Information We Collect and How We Collect It
We obtain a variety of public information (collectively the “Information”) from public geotagged posts. We collect this information primarily through APIs, which are interfaces through which these platforms can provide us with information about a location. We collect the following public Information from these platforms:
- Screen name
- User ID
- Business name
- Business address
- Business rating
- Text from posts
- Lat/lon of a geotagged post
- Timestamp from a post
All information must be made public by the individual or business for Spatial.ai to collect it.
How We Use and Share the Information We Collect
Spatial.ai cleans, aggregates, and analyzes the Information collected from posts and provides the Information to our customers. Our customers – a variety of companies and organizations – in turn use the Information for a variety of commercial and research purposes, including retail site selection (for instance, determining where to open a new clothing shop), urban planning (for instance, understanding the interests of a particular community), and market research (for instance, tracking the change in certain types of conversation at a neighborhood level over time).
Sometimes the aggregated Information is used to build models that determine the sales of a product at a given location. For instance, some of our customers may create a “predictive model” to estimate the potential sales of a product in a retail store. Spatial.ai may also use the Information for our internal and operational purposes, such as quality checking, or for our own sales and marketing purposes, and more generally to operate, maintain and improve the services we offer.
Information Collected When You Visit Our Website
Our products are not intended to collect Information from children under the age of 16. If you believe we have collected Information from a person under the age of 16, please contact us at the below contact information.
Spatial.ai protects Information in our possession against unauthorized access, disclosure, alteration, or destruction. We regularly review our physical security, storage, and processing to ensure compliance with industry best practices. However, as no physical or technological safeguards are 100 percent secure, we do not guarantee the security of any particular elements of data that we hold.
Information we collect is retained indefinitely provided that we will comply with the opt-out procedures described in CCPA and GDPR regulations.
Data Processing Agreement (DPA)
This Data Processing Agreement (“DPA”) governs the Processing of PII by Spatial Labs Inc. on behalf of you, the Customer, in connection with the PersonaLive Terms of Service (available at https://www.spatial.ai/legal/terms) between Spatial Labs Inc. and you, the Customer (also referred to in this DPA as the “Agreement”). This DPA is incorporated into, subject to the terms and conditions of, and forms part of the Agreement. This DPA is entered into as of the date of entering into the Agreement. In case of any conflict or inconsistency with the terms of the Agreement, this DPA will take precedence over the terms of the Agreement to the extent of such conflict or inconsistency. The term of this DPA will follow the term of the Agreement.
Data Controller wishes to engage Data Processor to process Personal Data on its behalf.Data Processor agrees to process Personal Data in accordance with the terms set out in this Agreement.
1. Definitions and Interpretation
“Personal Data” (PII) means any personally identifiable information that would identify an individual. This may mean factors such as or combinations of; first name, last name, email, telephone number, postal address, Zip 11, latitude and longitude.
“Customer Data” means any data associated with a Customer or Customer ID provided by Data Controller.
“Processing” means any operation or set of operations which is performed on Personal Data, encompassing the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction or erasure of Personal Data.
“Data Subject” means the individual to whom Personal Data relates.
“Data Protection Laws” means all applicable legislation relating to data protection and privacy.
“California Personal Information” means Personal Data that is subject to the protection of the CCPA.
"CCPA" means California Civil Code Sec. 1798.100 et seq. (also known as the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 or "CPRA").
"Data Privacy Framework" means the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework self-certification programs (as applicable) operated by the U.S. Department of Commerce; as may be amended, superseded or replaced.
2. Data Processing
The Data Processor agrees to process Personal Data solely for the purpose of segmentation and analytics and only on documented instructions from the Data Controller, unless required by law. The Data Processor shall only Process Data Controller’s Personal Data for the business purpose of matching such data as described in Annex 1 of this Agreement. The Data Processor shall not sell or share Data Controller’s Personal Data or process data for Data Processor’s other customers unless directed to do so in writing by Data Controller. The nature, purpose, and duration of the processing, the types of Personal Data, and categories of Data Subjects are specified in Annex 1 of this Agreement. The Data Processor certifies that it understands and shall abide by these restrictions. In the event that Data Processer is unable to adhere to this Data Processing Agreement, Data Processor shall promptly notify Data Controller in writing.
3. Data Controller Obligations
A. Compliance with laws. Data controller is solely responsible for: accuracy, quality, and legality of customer data and the means by which Data Controller acquires Personal Data. This includes complying with all transparency and lawfulness requirements under applicable Data Protection Laws for use and collection of Personal Data. Data Controller must ensure they have the right to transfer, provide access to, the Personal Data to Data Processor for Processing in accordance with the terms of the Agreement.
B. Controller Instructions. The parties agree that the Agreement (including this DPA), together with your use of Spatial Labs Inc. software in accordance with the Agreement, constitute your complete Instructions to us in relation to the Processing of Personal Data, so long as you may provide additional instructions during the subscription term that are consistent with the Agreement, the nature and lawful use of the Subscription Service.
C. Security. You are responsible for independently determining whether the data security provided for in the Subscription Service adequately meets your obligations under applicable Data Protection Laws. You are also responsible for your secure use of the service, including protecting the security of Personal Data in transit to and from the Subscription Service (including to securely backup or encrypt any such Personal Data).
3. Spatial Labs Inc. (Data Processor) Obligations
A. Deletion of Personal Data. We will delete all Customer Data including PII immediately upon matching to our database.
B. Security. We will implement and maintain appropriate technical and organizational measures to protect Personal Data from Personal Data Breaches. We may modify or update the Security Measures at our discretion provided that such modification or update does not result in a material degradation in the protection offered by the security measures.
C. Confidentiality. We will ensure that any personnel whom we authorize to Process Personal Data on our behalf is subject to appropriate confidentiality obligations (whether a contractual or statutory duty) with respect to that Personal Data.
D. Personal Data Breaches. We will notify you without undue delay after we become aware of any Personal Data Breach.
4. Data Subject Rights
Data Subjects have the right to exercise their rights under applicable Data Protection Laws to have their personal data removed. Data Subjects may exercise their rights on our website under https://www.spatial.ai/legal/opt-out . As such Spatial Labs Inc. will not match any personal data that has been marked with an “opt out” tag in our system or that has been removed.
5. Data Breaches
Data Processor shall notify the Data Controller without undue delay upon becoming aware of a Personal Data breach.
Each party shall be liable for any damages caused by its failure to comply with its obligations to this DPA.
8. Term and Termination
This Agreement is effective as of the Effective Date and shall remain in effect until the termination of the Data Processing Services.
9. Governing Law and Jurisdiction
This Agreement shall be governed by the laws of Ohio.Any disputes arising from this Agreement shall be subject to the jurisdiction of the courts of Cincinnati Ohio.
In Witness Whereof, the parties have executed this Data Processing Agreement as of the Effective Date.
Annex 1: Details of Processing
Data Controller: Data controller may deliver first party information for record appends that could include: Address, Latitude / Longitude, census block group, first name, last name, email, sales, or any other first-party data.
Data Processor: Spatial encrypts these files (SHA256 Hash) and matches them in a hashed state to our internal database. Once the data is matched all encrypted PII is deleted immediately and sent back to the client. Client may download a file that contains: customer ID, match level, segment, segment group.