Privacy Policy
Spatial Labs Inc. (“Spatial.ai”) values and respects the privacy of users. This Privacy Policy describes how we collect information about locations from public geotagged posts on social media platforms, as well as visitors to our website(s), what information we collect, and how that information may be used and shared.
Information We Collect and How We Collect It
We obtain a variety of public information (collectively the “Information”) from public geotagged posts. We collect this information primarily through APIs, which are interfaces through which these platforms can provide us with information about a location. We collect the following public Information from these platforms:
- Screen name
- User ID
- Business name
- Business address
- Business rating
- Text from posts
- Lat/lon of a geotagged post
- Timestamp from a post
All information must be made public by the individual or business for Spatial.ai to collect it.
How We Use and Share the Information We Collect
Spatial.ai cleans, aggregates, and analyzes the Information collected from posts and provides the Information to our customers. Our customers – a variety of companies and organizations – in turn use the Information for a variety of commercial and research purposes, including retail site selection (for instance, determining where to open a new clothing shop), urban planning (for instance, understanding the interests of a particular community), and market research (for instance, tracking the change in certain types of conversation at a neighborhood level over time).
Sometimes the aggregated Information is used to build models that determine the sales of a product at a given location. For instance, some of our customers may create a “predictive model” to estimate the potential sales of a product in a retail store. Spatial.ai may also use the Information for our internal and operational purposes, such as quality checking, or for our own sales and marketing purposes, and more generally to operate, maintain and improve the services we offer.
Information Collected When You Visit Our Website
We also may collect Information from you when you visit our corporate website (including the website on which this Privacy Policy is posted), such as to express interest in our services or sign up for our newsletters. If you submit personal information to us, such as your name, address, email address, and phone number, we may use this information to market to you – for instance, to send you information about new products and events.
Our Use of Cookies. We (or other companies we work with) may collect or associate Site Data using “cookies.” Cookies are small data files that have unique identifiers and reside, among other places, on your Devices, in emails we send to you, and on the web pages of the Spatial.ai website. Among other things, cookies help us improve and personalize your use of the Spatial.ai website. We may permit certain third parties to place cookies through the Spatial.ai website to provide us with better insights into the use of the Spatial.ai website and user demographics and to provide relevant advertising to you. These third parties may collect information about your online activities over time and across different websites when you use the Spatial.ai website. For example, we utilize Google Analytics to analyze usage patterns for the Spatial.ai website. Google Analytics generates a cookie to capture information about your use of the Spatial.ai website that Google uses to compile reports on website activity for us and to provide other related services. Google may use a portion of your IP address to identify its cookie and for its commercial purposes.
By accessing or using the Spatial.ai website, you consent to the placement of cookies on your browsers and devices and the use of web beacons as described in this Privacy Policy. You may block, delete, or disable cookies to the extent permitted by your browsers, applications, and Devices as described in more detail below. However, if you do so, the performance of certain features of the Spatial.ai website may be limited or not to work at all.
Children's Privacy
Our products are not intended to collect Information from children under the age of 16. If you believe we have collected Information from a person under the age of 16, please contact us at the below contact information.
Information Security
Spatial.ai protects Information in our possession against unauthorized access, disclosure, alteration, or destruction. We regularly review our physical security, storage, and processing to ensure compliance with industry best practices. However, as no physical or technological safeguards are 100 percent secure, we do not guarantee the security of any particular elements of data that we hold.
Information Retention
Information we collect is retained indefinitely provided that we will comply with the opt-out procedures described in CCPA and GDPR regulations.
Hotjar Usage
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
Contact Us
If you have any questions regarding this Privacy Policy, please contact us at lyden@spatial.ai.
Updates to Privacy Policy
This policy was last updated November, 10th, 2020. If we make material changes to this Privacy Policy that may impact you, we will prominently post notice of the change on our website for a period of at least 30 days prior to the change becoming effective. We recommend that you check the Privacy Policy frequently so that you are informed of any changes.
Data Processing Agreement (DPA)
This Data Processing Agreement (“DPA”) governs the Processing of PII by Spatial Labs Inc. on behalf of you, the Customer, in connection with the PersonaLive Terms of Service (available at https://www.spatial.ai/legal/terms) between Spatial Labs Inc. and you, the Customer (also referred to in this DPA as the “Agreement”). This DPA is incorporated into, subject to the terms and conditions of, and forms part of the Agreement. This DPA is entered into as of the date of entering into the Agreement. In case of any conflict or inconsistency with the terms of the Agreement, this DPA will take precedence over the terms of the Agreement to the extent of such conflict or inconsistency. The term of this DPA will follow the term of the Agreement.
Whereas:
Data Controller wishes to engage Data Processor to process Personal Data on its behalf.Data Processor agrees to process Personal Data in accordance with the terms set out in this Agreement.
1. Definitions and Interpretation
“Personal Data” (PII) means any personally identifiable information that would identify an individual. This may mean factors such as or combinations of; first name, last name, email, telephone number, postal address, Zip 11, latitude and longitude.
“Customer Data” means any data associated with a Customer or Customer ID provided by Data Controller.
“Processing” means any operation or set of operations which is performed on Personal Data, encompassing the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction or erasure of Personal Data.
“Data Subject” means the individual to whom Personal Data relates.
“Data Protection Laws” means all applicable legislation relating to data protection and privacy.
“California Personal Information” means Personal Data that is subject to the protection of the CCPA.
"CCPA" means California Civil Code Sec. 1798.100 et seq. (also known as the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 or "CPRA").
"Data Privacy Framework" means the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework self-certification programs (as applicable) operated by the U.S. Department of Commerce; as may be amended, superseded or replaced.
2. Data Processing
The Data Processor agrees to process Personal Data solely for the purpose of segmentation and analytics and only on documented instructions from the Data Controller, unless required by law. The Data Processor shall only Process Data Controller’s Personal Data for the business purpose of matching such data as described in Annex 1 of this Agreement. The Data Processor shall not sell or share Data Controller’s Personal Data or process data for Data Processor’s other customers unless directed to do so in writing by Data Controller. The nature, purpose, and duration of the processing, the types of Personal Data, and categories of Data Subjects are specified in Annex 1 of this Agreement. The Data Processor certifies that it understands and shall abide by these restrictions. In the event that Data Processer is unable to adhere to this Data Processing Agreement, Data Processor shall promptly notify Data Controller in writing.
3. Data Controller Obligations
A. Compliance with laws. Data controller is solely responsible for: accuracy, quality, and legality of customer data and the means by which Data Controller acquires Personal Data. This includes complying with all transparency and lawfulness requirements under applicable Data Protection Laws for use and collection of Personal Data. Data Controller must ensure they have the right to transfer, provide access to, the Personal Data to Data Processor for Processing in accordance with the terms of the Agreement.
B. Controller Instructions. The parties agree that the Agreement (including this DPA), together with your use of Spatial Labs Inc. software in accordance with the Agreement, constitute your complete Instructions to us in relation to the Processing of Personal Data, so long as you may provide additional instructions during the subscription term that are consistent with the Agreement, the nature and lawful use of the Subscription Service.
C. Security. You are responsible for independently determining whether the data security provided for in the Subscription Service adequately meets your obligations under applicable Data Protection Laws. You are also responsible for your secure use of the service, including protecting the security of Personal Data in transit to and from the Subscription Service (including to securely backup or encrypt any such Personal Data).
3. Spatial Labs Inc. (Data Processor) Obligations
A. Deletion of Personal Data. We will delete all Customer Data including PII immediately upon matching to our database.
B. Security. We will implement and maintain appropriate technical and organizational measures to protect Personal Data from Personal Data Breaches. We may modify or update the Security Measures at our discretion provided that such modification or update does not result in a material degradation in the protection offered by the security measures.
C. Confidentiality. We will ensure that any personnel whom we authorize to Process Personal Data on our behalf is subject to appropriate confidentiality obligations (whether a contractual or statutory duty) with respect to that Personal Data.
D. Personal Data Breaches. We will notify you without undue delay after we become aware of any Personal Data Breach.
4. Data Subject Rights
Data Subjects have the right to exercise their rights under applicable Data Protection Laws to have their personal data removed. Data Subjects may exercise their rights on our website under https://www.spatial.ai/legal/opt-out . As such Spatial Labs Inc. will not match any personal data that has been marked with an “opt out” tag in our system or that has been removed.
5. Data Breaches
Data Processor shall notify the Data Controller without undue delay upon becoming aware of a Personal Data breach.
7. Liability
Each party shall be liable for any damages caused by its failure to comply with its obligations to this DPA.
8. Term and Termination
This Agreement is effective as of the Effective Date and shall remain in effect until the termination of the Data Processing Services.
9. Governing Law and Jurisdiction
This Agreement shall be governed by the laws of Ohio.Any disputes arising from this Agreement shall be subject to the jurisdiction of the courts of Cincinnati Ohio.
In Witness Whereof, the parties have executed this Data Processing Agreement as of the Effective Date.
Annex 1: Details of Processing
Data Controller: Data controller may deliver first party information for record appends that could include: Address, Latitude / Longitude, census block group, first name, last name, email, sales, or any other first-party data.
Data Processor: Spatial encrypts these files (SHA256 Hash) and matches them in a hashed state to our internal database. Once the data is matched all encrypted PII is deleted immediately and sent back to the client. Client may download a file that contains: customer ID, match level, segment, segment group.