Privacy Policy
This privacy policy (the “Policy”) for Software Mansion S.A. (“Company,” “we,” “us,” or “our”), describes how and why we might collect, store, use, and/or share (“process”) your information when you use our products and/or services (“Services”), such as when you:
- Visit our website at fishjam.io, or any website of ours that links to this Policy
- Engage with us in other related ways ― including any sales, marketing, or events related to Fishjam.
Questions or concerns?
Understanding this Policy will help you comprehend your rights and choices regarding your privacy. If you disagree with our methods and practices, do not access our Services. For any questions or issues, please contact us at legal@swmansion.com.
If there are any capitalized terms in this Policy that are not defined, then those terms will have the meaning defined in your agreement with us.
How We Process Your Personal Information
“Personal information” or “personal data” includes an array of information. In general, we interpret it to mean any information that relates to an identifiable, living individual person.
In some jurisdictions, legal distinctions are drawn between “controllers” and “processors” of personal data. Controllers determine the purposes and means of processing personal data, whereas processors are entities that process personal data on behalf of the controller according to their instructions. A processor does not make decisions about personal information; it only processes personal information on behalf of a controller based on the controller’s instructions.
If you are a customer using Fishjam, we process your personal information in different ways when you use our Services:
- We process your personal information as a customer of Fishjam — information that we refer to as Customer Account Data (e.g., your contact information) — when you visit our public-facing website like fishjam.io, reach out to us; or sign up for a Fishjam account at fishjam.io and use our Services.
- We process the personal information of your end users who use or interact with your application that you’ve built on Fishjam platform, like the people you communicate with by way of that application. This includes information we use to route audio and video calls and metadata about media streams — we refer to this information as “Customer Usage Data” — and it also includes the contents of communications, which we refer to as your “Customer Content”. You can see a more detailed definition of Customer Content in our Data Processing Addendum, which is part of our agreement with you.
We process these categories of personal information differently because the direct relationship we have with you, our customer, is different from the indirect relationship we have with your end users.
When we process your Customer Account Data and your Customer Usage Data, we are acting as a controller. When we process your Customer Content, we are acting as a processor.
If you are a visitor to our website (by which we mean any website that links back to this Policy in its footer), we collect a minimal amount of data about you (depending on how much you’ve chosen to share with us). This might be as little as an IP address or a cookie, and it might be your contact information. We also consider this Customer Account Data.
If you are an end user of a Fishjam customer, this Policy does not apply to the services that our customers provide to their end users. Our customers have their own policies regarding the collection, use, and disclosure of the personal information of their end users. If you are an end user of one of our customers and want to learn about how that customer handles your personal information, we encourage you to read the customer’s privacy policy. Only the customer can assist you with requests for access or deletion.
Data about our customers
Fishjam requires the minimal amount of data necessary to provide Services to you, and the amount or type of data we collect depends on the product or service you choose or how you use it. We do not sell your personal information and we do not share your information with third parties for those third parties’ own business interests.
We use the information we collect and share it with our service providers primarily to provide the Services you’ve requested from us, and as needed for our operational purposes (e.g. to collect payment). In addition, we may use data about our customers to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and Services.
Data we process during account creation and account usage
When you sign up for an account with us, we ask for certain information like your contact details and billing information to facilitate payment and communication. We also collect some information automatically, like your IP address, when you log in to your account or when your software application built on Fishjam makes requests to our APIs. We use this to understand who is using our Services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.
Information You Share Directly
Name and contact information. When you sign up for a Fishjam account with us, you authenticate using your email account. In doing so, we receive certain information about you. The information we receive may vary depending on the email address and your email service provider, but could include your name. We collect this information so we know who you are — this helps us communicate with you about your account(s), recognize you when you communicate with us, bill you correctly, and provide other Services.
Payment information. We’ll ask you to provide our payment processor with your payment method information like a credit or debit card and your billing address. Our payment processor, Paddle, acting on our behalf, gathers this so we can bill you for your use of our Services. You may find their privacy policy link(s) here: https://www.paddle.com/legal/privacy.
Information We Generate or Collect Automatically
Subdomains and API Keys. When you create a project with Fishjam Cloud, we’ll automatically assign your project a unique URL and generate an API key for it. These are used like a username and password to make API requests.
Device information and IP addresses. We collect your IP address and other data through tracking technologies like cookies, web beacons, and similar technologies. We also collect IP addresses when you make requests to our APIs and in our server logs. We use this information to understand how customers are using our platform, who those customers are (if they are a company and the IP address is associated with that company), what country they are logging in from (for analytics and export control purposes), and to help improve the navigation experience. You can learn more about cookies in the section titled “Cookies and Tracking Technologies” below.
When you use our cloud dashboard, we also collect information about your device, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution and general location information such as city or town. We do not collect precise geographical information.
Data we process from our website and interactions
When you visit our website we may collect information automatically using tracking technologies, like cookies, and through web forms where you type in your information. We collect this information to provide you with what you request through the web form, to learn more about who is interested in our Services, and to improve navigation experience on our pages. You can learn more about cookies in the section titled “Cookies and Tracking Technologies” below.
Information You Share Directly
On certain parts of our public-facing websites, you may be able to fill out forms to request contact from us, sign up for newsletters, or participate in surveys. The personal information requested on these forms will vary depending on the purpose of the form. We will ask for information that is necessary to fulfill your request, such as your email address if you want to receive a newsletter or your phone number if you want to be contacted by a member of our Sales team. We may also ask for additional information to better understand our customers, such as your use case for Fishjam, your company name, or your job title. Our Sales team keeps a record of all communication with customers, including contact information and any other details shared during the conversation. This information is used to help us improve our Services, provide training to our team members, and manage our ongoing relationships with customers. It is important to be mindful of what information you share with these teams, as we store a record of these communications. To protect your privacy, it is best to avoid sharing sensitive personal information unless it is necessary for the teams to assist you. We will take appropriate measures to protect any sensitive information that is shared with us.
Information We Collect Automatically
When you visit Fishjam website, including web forms, we and our service providers may collect certain information using tracking technologies such as cookies, web beacons, and similar technologies. This information helps us understand how visitors use our websites, which pages and features are most popular, and how we can improve our websites and track the performance of our advertisements. Tracking technologies also help improve the navigation experience on Fishjam websites. We do not sell this information to third parties. For more information on how we use cookies and other tracking technologies, please see the section titled “Cookies and Tracking Technologies.”
Marketing information
We may use your email address to send you information about other Fishjam Services or events in which we think you may be interested, if you opt-in to receive such communication. You can opt-out at any time through your marketing preferences page by clicking the “unsubscribe” link at the bottom of any marketing email you receive from us. You can also contact our Customer Support team to communicate your choice to opt out. Please note that it may take up to three days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request. You will not be able to opt out of service emails from us, such as password reset emails, billing emails, or notifications of updates to our terms, unless you delete your account.
We may also use publicly-available information about you that we have gathered through services like LinkedIn, or we may obtain information about you or your company from third-party providers. We use this information to help us understand our customer base better, such as your industry, the size of your company, and your company’s website URL.
How Long We Store Your Customer Account Data
Fishjam will store your Customer Account Data as long as needed to provide you with our Services and to operate our business. If you ask Fishjam to delete specific personal information from your Customer Account Data, we will honor this request unless deleting that information prevents us from carrying out necessary business functions, such as billing for our Services, calculating taxes, or carrying out legal obligations.
Data about our customers’ end users
What Customer Usage Data and Customer Content We Process and Why
We use Customer Usage Data and Customer Content to provide Services to you and to carry out necessary functions of our business as a communications service provider. We do not sell your end users’ personal information and we do not share your end users’ information with third parties for those third parties’ own business interests.
End user personal information we process when you, our customer, use our Services generally consists of audio, video, text message, and IP address information. The specific information and other end user personal information we process and the reasons we process it, depends on how you use our Services.
Our Data Processing Addendum describes more about how we process Customer Content in accordance with your instructions. That Data Processing Addendum is a part of your agreement with us by default.
How Long We Store Customer Usage Data and Customer Content
Details regarding how long your end user personal information may be stored on Fishjam systems will depend on which Fishjam Services you are using and how you are using them.
As a Fishjam customer, if the Fishjam product or service you use enables you to store records of your usage on Fishjam, including personal information contained within those records, then Fishjam will retain these records for as long as you instruct, up until termination of your account. Moreover, regardless of how we store your end user personal information, it can be stored separately by our payment processor and in certain cases we may contact the payment processor to obtain such information (e.g. in case of debt recovery activities).
How Fishjam shares personal information
We do not sell your personal information or the personal information of your end users. We also do not allow any personal information to be used by third parties for their own marketing purposes. However, we do need to share personal data in order to provide our Services to you, such as to route a call you send through us or to store data you ask us to store. Below are the different scenarios under which we may share your data with third parties:
| Scenario | Transfer Details |
|---|---|
| Third-party service providers or consultants. | Fishjam engages certain third-party vendors and service providers to carry out certain data processing functions on our behalf. These providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances they will appropriately safeguard the data. |
| Sub-processors. | A sub-processor is a vendor that is permitted to process data for which we are a processor — in other words, Customer Content. We share Customer Content with sub-processors who assist in providing the Fishjam Services, like our infrastructure provider, or as necessary to provide optional functionality like transcriptions. |
| Compliance with Legal Obligations. | We may disclose your or your end users’ personal information to a third party if (i) we reasonably believe that disclosure is compelled by applicable law, regulation, legal process, or a government request (including to meet national security, emergency services, or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our Services, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If we are required by law to disclose any personal information of you or your end user, we will notify you of the disclosure requirement, unless we are prohibited by law. Further, we object to requests we do not believe were issued properly. |
| Business transfers. | If we go through a corporate sale, merger, reorganization, dissolution or similar event, data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. In that situation, and that situation only, we might transfer your data in a way that constitutes a sale under applicable law. If we do, we’ll let you know ahead of time, and we will require any acquirer or successor to continue to process data consistent with this Policy. |
How to make choices about your data
Choices About Your Customer Account Data
Closing Your Account and Deletion. To request closure or deletion of your Fishjam account, you can navigate to your profile upon logging in and press the “Delete account” button. Please be aware that closure or deletion of your Fishjam account will result in you permanently losing access to your account and the data in the account. After closure of your account, certain information associated with your account may remain on our servers in an aggregated form that does not identify you or your end users. Similarly, after you close your account, we will retain data — including personal information — associated with your account that we are required to maintain for legal purposes or for necessary business operations until it’s no longer needed.
Cookies and Tracking Technologies
We may use common information-gathering tools such as cookies, web beacons, pixels and other similar tracking technologies to automatically collect information as you navigate our websites, your account or when you interact with emails we send to you.
Cookies
A cookie is a small piece of data stored on your device when you visit a website. Cookies allow us to identify your device as you navigate our websites or your account. This makes navigating and interacting with our websites or your account more efficient, easy and meaningful for you.
By themselves, cookies do not identify you specifically. Rather, they recognize your web browser. So, unless you identify yourself specifically to us, like signing into your account, we don’t know who you are just because you visited our website. We use persistent cookies. Session cookies are cookies that disappear from your computer or browser when you turn off your computer. Persistent cookies stay on your computer even after you’ve turned it off. These cookies enable core functionality such as security, network management, and accessibility and are necessary for our websites to function properly.
Global Compliance
Our approach to privacy compliance is a global one. No matter where you are located, we remain committed to abiding by all applicable data protection laws.
Regions Requiring a Legal Basis for Processing Personal Information
If you are from a region that requires a legal basis for processing personal data (such as the EEA or the UK), our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person, such as in the case where we request personal information from you in the context of a government audit or in response to a request from law enforcement.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact information provided below.
Broadly speaking, we use Customer Account Data to further our legitimate interests to:
- understand who our customers and potential customers are and their interests in the Services;
- manage our relationship with you and other customers;
- carry out core business operations such as accounting, filing taxes, and fulfilling regulatory obligations; and
- help detect, prevent, or investigate security incidents, fraud and other abuse or misuse of our Services.
United States
California Consumer Access and Deletion Rights
For those customers that would like more information about our use of Customer Account Data or Customer Usage Data, you have the ability to request:
- that we provide details about the categories of personal information that we collect about you, including how we collect and share it;
- that we provide you access to the personal information we collect about you; and
- that we delete the personal information we have about you.
Please be aware that when you ask us for these things, we will take steps to verify that you are authorized to make the request. You must be a resident of California to make this request.
The California Code of Regulations defines a “resident” as:
- every individual who is in the State of California for other than a temporary or transitory purpose and
- every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose
We have collected the following categories of personal information in the past twelve (12) months:
- Identifiers
- geolocation data
- Internet or other similar network activity
Other regions
Some countries, other than the EEA, UK, and United States, also have specific privacy notice requirements, and we address those requirements in our general privacy sections above. If there are specific changes we need to make to our legal language to comply with a country’s privacy or data protection laws, you can find those changes in our data processing addendum.
International data transfers
We may need to transfer your personal information to our affiliates, contractors, service providers, and to third parties in various countries and jurisdictions around the world. In each case, we take care to use appropriate safeguards to ensure your personal information remains protected.
Data transfers to the United States and elsewhere. When you use our cloud dashboard, or our other Services, personal information of you and your end users processed by Fishjam may be transferred to the United States, where our primary processing facilities are located, and possibly to other countries where we or our service providers operate. These transfers will often be made in connection with routing your communications in the most efficient way.
Safeguards for data transfers. Fishjam employs appropriate safeguards for cross-border transfers of personal data, as required by applicable local law. Our Data Processing Addendum, which we provide to all customers, includes more detailed information about our cross-border data transfers.
When transferring personal information outside the EEA, the UK, and Switzerland, we rely on data transfer mechanisms such as the Standard Contractual Clauses.
Transfers from other countries. When we transfer personal information outside countries other than those in the EEA, the UK, and Switzerland, we strive to comply with the cross-border data transfer rules of those countries, such as by cooperating with that country’s data protection authority or providing a written agreement to each customer that meets the data protection requirements of the country.
Security Information
How We Secure Personal Information
We use appropriate security measures designed to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place. When we transfer data across borders, we also take supplementary measures to ensure that data is protected.
Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
To protect the confidentiality of your account and protect against unauthorized use of your account, you must keep your project’s API keys confidential and not disclose them publicly or to unauthorized individuals — this includes accidentally distributing them in a binary or checking them into source control. Please let us know right away if you think your API keys were compromised or misused.
How we use personal information for security purposes
We may collect and use Customer Account Data or Customer Usage Data to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and Services. In addition, we may also use records containing end user personal information to debug, troubleshoot, or investigate security incidents; to detect and prevent spam or fraudulent activity; and to detect and prevent network exploits and abuse. We may anonymize personal information and use it for our legitimate business needs, and, where allowed by law, this may include records containing end user personal information.
Handling disputes
If you have a dispute with us relating to our data protection practices, you can raise your concern or dispute by contacting us via email at legal@swmansion.com.
For individuals in the EEA, the UK, or Switzerland, you have additional rights to make a complaint to a competent data protection authority or commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws.
Changes to our Privacy Policy
We may change this Policy from time to time, and if we do, the most current version will be available on our website with the date at the top indicating when it was last updated.We will comply with applicable law with respect to any changes we make to this Policy and seek your consent to any material changes if this is required by applicable law.