Stormboard Legal Documents

Privacy Policy

Your privacy is important to us. This Privacy Policy outlines how Stormboard manages and protects your privacy. "We", "our", "us" and "Stormboard" refer to the Alberta, Canada corporation Edistorm Inc.

It is Stormboard’s policy to respect your privacy regarding any information we may collect from you in our online collaborative sticky note and whiteboard software, website at https://stormboard.com/ and associated mobile and desktop applications (the "Service(s)"), and across our website, https://stormboard.com, and other sites we own and operate, and all interactions you have with Stormboard.

By accessing the Service, you accept the terms of this Privacy Policy and consent to our collection, use, disclosure and retention of your information as described herein (including allowing us to contact you), and for all other purposes permitted under applicable personal information privacy statutes, anti-spam legislation, and consumer protection laws.

If you do not agree with any portion of this policy, you are prohibited from using or accessing the Service.

1. About The Customer

A project or instance of the Services in Stormboard is a ("Storm"). For Storms on a personal/free account plan ("Personal Storms"), the creator of the Storm is the Customer and controls that Storm and any associated Customer Data in that Storm.

For Storms on a paid subscription plan ("Team Storms"), the organization (e.g., your employer or another entity or person) that entered the Customer Agreement is the Customer and controls all Storms and any associated Customer Data.

For more information on the relationship between Stormboard and the Customer, please refer to the Customer Agreement.

All individuals that access Stormboard require an account. Individuals granted access to a Storm by a Customer are "Authorized Users". All Authorized Users are bound by our Terms of Service.

2. Information We Collect

Stormboard may collect and receive Customer Data and Other Data (collectively, "Information") in a variety of ways:

Customer Data

Authorized Users submit text, ideas, comments, votes, images, sketches, videos, documents, links, and other content to Storms while using the Service ("Customer Data").

Other Data

Stormboard collects, generates and/or receives Other Data:

Personal Information

Certain visitors to Stormboard’s websites choose to interact with Stormboard in ways that require Stormboard to gather personally-identifying information. The amount and type of information that Stormboard gathers depends on the nature of the interaction. For example, we ask visitors who sign up for our Services to provide a name, username, company name, photo and email address. If you use our social logins to create/login to an account this provides us with limited access to your social media profile.

In addition, Customers that purchase a paid version of the Services provide Stormboard (or its payment processors) with billing details such as credit card information, banking information and/or a billing address and phone number.

Business Data

Business data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, emails, customer support transcripts, interaction with our social media accounts, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our Services.

Log Data

When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details.

Device Data

We may also collect data about the device you’re using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

Third-Party Services

The Customer and/or Authorized Users can enable/disable Third-Party Services to their Services (for example Box or One Drive). Enabled Third-Party Services may share certain information with Stormboard in order to authenticate and facilitate the integration in accordance with our agreement with the Third-Party Provider. Authorized Users should check the privacy settings and notices in Third-Party Services to understand what data may be disclosed. We do not receive or store passwords for any Third-Party Services when connecting them to the Services.

Use of the YouTube integration uses YouTube API Services and is covered by YouTube Terms of Service and Google’s Privacy Policy.

Contact Information

In accordance with the consent process provided by an Authorized User, any contact information that an Authorized User chooses to import (such as an address book from a device) is collected when using the Services.

Third-Party Data

Stormboard may receive data about organizations, industries, website visitors, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partners, or others that we use to make our own information better or more useful. This data may be combined with Other Data we collect and might include aggregate level data.

You are under no obligation to provide any Information. However, certain Information is collected automatically and, without some Information we may be unable to provide the Services.

3. Legal Basis For Processing

We will process your Personal Information lawfully, fairly, and in a transparent manner. We collect and process information about you only where we have legal basis for doing so.

This legal basis depends on the Services you use and how you use them, meaning we collect and use your information only when:

  • it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract (for example, when we provide a service you request from us);

  • it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our Services, and to protect our legal rights and interests;

  • you give us consent to do so for a specific purpose (for example, you might consent to us sending you our newsletter); or

  • we need to process your data to comply with a legal obligation.

Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).

We have appointed EU and UK Representatives under Article 27 of the EU GDPR and UK GDPR, respectively. Our appointed representatives are:

For UK Residents:

Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. You can contact GDPR Local Ltd to register a complaint by using their online request form (https://stormboard.gdprlocal.com/uk) or directly:

Adam Brogden contact@gdprlocal.com 
Tel +44 1772 217800 
1st Floor Front Suite 
27-29 North Street, Brighton 
England 
BN1 1EB 

For EU Residents:

Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. You can contact Instant EU GDPR Representative Ltd to register a complaint by using their online request form (https://stormboard.gdprlocal.com/eu) or directly:

Adam Brogden contact@gdprlocal.com 
Tel +35315549700 
INSTANT EU GDPR REPRESENTATIVE LTD 
Office 2, 
12A Lower Main Street, Lucan Co. Dublin 
K78 X5P8 
Ireland

4. Data Security

Stormboard cares about the security of your Information. We strive to use commercially acceptable means to protect your Information to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification. That said, we advise that no method of transmission over the Internet, or method of electronic storage is 100% secure and we cannot guarantee its absolute security.

5. How We Use Customer Data

The privacy, confidentiality and security of your Customer Data is important to us.

Customer/Authorized Users Access to Customer Data

All Storms are private and available only to Authorized Users that have been specifically invited to them. The Customer or other members of your team do not automatically gain access to all Storms, and that Storm’s Customer Data belonging to your team, and must be invited to each Storm individually. Enterprise Customers have access to additional privacy and Storm access settings to further prevent access to Storms.

The Customer has the right to take any action they deem appropriate including transferring, modifying, and/or deleting a Storm or Customer Data that an Authorized User has contributed.

If the Customer is your employer and/or your Stormboard account is registered using your corporate email domain, that organization has the right to replace you as the Customer. We will provide you with notice should this happen and you agree to take any actions reasonably requested by us or the organization to facilitate the transfer of authority to a new representative.

Stormboard is not responsible for any use, disclosure, modification or deletion of Customer Data by an Authorized User.

If you have any questions about specific Storm settings and privacy practices, please contact the Customer whose Storm you are participating in.

Stormboard Access to Customer Data

All Stormboard employees are required to have a background check, sign confidentiality agreements and are specifically trained to respect the privacy and confidentiality of your Customer Data.

Stormboard will not use, modify, delete or view your Storms without an explicit invite from you or one of your Authorized Users. This is most often done to assist with a technical support issue or by our customer success team in helping you use Stormboard better. After these sessions, we remove ourselves from the Storm and to regain access requires a new invite.

Stormboard will use and process the Customer Data to provide the Services. Customer Data will be used by Stormboard in accordance with the Customer’s instructions, including any applicable terms in the Terms of Use, Customer Terms of Service and Customer’s use of Services, and as required by applicable law.

Stormboard is a processor of Customer Data and the Customer is the controller. The Customer may, for example, use the Services to grant and remove access to a Storm, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services.

6. How We Use Other Data

We may collect, hold, use and disclose information for the following purposes, and Personal Information will not be further processed in a manner that is incompatible with these purposes:

  • To provide you with our Services;

  • To enable us to update, improve and maintain our Services to make them as useful as possible;

  • To enable us to prevent, investigate, secure and protect our Services;

  • To process any transactional or ongoing payments;

  • For internal record keeping and administrative purposes;

  • For analytics, market research and business development, including to operate and improve our Services;

  • To run competitions and/or offer additional benefits to you;

  • For advertising and marketing, including to send you promotional information about our products and Services and information about third parties that we consider may be of interest to you;

  • To comply with our legal obligations and resolve any disputes that we may have.

  • Some communications from Stormboard are optional and you can change your notification settings at any time.

  • Some communications you cannot opt out of as they are considered part of the Services:

  • Technical, account and administrative emails.

  • Responding to your inquiries (e.g. incoming customer service requests).

  • Billing (e.g. receipts and credit card date expiry), account management emails (e.g. password change requests).

7. Disclosure of Personal Information

Stormboard may provide Personal Information to Third-Parties and vendors that act as agents, business partners, consultants, and contractors to perform tasks on behalf of and under our instructions such as technical support, client education, billing, analytics, and communication.

We may disclose Personal Information to:

  • Third party service providers to enable them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;

  • Our employees, contractors and/or related entities;

  • The organization related to your corporate email domain for the purposes of corporate procurement and usage analysis.

  • Courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;

  • Third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you; and

  • Third parties to collect and process data.

8. International Transfers of Personal Information

The Personal Information we collect is stored and processed in United States and Canada, or where we or our partners, affiliates and third-party providers maintain facilities. By providing us with your Personal Information, you consent to the disclosure to these third parties.

We will ensure that any transfer of Personal Information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.

Where we transfer Personal Information from a non-EEA country to another country, you acknowledge that third parties in other jurisdictions may not be subject to similar data protection laws to the ones in our jurisdiction. There are risks if any such third party engages in any act or practice that would contravene the data privacy laws in our jurisdiction and this might mean that you will not be able to seek redress under our jurisdiction’s privacy laws.

9. Your Rights and Controlling Your Personal Information

Choice and consent: By providing Personal Information to us, you consent to us collecting, holding, using and disclosing your Personal Information in accordance with this Privacy Policy.

Our Services are not directed to children, and you may not use our services if you are under the age of 13. You must also be old enough to consent to the processing of your Personal Information in your country (in some countries we may allow your parent or guardian to do so on your behalf.)

We do not knowingly collect personal information from children under 13. If you become aware that anyone younger than 13 has unlawfully provided us with Personal Information, please contact us and we will take steps to delete such information

You do not have to provide Personal Information to us, however, if you do not, it may affect your use of this website or the products and/or Services offered on or through it.

Information from third parties: If we receive Personal Information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing Personal Information about somebody else, you represent and warrant that you have such person’s consent to provide the Personal Information to us.

Restrict: You may choose to restrict the collection or use of your Personal Information. If you have previously agreed to us using your Personal Information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your Personal Information, we will let you know how the restriction affects your use of our Services.

Access and data portability: You may request details of the Personal Information that we hold about you. You may request a copy of the Personal Information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may request that we erase the Personal Information we hold about you at any time. You may also request that we transfer this Personal Information to another third party.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.

Notification of data breaches: In the event that any Customer Data or Personal Information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us at security@stormboard.com and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please change your notification settings or opt-out using the opt-out facilities provided in the communication.

Delete your Account: Deleting your account will remove your Personal Information from the Service but will not delete the Customer Data you contributed as it is controlled by the Customer. All Customer Data you contributed will be attributed to an anonymous user without any relation to your Personal Information. You will not be able to access your original Storms or Customer Data, even if you create a new account.

10. Information Storage

Customer Data

Stormboard will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. Depending on the Services plan, the Customer may be able to customize its retention settings and apply those customized settings at the Team level, Storm level, or other level.

The deletion of Customer Data and other use of the Services by the Customer may result in the deletion and/or de-identification of certain associated Information.

Other Data

Stormboard may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Information after you have deactivated your account for the period of time needed for Stormboard to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

11. Cookies

We use cookies to help improve your Stormboard experience. This cookie policy covers the use of cookies between your device and our Service. We also provide basic information on third-party services we may use, who may also use cookies as part of their service, though they are not covered by our policy.

What is a cookie?

A cookie is a small piece of data that a website stores on your device when you visit, typically containing information about the website itself, a unique identifier that allows the website to recognize your web browser when you return, additional data that serves the purpose of the cookie, and the lifespan of the cookie itself.

Cookies are used to enable certain features (e.g. logging in), to track site usage (e.g. analytics), to store your user settings (e.g. time zone, notification preferences), and to personalize your content (e.g. advertising, language).

Cookies set by the website you are visiting are normally referred to as "first-party cookies", and typically only track your activity on that site. Cookies set by other sites and companies (ie. third parties) are called "third-party cookies", and can be used to track you on other websites that use the same third-party service.

Types of cookies and how we use them:

Essential Cookies

Essential cookies are crucial to your experience of a website, enabling core features like user logins, account management, and payment processing. We use essential cookies to enable certain functions on our website.

Performance Cookies

Performance cookies are used in the tracking of how you use a website during your visit, without collecting Personal Information about you. Typically, this information is anonymous and aggregated with information tracked across all website users, to help us understand visitor usage patterns, identify and diagnose problems or errors that users may encounter, and make better strategic decisions in improving the audience’s overall website experience. These cookies may be set by the website you’re visiting (first-party) or by third-party services. We use performance cookies on our website.

Functionality Cookies

Functionality cookies are used in collecting information about your device and any settings you may configure on the website you’re visiting (like language and time zone settings). With this information, we can provide you with customized, enhanced, or optimized content and services. These cookies may be set by the website you’re visiting (first-party) or by third-party service. We use functionality cookies for selected features on our site.

Targeting/Advertising Cookies

Targeting/advertising cookies are used in determining what promotional content is more relevant and appropriate to you and your interests. We may use them to deliver targeted advertising or to limit the number of times you see an advertisement. This helps us improve the effectiveness of the campaigns and the quality of content presented to you. These cookies may be set by us (first-party) or by third-party services. Targeting/advertising cookies set by third-parties may be used to track you on other websites that use the same third-party service. We use targeting/advertising cookies on our site.

Third-Party Cookies On Our Site

We may employ third-party companies and individuals on our websites. For example, analytics providers and content partners. We grant these third parties access to select information to perform specific tasks on our behalf. They may also set third-party cookies to deliver the services they are providing. Third-party cookies can be used to track you on other websites that use the same third-party service. As we have no control over third-party cookies, they are not covered by Stormboard's cookie policy.

Our Third-Party Privacy Promise

We review the privacy policies of all our third-party providers before enlisting their services to ensure their practices align with ours. We will never knowingly include third-party services that compromise or violate the privacy of our users.

How You Can Control or Opt Out of Cookies

If you don’t wish to accept cookies from us, you should instruct your browser to refuse cookies from https://stormboard.com, with the understanding that we may be unable to provide you with some of your desired content and Services. Most browsers are configured to accept cookies by default, but you can update these settings to either refuse cookies altogether, or to notify you when a website is trying to set or update a cookie. If you browse websites from multiple devices, you may need to update your settings on each individual device.

12. Business Transfers

If Stormboard engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Stormboard’s assets or stock or a similar transaction, or steps in contemplation of such activities (e.g. due diligence), some or all Information may be shared or transferred, subject to standard confidentiality arrangements.

13. Identifying the Data Controller and Processor

Data protection law in certain jurisdictions differentiates between the "controller" and "processor" of information. In general, the Customer is the controller of Customer Data. In general, Stormboard is the processor of Customer Data and the controller of Other Data.

Edistorm Inc. (operating as Stormboard), a Canadian company based in Edmonton, Alberta, Canada is the controller of Other Data and a processor of Customer Data relating to Authorized Users who use Storms established for Customers.

To Contact Stormboard’s Data Controller email: privacy@stormboard.com

To Contact Stormboard’s Data Protection Officer email: privacy@stormboard.com

14. Limits Of Our Policy

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

15. Changes to This Policy

At our discretion, we may change our Privacy Policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. If you disagree with the privacy policy, you should discontinue use of the Service. Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around privacy and Personal Information.

16. Contacting Stormboard

If you have any questions about the Privacy Policy, please contact us.

Stormboard
Suite 2020, Tower 1

10060 Jasper Avenue NW

Edmonton, Alberta T5J3R8

legal@stormboard.com

This Privacy Policy is effective as of August 31`, 2022.

Recent Changes:

  • May 6, 2022: Updated GDPR Article 27 Authorized Representatives

  • August 6, 2020: Added to Third-Party Services: Links to YouTube and Google privacy policies.

  • August 31, 2022: Updated Stormboard address


Stormboard is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at support@stormboard.com