Updated March 11, 2021
We may change provisions of this Policy from time to time and will indicate when changes have been made by revising the date at the top of this Policy. We encourage you to review the Policy whenever you access the Services to make sure that you understand our practices. If we make material changes to this Policy, we will provide you with additional notice.
Data Protection Across the Globe
Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply common protections described in this policy. These protections align with well-known standards such as ISO 27001:2017 and others.
Information that We Collect
Information that you provide to us: We may collect information that you provide when using our Services, such as when you: (1) create an account; (2) subscribe to our Services; (3) participate in events or promotions; (4) send questions or comments via email; (5) interact with our sales or customer support team; (6) apply for a job with us online; (7) fill out surveys; or (8) otherwise communicate with us through or about our Services. The types of personal information that you provide may include your name, email address, telephone number, mailing address, credit card information, and other contact or identifying information that you choose to provide. We store, process, and maintain files and content that you create and/or upload using our Services, as well as other data related to your account in order to provide the Services to you.
We use a third-party merchant service provider for credit card processing and they do not store any credit card information we receive except as necessary to complete and satisfy our rights and obligations with regard to such transaction, billing arrangement, and/or as otherwise authorized by you.
Information about use of our Services: Our servers automatically collect usage information about your use of the Services, including the webpages visited, number of log-ins, data displayed or clicked on, actions taken, your language preference, and other login information. We may collect automated error reports in the case of software malfunctions, which may contain some or all of the information in your account and content and may be reviewed to help resolve problems with the Services.
If you participate in a video conference with us, we may record the session and retain the recordings. We will notify you first that the session is being recorded so that you can choose not to participate. If you participate in a training or product course, we collect completion data.
We collect information from the device and application you use to access our Services. Device data mainly means your IP address, operating system version, device type, device ID/MAC address, system and performance information, and browser type. If you are on a mobile device we also collect the UUID for that device.
We use a variety of technologies to collect this information, such as first party and third-party cookies and tracking services that employ cookies and page tags (also known as web beacons). This data includes usage and user statistics. Emails sent by Agency or by users through our Services also include page tags that allow the sender to collect information about who opened those emails and clicked on links in them. We provide more information on cookies below and in the footer of our Site to see the Cookie Notice.
Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type and timestamps.
If you arrive at Agency from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
Information from third-parties and integration partners: We may obtain personal information from third-parties and combine such information with the information that we collect through our Services and such information may be used for the purposes described in the “How We Use the Information We Collect” section below. For example:
- You give permission to those third-parties to share your information with us or where you have made that information publicly available online.
- You create or log into your account through a third-party social networking site or one of our integration partners, we will have access to certain information from that service such as your name and account information.
- If you purchase our Services, we may receive information from our third-party payment processors.
- We may collect information from unaffiliated third-parties so that we can better understand you and provide you with information and offers that may interest you.
How We Use the Information We Collect
Use of Information: We may use the personal information collected through our Services to:
- Operate and improve our Services;
- Send you advertising or promotional materials;
- Provide and deliver the Services or other services you request, process transactions, and send you related information;
- Send you technical notices, updates, security alerts, and support and administrative messages;
- Respond to your comments, questions, and requests and provide you with requested customer support;
- Monitor and evaluate trends, usage, and activities in connection with our Services;
- Secure our systems, prevent fraud, and help us to protect the security of your account;
- Prevent, detect, and investigate potentially prohibited or illegal activities and to enforce our terms and policies;
- Personalize and improve the Services, and provide content, communications, or features that match users interests; and
- Link or combine with other information we obtain from third-parties to help understand your needs and provide you with better service.
Information we may share: We will never “sell” your personal information (as that term is defined in the California Consumer Privacy Act). However, we may share your personal information with third-parties as follows:
- Service Providers: We use other companies, agents, or contractors to perform services on our behalf or to assist us with the provision of services to you. For example, we engage service providers to provide marketing, advertising, communications, security, payment processing, infrastructure and IT services, to customize, personalize, and optimize our Services, to process payment transactions, to provide customer service, and to analyze and enhance data. While providing such services, these service providers may have access to your personal information. These service providers have agreed to maintain the confidentiality, security, and integrity of the personal information that they obtain from us and we do not authorize them to use or disclose your personal information except in connection with providing their services.
- With Your Consent: We may share your personal information when we have your consent.
Where We Store Your Personal Data
Data Storage: All data that you provide to use through our Services is stored on Kajabi’s and our merchant service providers’ secure servers located in the U.S. Any payment transactions will be encrypted using SSL technology; all payment data is stored by our payment processors and is never stored on our servers. Where we have given you (or where you have chosen) a password that enables you to access your account and the Services, you are responsible for keeping this password confidential. We recommend that you not share your password and that you change it frequently.
Data Security: Agency takes reasonable measures to protect your personal information and your content from loss, misuse, and unauthorized access, disclosure, modification, and destruction and to ensure that your content remains protected and available to you. Unfortunately, the transmission of data via the internet is not completely secure and although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted through the Services. All transmissions are at your own risk. Further information is provided in our Security Statement. Contact [email protected] to receive a copy.
Data Retention: Agency stores the information we collect for as long as necessary for the purpose for which it was originally collected and in compliance with our legal obligations. The retention periods applied by Agency comply with applicable legislation then in effect, namely:
- For data relating to your account, such data will not be retained beyond your request that your account be deleted.
- For transactional data relating to your purchases, such data is kept for the entire period of our contractual relationship, then in accordance with legal obligations and applicable statute of limitations periods. Please note that this data does not include payment card information, which is processed by our third-party merchant service payment processors and not Agency.
- For data collected based on your consent to receive marketing communications, we will use the data until you withdraw your consent or applicable law requires that such data is no longer used.
- For data collected in connection with your requests or questions, such data is kept for the period necessary to process and reply to your request or question.
- When cookies or other trackers are placed on your computer, they may be retained for a period of 12 months.
We may retain certain information for legitimate business purposes or as required by law.
Children Age 16 and Under
Agency’s Services is not directed at children under the age of 16 and we never knowingly collect personal information from children. We recognize the special obligation to protect personally identifiable information obtained from children age 13 and under. IF YOU ARE 16 YEARS OLD OR YOUNGER, THE COMPANY REQUESTS THAT YOU NOT SUBMIT ANY PERSONALLY IDENTIFIABLE INFORMATION TO THE SITE OR TO AGENCY. If we discover that a child age 16 or younger has signed up for our Services or provided us with personally identifiable information, we will delete that child’s identifiable information from our records.
Agency nonetheless encourages parents to go online with their kids. Here are a few tips to help make a child’s online experience safer:
- Teach kids never to give personal information, unless supervised by a parent or responsible adult. Includes name, address, phone, school, etc.
- Know the sites your kids are visiting and which sites are appropriate.
- Look for Website privacy policies. Know how your child’s information is treated.
- Check out the FTC’s site for more tips on protecting children's privacy online.
How We Use “Cookies” and Other Tracking Technologies
Your Choices and Rights
You have several options with respect to your personal information, as follows:
- You may terminate your use of the Services at any time. However, please note that Agency may still process your personal information as a service provider to our customers if your personal data.
- If you have created an account, you may at any time access, edit, or delete your personal information. Please note that even if you delete information from your account, or deactivate your account, we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of your information for a certain period of time.
- You may opt out of receiving promotional emails, text messages, or mail from Agency by visiting your user settings via the “Edit Your Preferences” or “Completely Unsubscribe” link in any promotional email. If you opt out, we may still send you transactional or relationship messages, such as emails about your account or updates to our Services.
- If you do not have a user account and wish to delete your email address or other personal information that you might have provided through your use of our Services and/or any other services, please email us at: [email protected] with the words “Delete My Information” in the subject line.
We do not knowingly permit the use of malware, spyware, viruses, and/or other similar types of software.
Links to External Sites
Data Posted on Forums
Agency users may have the ability to post content to one or more Agency community forums. You should be aware that when you voluntarily disclose personal information in any forum, that information can be collected and used by others and may result in unsolicited messages from other people. You are responsible for the personal information you choose to submit in these instances. Please take care when using these features. You may request and obtain removal of such posted content by contacting us at [email protected] and specifically identifying the content to be removed. Please be advised that any such removal does not ensure complete or comprehensive removal of all traces of the content posted on the Agency forums.
Transfer of Information Across National Borders:
For users located outside the jurisdiction of the United States, Agency operates and processes data in the United States. Information we collect from you will be processed in the United States, and by using this website you acknowledge and consent to the processing of your data in the United States. The United States has not received a finding of “adequacy” from the European Union under Article 41 of the GDPR. We collect and transfer to the U.S. personal data only with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of ours in a manner that does not outweigh your rights and freedoms. When we transfer your personal information to other countries, we will protect that data as described in this Policy or in our agreement with you and take steps, where necessary, to ensure that international transfers comply with applicable laws.
Residents of the European Economic Area
We provide the representations and information in this section in compliance with European privacy laws, in particular the European General Data Protection Regulation (GDPR). If you are a visitor from the European Territories (including the European Economic Area, Switzerland, and the United Kingdom), our legal basis for collecting and using the personal data described above will depend on the personal information concerned and the specific context in which we collect it.
We will normally collect personal data from you where the processing is in our legitimate interests. In some cases we may collect and process personal data based on consent.
EU data subjects have certain rights with respect to your personal data that we collect and process. We respond to all requests we receive from individuals in the EEA wishing to exercise their data protection rights in accordance with applicable data protection laws.
- Access, Correction or Deletion. You may request access to, correction of, or deletion of your personal data. You can often go directly into the Service under Account Settings to take these actions.
- Objection. You may object to processing of your personal data where we are relying on a legitimate interest (or those of a third-party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes and may do so using the options provided in this Policy. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Restriction. You have the right to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Portability. You have the right to request the transfer of your personal data to you or to a third-party. We will provide to you, or a third-party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw Consent. If we have collected and processed your personal data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- File a complaint. You have the right to file a complaint with a supervisory authority about our collection and processing of your personal data. To file a request or act on one of your rights, please contact us at the contact details provided below. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
General Data Protection Regulation (GDPR) - European Representative: You can contact us regarding matters pertaining to the GDPR by sending an email to firstname.lastname@example.org. If you are a resident of the European Economic Area and have a data privacy concern that we are unable to resolve, you have the right to file a complaint/inquiry with the data privacy authority where you reside. For contact details of your local Data Protection Authority, please see: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Do Not Track Disclosure
Regulatory agencies such as the U.S. Federal Trade Commission have promoted the concept of Do Not Track as a mechanism to permit Internet users to control online tracking activity across websites through their browser settings. Since no industry standard has been adopted, we currently do not process or comply with any web browser’s “do-not-track” signal or other similar mechanism that indicates a request to disable online tracking of individual users who visit the Agency website or use our Services.
Contact Information for Complaints or Concerns
Your Acceptance of These Terms
California Supplemental Privacy Notice
THIS SUPPLEMENT IS FOR CALIFORNIA RESIDENTS ONLY
What is the CCPA?
The CCPA is a California law that provides California residents certain rights to their personal information.
California residents, called “consumers” in the CCPA, have the following rights:
- The right to request that we disclose certain information to you about our collection and use of personal information over the past 12 months.
- The right to request that we delete any of your personal information that we collect from you and retained, subject to certain exceptions.
- The right to opt-out of the sale of personal information by us.
- The right not to receive discriminatory treatment by us for exercising the privacy rights conferred by the CCPA.
We will explain more about how to exercise these rights below.
When we talk about “personal information” under the CCPA, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to, directly or indirectly, a particular consumer or household. Personal information does not include publicly available information or information that is deidentified or aggregate consumer information. The CCPA does not apply to personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994. It also doesn’t apply to health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.
Scope of the California Privacy Notice.
Agency offers its services to be used by its customers and most of the personal information we process is done at their direction. This California Privacy Notice only describes our processing activities for data that we own and control. If you are a California resident interacting with our site as a subscriber to one of our customers’ businesses, all of your data is owned by such customer(s) and we recommend you contact them about their practices under the CCPA.
This California Privacy Notice does not apply to personal information we collect from employees or job applicants in their capacity as employees or job applicants. It also does not apply to personal information we collect from employees, owners, directors, officers, or contractors of businesses in the course of our provision or receipt of business-related services. Therefore, any responses pursuant to the CCPA may exclude those categories of personal information.
Information We Have Collected About Consumers in the Preceding 12 Months.
All of the categories of personal information we collect about you (as detailed below) come from the following categories of sources:
- You, including through your use of our services and product;
- Automatically collected from you; and
- Third-parties, such as when you give permission to social networks to share your information with us or where you have made your personal information publicly available online.
The following chart sets out the CCPA categories of personal information we have collected from consumers within the last twelve (12) months.
Categories of Personal Information We Collect
Categories of Third-Parties with Which We May Share that Information
Identifiers (such as name, address, email address)
Commercial Information (such as transaction data)
Financial Data (such as billing information)
Internet or Other Network or Device Activity (such as browsing history or app usage)
Location Information (e.g. inferred from your IP address)
Professional or Employment-Related Data (such as the name of your employer)
Legally Protected Classifications (such as gender and marital status)
Other Information that Identifies or Can Be Reasonably Associated with You
The Purposes for Which Personal Information is Collected.
We may collect the personal information we collect for one or more of the following business purposes:
- Providing our services (for example, account servicing and maintenance, customer service, advertising and marketing, analytics, and communication about our services);
- For our operational purposes, and the operational purposes of our service providers and integration partners;
- Improving our existing product and services and developing new products and services (e.g., by conducting research to develop new products or features);
- Detecting, protecting against, and prosecuting security incidents and fraudulent or illegal activity;
- Bug detection, error reporting, and activities to maintain the quality or safety of our services;
- Auditing consumer interactions on our site (for example, measuring ad impressions);
- Short-term, transient use, such as customizing content that we or our service providers display on the product;
- Other uses that advance our commercial or economic interests, such as third-party advertising and communicating with you about relevant offers from third-party partners;
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Agency's business or assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Agency is among the assets transferred; and
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
Sale of Your Personal Information.
The CCPA defines a “sale” of personal information as the disclosure, sharing, or making available of a consumer’s personal information by a business to another business or third-party for monetary or other valuable consideration. It is not a sale if a consumer uses or directs the business to intentionally disclose personal information or uses the business to intentionally interact with a third-party. Agency does not monetize your personal information. We share certain information about your device and interaction with our digital properties to enhance your experience with us and to engage in the legitimate business purpose of advertising and marketing.
Exercising Your California Privacy Rights.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. Agents must submit proof that they have been authorized by the consumer to act on their behalf. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We verify requests by sending a confirmation email to the requestor and by matching the identifying information provided by the consumer to the personal information already maintained by us. We cannot respond to your request or provide you with personal information if we cannot: (i) verify your identity or authority to make the request; and (ii) confirm the personal information relates to you. If we are unable to verify the identity of a consumer to a sufficient degree of certainty, we will deny the request and explain the reason for the denial.
If you would like further information regarding your legal rights under applicable law or would like to exercise any of them, please contact us via [email protected].
You may only make a verifiable request for access or data portability twice within a 12-month period. California residents may exercise their California privacy rights by submitting your request to [email protected].
If you wish to exercise any of these rights and do not have an account with us, please contact us via: [email protected] and we will request additional information to perform identity verification where possible.
Other California Privacy Rights.
In addition to the CCPA, the California Civil Code permits California residents with whom we have an established business relationship to request that we provide you with a list of certain categories of personal information that we have disclosed to third-parties for their direct marketing purposes during the preceding calendar year. To make such a request, please contact us at [email protected] and mention that you are making a “California Shine the Light” inquiry.