correction of or deletion of your Personal Information by using the details in the “HOW TO CONTACT US” section. If you request a deletion of your Personal Information, please note that Arcus Foundry may still need to retain certain information for recordkeeping purposes, to complete any transactions that you began prior to requesting such deletion, to comply with applicable law, or for other purposes permitted by CPA. If you submit a request to exercise rights under CPA, Arcus Foundry will ask you to provide certain information to verify your identity. This information will depend on your prior interactions with Arcus Foundry and the sensitivity of Personal Information at issue. If Arcus Foundry denies your request, we will explain why. If we have not responded to your request or asked for additional time to respond to your request within 45 days after you send us a request, you have the right to appeal our failure to take action. To appeal our failure to take action, contact us using the details in the “HOW TO CONTACT US” section.
You can designate an authorized agent to make a request under the CPA on your behalf in certain circumstances. If you use an authorized agent for this purpose, Arcus Foundry may ask you to verify your identity or that you provided the authorized agent signed permission to submit a request under the CPA.
- Connecticut Privacy Rights
This section is addressed to Connecticut residents only and provides more information about your rights under the Connecticut Data Privacy Act or “CTDPA.” You can exercise your rights by using the details in the “HOW TO CONTACT US” section. If we inform you that we decline to take action regarding your request, you have the right to appeal our failure to take action by contacting us using the details in the “HOW TO CONTACT US” section.
- Utah Privacy Rights
This section is addressed to Utah residents only and provides more information about your rights under the Utah Consumer Privacy Act or “UCPA.” You can exercise your rights by using the details in the “HOW TO CONTACT US” section.
- Virginia Privacy Rights
This section is addressed to Virginia residents only and provides more information about your rights under Virginia’s Consumer Data Protection Act or “VCDPA.” Subject to certain exceptions, the VCDPA grants to Virginia residents the rights to: be notified about the collection, use, disclosure, or sale of their Personal Information; request access to, deletion of, or correction of their Personal Information; request to opt out of the use of Personal Information for targeted advertising, sale, or certain profiling; and to not be discriminated against for exercising such rights.
You can request access to, correction of or deletion of your Personal Information by using the details in the “HOW TO CONTACT US” section. If you request a deletion of your Personal Information, please note that Arcus Foundry may still need to retain certain information for recordkeeping purposes, to complete any transactions that you began prior to requesting such deletion, to comply with applicable law, or for other purposes permitted by VCDPA. If you submit a request to exercise rights under VCDPA, Arcus Foundry will ask you to provide certain information to verify your identity. This information will depend on your prior interactions with Arcus Foundry and the sensitivity of Personal Information at issue. If Arcus Foundry denies your request, we will explain why. If we inform you that we decline to take action regarding your request, you have the right to appeal our failure to take action. To appeal our failure to take action, contact us using the details in the “HOW TO CONTACT US” section.
- How To Contact Us About This Privacy Policy
To ask questions about this Privacy Policy and our privacy practices, contact us at info@arcusfoundry.com
© 2024 Arcus Foundry, LLC. | All Rights Reserved
Do Not Sell or Share My Information
Privacy Policy | Terms of Service | Privacy and Security
Data Processing Agreement
Last Updated December 2023
This Arcus Foundry Data Processing Agreement and its Annexes A, B, and C (“DPA”) is between Arcus Foundry LLC. (“Arcus Foundry”) and the party executing this agreement as Customer (“Customer”). This DPA reflects the parties’ agreement with respect to the Processing of Personal Data by Arcus Foundry on behalf of Customer in connection with the Service under the contemporaneously-executed Terms of Service agreement between the parties (“Agreement”).
This DPA is part of the Agreement and is effective upon execution or another time as specified in the Agreement, an Order or an executed amendment to the Agreement. In case of any conflict or inconsistency with the terms of the Agreement, this DPA will take precedence over the terms of the Agreement to the extent of such conflict or inconsistency, and it will supersede any previous DPA.
- Definitions
- CCPA means California Civil Code Sec. 1798.100 et seq. as amended (also known as the California Consumer Privacy Act of 2018), including the California Privacy Rights Act amendments to the CCPA.
- California Personal Information means Personal Data that is subject to the protection of the CCPA.
- Controller, Processor, Data Subject, Personal Data, Personal Data Breach, Process, and Processing shall have the meaning given to them in the Data Protection Laws;
- Customer Personal Data means any information relating to an identified or identifiable individual where (i) such information is contained within Customer Data provided under the Agreement; and (ii) is protected as personal data, personal information or personally identifiable information under applicable Data Protection Laws.
- Data Protection Laws means all applicable worldwide legislation relating to data protection and privacy which applies to the respective party in the role of Processing Personal Data in question under the Agreement, including without limitation, the European Data Protection Laws, the CCPA, and other US laws; in each case as amended, repealed, consolidated or replaced from time to time.
- Europe means the European Union, the European Economic Area and/or their member states, Switzerland and the United Kingdom.
- European Data means Personal Data that is subject to the protection of European Data Protection Laws.
- European Data Protection Laws means data protection laws applicable in Europe, including: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data, the GDPR; (ii) Directive 2002/58/EC concerning the Processing of personal data and the protection of privacy in the electronic communications sector; and (iii) applicable national implementations of (i) and (ii); or (iii) GDPR as it forms parts of the United Kingdom domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”); and (iv) Swiss Federal Data Protection Act on 19 June 1992 and its Ordinance (“Swiss DPA”); in each case, as may be amended, superseded or replaced.
- GDPR means the General Data Protection Regulation ((EU) 2016/679), and the retained UK version of the same;
- Standard Contractual Clauses means the standard contractual clauses annexed to the European Commission’s Decision (EU) 2021/914 of 4 June 2021 currently found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en, as may be amended, superseded or replaced;
- UK Addendum means the International Data Transfer Addendum issued by the UK Information Commissioner under section 119A(1) of the Data Protection Act 2018 currently found at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf, as may be amended, superseded, or replaced.
- Compliance.Both parties will comply with all applicable requirements of Data Protection Laws. This schedule is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under Data Protection Laws.
- Controller/Processor.The parties have determined that for the purposes of Data Protection Laws, Arcus Foundry shall process the Customer Personal Data as processor on behalf of the Customer. Customer may be either a Controller or Processor.
- Consents.Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of Customer Personal Data to Sparkforge, and the lawful collection of the same by the Customer using the Arcus Foundry Services for the duration and purposes of the Agreement and DPA, and shall indemnify Arcus Foundry against all loss and damage (including fines) arising from a failure to do so.
- Nature, Scope, Purpose of Processing, and Data Subjects. Annex A sets out the scope, nature, and purpose of Customer Personal Data Processing by Arcus Foundry, the duration of the Processing and the types of Customer Personal Data and categories of Data Subjects.
- Customer Instructions. Arcus Foundry shall process Customer Personal Data only on the documented instructions of the Customer, unless Arcus Foundry is required by any applicable laws to otherwise process that Customer Personal Data. The Agreement and DPA are deemed to be the instructions of Customer; the parties may agree to additional instructions. Arcus Foundry shall inform the Customer if, in the opinion of Arcus Foundry, the instructions of the Customer breach Data Protection Laws;
- Arcus Foundry Obligations. Arcus Foundry will:
- Implement and maintain appropriate technical and organizational measures to protect Customer Personal Data from Personal Data Breaches, as described under Annex B to this DPA (“Security Measures”). Notwithstanding any provision to the contrary, Arcus Foundry may modify or update the Security Measures at Arcus Foundry’s discretion provided that such modification or update does not result in a material degradation in the protection offered by the Security Measures.
- Ensure that any personnel engaged and authorized by Arcus Foundry to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory or common law obligation of confidentiality;
- Assist the Customer insofar as this is reasonably possible (taking into account the nature of the Processing and the information available to Arcus Foundry), and at the Customer’s cost and written request, in responding to any request from a Data Subject and in ensuring the Customer’s compliance with its obligations under Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
- Notify the Customer without undue delay on becoming aware of a Personal Data Breach involving the Customer Personal Data;
- At the written direction of the Customer, delete or return Customer Personal Data and copies thereof to the Customer on termination of the Agreement unless Arcus Foundry is required by any applicable law to continue to process that Customer Personal Data. For the purposes of this paragraph, Customer Personal Data shall be considered deleted where it is put beyond further use by Arcus Foundry;
- For European Data, assist Customer in ensuring compliance with Articles 32 to 36 of the GDPR; make available all information reasonably necessary to demonstrate compliance with this DPA available to Customer and allow for and reasonably contribute to audits, including inspections conducted by Customer to assess compliance with this DPA to the extent required by Data Protection Laws; and will make available all information reasonably necessary to demonstrate compliance with GDPR Article 28 requirements for Processors; and
- Maintain records to demonstrate its compliance with this paragraph
- Service Provider.The parties agree that if the CCPA applies, Customer is a “business” and Arcus Foundry is a “service provider” as defined under the CCPA. Arcus Foundry will not retain, use, or disclose the California Personal Information it collects pursuant to the Agreement for any purposes other than to perform the Agreement or as otherwise permitted by the CCPA; and (b) Arcus Foundry will not retain, use, or disclose the California Personal Information it collects pursuant to this the Agreement outside of the direct business relationship between Arcus Foundry and Customer, unless otherwise permitted by the CCPA. Arcus Foundry will not “sell” or “share” California Personal Information as those terms are defined in the CCPA or combine the California Personal Information with personal information obtained from sources other than Customer, except to the extent necessary to perform the Agreement. From time to time, Customer may ask for, and Arcus Foundry will provide, reasonable evidence of its compliance with this Section 8.
- Subprocessors.The Customer provides its prior, general authorization for Arcus Foundry to appoint Processors to process the Customer Personal Data, provided that Arcus Foundry shall ensure that the terms on which it appoints such processors comply with Data Protection Laws, and are consistent with the obligations imposed on Arcus Foundry in this paragraph; and shall remain responsible for the acts and omission of any such Processor as if they were the acts and omissions of Arcus Foundry. Arcus Foundry has currently appointed, as Sub-Processors, the third parties listed in Annex C to this DPA. Arcus Foundry will notify Customer if Arcus Foundry adds or replaces any Sub-Processors listed in Annex C at least 30 days prior to any such changes, if Customer opts-in to receive such emails by contacting Arcus Foundry. Arcus Foundry will include substantially the same protections for Customer Personal Data as those in the DPA.
- European Data: Transfer Mechanisms for Data Transfers/Standard Contractual Clauses.
- Arcus Foundry will not transfer European Data to any country or recipient not recognized as providing an adequate level of protection for Personal Data (within the meaning of applicable European Data Protection Laws), unless it first takes all such measures as are necessary to ensure the transfer is in compliance with applicable European Data Protection Laws. Such measures may include (without limitation) transferring such Personal Data to a recipient that is covered by a suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection for Personal Data, to a recipient that has achieved binding corporate rules authorization in accordance with European Data Protection Laws, or to a recipient that has executed appropriate standard contractual clauses in each case as adopted or approved in accordance with applicable European Data Protection Laws.
- Customer acknowledges that in connection with the performance of the Service, Arcus Foundry is a recipient of European Data in the United States. Subject to sub-sections (c), the parties agree that the Standard Contractual Clauses will be incorporated by reference and form part of the Agreement as follows:
- EEA Transfers. In relation to European Data that is subject to the GDPR (i) Customer is the “data exporter” and Arcus Foundry is the “data importer”; (ii) the Module Two terms apply to the extent the Customer is a Controller of European Data and the Module Three terms apply to the extent the Customer is a Processor of European Data; (iii) in Clause 7, the optional docking clause applies; (iv) in Clause 9, Option 2 applies and changes to Sub-Processors will be notified in accordance with the ‘Sub-Processors’ section of this DPA; (v) in Clause 11, the optional language is deleted; (vi) in Clauses 17 and 18, the parties agree that the governing law and forum for disputes for the Standard Contractual Clauses will be the Republic of Ireland (without reference to conflicts of law principles); (vii) the Annexes of the Standard Contractual Clauses will be deemed completed with the information set out in the Annexes of this DPA; and (viii) if and to the extent the Standard Contractual Clauses conflict with any provision of this DPA the Standard Contractual Clauses will prevail to the extent of such conflict.
- UK Transfers. In relation to European Data that is subject to the UK GDPR, the Standard Contractual Clauses will apply in accordance with sub-section (1) and the following modifications (i) the Standard Contractual Clauses will be modified and interpreted in accordance with the UK Addendum, which will be incorporated by reference and form an integral part of the Agreement; (ii) Tables 1, 2 and 3 of the UK Addendum will be deemed completed with the information set out in the Annexes of this DPA and Table 4 will be deemed completed by selecting “neither party”; and (iii) any conflict between the terms of the Standard Contractual Clauses and the UK Addendum will be resolved in accordance with Section 10 and Section 11 of the UK Addendum.
- Swiss Transfers. In relation to European Data that is subject to the Swiss DPA, the Standard Contractual Clauses will apply in accordance with sub-section (1) and the following modifications (i) references to “Regulation (EU) 2016/679” will be interpreted as references to the Swiss DPA; (ii) references to “EU”, “Union” and “Member State law” will be interpreted as references to Swiss law; and (iii) references to the “competent supervisory authority” and “competent courts” will be replaced with the “the Swiss Federal Data Protection and Information Commissioner ” and the “relevant courts in Switzerland”.
- If Arcus Foundry cannot comply with its obligations under the Standard Contractual Clauses or is breach of any warranties under the Standard Contractual Clauses or UK Addendum (as applicable) for any reason, and Customer intends to suspend the transfer of European Data to Arcus Foundry or terminate the Standard Contractual Clauses, or UK Addendum, Customer agrees to provide Arcus Foundry with reasonable notice to enable Arcus Foundry to cure such non-compliance and reasonably cooperate with Arcus Foundry to identify what additional safeguards, if any, may be implemented to remedy such non-compliance. If Arcus Foundry has not or cannot cure the non-compliance, Customer may suspend or terminate the affected part of the Service in accordance with the Agreement without liability to either party (but without prejudice to any fees Customer have incurred prior to such suspension or termination).
- Amendments.Notwithstanding anything else to the contrary in the Agreement, Arcus Foundryreserves the right to make any updates and changes to this DPA, including to address changes in Data Protection Laws and to revise the security provisions in this DPA, so long as Arcus Foundrydoes not materially reduce the overall security level provided to Customer Personal Data.
ANNEX A – Details of Processing
- List of Parties
Data exporter:
Name: You, as defined in Sparkforge’s Terms of Service
Address: Your address as specified by your Platform Account
Contact person’s name, position and contact details: Your contact details, as specified by your Platform Account
Activities relevant to the data transferred under these Clauses: Performance of the Agreement between the parties as a Controller.
Role (controller/processor): Controller or Processor
Data importer:
Name: Arcus Foundry LLC.
Address: 100 N Howard St STE R, Spokane, Wa 99201
Contact person’s name, position and contact details: Nathan Robertson, Founder
Activities relevant to the data transferred under these Clauses: Performance of the Agreement between the parties.
Role (controller/processor): Processor
- Description of Transfer
Categories of Data Subjects whose Personal Data is Transferred: Customers and potential customers of clients.
Categories of Personal Data Transferred: The Personal Data input and collected as decided by the Customer, including name, age, date of birth, phone number, email address, social media profiles.
Sensitive Data transferred and applied restrictions or safeguards: The parties do not anticipate the transfer of sensitive data.
Frequency of the transfer: Variable during the Agreement term.
Subject Matter and Nature of the Processing: Arcus Foundry will provide the Services to the Customer under the Agreement between the parties. The Customer will use the Services to collect and process Personal Data of their customers and potential customers for the purposes of managing and carrying out marketing activities, which may be targeted to their customers and potential customers.
The Processing will involve collecting, storing, recording, contacting and managing Personal Data, in particular for the purpose of running marketing campaigns, providing marketing services, and managing marketing generally.
Purpose of the transfer and further Processing: Arcus Foundry will Process Personal Data as necessary to provide the Service pursuant to the Agreement, as further specified in an order form, and as further instructed by Customer in Customer’s use of the Service.
Period for which Personal Data will be retained: The duration of the period in which the Customer accesses and uses the Sparkforge platform under the Services Agreement.
- Competent Supervisory Authority:
For the purposes of the Standard Contractual Clauses, the supervisory authority that will act as competent supervisory authority will be determined in accordance with the Transfer Mechanisms for Data Transfers section of this DPA.
ANNEX B to the Standard Contractual Clauses
Description of the technical and organisational security measures implemented by the data importer in accordance with clause 4(d) and clause 5(c) (or documents/legislation attached):
Measure | Description |
Measures of pseudonymisation and encryption of personal data |
All personal data at rest is encrypted with: AES 256 CBC. All personal data in transit is encrypted with: TLS V1.2+. |
Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services |
Processor has endpoint protection on its APIs. Processor has uptime monitors to help ensure availability and to alert Processor if there is downtime. Processor has implemented access control measures such as user-based authentication and subaccount-base authentication. Processor uses managed services (AWS, GoogleCloud) to help ensure integrity. |
Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident | Personal data backed up on AWS and GoogleCloud with 5 minute granularity to enable Processor to restore personal data in case of an incident. |
Measures for user identification and authorisation | Processor uses encrypted signed tokens and role-based authorizations, as well as password protection. |
Measures for the protection of data during transmission | SSL certificates and https are used during personal data transmission. Protected with TLS v1.2+. |
Measures for the protection of data during storage | Personal data is encrypted at rest with AES-256 CBC encryption. |
Measures for ensuring physical security of locations at which personal data are processed | Processor uses managed services to ensure physical security of server locations. All personal data stored on AWS and GoogleCloud, with physical security described in AWS and GoogleCloud Ts&Cs, respectively. |
Measures for ensuring events logging | Processor uses logging for all user actions and audit logs. In particular, Processor uses GoogleCloud ops for both application and infrastructure monitoring. In addition, Processor uses AWS’s Cloudwatch. |
Measures for ensuring system configuration, including default configuration | Processor has configurations stored in version control. All containers are created from standardized images hosted by AWS and GoogleCloud. Updates and upgrades are performed automatically and managed by GoogleCloud. Patching of any vulnerabilities is managed by GoogleCloud, according to its standard policies. |
Measures for internal IT and IT security governance and management | Processor uses a third-party vendor (iWerk) for internal IT and IT security. |
Measures for certification/assurance of processes and products | The Compliancy Group has issued Processor a HIPAA Seal of Compliance Certificate. |
Measures for ensuring data minimisation | Minimum data requirement set by Processor. Users can decide not to enter personal data into optional fields. |
Measures for ensuring data quality | Processor enables customers to update relevant personal data to the latest date, and Processor uses two-factor authentication. Application monitoring conducted by GoogleCloud and custom monitors |
Measures for ensuring limited data retention | Data retention can be configured with respect to specific individuals by the customer administrator. |
Measures for ensuring accountability | Processor access to personal data is restricted based on rules. |
Measures for allowing data portability and ensuring erasure | Customers can download their personal data from within the Service. Customers can request a copy, or deletion, of their personal data upon separation Processor uses support tickets to ensure the foregoing. |
Describe the specific technical and organisational measures to be taken by Data Importer to be able to provide assistance to the Data Exporter:
Measure | Description |
Self-Service | Personal data can be downloaded by customers from within the Service. Customer admins can set data retention for terminated personnel. |
Customer and Product Support | FAQs, support tickets for specific queries not addressed by collateral on Processor customer/product support website |
ANNEX C – Subprocessors
Arcus Foundry Affiliate Sub-processors
Name of Authorized Subcontractor | Address | Contact information | Description of processing | Country in which subprocessing will take place |
HighLevel India | HighLevel India Private Limited, C/O 91 Springboard Business Hub Private Limited,B1/H3, Mohan Co-operative, Mathura Road, Industrial Area, Block B, Pul Pahladpur, New Delhi – 110044, India | kiran.raparti@gohighlevel.com | Data storage; support for performance of this Agreement | India |
LeadConnector LLC | 400 North Saint Paul St. Suite 920 Dallas, TX 75201 |
kiran.raparti@gohighlevel.com | Data storage; support for performance of this Agreement | US |
Third-party Sub-processors
Name of Authorized Subcontractor | Address | Contact information | Description of processing | Country in which subprocessing will take place |
Google LLC/Google Cloud Services | 1600 Amphitheatre Parkway, Mountain View, California 94043, United States | legal-notices@google.com | Data storage; support for performance of this Agreement | US |
Amazon Web Services, Inc. | 410 Terry Avenue North, Seattle, WA 98109-5210, United States | 206.266.7010 | Data storage; support for performance of this Agreement | US |
Twilio | 101 Spear Street Fifth Floor San Francisco, CA 94105 United States |
1-903-500-7655 | Support for performance of this agreement | US |
Mailgun | 112 E Pecan Street #1135 San Antonio, TX, 78205 United States |
(888) 571-8972 | Support for performance of this agreement | US |
Chargebacks911 | 18167 US Hwy 19 North #600 Clearwater, FL 33764 United States |
legal@chargebacks911.com | Data storage; support for performance of this Agreement | US |
Pendo | 301 Hillsborough Street Raleigh, NC 27603 United States |
(877) 320-8484 | Data storage; support for performance of this Agreement | US |
ChartMogul | ChartMogul GmbH & Co. KG c/o WeWork Kemperplatz 1 10785 Berlin, Germany |
info@chartmogul.com | Data storage; support for performance of this Agreement | Germany. Ireland, UK, Italy, France, Spain, Sweden, Switzerland |
Freshworks | 2950 S. Delaware Street Suite 201 San Mateo, CA 94403 United States |
legal@freshworks.com | Data storage; support for performance of this Agreement | Germany. Ireland, UK, Italy, France, Spain, Sweden, Switzerland, US |
Yext | 61 Ninth Avenue New York, NY 10011 United States |
info@yext.com | Data storage; support for performance of this Agreement | US |
Zapier | 548 Market Street #62411 San Francisco, CA 94104 United States |
privacy@zapier.com | Data transfer; support for performance of this Agreement | US |
Stripe | Corporation Trust Center 1209 Orange Street Wilmington, DE 19801 United States |
privacy@stripe.com | Data storage and transfer of payment information | US |
Zoom | 55 Almaden Blvd. Suite 600 San Jose, CA 95113 United States |
privacy@zoom.us | Support for performance of this agreement | US |
Authorize.net | 900 Metro Center Boulevard Foster City, CA 94404 United States |
privacy@visa.com | Payment processing | US |
FirstPromoter | Igil Webs SRL, Str. Talmacelului, nr. 30, Talmaciu, Sibiu, Romania |
hello@firstpromoter.com | Data storage and transfer to run the affiliate program | US |
ClickUp | 350 Tenth Ave Suite 500 San Diego, CA 92101 United States |
data@clickup.com | Data storage for project management | US |
Loom | 5214F Diamond Heights Blvd #3391 San Francisco, CA 94131 United States |
privacy@loom.com | Data storage and transfer for customer support | US |
Open AI | 3180 18th Street San Francisco, CA 94110 United States |
privacy@openai.com | Data storage and transfer of payment information | US |
Meta (for Whats App) | Meta Platforms, Inc. ATTN: Privacy Operations 1601 Willow Road Menlo Park, CA 94025 United States |
datarrequests@fb.com | Data storage and transfer for communications | US |
Mozart Data | 250 King Street #514 San Francisco, CA 94107 United States |
security@mozartdata.com | Data storage; support for performance of this Agreement | US |
Accredible | 800 West El Camino Real Suite 180 Mountain View, CA 94040 United States |
1 (628) 214-2701 | Data storage; support for performance of this Agreement | US |
Our Cookies policy
This Cookie Policy explains how Arcus Foundry LLC (“Arcus Foundry,” “we,” “us,” and “our”) uses cookies and similar technologies to recognize you when you visit our website at arcusfoundry.com (“Website”). It explains what these technologies are and why we use them, as well as your rights to control our use of them. In some cases, we may use cookies to collect Personal Information (as defined in our Privacy Policy) or information that becomes Personal Information if we combine it with other information.
What are Cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information. Cookies set by the website owner (in our case, Arcus Foundry LLC) are called “first-party cookies.” Cookies set by parties other than the website owner are called “third-party cookies.” Third-party cookies enable third-party features or functionality to be provided on or through the website (for example, advertising, interactive content, and analytics). The parties that set these third-party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.
Why do we use Cookies?
We use first-and third-party cookies for several reasons. Some cookies are required for technical reasons in order for our Website to operate. We refer to these types of cookies as “essential” or “strictly necessary” cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Website. Third parties serve cookies through our Website for advertising, analytics, and other purposes. This is described in more detail below.
How can I control cookies?
You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services.
The Cookie Consent Manager can be found in the notification banner and on our Website. If you choose to reject cookies, you may still use our Website though your access to some functionality and areas of our Website may be restricted. You may also set or amend your web browser controls to accept or refuse cookies.
What are the different types of cookies that websites might use?
Below are the specific types of first- and third-party cookies that may be served through our Website and the purposes they perform (if used):
- Essential website cookies: These cookies are strictly necessary to provide you with services available through a website.
- Performance and functionality cookies: These cookies are used to enhance the performance and functionality of a website but are non-essential to its use. However, without these cookies, certain functionality may become unavailable.
- Analytics and customization cookies: These cookies collect information that is used either in aggregate form to help a website owner understand how its website is being used or how effective its marketing campaigns are, or to help it customize its website for you. The analytics providers may collect additional information than is shared with us for their business purposes. Analytics providers may also use other types of technology, in addition to cookies, to collect data regarding your use of our website.
- Advertising cookies: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
- Social networking cookies: These cookies are used to enable you to share pages and content that you find interesting on a website through third party social networking and other websites. These cookies may also be used for advertising purposes too.
What type of cookies does your Website use?
The cookies used by our Website are listed in the table below:
Cookie Name | Domain | Vendor | Purpose |
_gcl_au | .gohighlevel.com | Analytics | |
msgsndr_id | www.gohighlevel.com | LeadConnector | Analytics |
_gid | .gohighlevel.com | Analytics | |
_gat_UA-115177999-2 | .gohighlevel.com | Analytics | |
_gat_UA-115177999-1 | .gohighlevel.com | Analytics | |
_ga | .gohighlevel.com | Analytics | |
_tt_enable_cookie | .gohighlevel.com | TikTok | Advertisement |
_ttp | .gohighlevel.com | TikTok | Advertisement |
_fbp | .gohighlevel.com | Advertising | |
_ga_HSZW8WNR22 | .gohighlevel.com | Analytics | |
_ga_1X0XQRMB4F | .gohighlevel.com | Analytics | |
_ttp | .tiktok.com | TikTok | Advertisement |
test_cookie | .doubleclick.net | Advertising |
How can I control cookies on my browser?
As the means by which you can refuse cookies through your web browser controls vary from browser to browser, you should visit your browser’s help menu for more information. The following is information about how to manage cookies on the most popular browsers:
In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit:
- Digital Advertising Alliance
- Digital Advertising Alliance of Canada
- European Interactive Digital Advertising Alliance
What about other tracking technologies, like web beacons?
Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called “tracking pixels” or “clear gifs”). These are tiny graphics files that contain a unique identifier that enables us to recognize when someone has visited our Website or opened an email including them. This allows us, for example, to monitor the traffic patterns of users from one page within a website to another, to deliver and communicate with cookies, to understand whether you have come to the website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of email marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.
Our analytics providers may also use web beacons and other types of technologies to collect data regarding your use of our website. For more information about our analytics providers and the technologies they use, please visit their websites at Google Analytics and Pendo.
Do you use Flash cookies or Local Shared Objects?
Websites may also use so-called “Flash Cookies” (also known as Local Shared Objects or “LSOs”) to, among other things, collect and store information about your use of our services, fraud prevention, and for other site operations.
If you do not want Flash Cookies stored on your computer, you can adjust the settings of your Flash player to block Flash Cookies storage using the tool contained in the Website Storage Settings Panel. You can also control Flash Cookies by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash Cookies (referred to “information” on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash Cookies that are not being delivered by the operator of the page you are on at the time).
Please note that setting the Flash Player to restrict or limit acceptance of Flash Cookies may reduce or impede functionality of some Flash applications, including, potentially, Flash applications used in connection with our services or online content.
Do you serve targeted advertising?
Third parties, such as analytics providers and social media companies, may serve cookies on your computer or mobile device to serve advertising through our Website. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. They can accomplish this by using cookies or web beacons to collect information about your visits to this and other sites in order to provide relevant advertisements about goods and services of potential interest to you. While the information collected through this process does not enable us to identify your name, contact details, or other details that directly identify you unless you choose to provide these, the third parties may collect information that is considered to be personal information under certain state, federal, or international laws, particularly if you are logged into another account while visiting our site, such as Gmail or facebook.
How often will you update this Cookie Policy?
We may update this Cookie Policy from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal, or regulatory reasons. Please revisit this Cookie Policy regularly to stay informed about our use of cookies and related technologies. The date at the top of this Cookie Policy indicates when it was last updated.
Where can I get more information?
If you have any questions about our use of cookies or other technologies, please email us at info@arcusfoundry.com
GDPR Compliance
Introduction
Arcus Foundry is committed to protecting the privacy of our users and their customers. We stay appraised of developments in data protection laws to ensure that you can be confident in your safety while using our platform.
This page is intended to explain what the rules are, how they apply to your use of the Sparkforge platform and the steps we have taken to comply.
You should review this document in conjunction with our Privacy Policy and contact a specialist legal professional if you require more information or advice.
General Data Protection Regulation (GDPR)
Regulation (EU) 2016/679, more commonly known at the General Data Protection Regulation (GDPR) is an EU regulation aimed at harmonizing data protection and privacy laws across the EU. The provisions of the GDPR apply wherever personal data of an EU data subject is involved.
The GDPR is focused on giving individuals more control over how their data is used by companies, and making the collection and processing of data more transparent.
The GDPR was incorporated directly into UK law following the end of the Brexit transition period, meaning that UK businesses still have to comply with its provisions through the ‘UK GDPR’.
Basic GDPR concepts
Controller and processor
The GDPR imposes various obligations on a person depending on whether they are a controller or a processor of personal data.
A controller is an entity which decides to process personal data, and makes decisions regarding the basis of processing and the methods which will be used. Controllers have certain obligations regarding personal data, which you should familiarize yourself with before collecting personal data from your customers.
A processor is an entity which processes data for and on behalf of a controller. They make no independent decisions regarding the data or its processing, as they only process it on behalf of the controller and must comply with all instructions given by the controller.
When you use the Sparkforge service, you are a controller. You are in control of the data you upload to the Sparkforge system, what you do with that data, and why. As a result, you are responsible for ensuring that you have a legal basis on which to process the data, and that you do not retain the data for any longer than is necessary.
You should ensure that you understand your obligations as a controller, and update your own systems and policies to allow the lawful transfer of personal data to Sparkforge. Arcus Foundry is a data processor. We, through the Sparkforge platform, store and manage the data you have collected under your instructions. We will never use any personal data which you have uploaded to the Sparkforge system for our own purposes or without your instruction.
Legal basis for processing
Personal data may only be collected and processed if there is a legal basis for doing so. The allowable legal bases are set out in the GDPR.
As a processor, Arcus Foundry relies on our customers to select the correct basis under which they will be collecting and processing personal data, and to put the appropriate notices and consents in place. Before you use the Sparkforge service, you should take time to identify which legal bases may be available to you, and only collect and retain personal data to the extent necessary to carry out that basis. You should not change the basis under which you have collected personal data without very good reason, so it is important to understand the requirements of the different bases and make sure you select the right one at the start.
Data subject access rights
The GDPR grants data subjects (i.e. your customers) certain rights relating to their personal data, including the right to access, correct and/or delete any data relating to them.
Arcus Foundry has put in place easy systems for you to inform us if you receive such a request from a data subject, and for us to inform you if we receive such a request. We will ensure that, following your instructions, these requests are promptly complied with. You should familiarize yourself with the obligations which will be imposed on you, including relating to any personal data you hold on your own systems, or services other than Sparkforge.
Transfers of data to the USA
Personal data may not be transferred outside the EEA other than under specific circumstances. We utilize the Standard Contractual Clauses as part of our Data Processing Agreement which we sign with all of our customers.
Data Security
We have put in place strong security safeguards and measures to ensure that any personal data we hold is stored securely. We regularly test our products for bugs and vulnerabilities.
We ensure that we have regular back-up systems in place, and ensure that we have data recovery and data integrity systems and processes to minimize risk of corruption to or loss of personal data.
Steps we have taken to ensure GDPR compliance
We take our duties as a processor very seriously. We have put in place a number of procedures and taken a number of steps in order to ensure that we remain compliant with the GDPR and that you are able to lawfully send personal data collected by you to us, for example:
Our data processing agreement utilizes the Standard Contractual Clauses to ensure that you are able to lawfully send personal data to us in the USA.
We are able to detect personal breaches and to inform our customers as soon as possible.
We are able to deal with subject access requests and rights of erasure requests, and ensure that we inform you when a data subject has made such a request to us.
We have assessed and documented the personal data processed by us on your behalf.
We have assessed our security and upgraded this where necessary to ensure that it is appropriate for the level of risk we face in relation to a data breach.