What Information We Collect and How We Collect It
In order to provide our services to you and to ensure that our software and Application operate correctly, we collect various types of information, including information that identifies you or may identify you as an individual (“personal information”). When you use our website, sign up for our services, and use our Application, we collect the following information:Information you provide to us:
- If you use the contact information provided on the iorad.com website to contact us directly, we collect your contact information which includes your email address, name, and reason for contacting iorad.
- When you sign up for a free account we collect your public name, email, and password. When you purchase a plan to use our services and application, we collect your name, email address, billing address, zip code, country, company, payment information when paying by purchase order, and any other information you voluntarily provide to us.
- Internet Protocol Address (“IP address”).
- Usage Data: Information collected automatically through this Application (or third-party services employed in this Application) including the domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
We may receive personal information about you from partners, external organizations, social media websites, and other third-party sources.
How We Use the Information We Collect
We use the information we collect in connection with the services we provide. We use the information we collect to set up User accounts; provide, operate, and maintain services; process and complete transactions; provide customer service and support and respond to inquiries; send communications; prevent fraudulent activity; for registration and authentication purposes; for any other purpose based on our legitimate interest.
We use the information we collect to administer and improve the iorad website and Application.
We use aggregated information that is collected to understand general information and trends related to our website, such as how many Users have visited our website during a given period of time and the types of devices the visitors use. This information cannot be used to identify an individual. We use this information to help improve our website and Application.
- Respond to Inquiries.
If you choose to contact us directly using the methods posted on our website (by email, website form, chat bot, postal mail, or voicemail), we will respond to you using the contact information you provided in your inquiry.
- Handling Payments:
We use payment processing services to process payments by credit card, bank transfer or other means. iorad does not process or store your payment information. The transaction occurs directly between you and the payment processing service. Some of these services may also enable the sending of timed messages to the User, such as emails containing invoices or notifications concerning payments.
- Tag Management:
Tag management allows us to manage the tags or scripts needed on the Application in a centralized fashion.
- User Database Management:
This allows us to build user profiles starting with an email address, personal name, or other pieces of information provided by the User, and to track user activities through analytics features. This Personal Data may also be combined with publicly available information about the User (such as social networks' profiles) and used by the Owner to build expanded private profiles, which can be used to display information and improve this Application. Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on this Application.
- Communications and Marketing:
When you sign up for our services or application we use your information to send you communications, including those for marketing purposes. You can opt-out of receiving certain marketing or promotional communications from iorad at any time using the unsubscribe link in the email communications we send.
Who We Share Your Information With
We do not rent, sell or share information about you with other people or non-affiliated companies. We share and disclose information (including personal information) in the following instances:
- Vendors and Service Providers.
We share your information with vendors and service providers with whom we engage to perform tasks on our behalf. The vendors and service providers are bound by agreement to not further disclose any personal information. You can find more details about the subprocessors we use here.
- Business transactions.
If iorad is acquired or merged with another company, we will transfer collected information to the acquiring company.
- Public or Government Authorities.
Under certain circumstances, we may be required to disclose personal information if necessary to comply with a subpoena or court order, to establish or exercise our legal rights or defend against legal claims, or to cooperate with government and/or law enforcement officials.
We share your personal information if you have asked us to do so or have given consent. For example, with your consent, we post User testimonials that may identify you.
We share aggregated information (i.e., information that CANNOT be used to identify an individual) for a variety of reasons, including under the following circumstances:
- To make our product better and foster transparency.
- If iorad is acquired or merged with another company, we will transfer aggregate information to the acquiring company.
- We may share aggregate information if necessary to comply with a subpoena or court order, to establish or exercise our legal rights or defend against legal claims, or to cooperate with government and/or law enforcement officials.
- For any lawful basis.
iorad will retain your data including personal information for as long as required by the purpose for which we collected the data or to the extent required by law.
We take security very seriously.
To help protect the privacy of data and personal information you transmit through use of our website and Application:
- We maintain physical, technical and administrative safeguards that are consistent with industry standards and applicable law.
- We update and test our security technology on an ongoing basis.
- We restrict access to your personal data to employees who need to know that information to provide benefits or services to you.
- We train our employees about the importance of confidentiality and maintaining the privacy and security of your information.
- We conduct background checks on our employees before hiring them.
- We undergo SOC 2 Type II external audits of the effectiveness of our controls for security and confidentiality.
- We use state-of-the-art data centers including Digital Ocean and Amazon Web Services to store the data we collect. Both cloud-based hosting companies maintain ISO/IEC 27001:2013 certifications and undergo SOC 2 Type II external audits of their controls. We understand our responsibilities in our cloud data centers’ shared security models.
- We monitor our systems and threat information services, to evaluate and respond to threats that could impact systems and data.
All data transmitted between visitors to the iorad website and users of the iorad application is encrypted in transit.
Database backups are made daily and are encrypted in transit to storage (TLS) and in storage.
Non-SSO application users register and set their own account passwords. Passwords are stored using a secure cryptographic one-way hash function (10 salt rounds), so no one else, including us at iorad, can read the passwords. We use a trusted library for this functionality . During tutorial capture by users all keystrokes (detected typing actions) in the recording frame are escaped using templates and encrypted. No keystrokes are logged during capture.
Encryption of tutorial data at rest is an option with our Enterprise Plan.
iorad’s technical infrastructure is hosted on SOC2 audited data centers. Physical security controls at these data centers include 24x7 monitoring, cameras, visitor logs, and entry requirements.Access Control
All services related to operations and infrastructure are accessible only through secure connectivity (e.g., SSL, SSH). Privileged systems and accounts require multi-factor authentication. Our back-office, service, and infrastructure password policies require minimum lengths, complexity, and lockout. iorad grants access to personnel on the basis of least privilege rules, reviews permissions quarterly and revokes access immediately after employee termination.Employees and Contractors
iorad employees and contractors undergo national background checks where legal, are required to sign non-disclosure agreements, and complete security training.Vulnerability Management
Systems and Applications undergo regular penetration and vulnerability scanning using updated threat knowledge bases.Incident Management
iorad maintains industry standard security incident response policies and procedures.
Legal Basis For Processing Your Information
If you are a User of the iorad website or Application located in the European Economic Area (EEA), we rely on the following basis for processing:Consent:
Where we have your consent to do so.Perform Contract:
Where we need the personal information to perform a contract with you.Legitimate interest:
Where the processing is in our legitimate interests, as described in the “How We Use Collected Information” section of this document, and not overridden by your data protection interests or fundamental rights and freedoms.Legal Obligation:
Where we have a legal obligation to collect or retain personal information or need the personal information to protect your vital interests or those of another person(s).
Controller and Processor
Data Storage & Data Transfer
iorad may transfer your personal data to countries other than the one in which you live. To the extent that Personal Data is transferred abroad, iorad will ensure compliance with the requirements of the applicable laws in the respective jurisdiction in line with iorad’s obligations. We will ensure that an adequate level of protection is provided for the information by using industry-standard security practices and standard contractual clauses where required.
To the extent prohibited by applicable law, iorad does not allow use of our Application and Website by anyone younger than 18 years old. If you learn that anyone younger than 18 has unlawfully provided us with personal information, please contact us, and we will take steps to delete such information.
For users under the age of 18, teachers are permitted to create accounts for their students when in accordance with school policies, and only after teacher and/or school has obtained parental consent. It is the teacher and/or school’s responsibility to obtain parental consent.
"Do Not Track"
Do Not Track (“DNT”) is a privacy preference that Users can set in certain web browsers. DNT is a way for Users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
iorad will take reasonable steps to allow you to access, review, update, rectify, or delete any personal data we hold about you. We will uphold these rights even if you are a resident outside of the EEA.
You have the following data protection rights:
- Right of access.
The right to obtain access to your personal data.
- Right to rectification.
The right to erase or rectify inaccurate or incomplete data.
- Right to erasure.
The right to obtain the deletion and erasure of your personal data in certain circumstances.
- Right to portability.
The right to move, copy, or transfer personal data.
- Right to restrict processing.
The right to restrict processing of personal data.
- Right to object to processing.
The right to object to processing of personal data for certain purposes.
- If you wish to exercise one of these rights, please contact us by using the contact details below. We will ask you to verify your identity before responding to these requests.
- EEA residents also have the right to lodge a complaint to a data protection authority. For more information, please contact your local data protection authority.
When you sign up for our services or application you acknowledge that iorad can process your Personal Data to send you communications, including those for marketing purposes. You can opt-out of receiving certain marketing or promotional communications from iorad at any time using the unsubscribe link in the email communications we send.
How to Contact Us
1 Canal Street, Unit 1119
Boston, MA 02214
|Name||Subprocessing Activity||Country of Origin||Link to Subprocessor Website|
|Amazon Web Services, Inc.||Cloud Hosting Provider||United States||https://aws.amazon.com|
|DigitalOcean||Cloud Hosting Provider||United States||https://www.digitalocean.com|
|Google LLC||Analytics, Registration and Authentication||United States||https://policies.google.com/privacy|
|Google LLC||Tag Management||United States||https://policies.google.com/privacy|
|HubSpot Inc.||Customer Relationship Management Service||United States||https://www.hubspot.com|
|Intercom||In-application Customer Service||United States||https://www.intercom.com|
|Mailgun||Email sending services used by iorad application||United States||https://www.mailgun.com|
|Stripe, Inc.||Payment Processing Gateway||United States||https://stripe.com|
|Twilio||User multi-factor authentication service||United States||https://www.twilio.com|