Gravyty processes three broad categories of personal information (known collectively as "Customer Data"):
- As a user of Gravyty, you will need to provide us information to create an account and use the Services - we refer to this as "Customer Account Data."
- As a user, you may provide us with personal information of your assigned donors to interact with Gravyty application - we refer to this information as "Customer End-User Data."
Gravyty distinguishes between these categories of Customer Data because the direct relationship we have with you, our customer, is different than the indirect relationship we have with your end-users. If you are located in the European Economic Area, Gravyty is the "controller" of your Customer Account Data and a "processor" of Customer End-User Data and Restricted Customer End-User Data.
How Gravyty Processes Customer Account Data
We, Gravyty, collect and process your Customer Account Data:
- When you visit a Gravyty public-facing Website like Gravyty.com, sign up for a Gravyty event, or make a request to receive information about Gravyty or our products, like a Gravytywhite paper or a newsletter;
- When you contact GravytySales Team or Customer Support Team;
- When you sign up for a Gravyty account and use our products and Services;
- When you authorize Gravyty Email Integration application.
Broadly speaking, we use Customer Account Data to:
- Perform our contract with you;
Pursue our legitimate interests to:
- understand who our customers and potential customers are and their interests in Gravyty products and Services,
- manage our relationship with you and other customers,
- provide you with marketing materials,
- perform research (including marketing research),
- carry out core business operations such as accounting and filing taxes, and
- help detect, prevent, or investigate security incidents, fraud and other abuse and/or misuse of our products and services;
- Comply with any legal obligations we may have; and
- Carry out other uses which you have consented to.
What Customer Account Data Gravyty Processes When You Visit Our Website, Sign Up for a Gravyty Event, or Make a Request for Information About Gravyty and Why
When you visit our Website, sign up for a Gravyty event or request more information about Gravyty, we will collect information that you submit to us (e.g., through a web form) and we will also collect information automatically using tracking technologies like cookies. We collect this information to fulfill your request, to learn more about who is interested in our products and services, to advertise to you, and to improve our Services.
Information You Share Directly: In some places on Gravyty's Websites, you can fill out web forms to ask to be contacted by our Sales Team, sign up for a marketing newsletter, register for a Gravyty event, or take a survey. The specific personal information requested on these forms will vary based on the purpose of the form. We will ask you for information necessary for us to provide you with what you request through the form (for example, we will ask you for your email address if you want to sign up for an email newsletter and for your phone number if you want a member of our Sales Team to call you). We may also ask you for additional information to help us understand you better as a customer like your Gravyty use case, your company name, or your role at your company. If you sign up to receive marketing communications from Gravyty, like a newsletter, you can always choose to opt-out of further communications through a preferences page which will be linked from any marketing email you receive from Gravyty. You may also contact our Customer Support Team to communicate your choice to opt-out.
Information We Collect Automatically: When you visit Gravyty's Websites, including our web forms, we and service providers acting on our behalf automatically collect certain information using tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how visitors to our Websites are using them, which pages and features of the Websites are most popular, and to tailor and deliver advertisements. This helps us understand how we can improve our Websites and track performance of our advertisements.
We may use Google Analytics and other subprocessors (see table below) to collect information regarding visitor behavior and visitor demographics on our Website and Services. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/.You can opt out of Google's collection and processing of data generated by your use of the Services by going to https://tools.google.com/dlpage/gaoptout.
What Customer Account Data Gravyty Processes When You Communicate with Our Sales or Support Teams and Why
If you contact our Sales or Support Teams, those teams keep a record of that communication, including your contact details and other information you share during the course of the communication. We store this information to help us keep track of the inquiries we receive from you and from customers generally so we can improve our products and Services and provide training to team members. This information also helps our teams manage our ongoing relationships with our customers. Because we store a record of these communications, please be thoughtful about what information you share with our Sales and Support Teams. We will try to take appropriate measures to protect any sensitive information you share with us, but it is best to avoid sharing any personal or other sensitive information in these communications unless it is necessary for these teams to assist you.
What Customer Account Data Gravyty Processes When You Sign Up for and Log into a Gravyty Account and Why
When you sign up for a Gravyty account, we ask for certain information like your contact details and billing information so we can communicate with you and so you can pay for our products and services. We also collect some information automatically, like your IP address, when you login to your account. We use this to understand who is using our Services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.
Information You Share Directly: You provide us with an account name and email address, and we use this information so we know who you are, we can communicate with you about your account(s), and we can recognize you when you communicate with us. You may also provide us with additional contact information in order to authenticate more securely using multi-factor authentication.
We also use your email address to send you information about other Gravyty products, services or events in which we think you may be interested in. You can opt out of further marketing communications through your marketing preferences page linked from any marketing email you receive from Gravyty. You may also contact our Customer Support Team to communicate your choice to opt-out.
For billing purposes, we may collect your payment information and/or your billing address. Your payment method information is used to process payment for your services, and your billing address may also be used by Gravyty for tax calculation and audit purposes.
Information We Generate or Collect Automatically
When you sign up for Gravyty services, we set up a unique account for you and keep a record of it so we know it is you making the requests when you log into our platform.
In addition, when you use our Services, we collect your IP address and other information through tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how customers are using our platform, who those customers are, what country they are logging in from (for analytics and export control purposes), and to help improve the navigation experience.
All information we collect when you sign up for a Gravyty account and interact with the Gravyty Dashboard or our products and Services may be used to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and services.
What Customer Account Data Gravyty Processes When You Authorize Gravyty Email Integration Application
When you authorize Gravyty Email Integration Application, you provide us with access to create draft emails and send emails on your behalf. We require these permissions so that we can embed a tracker into the emails you send via Gravyty to track when donors view them. This also allows us to automatically populate the message we draft for you with rich formatting content, such as links. We only send emails on your behalf when you explicitly click the send button on our email compose page. You also provide us with access to read emails coming into your account. This read access allows us to capture conversations between you and your assigned donors for the purpose of writing this data back to your database.
Information You Share Directly: Email addresses are transferred to Gravyty via the data exchange process set up during your initial implementation. You may also provide us with a list of email addresses to ignore, which will prevent us from fetching the content of the related email messages.
Information We Generate or Collect Automatically: We only process the minimum amount of data needed for each request. Our process reviews all email thread metadata updated since the last fetch (or since you authorized our application, whichever is later). Thread metadata includes a list of email addresses, the subject line, and timestamps of first and last messages in the thread. We receive this information for every thread, but only process the participants and timestamps in order to associate them with your assigned donors. Only if we identify a match do we fetch individual messages, which are then saved in Gravyty and available for writeback to your CRM.
Google API Services User Data Policy
Gravyty's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Other Customer Account Data We Collect and Why
We may collect information about you from publicly-available sources so we can understand our customer base better. We may also obtain information about your organization from third party providers to help us understand our customer base better, such as your industry, the size of your organization, and your website URL.
How Long We Retain Your Customer Account Data
Gravyty will retain your Customer Account Data as long as needed to provide you with our Services, to operate our business, and comply with applicable laws. If you ask Gravyty to delete specific Customer Account Data we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.
How to Make Choices About Your Customer Account Data
Please contact Customer Support for any requests about your Customer Account Data.
Closing Your Account and Deletion. To request closure or deletion of your Gravyty account, you can contact Customer Support. Within 60 days following your request, Gravyty will either delete your Customer Account Data or de-identify it such that it can no longer be used to identify you. You should know that deletion of your Gravyty account will result in you permanently losing access to your account and Customer Data in the account. Please note that certain information associated with your account may nonetheless remain on Gravyty servers in a de-identified or aggregated form that does not identify you or your end-users. Similarly, Customer Account Data, including personal information, we are required to maintain for legal purposes or for necessary business operations (see "How Long We Retain Your Customer Account Data" section above) will be retained after account closure until no longer needed.
Other Choices About Your Customer Account Data. In addition, you can exercise other choices about your Customer Account Data (e.g., accessing it, correcting or amending it, deleting it, restricting or objecting to its use, porting it, or withdrawing consent) by contacting Customer Support. We will process such requests in accordance with applicable laws. To protect your privacy, Gravyty will take steps to verify your identity before fulfilling your request.
How Gravyty Processes Customer End-User Data
For individuals located in the European Economic Area, when Gravyty processes Customer End-User Data, it acts as a "processor." Gravyty will only process Customer End-User Data at the instruction of our customers (i.e., the "controller"). You can learn more about this on our GDPR Statement.
As a customer, your end-users' personal information ("Customer End-User Data") typically shows up on Gravyty Platform in a few different ways:
- While implementing the Gravyty services for the first time, you grant Gravyty permission to sync data you have approved access to into the Platform on your behalf.
- Your end-users' personal information may also be contained in the content of communications you (or your end-users) send or receive using Gravyty products and Services.
- Your end-users' personal information may also be contained in the dashboard and reporting content Gravyty makes available to you to facilitate your use of the Platform and Services.
What Customer End-User Data Gravyty Processes and Why
The Customer End-User Data Gravyty processes when you, our customer, use our products and Services and the reason Gravyty processes it depends on which Gravyty products and Services you use and how you use those products and Services. It is always limited to the data you explicitly grant us access to or do not explicitly prevent us from accessing.
We use Customer End-User Data to provide Services to you and to carry out necessary functions of our business as a product and services provider.
Records containing Customer End-User Data may also be used in debugging or troubleshooting or in connection with investigations of security incidents, bugs, as well as for the purposes of detecting and preventing spam or fraudulent activity, and detecting and preventing network exploits and abuse.
How Long We Retain Customer End-User Data
Details regarding how long we retain Customer End-User Data and options around Customer End-User Data will depend on which Gravyty products and Services you are using, how you are using them, and the duration for which you use our Services.
Please note that if you request that we delete your Customer End-User Data, it may take up to 60 days for Customer End-User Data to be completely removed from our systems. In some cases, a copy of those records, including the personal information contained in them, may be retained to carry out necessary functions like billing, invoice reconciliation, troubleshooting, and detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse. Sometimes legal matters arise that also require us to preserve records, including those containing personal information. These matters include litigation, law enforcement requests, or government investigations. If we have to do this, we will delete the impacted records when no longer legally obligated to retain them. We may, however, retain Customer End-User Data that has been de-identified or aggregated such that your end-user cannot be identified.
When and Why We Share Customer Data
Below are the different scenarios under which we may share Customer Data with third parties.
- Third-party service providers, Subprocessors, and Consultants. Gravyty engages certain third-party service providers, subprocessors, and consultants to carry out certain data processing functions to provide the Services. These third parties are limited to only accessing or using Customer Data to provide services to us and must provide reasonable assurances they will appropriately safeguard Customer Data. An up-to-date list of our subprocessors is located below.
- Compliance with Legal Obligations. We may disclose Customer Data to a third party if (i) we reasonably believe that disclosure is compelled by applicable law, regulation, legal process or a government request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing a death or serious bodily injury. If Gravyty is required by law to disclose any personal information of you or your end-user, we will notify you of the disclosure requirement, unless prohibited by law. Further, we may object to requests we do not believe to be valid.
Aggregated or De-Identified Data. Except as necessary to provide the Services, Gravyty does not share any de-identified and/or aggregated Customer End-User Data with third parties. However, Gravyty may share de-identified and/or aggregated Customer Account Data with third parties for a number of purposes, including research, internal analysis, analytics, and any other legally permissible purposes.
Gravyty uses the following subprocessors to assist in providing the Services:
|Amazon Web Services||Cloud Services||United States|
|Google Cloud Platform (Looker)||Business Intelligence||United States|
|New Relic||Observability Platform||United States|
|Heroku||Cloud application platform||United States|
|AWS||Cloud application platform||United States|
|FullContact||Privacy-safe Identity Resolution company||United States|
|HostedFTP||File Transfer||United States|
|Nylas||Communication platform for software developers||United States|
|SendGrid||Customer communication platform for transactional and Marketing Email||United States|
|Twilio||Cloud Communications Platform||United States|
|Churn Zero||Customer Success Platform||United States|
|Intuit||Accounting Software Package||United States|
|Xero||Accounting Software Package||United States|
|Google Gsuite||Cloud computing, productivity and collaboration tools (email, documents, calendars)||United States|
|Atlassian||Develops products for software developers and project managers||United States|
Security of Customer Data
Third Party Websites/Applications
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Website or Services. These other domains and websites are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
California Privacy Rights
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.
Compliance With Children's Online Privacy Protection Act
Protecting the privacy of the very young is especially important. For that reason, the Company never collects or maintains information at its Site from those it actually knows are under 18, and no part of the website is structured to attract anyone under 18.
2815 Elliott Avenue, Suite 201
Seattle, WA 98121
Last Updated: November 2, 2022