Stream.io INC Privacy Policy Abstract

Stream.io, Inc. (“us,” “we,” or Stream”) is committed to respecting the privacy rights of our customers (“Customers”) and their end users (“End Users”), as well as other users of the Stream newsfeed and responsive chat services available through our API (collectively, the “Service”) and the Stream websites, including (www.getstream.io) and any successor sites (collectively, “Websites” and each individually, a “Website”). We created this privacy policy (“Privacy Policy”) to give you confidence as you use the Service and Websites, and to demonstrate our commitment to fair information practices and the protection of privacy. This Privacy Policy is only applicable to the Service and Websites, and not to any other websites that you may be able to access from the Service or Websites or any websites of the partners or Customers of Stream, each of which may have data collection, storage, and use practices and policies that differ materially from this Privacy Policy. Your use of the Websites and certain aspects of the Service are governed by this Privacy Policy and the Terms of Service and in some instances a Subscription Agreement by and between you and Stream. The use of information collected through our Service shall be limited to the purpose of providing the Service for which our Customer has engaged Stream.

When you visit the Websites, web servers collect information about your visit (known as “traffic data”), which is stored as deidentified or aggregate data. We use traffic data to learn more about visitors’ use of the Websites and to improve the quality of the content and functionality of the Websites, as well as to target our offerings to the people most interested in them based on their use of the Websites. In order to provide the Service to our Customers, Stream collects certain information and data about End Users (“End User Information”). Stream provides analyses of deidentified or aggregate End User Information to its Customers and to other third parties (“Analyzed Data”). Stream takes commercially reasonable efforts to ensure that Analyzed Data does not include any PII, as defined below Personally Identifiable Information Personally identifiable information (“PII”) is information that can be used to identify an individual user, for example, a person’s name, home address, email address or phone number. We engage third party service providers to collect certain PII on our behalf, for example billing information such as credit card number. We receive and store any PII users enter on our Websites, send to us in an email or voluntarily provide to us in any other way. We may also collect PII that is necessary to fulfill Stream’s legitimate interests, which will be described to you at the time of collection. We will use this information for the purposes of which it was collected.

In order for you to access certain features of the Service, we may require you to provide us with certain PII, such as your name, phone number and e-mail address. You may also provide Stream with certain optional information at your sole discretion (“Optional Information”). For the purpose of this Privacy Policy, all Optional Information that you provide us will be deemed PII.

The use of PII collected through our Websites shall be limited to the purposes of providing the Service to process any applicable payment and communicate with you as needed in connection with the Service.

Use of the Service does not require that Stream’s Customers provide to Stream, and Stream requests that its Customers do not provide to it, any PII relating to their End Users. End Users should be aware, however, that Stream’s Customers may request such information from End Users in order to enable their use of and access to the Service and such PII may be included in the End User Information provided to Stream. To the extent Stream does receive any PII as part of the End User Information, Stream shall make reasonable efforts, consistent with the terms of this Privacy Policy, to maintain the confidentiality of such PII. Where Stream collects information on behalf of its Customers, Stream shall be considered the processor of such information. Stream has no direct relationship with the individuals whose PII it processes on behalf of any Customers. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to Stream’s Customer (the data controller). If the Customer requests Stream to remove the data, we will respond to their request within 30 business days.

As is true of most web sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve marketing, analytics, and site functionality.

Technologies such as: cookies, beacons, tags and scripts are used by Stream and our marketing partners, affiliates, analytics, and marketing service providers. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the Websites and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. We use cookies to remember users’ form submitted information. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Websites, but your ability to use some features or areas of our Websites may be limited. Our Websites may now or in the future include social media features, such as the Facebook “like” button and widgets, such as the “share this” button or interactive mini-programs that run on our Websites. These features may collect your IP address, which page you are visiting on our Websites, and may set a cookie to enable the feature to function properly. These features are either hosted by a third party or hosted directly on our Websites. Your interactions with these features are governed by the privacy policies of the company providing them.

When you send e-mail or other communications to Stream, we may retain those communications in order to process your inquiries, respond to your requests and improve our Service. Stream may also use PII for various purposes, including without limitation to:

• To help diagnose problems with the Websites or Service, to administer the Websites or Service, and to enhance the Websites or Service for optimal user experience.
• To monitor the usage and performance of the Websites or Service, and to determine deidentified or aggregate information about our users and usage patterns.
• To customize content that may be of interest to Customers or End Users.
• To identify you when you access and use any Websites or Service.
• To facilitate transactions and process payments.
• To send users materials, updates, and product information regarding the Websites or Service.
• To provide maintenance, support, and customer service for the Websites or Service.
• To conduct research and analysis.
• To contact users for information verification purposes.

You may choose to stop receiving marketing emails or other informational emails from us by following the unsubscribe instructions included in these emails or you can contact us at legal@getstream.io . If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your account with us (if you have one) and our business dealings with you.

Stream may share PII with any third parties in the following limited circumstances:

• We may ask if you would like us to share your PII with other unaffiliated third parties who are not described elsewhere in this policy, and we may do so with your consent.
• We may share your PII with companies that are affiliated with us (that is, that control, are controlled by, or are under common control with Stream).
• We may share any PII with other trusted business partners (“Partners”) for the purpose of processing PII or Analyzed Data on our behalf, but only to provide the requested Service and subject to this Privacy Policy. Such Partners shall be bound to uphold the same standards of security and confidentiality that we have promised to you in this Privacy Policy, and they will only use your PII to carry out their specific business obligations to Stream and to provide your requested Service.
• Stream may transfer PII to companies that help us provide our Service. Transfers to subsequent third party service providers are covered by the provisions in this Privacy Policy regarding notice and may be covered by the agreements with our Customers.
• If Stream is involved in a merger, acquisition, or sale of all or a portion of its assets, we may transfer your PII to a third party as part of that transaction, including at the negotiation stage. You will be notified via email and/or a prominent notice on our Website of any change in ownership.

Except as otherwise provided in this Privacy Policy, we will keep your PII private and will not share it with third parties, unless we believe in good faith that disclosure of your PII or any other information we collect about you is necessary to: (1) comply with applicable laws, or a court order or other legal process; (2) protect the rights, property or safety of Stream or another party; (3) enforce our Terms of Service (or applicable Subscription Agreement) or (4) respond to claims that any posting or other content violates the rights of third parties.

The security of your PII is important to us. We follow reasonable and appropriate security measures and standards to protect the PII submitted to us, both during transmission and once we receive it. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store PII. Although we make good faith efforts to store PII in a secure operating environment that is not open to the public, you should understand that there is no such thing as complete security, and we do not guarantee that there will be no unintended disclosures of your PII. If we become aware that your PII has been disclosed in a manner not in accordance with this Privacy Policy, we will use reasonable efforts to notify you of the nature and extent of the disclosure (to the extent we know that information) as soon as reasonably possible and as permitted by law. If we need, or are required, to contact you concerning any event that involves information about you, we may do so by email, telephone, or mail.

You must promptly notify us if your PII is lost, stolen, or used without permission. In such an event, we will remove that PII from your account and update our records accordingly.

Stream will retain PII for so long as is necessary for the purposes for which we collected such PII. For example, Stream will retain PII we process on behalf of our Customers for as long as needed to provide Service to our Customers. Stream will also retain and use PII as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

We may update this Privacy Policy to reflect changes to our information practices. If we make any change in how we use your PII we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

As a registered user of the Websites, you can modify or delete some of the PII you have included in your profile by logging in and accessing your account. You cannot, however, change your username once you have registered. Upon your request, Stream will use commercially reasonable efforts to delete your account and the PII in your profile; however, it may be impossible to remove your account without some residual information being retained by Stream. We will respond to your request to access within 30 days. We may withhold information where the search for that information would require disproportionate effort or have a disproportionate effect to, for example, the cost of providing the information, the time it would take to retrieve the data, or how difficult it may be to obtain the information requested. To exercise your rights under these provisions, please contact us at the “Contact” details below. When we receive your requests, we may ask you to verify your identity before we can act on your request.
We will retain your information for as long as your account is active or as needed to provide you Service. If you wish to cancel your account or request that we no longer use your information to provide you Service contact us at legal@getstream.io . We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

The following applies to individuals in the European Economic Area and the United Kingdom. Stream is required to inform you of the lawful basis of our processing of your PII.

• Processing based on your consent – Such uses may include to enhance our Websites and Service, or to send users materials, updates, and product information regarding the Websites or Service.
• Processing necessary for the performance of a contract – Such uses include to provide our Service to our Customers, to communicate with you, to administer and monitor the Service, to customize content that may be of interest to you, to facilitate transactions and process payments, to respond to your inquires, to determine your eligibility to set up your account, and to provide maintenance, support, and customer service.
• Processing necessary to comply with our legal obligations – Such uses include the security of the Websites and Service, and otherwise as required by applicable law.
• Processing activities that constitute our legitimate interests – Such uses include to enhance our Websites and Service, to conduct research and analysis, to contact users for information verification purposes, to understand your interests, to send users materials, updates, and product information regarding the Websites or Service, to secure the Websites and Service, to provide maintenance, support, and customer service for the Service, and to use PII as otherwise described in this Privacy Policy. We will use your PII only for the purposes for which we collected it, unless we reasonably determine we need to use it for another reason and that reason is compatible with the original purpose. For example, we consider deidentification and aggregation of PII to be compatible with the purposes listed above and in your interest, because the deidentification or aggregation of such information reduces the likelihood of improper disclosure of that information. PLEASE NOTE WE MAY PROCESS YOUR PII WITHOUT YOUR KNOWLEDGE OR CONSENT, IN COMPLIANCE WITH THE ABOVE RULES, WHERE THIS IS REQUIRED OR PERMITTED BY APPLICABLE LAW. In accordance with applicable data protection laws, you may have the right to request: access to, rectification, and erasure of your PII; restriction of processing of PII; objecting to certain processing of PII; and the right to data portability. Where any processing of PII is solely dependent upon your consent, you have the right to withdraw such consent at any time. When we receive your request, we may ask you to verify your identity before we can act on your request. We may withhold information where we are required by law to do so or if the search for that information would require disproportionate effort or have a disproportionate effect to, for example, the cost of providing the information, the time it would take to retrieve the data, or how difficult it may be to obtain the information requested.
  Where you believe that we have not processed your PII in accordance with applicable data protection laws, you may lodge a complaint with the respective supervisory authority or data protection regulator. You can find your data protection regulator here .

Stream is based in the United States of America. If you are from a country outside of the United States of America with laws governing data collection, use, and disclosure that may differ from U.S. law and you provide PII to us, please note that any PII that you provide to us may be transferred to the United States of America. By providing your PII, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein or in any terms and conditions related to the use of and access to the Websites or Service.
Stream safeguards and enables the global transfer of PII in a number of ways.  The following describes some of the protections that are taken with regard to data originating from certain countries:

• EU-U.S. Privacy Shield:  Stream adheres to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Framework concerning the transfer of PII from the European Union and Switzerland to the United States.  Accordingly, we follow the EU-U.S. Privacy Shield Principles published by the U.S. Department of Commerce (“Privacy Shield Principles”) with respect to all such data.  Stream complies with the Privacy Shield Principles for all onward transfers of PII from the EU and Switzerland, including the onward transfer liability provisions.  We specify in contracts with service providers that handle the PII collected by Stream that the information “may only be processed for limited and specified purposes consistent with” the purposes laid out in this Privacy Policy.  Those third parties agree to provide the same level of protection as the Privacy Shield Principles.  In certain situations, if a third party that receives PII from us takes an action that is contrary to the principles of the Privacy Shield Principles, we will be liable for those actions unless we can prove that we are not responsible for causing such liability.  If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  Compliance with the Privacy Shield Principles may be limited, however, in certain cases to the extent necessary to meet national security, public interest, or law enforcement requirements.  All Stream personnel with access to PII are obligated to familiarize themselves and comply with provisions of this Privacy Policy.  To learn more about the EU-U.S. and Swiss-U.S. Privacy Shield Framework, and to view the our certification, please visit  https://www.privacyshield.gov . A violation of our commitment to EU-U.S. and Swiss-U.S. Privacy Shield Framework may be investigated by the Federal Trade Commission.  With respect to PII received or transferred pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. Dispute Resolution In compliance with the Privacy Shield Principles, Stream commits to resolve complaints about your privacy and our collection or use of your PII.  EU individuals with questions or concerns about our use of PII or our Privacy Policy should submit a written request to us using the information in the “Contacts” section below. If your question or concern is not satisfied through this process we are further committed to refer unresolved Privacy Shield complaints to JAMS, an independent dispute resolution provider located in the United States.  Information about how to file a complaint with JAMS related to our Privacy Shield program can be found at https://www.jamsadr.com/eu-us-privacy-shield .  The Service of JAMS are provided at no cost to you.  Under certain circumstances, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. Stream commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship. We have further committed to cooperate with the panel established by the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from Switzerland in the context of the employment relationship.

Our Websites may offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your PII from our blog or community forum, contact us at legal@getstream.io . In some cases, we may not be able to remove your PII, in which case we will let you know if we are unable to do so and why.

We may display personal testimonials of satisfied customers on our Websites in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at legal@getstream.io .

Our Websites includes links to other web sites whose privacy practices may differ from those of Stream. If you submit PII to any of those web sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any web site you visit.

If you have any comments, concerns or questions about this Privacy Policy, send us an email at legal@getstream.io