Privacy Policy
DevCycle Privacy Policy
This Privacy Statement covers the types of personal information we collect, how we use it and the steps we take to protect it. We collect information through the website, the DevCycle Dashboard, your input on our website and directly from our customers when using our services.
If you are a customer located in North America, please review and sign the Data Protection Agreement.
For all other customers located in the EU, EEA and UK, please email [email protected]
How we collect information
Cookies
When you visit our website through your web browser, we use cookies and web beacons to collect information, such as your IP address, device identifier and usage information. Usage information may include your browser type, your operating system, the time you spend on our site and how many times you visit our website, as well as the website you visited immediately before landing on our website. We use this information to compile reports that help us understand usage of our site’s features and content, and enable us to improve our website by tailoring content of the website to your interests.
We and our providers also make use of cookies to help promote our services through marketing. At no time do we pass any cookie personal data to a third party for their own purposes.
You can opt-out of cookies or prevent third party websites from accessing our cookies through the privacy settings on your browser. That will disable, however, some features of our website.
Your Inputs
We collect personal information you provide to us on our website, such as your name, email address, telephone number, and username and password, when you:
- Contact us through the website and fill out an online form;
- Create an account on our website;
- Sign-up for our newsletter; or
- Sign-up for our services provided via the DevCycle Dashboard.
This information collected is only used to fulfill the service you have requested, such as authentication for access to the Dashboard or delivering the newsletter, or to contact you in regards to your inquiries. Information collected through the Dashboard is also used to track usage and activity for diagnosis purposes. We use your browsing activity to discern your interests and provide you with advertisements and updates tailored to your interests.
DevCycle uses third party service providers to collect personal information related to payments, such as credit card information, in order to process the payment for the service or product requested.
DevCycle also uses a third party platform to solicit and display comments to our blog postings on the website. We are not responsible for the content that you post on our website and we ask that you do not post content that could violate the privacy of others.
Job Applications
When you submit an application in response to our job postings online, we collect the information you provide through the online application service, such as name, email, telephone number, and other information contained in your resume. DevCycle only uses this information to evaluate your application for employment purposes. We also use a third party platform to process this information and we have contractual agreements with the third party provider to ensure that they offer a similar level of protection for your personal information and they adhere to our Privacy Policy.
Software
When you use DevCycle’s services, we collect information, such as your IP address, device identification usage information through cookies placed on your web browser with the software development kit (SDK) used. We also collect information through the mobile SDK and network calls made to our APIs. This information is used to provide our services to you and to update and improve these services.
Our Clients’ Data
Occasionally, we receive data collected by our clients for the purposes of providing our services to the client. In such cases, our clients have solicited your consent to share the personal information with us and we enter into data protection agreements with our clients to ensure that consent was properly obtained prior to them sharing your personal information.
How we protect your information
DevCycle uses third party cloud hosting technology companies in the United States to store and process the information collected. We enter into data protection agreements with these third party service providers, to ensure that they use similar levels of protection and they adhere to our Privacy Policy. We also make sure that your personal information is transmitted in accordance with these agreements and as securely as possible using industry standard practices.
Where is your information stored
You data is stored on a secure cloud in the United States, so United States law can apply to it. Data is stored with AWS, Google Cloud, MongoDB Cloud, and Cloudflare. AWS, Google Cloud, MongoDB Cloud, Cloudflare, and DevCycle are EU-US Privacy Shield certified.
How we share information
We never disclose your personal data unless it is with your consent or as authorized or required by law. We may share your personal information collected with third party service providers to help us provide our services to you, such as processing payments or job applications. When we do this, we enter into data protection agreements with these service providers and ensure that they all comply with our Privacy Policy.
In cases when we are processing personal information on behalf of a client, we may share personal and usage data only with the party we are providing the service for and according to their instructions.
How you can access or modify your personal information
You can submit a request to access, edit or remove the personal information you have provided to us by contacting [email protected]. If you find your information is inaccurate, we will correct or delete it, as needed. You can withdraw your consent to us holding the information you provided at any time.
Data Protection Agreement
This agreement is between COMPANY acting as data controller (the "Data Controller" for "COMPANY") and data exporter being signatory to this Data Processing Agreement and Taplytics Inc. (dba "DevCycle"), as data processor and data importer in the following referred to as "Taplytics".
1. Definitions
For the purpose of this Data Protection Agreement,
- “Data Controller”, “Data Processor”, “Personal Data”, “Data Subjects”, “Processing”, “Consumer”, “Commercial Purpose”, “Service Provider” and “Sale” shall have the meanings ascribed to them in the relevant data protection legislation (“Applicable Data Protection Law”).
- “Personal Data” means “Personal Information”, being information about an identifiable individual.
- “Instruction” means a direction issued by COMPANY to Taplytics and directing Taplytics to process Personal Data. Instructions may be issued in writing or in textual form (e.g. e-mail).
- “Affiliate” means an entity that a party controls or is controlled by, or with which a party is under common control. For purposes of this definition, “control” means ownership of more than fifty (50%) percent of the voting stock or equivalent ownership interest in an entity.
- “COMPANY Data” means any data transmitted by COMPANY to Taplytics or accessed by Taplytics in connection with the provision of Services.
- “Purpose.” The purpose of the data processing under this DPA is the provision of the Services initiated by COMPANY from time to time.
- “Applicable Law” means all laws and regulations respectively applicable to the data processing, including but not limited to the Applicable Data Protection Law, including the European General Data Protection Regulation, 2016/679 (“GDPR”) and the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., and its implementing regulations (“CCPA”), the UK GDPR, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and the Québec Act respecting the protection of personal information in the private sector (Québec Act).
2. General Information
Taplytics is a Data Processor or Service Provider for the Personal Data processed on behalf of COMPANY, which is a Data Controller, in the context of several contractual relationships, which are executed or will be executed with Taplytics.
This Data Protection Agreement governs any processing of Personal Data undertaken by Taplytics on behalf of COMPANY for the purpose of fulfilment of several business agreements between Taplytics and COMPANY which are already concluded and/or can be concluded in the future (jointly and individually also referred to as the “Main Agreements”). As a Data Processor, Taplytics shall process all Personal Data that it receives, possesses or otherwise obtains access to, in the context of the Main Agreements, only for the purposes of the Main Agreements and in accordance with Applicable Data Protection Law and COMPANY' instructions, as they may be issued from time to time.
3. Due Diligence by Selection
COMPANY selected Taplytics as a service provider by exercising its duties of diligence under the Applicable Data Protection Law. It is the intent of the parties that this Data Protection Agreement constitutes a written mandate within the meaning of the Applicable Data Protection Law and governs the parties’ rights and obligations in the context of Data Protection.
4. Processing, Data Subjects and Categories of Personal Data
Taplytics may process Personal Data on behalf of COMPANY. In this regard, processing means that the Personal Data shall be transferred to Taplytics, stored on the servers of Taplytics and processed for the purpose of fulfillment of the Main Agreements. The Data Subjects are customers and clients of COMPANY, employees and other personnel of COMPANY and the categories of Personal Data processed may include IP address and device identification usage information from COMPANY’s customers or website visitors, and, name, address, phone number, fax number, position and title within COMPANY of employees, as necessary.
5. Duration of Data Processing, Further Information
The duration of the data processing strictly depends on the duration of the Main Agreements. Further information with regard to the subject matter and duration of the Processing, the nature and purpose of the Processing, the type of Personal Data and categories of Data Subjects are set out in the Main Agreements.
6. Joint Obligations, Obligations of the Controller
COMPANY and Taplytics shall be separately responsible for conforming with such statutory Applicable Data Protection Law as is applicable to them. This applies in particular to the obligation to maintain a record of processing activities under their respective responsibility. COMPANY shall inform Taplytics without undue delay and comprehensively about any errors or irregularities related to statutory provisions on the Processing of Personal Data detected during a verification of the results of such Processing. COMPANY shall, upon termination or expiration of the Main Agreements and by way of issuing an Instruction, stipulate, within a period of time set by Taplytics, the measures to return data carrier media or to delete stored Personal Data.
7. Data Protection Officer
Taplytics shall provide to COMPANY the contact details of Taplytics’ data protection officer.
8. Obligations of the Processor
Taplytics shall collect, process and use Personal Data only within the scope of the Main Agreements and COMPANY’s documented Instructions. Within Taplytics’ area of responsibility, Taplytics shall structure Taplytics’ internal corporate organization to ensure compliance with the specific requirements of the protection of Personal Data under the Applicable Data Protection Law.
Taplytics is prohibited from (i) selling COMPANY’s Personal Data; (ii) retaining, using or disclosing COMPANY’s Personal Data for any purpose other than for the specific purpose of performing the services specified under the Main Agreements; and (iii) retaining, using or disclosing COMPANY’s Personal Data outside the direct business relationship with the COMPANY.
Taplytics shall comply with COMPANY’s reasonably given and documented Instructions regarding the processing, storage, transfer and security of COMPANY’s Personal Data. The obligation to process COMPANY’s Personal Data only upon COMPANY’s Instructions applies particularly to any cross-border transfer of Personal Data.
9. Place of Processing Transfer to Third Countries
The Processing is being conducted on the territory of the United States. Where the Personal Data relates to Data Subjects in the EU or the EEA, Taplytics relies upon the Standard Contractual Clauses adopted by the European Commission on June 4, 2021 to transfer personal data out of the EU and the EEA attached as Schedule 1. Where the Personal Data relates to Data Subjects in the UK, Standard Contractual Clauses adopted by the European Commission on June 4, 2021 and the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (IDTA) apply to transfer personal data out of the UK attached as Schedule 2.Taplytics may process the Personal Data outside of the EU/EEA (“Third Countries”) given it discloses the location of the Processing to COMPANY prior to the beginning of the Processing, receives a written consent (Instruction) from COMPANY and complies with the provisions of this Data Protection Agreement as well as providing an adequate level of data protection to COMPANY (e.g. enhanced security measures such as encryption and pseudonimyzation before, during and after the transfer).
10. Confidentiality
The Personal Data that Taplytics receives, possesses or otherwise obtains access to, in the context of the Main Agreements, shall be treated as confidential information and may only be passed on to third parties (including Data Subjects and public authorities or judicial bodies) for the purpose of the Main Agreements and with COMPANY’ prior written authorization. Taplytics will ensure that any personnel entrusted with Processing of COMPANY Personal Data have undertaken to comply with the principle of data secrecy and confidentiality.
11. Sub-contraction
Taplytics shall be entitled to subcontract Taplytics’s obligations under the Main Agreements to third parties only with COMPANY’ written consent. Taplytics shall inform COMPANY of any intended changes concerning the addition or replacement of other Sub-processors, thereby giving COMPANY the opportunity to object to such changes. Where the Personal Data relates to Data Subjects in the EU or the EEA or the UK, Taplytics with comply with the Standard Contractual Clauses attached as Schedule 1 or Standard Contractual Clauses and the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (IDTA) attached as Schedule 2 in relation to sub-contraction.
If Taplytics subcontracts its obligations under the Main Agreements with COMPANY' it shall enter into a written agreement with the Sub-processor that will impose the same data protection and confidentiality obligations on the Sub-processor as are imposed on Taplytics under this Data Protection Agreement and in particular ensure that the Sub-processor implements the appropriate technical and organizational measures as required by the Applicable Data Protection Law and other statutory laws and regulations.
12. Technical and Organizational Measures
Taplytics agrees and warrants that it has implemented appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction, alteration, unauthorized disclosure or access. If the Processing involves the transmission of Personal Data over a network, it has implemented appropriate measures aimed at protecting Personal Data against the specific risks presented by the Processing. Taplytics will invest in reasonable means to ensure a level of security appropriate to the risks presented by the Processing, and the nature of the Personal Data processed.
13. Information and Cooperation
Taplytics shall immediately inform COMPANY, in writing:
- Of any public authority requesting disclosure of Personal Data, unless it is prohibited by law;
- Of any enquiries or requests from Data Subjects with respect to their Personal Data; and
- Of any reasonably suspected or actual breach of security, loss or unauthorized use, disclosure, acquisition of or access to Personal Data (including hard copy records) or systems used for Processing Personal Data.
Such notice shall summarize in reasonable detail the effect on COMPANY, if known, of the breach, loss or unauthorized use, disclosure, acquisition of, or access to, any Personal Data or systems used for Processing Personal Data and the corrective action taken or to be taken by Taplytics. Taplytics shall promptly take all necessary and advisable corrective actions, and shall cooperate fully with COMPANY, in all reasonable and lawful efforts to investigate, prevent, mitigate or rectify such breach, loss or unauthorized use, disclosure, acquisition or access.
14. Audit and Monitoring
COMPANY shall have the right to monitor Taplytics's compliance with the terms of this Data Protection Agreement. With sufficient notice, and of no less than ten (10) working days, COMPANY or its authorized representatives may inspect Taplytics's facilities and equipment, and any information or materials in Taplytics's possession, custody or control, relating in any way to Taplytics's obligations under this Section. Taplytics shall provide all reasonable assistance in order to assist COMPANY to perform such inspection at the COMPANY’s expense. An inspection performed pursuant to this Section shall not unreasonably interfere with the normal conduct of Taplytics's business.
15. Requests from Data Subjects
Taplytics shall deal promptly and properly with all enquiries from COMPANY relating to Processing of Personal Data subject to the Main Agreements. In particular, Taplytics shall fully co-operate with COMPANY if a Data Subject wants to access, block, rectify or delete Personal Data pertaining to him or her.
16. Return or Deletion of Personal Data upon Termination
The Parties agree that, upon COMPANY' request, Taplytics must either return all Personal Data and any copies thereof to COMPANY or destroy all Personal Data and certify to COMPANY that all Personal Data have been destroyed, however subject to the respectively applicable laws and regulations.
17. "Third Party"
“Third party” shall refer to a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
18. Certification
By signing this Agreement, Taplytics hereby certifies that in receiving COMPANY’s Personal Data, Taplytics understands the requirements and restrictions associated with its status as Service Provider, under and as defined in all Applicable Data Protection Laws, and shall comply with the applicable requirements set forth in Applicable Data Protection Laws and any implementing regulations.
COMPANY specifically acknowledges that its use of the Services described in the Main Agreements COMPANY will not violate the rights of any Consumer that has opted-out from sales or other disclosures of Personal Data, to the extent applicable under the Applicable Data Protection Law, including the CCPA.
19. Prevailing Agreement
In case of contradictory stipulations, this Data Protection Agreement shall prevail over all former stipulations in any already concluded agreements related to the processing of Personal Data.
Contact us
For privacy and personal information queries and concerns, please contact: Taplytics Inc. (dba "DevCycle") at 304-49 Spadina Avenue, Toronto, ON, M5V 2J1, Canada, or by email at [email protected]. Should your concerns remain unaddressed, you can contact the Data Protection Authority in your country or the Office of the Privacy Commissioner of Canada.