What Information We Collect and How We Collect It
In order to provide our services to you and to ensure that our software and Application operate correctly, we collect various types of information, including information that identifies you or may identify you as an individual (“personal information”). When you use our website, sign up for our services, and use our Application, we collect the following information:Information you provide to us:
- If you use the contact information provided on the iorad.com website to contact us directly, we collect your contact information which includes your email address, name, and reason for contacting iorad.
- When you sign up for a free account we collect your public name, email, and password. When you purchase a plan to use our services and application, we collect your name, email address, billing address, zip code, country, company, payment information when paying by purchase order, and any other information you voluntarily provide to us.
- Internet Protocol Address (“IP address”)
- Usage Data. Information collected automatically through this Application (or third-party services employed in this Application) including the domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
- Your Communications with Us. We may collect information communicated with us when you request information about our Service, or request customer or technical support, or otherwise communicate with us.
- Job Applications. We may post job openings and opportunities on our website. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and use your information to assess your qualifications.
We may receive personal information about you from partners, external organizations, social media websites, and other third-party sources.
How We Use the Information We Collect
We use the information we collect in connection with the services we provide. We use the information we collect to set up User accounts; provide, operate, and maintain services; process and complete transactions; provide customer service and support and respond to inquiries; send communications; prevent fraudulent activity; for registration and authentication purposes; for any other purpose based on our legitimate interest.
We use the information we collect to administer and improve the iorad website and Application.
We use aggregated information that is collected to understand general information and trends related to our website, such as how many Users have visited our website during a given period of time and the types of devices the visitors use. This information cannot be used to identify an individual. We use this information to help improve our website and Application.
- Respond to Inquiries
If you choose to contact us directly using the methods posted on our website (by email, website form, chat bot, postal mail, or voicemail), we will respond to you using the contact information you provided in your inquiry.
- Handling Payments:
We use payment processing services to process payments by credit card, bank transfer or other means. iorad does not process or store your payment information. The transaction occurs directly between you and the payment processing service. Some of these services may also enable the sending of timed messages to the User, such as emails containing invoices or notifications concerning payments.
- Tag Management:
Tag management allows us to manage the tags or scripts needed on the Application in a centralized fashion.
- User Database Management:
This allows us to build user profiles starting with an email address, personal name, or other pieces of information provided by the User, and to track user activities through analytics features. This Personal Data may also be combined with publicly available information about the User (such as social networks' profiles) and used by the Owner to build expanded private profiles, which can be used to display information and improve this Application. Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on this Application.
- Communications and Marketing:
When you sign up for our services or application we use your information to send you communications, including those for marketing purposes. You can opt-out of receiving certain marketing or promotional communications from iorad at any time using the unsubscribe link in the email communications we send.
Who We Share Your Information With
We do not rent, sell or share information about you with other people or non-affiliated companies. We share and disclose information (including personal information) in the following instances:
- Vendors and Service Providers
We share your information with vendors and service providers with whom we engage to perform tasks on our behalf. The vendors and service providers are bound by agreement to not further disclose any personal information. You can find more details about the subprocessors we use here.
- Business transactions
If iorad is acquired or merged with another company, we will transfer collected information to the acquiring company.
- Public or Government Authorities
Under certain circumstances, we may be required to disclose personal information if necessary to comply with a subpoena or court order, to establish or exercise our legal rights or defend against legal claims, or to cooperate with government and/or law enforcement officials.
We share your personal information if you have asked us to do so or have given consent. For example, with your consent, we post User testimonials that may identify you.
We share aggregated information (i.e., information that CANNOT be used to identify an individual) for a variety of reasons, including under the following circumstances:
- To make our product better and foster transparency.
- If iorad is acquired or merged with another company, we will transfer aggregate information to the acquiring company.
- We may share aggregate information if necessary to comply with a subpoena or court order, to establish or exercise our legal rights or defend against legal claims, or to cooperate with government and/or law enforcement officials.
- For any lawful basis.
iorad will retain your data including personal information for as long as required by the purpose for which we collected the data or to the extent required by law.
We take security very seriously.
To help protect the privacy of data and personal information you transmit through use of our website and Application:
- We maintain physical, technical and administrative safeguards that are consistent with industry standards and applicable law.
- We update and test our security technology on an ongoing basis.
- We restrict access to your personal data to employees who need to know that information to provide benefits or services to you.
- We train our employees about the importance of confidentiality and maintaining the privacy and security of your information.
- We conduct background checks on our employees before hiring them.
- We undergo SOC 2 Type II external audits of the effectiveness of our controls for security and confidentiality.
- We use state-of-the-art data centers including Digital Ocean and Amazon Web Services to store the data we collect. Both cloud-based hosting companies maintain ISO/IEC 27001:2013 certifications and undergo SOC 2 Type II external audits of their controls. We understand our responsibilities in our cloud data centers’ shared security models.
- We monitor our systems and threat information services, to evaluate and respond to threats that could impact systems and data.
All data transmitted between visitors to the iorad website and users of the iorad application is encrypted in transit.
Database backups are created and encrypted in transit to storage (TLS) and in storage.
Non-SSO application users register and set their own account passwords. Passwords are stored using a secure cryptographic one-way hash function (10 salt rounds), so no one else, including us at iorad, can read the passwords. We use a trusted library for this functionality . During tutorial capture by users all keystrokes (detected typing actions) in the recording frame are escaped using templates and encrypted. No keystrokes are logged during capture.
Encryption of tutorial data at rest is an option with our Enterprise Plan.
iorad’s technical infrastructure is hosted on SOC2 audited data centers. Physical security controls at these data centers include 24x7 monitoring, cameras, visitor logs, and entry requirements.Access Control
All services related to operations and infrastructure are accessible only through secure connectivity (e.g., SSL, SSH). Privileged systems and accounts require multi-factor authentication. Our back-office, service, and infrastructure password policies require minimum lengths, complexity, and lockout. iorad grants access to personnel on the basis of least privilege rules, reviews permissions quarterly and revokes access immediately after employee termination.Employees and Contractors
iorad employees and contractors undergo national background checks where legal, are required to sign non-disclosure agreements, and complete security training.Vulnerability Management
Systems and Applications undergo regular penetration and vulnerability scanning using updated threat knowledge bases.Incident Management
iorad maintains industry standard security incident response policies and procedures.
Legal Basis For Processing Your Information
If you are a User of the iorad website or Application located in the European Economic Area (EEA), United Kingdom or Switzerland, we rely on the following basis for processing:Consent:
Where we have your consent to do so.Perform Contract:
Where we need the personal information to perform a contract with you.Legitimate interest:
Where the processing is in our legitimate interests, as described in the “How We Use Collected Information” section of this document, and not overridden by your data protection interests or fundamental rights and freedoms.Legal Obligation:
Where we have a legal obligation to collect or retain personal information or need the personal information to protect your vital interests or those of another person(s).
Controller and Processor
Data Storage & Data Transfer
iorad may transfer your personal data to countries other than the one in which you live. To the extent that Personal Data is transferred abroad, iorad will ensure compliance with the requirements of the applicable laws in the respective jurisdiction in line with iorad’s obligations. We will ensure that an adequate level of protection is provided for the information by using industry-standard security practices and standard contractual clauses where required. If we transfer personal information that originates in the EEA, Switzerland, and/or the United Kingdom to a country outside of such regions, we will use commercially reasonable efforts to ensure that: (i) there are appropriate safeguards in place such as binding corporate rules or the approved EU standard contractual clauses between iorad and the recipient; (ii) the transfer is to a country that provides an adequate level of protection under applicable laws; (iii) one of the derogations for specific situations found in applicable law applies to the transfer including explicit consent, where such transfer is necessary for the performance of a contract or exercise, or the defense of legal claims; or (iv) the transfer is otherwise consistent with the requirements of applicable law. By using the website or Service, or by providing any information to us, you expressly consent to such transfer and processing.
To the extent prohibited by applicable law, iorad does not allow use of our Application and Website by anyone younger than 18 years old. If you learn that anyone younger than 18 has unlawfully provided us with personal information, please contact us, and we will take steps to delete such information.
For users under the age of 18, teachers are permitted to create accounts for their students when in accordance with school policies, and only after teacher and/or school has obtained parental consent. It is the teacher and/or school’s responsibility to obtain parental consent.
"Do Not Track"
Do Not Track (“DNT”) is a privacy preference that Users can set in certain web browsers. DNT is a way for Users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
iorad will take reasonable steps to allow you to access, review, update, rectify, or delete any personal data we hold about you. We will uphold these rights even if you are a resident outside of the EEA, United Kingdom or Switzerland.
You have the following data protection rights:
- Right of access
The right to obtain access to your personal data.
- Right to rectification
The right to erase or rectify inaccurate or incomplete data.
- Right to erasure
The right to obtain the deletion and erasure of your personal data in certain circumstances.
- Right to portability
The right to move, copy, or transfer personal data.
- Right to restrict processing
The right to restrict processing of personal data.
- Right to object to processing
The right to object to processing of personal data for certain purposes.
- If you wish to exercise one of these rights, please contact us by using the contact details below. We will ask you to verify your identity before responding to these requests.
- EEA, United Kingdom and Switzerland residents also have the right to lodge a complaint to a data protection authority. For more information, please contact your local data protection authority.
Supplemental Notice to California Residents
This Supplemental California Privacy Notice only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”) and California Privacy Rights Act of 2020 (“CPRA”). The CCPA provides California residents with the right to know what categories of personal information that iorad has collected about them and whether iorad disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months. California residents can find this information below:
|Personal information we collect||CCPA-defined categories||Purposes for which we may collect and use the personal information|
|Contact Data||Identifiers||Operations and Marketing|
|Login Data||Identifiers and Online identifiers||Operations|
|Transaction Data and Business Account Information||Commercial information, Financial information, Identifiers, and Online Identifiers||Operations and Marketing|
|Communications||Identifiers||Operations and Marketing|
|Marketing data and Third Party Advertising Tools||Commercial information, Identifiers, Inferences, Internet or network information, Online identifiers||Operations and Marketing|
|Device data and Online activity data||Inferences, Internet or network information, and Online identifiers||Operations and Marketing|
As described above, please note that we may also disclose personal information to our affiliates and third party service providers, in connection with corporate restructuring, to comply with law, or for compliance, fraud prevention and safety purposes.
Except as excluded above, the CCPA grants California residents the following rights:
- Access. You can request a copy of the personal information that we maintain about you.
- Deletion. You can ask us to delete the personal information that we collected or maintain about you.
Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you. To the extent we collect sensitive personal information, we do so only to determine whether we are able to provide our services or as part of our ongoing services packages. The CPRA allows you to limit the use or disclosure of sensitive personal information beyond what is reasonable and proportionate to the requested goods and services provided by iorad, which you may do by contacting us to make such request. In addition, to the extent applicable under the CPRA: (i) you have the right to opt out of our sale or sharing of personal information; and (ii) if we sell any of your personal information, you have the right, at any time, to tell us not to sell your personal information.
To the extent that the CPRA is applicable to you in respect of your accessing our website, or Application or using our services, you have the right to request that we rectify inaccurate information about you. By visiting your account settings or otherwise contacting us, you can correct and change certain personal information associated with your account.
You are entitled to exercise the rights described above free from discrimination, and to ask someone else to exercise your privacy rights for you as your authorized agent.
The CCPA requires us to verify the identity of the individual submitting a request to access or delete or rectify personal information (or written permission or other proof that you have appointed an agent to serve on your behalf) before providing a substantive response to the request.
Supplemental Notice for Nevada Residents
If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A.
When you sign up for our services or application you acknowledge that iorad can process your Personal Data to send you communications, including those for marketing purposes. You can opt-out of receiving certain marketing or promotional communications from iorad at any time using the unsubscribe link in the email communications we send.
How to Contact Us
1 Canal Street, Unit 1119
Boston, MA 02214