Privacy Policy
Last updated: May 22, 2024
INTRODUCTION
This Privacy Policy relates to Journey Mobile, Inc. and its affiliates (“JourneyApps” or “us” or “we” or “our”). It describes how we treat the personal information we collect and process when:
- someone (a “Visitor”) visits our one of our website properties (www.powersync.com or www.journeyapps.com) (“Website”);
- one of our customers (a “Customer”) or one of our business partners, suppliers, subcontractors or independent contractors (a “Supplier”) enters into a written agreement with us; or
- a Customer, or a Customer’s authorized users (a “User”) uses our hosted PowerSync product (“PowerSync Cloud”) and its ancillary components and services (collectively, our “Product”), or uses any application developed by a Customer that utilizes PowerSync Cloud (an “Application”, and collectively with the Website and Product, the “Services”) or otherwise uses a product or service provided by us.
- a Supplier provides a product or service to us.
Where another written agreement between us and a Visitor, Customer, Supplier or a User exists, and the terms of that other agreement conflict with the terms of this Privacy Policy, the terms of that other agreement shall prevail, unless applicable laws require otherwise. If you are a User using the Application of a Customer, please consult the applicable agreement between you and our Customer (such as an end-user license agreement) to ensure you understand your rights and obligations.
The purpose and scope of this policy
We respect data privacy rights and take the protection of data seriously. The purpose of this Privacy Policy is to be transparent about the way we collect, store, use, and protect personal information of Visitors, Customers, Suppliers and Users, collectively referred to as “data subjects”. We implement business practices that comply with applicable data protection laws, including the General Data Protection Regulation ((EU) 2016/679) ("GDPR") (collectively "Applicable Law"). This Policy applies to all processing of personal information of data subjects.
In general, we receive and collect all information you provide via the Services, including through website input fields (including advertisements), phone, email (including email campaigns), web chat, or other such ways.
• First and last name
• Postal address
• Telephone number
• Email address
• Unique identifiers, such as usernames and passwords
• Other similar identifiers
• Service providers
• Service providers / third-party vendors
• Partners you authorize, access, or authenticate
• ZIP code
• Service providers
• JourneyApps’ affiliated entities, partners, etc.
• Other independent third-party sources
• Service providers / third-party vendors
• Partners you authorize, access, or authenticate
• Records of products or services sold, used, or purchased
• Service providers
• Service providers / third-party vendors
• IP address
• Device ID
• Browser type
• Type of device
• Information regarding your interaction with the Services or any advertisement
• Information collected automatically through cookies and similar technology, device type, domain names, and access time/logs
• Service providers
• Service providers / third-party vendors
• IP address-based location information
• Service providers
• Service providers / third-party vendors
• Web page interactions
• Referring web page / source through which you accessed the Services
• Statistics associated with the interaction between device or browser and the Services
• Service providers
• Service providers / third-party vendors
• Employer
• Job title
• Service providers
• Service providers / third-party vendors
• Partners you authorize, access, or authenticate
• Payment card type
• Last 4 digits of payment card and expiration date
• Billing address
• Service providers
• Service providers / third-party vendors
• Partners you authorize, access, or authenticate
• Publicly displayed contact information and social media username / ID associated with your social media accounts
• Data, information, or materials accessible through your social media
• Service providers
• Other independent third-party sources
• Service providers / third-party vendors
• Profiles reflecting user attributes
• Profiles reflecting user behavior
• Service providers
• Other independent third-party sources
• Service providers / third-party vendors
• Identifying information in emails, texts, letters, or other communications you send us
• Identifying information you post to blogs, competitions, live chats, forums, or message boards
• Service providers
• Other independent third-party sources
• Service providers / third-party vendors
You have the choice on what information to share. You can choose not to provide information to us, but in general, some information about you is required in order for you to access certain functionalities of the Services.
We also may periodically obtain information about you from affiliated entities, partners and other independent third-party sources and will add it to our database of information, including any information that you provide to third parties that are associated or whose products and/or services are integrated with the Services. For one example, we may receive information about your interaction with advertisements on third party websites and use this information to update demographic information.
How we collect your personal information
We collect data, which may include personal information of individuals, in one of four ways:
- Through our Website, when a Visitor, Customer or User enquires about our products and services by providing their details and requesting that we contact them;
- Through our Product, when Customers sign up to use the Product, request support from our support desk or otherwise use our or other third-party software to interact with us in terms of the agreement between us and a Customer;
- Through Applications developed by our Customers that utilize our hosted Product (PowerSync Cloud), when Users use an Application to capture personal information in terms of an agreement between us and a Customer; or
- Through other means, including email and electronic signature software, when we collect the personal information of Customers and Suppliers as part of the execution and administration of the terms under which we provide our products and services (in the case of Customers) or under which we procure products and services (in the case of Suppliers).
Data collected through our Websites
When an individual clicks on “Contact Us” or otherwise completes a form which requests that they provide personal information, we collect certain personal information such as their full name, phone number, email address, company name (if applicable) and online identifier information.
Data collected through our Product and customer support and interaction channels
When an individual signs up to use our Product, we collect certain personal information, including their name, email address and online identifier.
We use a number of channels to provide professional services and technical support to Customers and to contact Customers with important information regarding the Product and Customers’ Applications.
Data collected through Customers’ Application
Our Product is used by Customers in the development and operation of custom software applications. The personal information collected using the Application through PowerSync Cloud (if applicable for Customer’s deployment of the Services) varies depending on the Application’s purpose and the Customer’s specific implementation.
Data collected through cookies
We may use cookies, log files, device identifiers, advertising identifiers, and similar tracking technologies, including those from third-party service providers like Plausible Analytics, Google Analytics, Google Tag Manager, HubSpot, and other cloud-based tools, to automatically collect your preferences, performance data, and information about your web usage when you visit the Services. For example, we may collect your IP address, device and Internet service provider information, Web browser details and the address of any referring website. We may also collect information about your online activity, such as pages viewed and interactions with other users. This may include collecting geolocation signals from your IP address or device settings to determine your location. By collecting and using this information, we may operate and personalize the Services for you, including to provide more relevant ads and search results. For more information on how we use cookies, please see the “Cookies” section below.
The Services are not designed to recognize or respond to “do not track” signals received from browsers. You can control the information collected by such tracking technologies or be alerted when cookies are sent by adjusting the settings on your Internet browser or devices, but such adjustments may affect or disable certain functionality of the Services. You can learn more about Google Analytics and your options for opting out of interest-based Google ads at https://adssettings.google.com. You can learn more about targeted ads and your ability to opt out of receiving interest-based ads at optout.aboutads.info and www.networkadvertising.org/choices.
Data collected by other means to execute and administer Customer and Supplier agreements
When a Customer enters into an agreement for the use of our Product and the provision of related services, we collect information such as the Customer name, place of incorporation and physical and postal address, which are required in order to properly execute a legally binding agreement between us and the Customer. We also collect billing and shipping information, such as the email address of invoice recipients and the shipping address where our Product and services will be used, which we need to collect services fees and comply with sales tax legislation.
When a Supplier enters into an agreement with us to provide us with products and/or services, we may collect information about the Supplier required to administer our agreement with the Supplier, including but not limited to the Supplier’s name, place of incorporation, physical and postal address, tax information and banking information.
How we use your personal information
We process your personal information with your consent or as needed to provide you the Services. We may also use your personal information to comply with legal obligations, operate our business, protect the vital interests of you, our customers, or the public, or for other legitimate interests of JourneyApps as described in this Privacy Policy.
More specifically, we may use your personal information to:
- optimize and improve the Services and the content and functionalities with respect thereto;
- measure engagement with the Services to understand how you and other users interact with and use the Services and other resources JourneyApps provides;
- respond to support needs, inquiries and communications;
- service and comply with the contractual relationships with our Customers, including responding to pre-contractual queries, registration for our technology products and related services, administering our contract with our Customers, billing and collections, ongoing Customer relationship management and direct marketing;
- generate business analysis, statistics, product development, internal operational requirements, testing, legal requirements and compliance;
- administer our agreement with the Supplier, pay the Supplier’s fees and comply with tax legislation and other regulatory reporting requirements;
- process transactions and fulfill requests (financial or payment information, such as credit card information or bank details are not shared with third parties except to the extent necessary to process such transactions and provide the Services);
- collect statistics about the behavior of Visitors to the Website and Users’ use of our Product and Customers’ Applications. We may display this information, in aggregate, publicly or provide it to others;
- send periodic communications; and
- carry out other legitimate business purposes, as well as other lawful purposes.
The personal information of Users that we process on behalf of our Customers who use PowerSync Cloud will depend on our Customers’ requirements and we do not control these requirements.
We have no obligation to maintain or monitor any data entered by a User using an Application on PowerSync Cloud or the Customer’s account on our Product.
Like most software companies, we collect non-personally-identifying data of the sort that web browsers, platforms and software applications and servers typically make available, such as the browser type, language preference, referring website or application, and the date and time of each visitor request. Our purpose in collecting non-personally identifying data is to better understand how our Visitors, Customers and Users use our Website, our Product and Applications and to tailor the information provided to Visitors and Customers based on their location, in order to make that information more relevant. From time to time, we may release non-personally-identifying data in the aggregate, e.g., by publishing a report on trends in the usage of our products and services.
We also collect potentially personally-identifying data like Internet Protocol (IP) addresses. We do not use such information to identify Visitors or Users, and we do not disclose such information, other than under the same circumstances that we use and disclose personal information as described in this Privacy Policy.
Certain Visitors to our Website and Users using our support and interaction channels choose to interact with us in ways that require us to gather personal information. The amount and type of data that we gather depend on the nature of the interaction. For example, we ask Users who sign up to use our Product to provide data such as their name, email address, Customer name and contact details. In each case, we collect such data only insofar as is necessary or appropriate to fulfill the purpose of the User’s interaction with us, as determined by an agreement between us and a Customer. We do not disclose personally-identifying information other than as described in this Privacy Policy. Users can refuse to provide certain personally-identifying data, and although we make every attempt to accommodate such a request, such a refusal may prevent them from being able to use our Product or an Application.
Note that if our Customer uses PowerSync Cloud to process personal information for their own direct marketing purposes within their Application, our Customer is obligated to ensure compliance with Applicable Laws.
Legal basis for using your personal information
Our basis for collecting and processing personal information is one of the following:
- Our contract with a Customer or Supplier: for example, when we process personal information to respond to a Customer request to enter into an agreement with us, or when processing personal information for billing purposes or any other purpose relating to the technology products and related services we provide to Customers in terms of our agreement with them, or when Suppliers provide products and services to us;
- Our legitimate interest: for example, when we conduct direct marketing to a Visitor, User or Customer or process personal information for our internal statistical or research purposes;
- Legal or compliance requirements: for example, when we process personal information for a purpose required in law or when we liaise with authorities, or for reviewing our security practices.
When we process personal information on behalf of our Customers, such Customer is responsible for determining the legal basis for processing. This may include that the Customer may require consent from a User before processing the information or sharing it with us for purposes of processing in terms of our agreement with the Customer.
Sharing your personal information with third parties
We do not sell personal information. We disclose personal information to employees, contractors, affiliated organizations and business partners in terms of this policy. When we share personal information it is only on a need-to-know basis and subject to contract regulating the use of the personal information by the recipient. We may share personal information as follows:
- with regulators or similar bodies if required by any governmental regulatory authorities or similar bodies in terms of applicable law. We may also share it with law enforcement agencies if required by law;
- with employees, service providers and contractors who provide services to us under contract;
- with external professional service providers such as auditors and attorneys for purposes relating to our business operations;
- in response to subpoenas, court orders, or other legal processes; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases we reserve the right to raise or waive any legal objection or right available to us;
- when we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, interests, or safety of our company or the Services, our Customers, or others; or in connection with our agreements;
- with any third party in connection with and as a result of a sale, acquisition, merger, reorganization or other transfer (a “Transfer”) involving JourneyApps. JourneyApps specifically reserves the right to transfer personal information to a third party in connection with a Transfer. Should such a Transfer occur, we will request that the new combined entity follow this Privacy Policy with respect to your personal information, as and to the extent required by applicable law, and to require that you receive prior notice if your personal information could be used contrary to this Privacy Policy.
Personal Information You Post in Public Areas
When you post a message in a JourneyApps/PowerSync review, customer feedback, or public online forum, the information you post may be accessible to other users of the Services and the public. If you post personal information anywhere on the Services that is accessible to other users or the public, you are advised that such personal information can be read, collected, used, or disseminated by others and could be used to send you unsolicited information or for other purposes. Accordingly, you assume full risk and responsibility for posting such information and agree that JourneyApps is not responsible in any way for personal information you choose to post in these public areas.
Aggregated Information
We may publish, share, distribute, or disclose personal information that has been aggregated with information from other users or otherwise de-identified data in a manner that does not allow third parties, including JourneyApps partners, sponsors, and advisers, to de-aggregate the data and identify it as originating from you. Such information may help JourneyApps identify and analyze training, demographic, and psychographic trends and information, and report to third parties how many people saw, visited, or clicked on certain content, areas of the Services, ads, or other materials. We may also use such data for research purposes and optimizing the Services’ functionality.
Your rights in respect of your personal information
To the extent provided by the law of your jurisdiction, you may:
- Have the right to access certain personal information we maintain about you and request details about how we process it;
- Request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes;
- Request that we update or correct inaccuracies regarding your personal information;
- Object to our use of your personal information;
- Ask us to block or delete your personal information from our database;
- Request to download the information you have shared on the Services; and
- Confirm whether JourneyApps stores your data in certain locations.
You may make these requests and any other inquiries about this Privacy Policy by emailing dpo@journeyapps.com. Any such requests are subject to the protection of other individuals’ rights and applicable law. Additionally, to help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information. To the extent permitted by applicable law, a charge may apply before we provide you with a copy of any of your personal information that we maintain.
Note that where we process personal information on behalf of our Customers, these rights must be applied against the Customer. We will reasonably cooperate with our Customer on any request relating to these rights.
Retaining your personal information
We will retain your information as long as necessary for the purposes outlined in this Privacy Policy, in a manner consistent with our internal retention policies, and for a commercially reasonable time thereafter for backup, archival, fraud prevention or detection or audit purposes. We will retain your personal information consistent with the original purpose of collection or as long as necessary to comply with our legal obligations; maintain accurate accounting, financial and other operational records; resolve disputes; and enforce our agreements. We will never retain your information for a period longer than permitted by Applicable Law.
We determine the appropriate retention period for personal information on the basis of: the amount, nature, and sensitivity of the personal information being processed; the potential risk of harm from unauthorized use or disclosure of the personal information; whether we can achieve the purposes of the processing through other means; and on the basis of applicable legal requirements.
After expiration of the applicable retention periods, your personal information will be deleted.
We may keep personal information indefinitely in an aggregated or de-identified format for statistical purposes, which may include for example statistics of how data subjects use our services.
Security of your personal information
We are committed to take reasonable steps to keep your personal information safe and secured, and we implement appropriate technical and other security measures to protect the integrity and confidentiality of your personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of processing, in accordance with applicable law.
We employ administrative, physical, and electronic measures designed to protect the personal information we store and process.
For PowerSync Cloud, we use industry-standard technological means to protect personal information while in transit through the internet and when stored on our servers. We use encryption and a comprehensive authentication protocol to provide reasonable security. However, please remember that no security system on the internet is perfect.
When you access the Product using a username and password, please ensure that you always keep these safe and confidential and never share it with any third party. We will never ask you for your password. If someone contacts you, claiming to represent JourneyApps or PowerSync and requests your information, it is always best to request that you contact that person by first getting in touch with JourneyApps through a known and published communication channel such as our support desk, or email address and confirming that person’s identity.
We will report any security breach in terms of Applicable Laws to the applicable regulatory authority and to the data subjects whose personal information is involved in the breach, unless you are a User. If you are a User and your personal information is affected by a security breach, we will inform our Customer about the breach.
We rely on Google’s, AWS’ and HubSpot’s security programs to protect personal information while stored in their respective controlled facilities. For more information on AWS’ security practices and processes, please see https://aws.amazon.com/security/. For more information on HubSpot’s security practices and processes, please see https://legal.hubspot.com/security. For more information on Google’s security practices and processes, please see https://safety.google/security-privacy/.
JourneyApps currently uses Stripe for payment services. Stripe collects identifying information about the devices that connect to each of their services. Stripe uses this information to operate and improve the services they provide to JourneyApps, including for fraud detection. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy. As with all third-party providers, JourneyApps is not a party to any agreement between you and Stripe and does not control Stripe’s privacy and data security policies. JourneyApps reserves the right to change payment processors at any time.
If you want to report any concerns about our privacy practices or if you suspect any breach regarding your personal information, please notify us by sending an email to dpo@journeyapps.com.
Cookies
Cookies, also known as tracking cookies or browser cookies, and similar technologies such as web beacons, clear GIFs, pixel tags, and JavaScript (collectively, “Cookies”) are small pieces of data, usually text files, placed on a computer, tablet, phone, or similar device when you use that device to access the Services. We use the following types of Cookies:
- Essential Cookies. Essential Cookies are necessary for providing you with services and features that you requested. For example, these Cookies allow you to log into and stay logged into secure areas of the Services, save language preferences, and more. These Cookies are required to make the Services available to you, so they cannot be disabled.
- Functional Cookies. Functional Cookies are utilized to record your choices and settings, maintain your preferences over time, and recognize you when you return to our Services. These Cookies help us personalize our content for you, greet you by name, and remember your preferences. Some examples include your ability to comment on a blog, facilitate web chat services, update user preferences, and more.
- Performance/Analytical Cookies. Performance/Analytical Cookies allow us to understand how visitors (like you) use our Services. These Cookies accomplish this by collecting information about the number of visitors to the Services, what pages visitors view the most, and how long visitors view specific pages. These Cookies also help us measure and manage the performance of our advertising campaigns in order to help us improve the campaigns and the Services’ content. For example, Google uses cookies in connection with its Google Analytics services. Google’s ability to use and share information collected by Google Analytics about your visits to the Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt-out of Google’s use of Cookies by visiting the Google advertising opt-out page at http://www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.
You have the option to decide through your internet browser’s settings whether or not to accept Cookies. Most browsers allow users to choose whether to turn off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the browser) allow you to toggle whether to accept each new Cookie. You can also clear all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit the Services and some functionalities may not work. If applicable, you can also manage your cookie settings by selecting "Cookies settings" in the cookie banner that appears when you first visit our website.
To explore what Cookie settings are available to you, look in the “settings”, “preferences” or “options” section of your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies generally, please visit http://www.allaboutcookies.org/.
Limitation of liability
We exercise reasonable efforts to safeguard the security and confidentiality of your personal information; however, transmissions protected by industry standard technology and administered by humans cannot be guaranteed to be secure in all circumstances. We will not be liable for unauthorized disclosure of personal information that occurs through no fault of JourneyApps including, but not limited to, errors in transmission, uses of your data by a third party, and your failure to comply with your security obligations.
Links to other websites and software services
This policy addresses only the use and disclosure of information that we collect from you through the Website and your use of the Product or an Application, through our interaction with you or from interaction with our business partners. Our Website and Product may contain links to other websites and software services. The fact that we link to a website or another software service is not an endorsement, authorization or representation of our affiliation with that third party. We do not exercise control over third party websites or software services. These other websites and software services may place their own cookies or other files on your computer, collect data, or solicit personal information from you. They follow their own rules regarding the use or disclosure of the personal information you submit to them. We recommend that you read the privacy policies or statements of these other websites and software services, if applicable.
Children’s and your sensitive personal information
We do not collect personal information from children under the age of 18. If you believe that a child has provided us with personal information without the consent of his or her parent or guardian, please contact us immediately at dpo@journeyapps.com. If we become aware that a child under age 18 has provided us with personal information, we will delete such data.
We do not intentionally collect sensitive or special personal information.
Where we process children’s or sensitive/special personal information on behalf of a Customer, the Customer is responsible to ensure lawful processing and to obtain consents where required.
Cross-border transfers of your personal information
As part of providing PowerSync Cloud, we make use of third party service providers as sub-processors and may transfer data cross border if our service provider conducts business in another jurisdiction. We only use reputable sub-processors who maintain rigorous security standards.
Any personal information transferred cross border will only be transferred in terms of an agreement requiring the recipient of the data to comply with all applicable requirements in respect of data privacy, and/or the recipient is subject to a law or binding corporate rules which provide an adequate level of protection that effectively upholds principles for reasonable processing of the information and includes provisions relating to the further transfer of personal information from the recipient to third parties who are in a foreign country.
Dispute resolution and complaints
If you have any concerns or claims with respect to our Privacy Policy, please contact our Data Protection Officer/Information Officer at dpo@journeyapps.com. We will investigate and attempt to resolve any complaints and disputes regarding our use and disclosure of personal information.
In terms of applicable laws, you may have the right to formally lodge a complaint about how we handle your personal information with your relevant regulatory authority in terms of the applicable law that applies to you.
- If the GDPR applies to you, you may lodge a complaint with the European Commission by using the European Commission online complaint procedure or writing to the European Commission, Secretary-General B-1049 Brussels, BELGIUM, or sending a fax to +32 229 64 335.
California Resident Privacy Rights. California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please e-mail us at dpo@journeyapps.com.
Updates to this Privacy Policy
This Privacy Policy may be updated from time to time in order to reflect changes in our practices. We will notify you of any material changes by posting the new Privacy Policy on our Website, and we will obtain the necessary consents as may be required under Applicable Laws if we seek to collect, use or disclose personal information for purposes other than those disclosed initially or for which consent has been obtained.
Except as stated above, all changes will apply to the personal information that has already been collected, and to personal information that is collected after the effective date of the revised Privacy Policy. If any proposed change is unacceptable to you, you will have the right to ask for the deletion of your personal information. You are advised to consult this Privacy Policy regularly for any changes.
How to contact us
If you have any questions, comments, concerns, complaints or claims with respect to our Website or Product, if your Product account has been compromised by a hacker or scammer, if you find that certain content displayed on the Website, the Product is inappropriate or prohibited by these terms, or if you have any other concern, please contact us by email at dpo@journeyapps.com. We will investigate and attempt to resolve the matter.
