ROBOFLOW, INC.

WEBSITE AND MOBILE APPLICATION
PRIVACY POLICY

Last Modified: March 10, 2023

Roboflow, Inc., its affiliates and subsidiaries (“Company” or “we” or “us” or “our”) respect your privacy and are committed to protecting it through our compliance with this Privacy Policy (the “Policy”). This Policy is meant to help you understand what information we collect when you visit our Websites and Mobile Apps, why we collect it, and how you can access, update, manage, export, and delete your information. By accessing or using the Websites and Mobile Apps, you agree to this Policy. Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it.  All capitalized terms not defined herein will have the meanings ascribed to them in the Website and Mobile Application Terms of Use Agreement.

Throughout this Policy we use the term “Designated Countries” to refer to countries in the European Union (EU), European Economic Area (EEA), United Kingdom (UK), and Switzerland. If you reside in the Designated Countries, you have a number of important rights we want you to be aware of pursuant to the European General Data Protection Regulation (the “GDPR”) and similar laws and regulations. These rights will be indicated by reference to the Designated Countries where applicable.

1. Information we collect from you

Sources of information

This Policy applies to information we collect:

  • On the Websites and Mobile Apps.
  • In any electronic messages between you and the Websites and Mobile Apps.
  • Offline or through any other means, including on any other Websites and Mobile Apps operated by Company or any of our affiliates and subsidiaries.

This Policy does not apply to information collected by:

  • Any third party, including through any application or content (including advertising) that may link to or be accessible from the Websites and Mobile Apps.

What information we collect

We collect information to provide better services to all our users––from remembering user preferences to contacting you regarding services or opportunities that may be of interest to you. The information we collect, and how that information is used, depends on how you use our services.

We may collect and process some or all of the following types of information from you:

  • Information that you provide to us by using the Websites and Mobile Apps, such as uploading User Content, filling in forms or creating an account on the Websites and Mobile Apps. This may include information provided at the time of registering to use the Websites and Mobile Apps or requesting further information or services, such as: Full name, email address, phone number, mailing address, and IP address. We may also ask you for information when you report a problem with the Websites and Mobile Apps.
  • Records and copies of your correspondence (including email addresses), if you contact us.
  • Details of all actions that you carry out through the Websites and Mobile Apps and of the provision of services to you.
  • Details of your visits to the Websites and Mobile Apps including, but not limited to, traffic data, location data, and other communication data.

The provision of your full name, e-mail address, and IP address are required from you if you choose to create an account on our Websites and Mobile Apps. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.

2. How we use your information.

We may use the information that we collect in a variety of ways in providing our service, including:

  • To ensure that content from the Websites and Mobile Apps is presented in the most effective manner for you and for your computer and to understand and analyze your usage trends and preferences, to improve our services, and to develop new products, services, and features
  • To operate, maintain, enhance, and provide all features of our services, to provide our services and information that you request, to respond to your questions, and to provide support to users of our service
  • To notify you about changes to our services and provide you with information that is relevant to your use of the services.
  • To provide you with information, products or services that you request from us or which we feel may interest you. You have the ability to opt-out of receiving promotional communications via the link inside of them or by emailing legal@roboflow.com.
  • We use your data (including your communications) if we think it’s necessary for security purposes or to investigate possible fraud or other violations of our Terms of Use or this Policy and/or attempts to harm other users.

We may occasionally contact you through email, phone, and/or notices posted on our Websites and Mobile Apps. We may send you messages about the availability of our services, security, or other service-related issues. We may also send messages about how to use the services, network updates, and promotional messages from us. You may contact us at any time using our Contact Information below to change your communication preferences. Please be aware that you cannot opt-out of receiving certain service messages from us, including security and legal notices.

3. Lawful bases for processing your information.

You have choices about our use of your information. At any time, you can withdraw consent you have provided by contacting us using our Contact Information below.

We will only collect and process your information where we have lawful bases to do so. Lawful bases include but are not limited to consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you (e.g. to deliver the services you have requested)) and legitimate interests.

If you have any questions about the lawful bases upon which we collect and use your personal data, please contact us using the Contact Information provided below.

4. Sharing your information

We do not share your personal data with advertisers, other companies, or individuals, except in the following cases:

Legal Disclosures

We may need to share your information when we believe it’s required by law or to help protect the rights and safety of you, us, or others. It is possible that we will need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you, (3) investigate and defend ourselves against any third-party claims or allegations, (4) protect the security or integrity of our Service (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of the Company, our users, personnel, or others. We attempt to notify you about legal demands for your personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.

For external processing

We may provide personal and/or usage data to our affiliates and service providers based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures. These parties help us provide the Services or perform business functions on our behalf and include hosting, technology, support, and communication providers.

Merger, acquisition, or sale of assets

If the Company is involved in a merger, acquisition, or sale of assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. We will continue to ensure the confidentiality of your personal data and give affected users notice before personal data is transferred or becomes subject to a different privacy policy.

5. How we store your information

Security

We take industry-standard security measures to ensure that all of your personal data is kept secure, including security measures to prevent personal data from being accidentally lost, used, or accessed in an unauthorized way, for the duration of your use of our services. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Websites and Mobile Apps, therefore any transmission remains at your own risk. Once we have received your information, we will use strict procedures and security features in order to prevent unauthorized access.

Cross-Border Data Transfers

We may store and use your data outside your country. We may process data both inside and outside of the United States and will rely on legally-provided mechanisms to lawfully transfer data across borders. Countries where we process data may have laws which are different, and potentially not as protective, as the laws of your own country. In many cases, we will use European Commission-approved Standard Contractual Clauses as a legal mechanism for data transfers from the Designated Countries. These clauses are contractual commitments between companies transferring personal data, binding them to protect the privacy and security of your data. These clauses are designed to help safeguard your privacy rights and give you remedies in the unlikely event of the misuse of your personal data.

Keeping your information up to date

If your personal information details change, you may contact us to request an update or correction using our Contact Information below. We will endeavor to update your personal data information within thirty (30) days of any new or updated personal data being provided to us, in order to ensure that the information we hold about you is as accurate and up to date as possible.

Where we store your information

The information that we collect from you and process as a result of your use of the services may be transferred to, and stored at, a destination outside the Designated Countries. It may also be processed by our employees operating outside the Designated Countries who work for us. Such employees may be engaged in, among other things, the fulfilment of your orders, the processing of your payment details and the provision of support services. By submitting your personal data and accessing this Websites and Mobile Apps, you agree to this transfer, storing or processing.

How long we keep your information

We retain your information for so long as it needs to be kept for legitimate business or legal purposes. Without limiting the foregoing, at minimum, we retain your data for so long as you are engaged in Active Use, as hereinafter defined, of the Websites and Mobile Apps. For purposes of this Privacy Policy, “Active Use” means either of the following: (1) User logs into the Websites and Mobile Apps within 30 days of their most recent login, or (2) User continues to host their data on Company’s servers. For so long as Active Use definition (2) is true, User will be billed for use of the service provided by the Websites and Mobile Apps. Some data you can delete whenever you like, some data is deleted automatically, and some data we retain for longer periods of time when necessary. We try to ensure that our services protect information from accidental or malicious deletion. Because of this, there may be delays between when you delete something and when copies are deleted from our active and backup systems.

6. Accessing, correcting & deleting your information

You can contact us any time using our Contact Information below to:

  • Request access to information that we have about you
  • Correct any information we have about you
  • Delete any information we have about you
  • Export a copy of any information we have about you if you wish to transfer it to a service outside of the Company.

There are other ways to control the information we collect, including:

Browser settings: For example, you can configure your browser to indicate when we have set a cookie in your browser. You can also configure your browser to block all cookies from a specific domain or all domains. But remember that our services may rely on cookies to function properly, for things like remembering your user preferences.

Your GDPR rights

If you reside in the Designated Countries, you have a number of important rights we want you to be aware of. The rights available to you depend on our reason for processing your information.

  • Access and request copies of the personal data we collect about you
  • Request the correction of any mistakes in your information held by us
  • Request the deletion of your personal data in certain situations and as allowed by law
  • Request transfer of your personal data and receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format
  • Object to processing of personal data concerning you
  • Object to decisions being taken by automated means which produce legal effects concerning or affecting you
  • Object in certain situations to our continued processing of your personal data
  • Otherwise restrict our processing of your personal data in certain circumstances

If you would like to exercise any of these rights, please contact us using our Contact Information below. You may make any requests regarding these rights verbally or in writing. Upon receiving your request, we may request additional information so we are able to identify you and ensure you are the one making the request.

Notice to California Residents

If you are a California resident, California law may provide you with additional rights regarding our use of your personal data. For example, California's "Shine the Light" law (Civil Code Section 1798.83) permits users of our Websites and Mobile Apps that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, under California Civil Code Section 1789.3, you may contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 N. Market Blvd., Suite S-202, Sacramento, California 95834, or by telephone at (800) 952-5210 in order to resolve a complaint or to receive further information. You may have additional rights under the California Consumer Privacy Act of 2018 (CCPA), such as the right to know what personal data is collected about you, the right to request that certain information be corrected or deleted, the right to opt out of the sale of your information (note, the Company does not sell your information), and the right not to be discriminated against. To make any requests pursuant to your California rights, please contact us in writing or by email using our Contact Information below.

7. Third Party Websites

The Websites and Mobile Apps may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and terms of use and that we do not accept any responsibility or liability for these policies and terms of use. Please check the applicable policies before you submit any personal data to such third party websites.

8. Compliance and cooperation with regulators

We regularly review this Policy and make sure that we process your information in ways that comply with it. We hope that we can resolve any question or concern you raise about our use of your information.

When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.

If you reside in the Designated Countries, you may lodge a complaint regarding the processing of your personal data with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

9. Changes to our Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Any changes we may make to our Policy in the future will be notified and made available to you using the Websites and Mobile Apps. Your continued use of the services and the Websites and Mobile Apps shall be deemed your acceptance of the modified Privacy Policy. We always indicate the date the last changes were published and we offer access to archived versions for your review.

10. IP Addresses and cookies

We may collect information about your computer using Google Analytics, including but not limited to your IP address, operating system and browser information, and duration of session for purposes of system administration, customer support and to collect aggregate information for internal reporting purposes. We may also monitor a user’s sessions on our Websites and Mobile Apps to improve our features and identify bugs.

In addition, our Websites and Mobile Apps use cookies. A cookie is a small file of letters and numbers that we put on your computer if you agree. These cookies allow us to distinguish you from other users of the Websites and Mobile Apps, which helps us to provide you with a good experience when you browse our Websites and Mobile Apps and also allows us to improve the Websites and Mobile Apps.

The cookies we use are "analytical" cookies. Some of the common uses for our cookies are as follows:

  • To recognize and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our Websites and Mobile Apps work, for example by ensuring that users are finding what they are looking for easily.
  • To identify and authenticate a user across different pages of our Websites and Mobile Apps, within our own Websites and Mobile Apps, in a session or across different sessions. This is so that the user does not need to provide a password on every page the user visits; and
  • To be able to retrieve a user’s previously stored data, for example, information that the user previously submitted to the Websites and Mobile Apps, so as to facilitate reuse of this information by the user.

11. Contact Information

All questions, comments and requests regarding this Privacy Policy should be addressed to:

  Roboflow, Inc.
  Attn: Privacy Officer
  500 Locust St Des Moines, IA 50309

  Email: legal@roboflow.com