Overview
This section of this Policy applies only to Guests. If you are a Guest located in the European Union, ThymeBase is the data controller with respect to the processing of your personal data pursuant to the GDPR.
We regard your privacy seriously and this Privacy Policy describes the information we collect, how we collect it, how we use it and the circumstances under which we may share it. This Privacy Policy governs your (the “User,” also referred to herein as “you” or “your” or “Customer”) use of the ThymeBase website and service (collectively, the “Service”) operated by ThymeBase (“we,” “our” or “us").
ThymeBase has three different types of Users, depending on how you interact with the Service. It is possible that you may use ThymeBase in different ways. If so, please review all applicable terms.
This section of this Policy applies only to Subscribers. If you are a Subscriber, the “Terms of Service” governs the collection and processing of information collected from you through the Customer’s instance of the Service (e.g. a Customer’s organization account, but for purposes of this Policy referred to as the “Account”), including all associated messages, attachments, files, tasks, events and event names, projects and project names, team names, channels, conversations, and other content submitted through the Service (“User Content”). In the event of a conflict between this Privacy Policy and the Terms of Service, the Terms of Service governs. Because the Customer controls the Account used by Subscribers, if you have any questions about the Customer’s specific Account settings and privacy practices, please contact the Customer whose Account you use. If you are a Subscriber located in the European Union, please note that the Customer is the data controller with respect to the processing of your User Content pursuant to the EU General Data Protection Regulation (“GDPR”). When processing User Content of EU data subjects governed by the Terms of Service, ThymeBase is the data processor, meaning that we collect and process such information solely on behalf of the Customer.
This section explains the information we collect from Subscribers. We do not require Subscribers to provide us with information. However, certain information, such as account log-in data, is required to provide you with access to the Service, and other information may be collected automatically as you use the Service.
This section describes how ThymeBase uses the information we collect from Subscribers.
We may share the information we collect from Subscribers as follows:
We may aggregate and/or de-identify information collected through the Service so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and analytics, and may also share such data with any third parties, including partners, affiliates, services providers, and others.
We may combine the information that we collect through the Service with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy and the Customer Agreement.
We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law, or where the Terms of Service requires or permits specific retention or deletion periods.
Please contact your Account owner(s) or administrator(s) to exercise any data subject rights you have under applicable local laws, including your ability to access, delete, rectify, transfer, or object under the GDPR.
This section of this Policy applies only to Guests. If you are a Guest located in the European Union, ThymeBase is the data controller with respect to the processing of your personal data pursuant to the GDPR.
This section explains the information we collect from Guests. We do not require Guests to provide us with information. However, certain information, such as account log-in data, is required to provide you with access to the Service, and other information may be collected automatically as you use the Service.
This section describes how ThymeBase uses the information we collect from Guests.
If you are located in the EU, please note that the legal bases under the EU General Data Protection Regulation (“GDPR”) for using the information we collect through your use of the Service as a Free User are as follows:
We may share the information we collect from Guests as follows:
We may aggregate and/or de-identify information collected through the Service so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and analytics, and may also share such data with any third parties, including partners, affiliates, services providers, and others.
We may combine the information that we collect through the Service with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy and the Customer Agreement.
We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law, or where the Terms of Service requires or permits specific retention or deletion periods.
Local legal requirements (such as those in the EU) may afford you additional rights. If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us via email at any time at support@thymebase.com. We may request you provide us with information necessary to confirm your identity before responding to your request.
Your local laws (such as those in the EU) may permit you to request that we:
We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation.
Section IV of this Policy applies only to Site Visitors. If you visit the Website, regardless of whether you are also a user of the Service, the following rules apply to you. To eliminate any confusion, please note that the terms in this section apply only to use of ThymeBase’s Websites, not to use of the Service. If you are a Site Visitor located in the European Union, ThymeBase is the data controller with respect to the processing of your personal data pursuant to the EU General Data Protection Regulation (“GDPR”).
This section explains the information we collect from Site Visitors.
If you are located in the EU, please note that the legal bases under the EU General Data Protection Regulation (“GDPR”) for using the information we collect through your use of the Website as a Site Visitor are as follows:
We may aggregate and/or de-identify information collected through the Website so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including without limitation for research and analytics, and may also share such data with any third parties, including partners, affiliates, services providers, and others.
We may combine the information that we collect through the Service with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy and, if you’re a Subscriber or User, in accordance with the Terms of Service.
We may use third-party web analytics services on our Websites to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may opt out of this by clicking here to install the Google Analytics Opt-out Browser Add-on.
The Website may integrate third-party advertising technologies that allow for the delivery of relevant content and advertising on the Websites, as well as on other websites you visit. The ads may be based on various factors such as the content of the page you are visiting, information you enter such as your age and gender, your searches, demographic data, and other information we collect from you. These ads may be based on your current activity or your activity over time and across other websites and online services and may be tailored to your interests.
We also allow other third parties (e.g., ad networks and ad servers such as Google Analytics, DoubleClick and others) to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Websites. We sometimes provide Site Visitor information (such as email addresses) to service providers, who may “match” this information in de-identified form to cookies (or mobile ad identifiers) and other proprietary IDs, in order to provide you with more relevant ads when you visit other websites.
We neither have access to, nor does this Policy govern, the use of cookies or other tracking technologies that may be placed on your device you use to access the Websites by such non-affiliated third parties. If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link, the Digital Advertising Alliance’s Consumer Opt-Out link, or Your Online Choices to opt-out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for display advertising or customize Google display network ads, visit the Google Ads Settings page. We do not control these opt-out links or whether any particular company chooses to participate in these opt-out programs. We are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.
Please note that if you exercise the opt-out choices above, you will still see advertising when you use the Websites, but it will not be tailored to you based on your online behavior over time.
We may share the information we collect from Site Visitors as follows:
We will retain your information for the period necessary to fulfill the purposes outlined in this Policy unless a longer retention period is required or permitted by law.
Local legal requirements (such as those in the EU) may afford you additional rights. If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us via email at any time at support@thymebase.com . We may request you provide us with information necessary to confirm your identity before responding to your request.
Your local laws (such as those in the EU) may permit you to request that we:
We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation.
The Website may contain links to third-party websites and functionalities. If you choose to use these third party services, you may disclose your information not just to those third-parties, but also to their users and the public more generally depending on how their services function. Because these third-party websites and services are not operated by ThymeBase, ThymeBase is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your information will be subject to the privacy policies of the third party websites or services, and not this Policy. We recommend you to read the privacy and security policies of these third-parties.
ThymeBase collects Personal Information in the course of providing the Service to you, including through your voluntary, optional submissions, such as information that you provide to us at the time of registering for the Service, or through your use of the Service. When you register with us for an account, we may collect information such as your name and email address. When you pay for certain features of the Service, we may collect information such as your credit card number, expiration date, billing address, and CVV or security code number. You may also provide Personal Information to us in other ways, such as by requesting user support.
We do not store any of your financial information including billing and credit card information. Your financial information is processed by secure, third party services.
We will never sell nor rent your personal information to any third party. We may use your email address to deliver relevant product information and marketing messages. You may opt-out from receiving these marketing messages by following the instructions provided in the messages to unsubscribe from email communication or by emailing support@thymebase.com . Communication about important notices and updates regarding the Service, such as to inform you about changes in the Service, and important services-related notices, such as about security and fraud are an important part of the Service, and you may not opt out of them.
We reserve the right to use the name and/or logo of the company you work for in publicity material, advertising or marketing collateral, unless you specifically tell us otherwise. Your full name, address details and all other personal information will remain confidential at all times.
The Site uses cookies to store information on your computer which are necessary for the proper operation of our system and help us improve the user experience. By using ThymeBase, you consent to the placement of these cookies. As is true of most websites, we gather certain information automatically and store it in log files. We use this information to help, diagnose problems with our server, and to administer the Site and the Service. We also gather anonymized information from this data to help us improve the Site and Service. This is not linked to any personally identifiable information.
Aggregate Information and Non-Identifying Information. We may use Non-Personal Information that we collect to (a) provide, improve, and develop the Service and otherwise tailor your user experience, (b) prevent or investigate fraudulent or inappropriate usage of our Service, and (c) conduct research and development, and for the other purposes described in this Privacy Policy.
Service Providers. We may employ third-party companies and individuals to facilitate our Site and Service, to provide the Service on our behalf, to perform Site-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Site's features) or to assist us in analyzing how our Site and Service are used. These third parties have access to your personally identifiable information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Compliance with Laws and Law Enforcement. ThymeBase cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of ThymeBase or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.
Account Information. You agree to keep confidential and not to disclose to any other individual or individuals for all time the username and password related to Your ThymeBase account.
In an effort to prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place physical, electronic, and managerial procedures to safeguard and secure the information we collect online. Please be aware, however, that no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure, and thus we cannot ensure or warrant the security of that information. Once we receive personal information, we make reasonable efforts to protect it from unauthorized access, disclosure, alteration, or destruction. But we cannot represent or guarantee that personal information will not be accessed, disclosed, altered, or destroyed.
We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored "personal data" (as defined in applicable state statutes on security breach notification) to you via email or conspicuous posting on the Site in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
You can learn more about ThymeBase’s security here.
The Services are hosted in and provided from the United States. If you use our Services from the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring your personal data to the United States. The United States does not have the same data protection laws as the EU and some other regions. By providing your personal information and by use of the Site and Service, you consent to the transfer of your personal data to the United States and the use of your personal information, in accordance with this policy.
If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns. You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions and special events that might appeal to your interests by contacting us via email at support@thymebase.com . In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and share certain information as permitted by this Policy or as required by applicable law. For example, you may not opt out of certain operational or service-related emails, such as those reflecting our relationship or transactions with you.
The General Data Protection Regulation (“GDPR”) is a European law establishing protections for the personal data of EU residents that came into force on May 25, 2018. Under the GDPR, organizations that collect, maintain, use, or otherwise process EU residents’ personal data (regardless of the organization’s location) must implement certain privacy and security safeguards for that data. ThymeBase has established a GDPR compliance program and is committed to partnering with its customers and vendors on GDPR compliance efforts
California law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined by applicable California law) with third parties for their direct marketing purposes. However, ThymeBase does not share your personal information with third parties for their own direct marketing purposes.
ThymeBase reserves the right to change this Privacy Policy and will post any revisions on the Site or update you by email. We encourage you to review this Privacy Policy regularly for any changes. Your continued use of the Site will be subject to the then-current Privacy Policy. This Privacy Policy was last revised December 18, 2019.
If you have questions or comments regarding this Privacy Policy, please contact us at support@thymebase.com or 2443 Fillmore Street #380-2884 San Francisco CA 94115.
Request an invite to try ThymeBase