Hasura, Inc.: Privacy Policy

• INTRODUCTION
  Protecting your privacy is really important to us. Accordingly, Hasura, Inc.(“Hasura,” “we,” or “us”) is providing this Privacy Policy (the “Policy”) to explain our privacy practices and our collection, use and disclosure of Personal Information (as defined below) that we receive when you (“Users,” “you,” or “your”) use our Cloud Platform, Engine, Enterprise Platform, Websites, Products and Services (as defined in our Hasura Cloud Terms of Service or Website Terms of Use or Support and Consulting Services Agreement, or any other Agreement that you have entered into with Hasura).
  
  Unless we define a term in this Policy, all capitalized words used in this Privacy Policy have the same meanings as in our Hasura Cloud Terms of Service or Website Terms of Use or Support and Consulting Services Agreement, or any other Agreement that you have entered into with Hasura.
  
  IF YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES, DO NOT REQUEST, ACCESS, INSTALL, DOWNLOAD, REGISTER WITH, OR USE THE CLOUD PLATFORM, ENTERPRISE PLATFORM, THE SERVICES, OR THE ENGINE. IF YOU DO NOT AGREE WITH THE TERMS OF THIS POLICY, PLEASE DO NOT ACCESS AND USE THE CLOUD PLATFORM, ENTERPRISE PLATFORM, THE SERVICES, OR THE ENGINE.
  
  NOTE THAT WE DO NOT SELL YOUR PERSONAL INFORMATION, NOR DO WE INTEND TO DO SO.
  
  IF YOU HAVE ANY QUESTIONS REGARDING THIS PRIVACY POLICY, PLEASE SEND US AN EMAIL AT [email protected].
  
  WE DO NOT SELL YOUR PERSONAL INFORMATION, NOR DO WE INTEND TO DO SO. WE DO NOT GIVE ACCESS TO YOUR PERSONAL INFORMATION TO THIRD PARTIES EXCEPT TO SUBPROCESSORS TO ASSIST US IN THE PROVISION OF OUR SERVICES TO YOU.
• APPLICABILITY
  When you use the Hasura Services (as defined below), we will collect information in accordance with this Policy. “Hasura Services” mean:

  1. The Cloud Platform, Engine, Enterprise Platform and Services which help you to set up and build software and web based applications through the use of a layer of computing infrastructure owned and licensed to you by Hasura.
  2. The Hasura website, which describes the Cloud Platform, Enterprise Platform, Engine and Services, and allows you to sign up for or download the Cloud Platform, Enterprise Platform, Engine and Services, and gives you information on other activities that we organize or participate in, such as events, conferences, newsletters, MOOC’s etc.
  3. Other Hasura owned websites like https://graphql.asia/ where conferences and events are organized by Hasura
  4. All other products and services provided by Hasura, including any support services.
• WEBSITES COVERED
  The Service is currently provided through the Websites identified with the following URLs (Uniform Resource Locators) and their subdomains: http://www.hasura.io and https://graphql.asia/.
  
  Our Websites may contain links to other Websites where we might host conferences and/or events. We are not responsible for the information practices or the content of such other Websites. We encourage You to review the privacy statements of other Websites to understand their information practices.
• INFORMATION THAT WE COLLECT
  We collect the following information from you, which is collectively referred to as Personal Information (“Personal Information”), as this information identifies you as an individual.
  
  Note that Personal Information is commonly referred to as personal information or personally identifiable information (the “PII”) in the US and as Personal Data in Europe. Throughout this Privacy Policy, we will refer to such information as Personal Information, unless a statutory definition otherwise applies. Also note that Personal Information includes User Information as defined below.
  
  There are two categories of information that we collect:

  1. Information that we need you to provide to enable you to sign up for Hasura Services.
     1. Account Information: When you sign up for an Hasura account (“User Account”), we require certain Personal Information such as your, e-mail address, Git Hub Id or Google Id for the purpose of user registration, identification and account verification.
     2. Payment Transaction Information: We may collect your first name, last name, phone number, billing address, when you register for Hasura Services. Your credit card and credit card related billing details are collected through a third-party gateway to which you will be required to provide requisite information separately in order to process your payments. The third-party payment gateway will in turn share with us the last 4 (four) digits of your card number for identification purpose only. When you share any information with a third-party payment collector, please ensure reviewing their individual privacy policy and related documents. Please contact us at [email protected] for the name of our current third-party gateway provider.
  2. Information we automatically collect from your use of the Hasura Services.
     
     When you use the Hasura Services, we automatically collect information, including Personal Information, about the services you use and how you use them. This information is necessary for the effective performance of the contract between you and us, to enable us to comply with applicable laws and to provide and improve the functionalities relating to the Services.
     1. IP and Geo-location Data: When you use certain features of the Hasura Services, we may collect your IP address and infer other information from it like your location, your Internet Service Provider (the “ISP”), the type of your connection, and, if the connection is registered to a business, the name of the organization.
     2. Service Usage Data: We may collect information about your interactions with the Hasura Services and how you use them, such as the content viewed on the website and the account dashboard, clicks, domain names, landing pages and other such information, content viewed on the API console, logs of interactions with the Hasura command line tool, and details of features used.
     3. Device and Browser Information: We may collect information about your devices that are used to interact with Hasura Services which includes the device's address, Operating System (the “OS”), system architecture, certain information that your web browser sends whenever you visit any website.
     4. Cookies and Tracking Data: Cookies are used by us (and certain third-party services) to help identify your previous interactions and sessions on the website. Hasura may associate this information with your Hasura Account. You may decline these cookies by changing your browser settings, if permitted. However, do note that this may impact certain features of the Services offered or your experience in using the Services
     This Policy does not apply to, nor does Hasura take any responsibility for any information that is collected by any third party either using the Services or through any third-party links made available to you during your use of the Services, through any advertisements or through bots. Please note that you will be bound by the terms and privacy policies published by third-parties in respect of any information that you may provide to them by using Hasura Services. Please contact us at [email protected] if you wish to obtain a list of third-party providers who may have access to your information because of your use of Hasura Services.
• HOW WE USE THE INFORMATION WE COLLECT FROM YOU?
  Hasura will use the information collected from you for the following purposes:

  1. Ensuring the services with respect to Hasura Services are presented in the most effective manner for your use;
  2. To provide you with information pertaining to products and services, marketing and promotional activities, transactional and user support and products or services that you request from us which we feel may interest you, when you have signed up for Hasura Services, or when you have otherwise consented to be contacted for such purposes;
  3. To carry our obligations arising from any contracts entered into between you and us, including for billing and collection;
  4. To notify you about any changes and improvements to Hasura Services; or analytical purposes, including but not limited to assessing usage data, usage patterns, and other similar activities;
  5. When you create a User Account, we keep a record of your communication to help solve any issues you might be facing.
  6. In any other way that Hasura may describe to you at the time you provide the information.
  7. We use information collected from cookies and other tracking technologies to improve your user experience.
  8. We collect device specific information (such as your hardware model, operating system version, unique device identifiers. Hasura may associate your device identifiers with your User Account.
  
  

  Please do not include or provide any personal information unless specifically requested as part of the registration or other applicable processes. If any information you have provided or uploaded violates the terms of this Policy, Hasura may delete such information upon informing you of the same and revoke your access if required without incurring any liability to you.
  
  If you post information on our Website for persons other than Hasura, you do so at your own risk. By doing so, you consent to their use of such information including transmitting it to others off our Website. Please be aware that Hasura cannot control the actions of other users of the websites and mobile applications with whom you may choose to share information with.
• HOW YOUR PERSONAL INFORMATION CAN BE SHARED OR DISCLOSED?
  We share your Personal Information only with your consent for the following operations and maintaining the Services:

  1. To Conduct Analytics: We are always looking for ways to make our Hasura Services smarter, faster, secure, integrated, and useful to you. We use collective learnings about how people use our Hasura Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Hasura Services. We also test and analyze certain new features with some users before rolling the feature out to all users. We may also share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and other pseudonymized information for regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.
  2. For Customer Support: We may use your Personal Information for our live chat functionality, which is used to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services.
  3. To Market, Promote and Drive Engagement with Hasura Services: We use your contact Personal Information (and information about how you use Hasura Services) to send promotional messages, marketing, advertising and other information that may be of specific interest to you. These marketing communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you. We also communicate with you about new product offers and promotions. You can opt-out of receiving marketing communications from us at any time by following the unsubscribe instructions included in our marketing communications or if you have previously consented to receiving such marketing communications, you can withdraw your consent by following the procedure set out in Section 7.3.4 of this Privacy Policy.
  4. For Legal Reasons: Hasura may also share information including Personal Information with individuals or entities to the extent it believes in good faith it is required to:
     1. ensure compliance with law/ regulations and/or pursuant to enforceable orders of government, law enforcement or regulatory authorities;
     2. address fraud, security or technical issues;
     3. protect against harm to the rights, property or safety of Hasura, its other users or the public as required or permitted by law.
  5. For Effective Provision of Services: We may share your Personal Information to Hasura employees, contractors and agents, who need to know that information in order to provide our Services to you and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
• YOUR WORLDWIDE RIGHTS
  1. Where we store your Personal Information? We store Personal Information in the United States, India, Ireland, Belgium, United Kingdom (“UK”), Germany, Australia, Canada, Japan and Singapore. If you are in the European Union (“EU”), then your Personal Information may be transferred to the United States, India, UK, Australia, Canada, Japan and Singapore through the Standard Contractual Clauses, which are available at http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm(the “Standard Contractual Clauses”). Please do not hesitate to contact us at [email protected], if you have any questions related to this Section.
  2. How we store and protect your Personal Information? Hasura stores Personal Information on its servers in various countries around the world, currently in Singapore, Ireland, Belgium, India, UK, Germany, Australia, Canada, Japan and the United States. We may store and process your Personal Information on a server located outside the country where you live.
     
     The Personal Information that you provide, subject to disclosure in accordance with this Policy, shall be maintained in a safe and secure manner. Hasura databases and information are stored on secure servers with appropriate firewalls and physical and electronic safeguards.
     
     Hasura uses industry standard physical, technical and administrative security measures to safeguard all Personal Information, confidential and secure. We conduct periodic reviews of our security measures pertaining to our Personal Information collection, storage, to guard against unauthorized access to systems.
     
     When you enter Personal Information (such as log in credentials) for your User Account (“User Information”), all communications between Hasura and the Users of Hasura Services are encrypted using Secure Socket Layer (the “SSL”) Certificates. While all reasonable efforts will be made to ensure that your User Information and all other information submitted by you is safe and secure, Hasura makes no representation, warranties or other assurances that the security measures are adequate, safe, fool proof or impenetrable.
     
     Given the nature of internet transactions, Hasura does not take any responsibility for the transmission of information including User Information or Personal Information shared by you. Any transmission of User Information on the internet is done at your risk and shall not be responsible for the circumvention of the privacy settings or security measures either by you or any third party.
     
     As a User of the Hasura Services, you have the responsibility to ensure data security. You should use the Services responsibly and not share your User Information, including your username or password or account information, with any person. Do remember that you are solely responsible for all acts done under the account registered to you including the use by others who steal or obtain your registration credentials.
  3. Your Rights. If you are a resident of or a visitor to Europe, you have certain rights with respect to the transport, storing, and processing of your Personal Data (referred here as Personal Information), as defined in the General Data Protection Regulation (the “GDPR”).
     1. Data Retention and Data Deletion.
        1. Request for Deletion. Hasura shall retain Personal Information that it collects for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. If you no longer want to use our Services and want your User Information and/or Personal Information to be deleted, you may contact Hasura at [email protected] to request a list of information regarding your User Account, User Information and/or Personal Information and/or that it be deleted. If you wish to use Hasura Services once your User Account is deleted pursuant to your request, you will have to sign-up as a new User.
        2. Deletion on Account of Non-Use. In the event you do not use/access the Hasura Services or your User Account in particular for a period of three years. Hasura will delete your User Account and all your User Information and Personal Information. If you wish to avail Hasura Services once your User Account is deleted pursuant to non-use, you will have to sign-up as a new User.
     2. Rectification of Inaccurate or Incomplete Information.
        1. You can change, alter, modify, or delete your account information (including User Information) at any time by e-mailing us at [email protected]. However, please note that in the event you alter, or update or delete your account information, we cannot ensure the continuity or quality of the Services being provided to you.
        2. Hasura may permit or deny modification of any information, to the extent such information is required by it order to be compliant with and observe applicable laws. You have the right to ask us to correct inaccurate or incomplete Personal Information concerning you (which you cannot update yourself within your Hasura Account).
     3. Rectification of Inaccurate or Incomplete Information.
        Data portability is the ability to obtain some of your information in a format you can move from one service provider to another. You are entitled to request copies of Personal Information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible). You may send such a request to [email protected].
     4. Withdrawing Consent and Restriction of Collecting Data.
        Where you have provided your consent to the collecting of your Personal Information by Hasura, you may withdraw your consent at any time by sending a communication to Hasura at [email protected] specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. However, please note that in the event you withdraw your consent, we cannot ensure the continuity or quality of the Services being provided to you.
     5. Complaints.
        1. If you wish to place a complaint with regard to privacy requirements or laws, access any of your Information or would like to update or correct any errors in your User Information, please contact our Data Protection Officer/Grievance Redressal Officer, Anand Rajkumar at [email protected] so that we can consider and respond to your request.
        2. We will respond to your inquiry within thirty (30) days of the receipt. Please see Section 14 for details regarding “Contacting Us.” You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here
     6. European Complaints.
        In compliance with the Privacy Shield Principles, Hasura commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Hasura at Anand Rajkumar at [email protected] so that we can consider and respond to your request.
        
        Hasura has further committed to refer unresolved Privacy Shield complaints to the Better Business Bureau, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers or more information or to file a complaint. The services of Better Business Bureau are provided at no cost to you.
        
        Hasura commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of providing our SERVICES to you.
        
        You have the right to access the personal data that we store on you. We are subject to the investigation and enforcement powers of the Federal Trade Commission (FTC). You may require us to arbitrate your complaints under certain circumstances. We will be liable to you for any unauthorized transfers of your personal data to third parties.
     7. Sharing Personal Information with Third Parties.
        We do not (i) share such Personal Information with third parties, other than Processors or Sub-Processor (collectively “Agents”), who comply with GDPR and are required by us to provide our Services under our Terms of Service or an agreement with Customers under which we provide our Services, or (ii) utilize any Personal Information for reasons other than that for which it was originally provided. If this practice should change in the future, we will update this Privacy Policy to identify any third parties and provide you with opt-out or opt-in choice where applicable.You should submit inquiries or complaints to us at [email protected] or at our mailing address:
        
        Hasura, Inc.,
        576 Folsom St., Floor 3,
        San Francisco CA 94105, USA
        Attn: Privacy Officer
  4. Invoking Arbitration.
     You have the right to access the personal data that we store on you. We are subject to the investigation and enforcement powers of the Federal Trade Commission (FTC). You may require us to arbitrate your complaints under certain circumstances. We will be liable to you for any unauthorized transfers of your personal data to third parties.
     
     You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from BBB PRIVACY SHIELD; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees.
  5. US Privacy Shield Certification.
     Hasura, Inc. complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Hasura, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
  6. EU Standard Contractual Clauses.
     We will comply with the EU Standard Contractual Clauses with respect to the transfer of Personal Information from the EU to countries other than the US for processing. If there is any conflict between the terms and conditions in this Privacy Policy and your rights under the EU Standard Contractual Clauses, the terms and conditions in the EU Standard Contractual Clauses will govern. For the purposes of this Privacy Policy, “EU Standard Contractual Clauses” mean the standard contractual clauses for the transfer of Personal Information to processors established in third countries (Commission Decision 2010/87/EC).

     1. Obligations of the data importer (processors)
        The data importer agrees and warrants:
        1. to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
        2. that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
        3. that it has implemented the technical and organizational security measures before processing the personal data transferred;
        4. that it will promptly notify the data exporter about:
        5. any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
        6. any accidental or unauthorized access, and
        7. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
        8. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
        9. at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
        10. to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
        11. that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
     2. Obligations of the data exporter
        The data exporter agrees and warrants:
        1. that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
        2. that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
        3. that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures;
        4. that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
        5. that it will ensure compliance with the security measures;
        6. that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
        7. to make available to the data subjects upon request a copy of the Clauses, with a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; and
        8. that, in the event of sub-processing, the processing activity is carried out in at least the same level of protection for the personal data and the rights of the data subject as the data importer under the Clauses.
     3. Liability
        1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred above by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
        2. If a data subject is not able to bring a claim for compensation in accordance with paragraph a against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to above, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
  7. We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. The safety and security of your information also depend on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website or Platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Any transmission of personal information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on our Website or Platform.
     
     In the event of a personal data breach, we will notify you within fifteen (15) days via (i) email and/or (ii) our Platform notification system on our Website. We agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
• FOR OUR CALIFORNIA VISITORS AND CONSUMERS
  Hasura does not sell, trade, or otherwise transfer to outside third parties your Personal Information as the term is defined under the California Civil Code Section § 1798.82(h). California Civil Code Section 1798.83 allows Users of the Cloud Platform, Enterprise Platform, Engine and Services, who are California residents to request certain information regarding our use of and disclosure of Personal Information to third parties for their direct marketing and other purposes. While, we do not sell your Personal Information to third parties, some third parties, such as credit card processors or platform monitors, may have access to your Personal Information to enable us to provide you with our Services. To make a request for the disclosure, identification and/or deletion of your Personal Information in all our systems, please send an email to [email protected] or write us at Hasura, Inc, 576 Folsom St., Floor 3, San Francisco, CA - 94105.
  
  Additionally, this Section 8 provides additional information about our California consumers and applies to all visitors, users, and others to our Website, who reside in the State of California (“Consumers” or “you”). We adopt this Section to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Section.

  1. Right to Request Personal Information. Upon request, we will provide you with (i) a list of all Personal Information that we have collected on you, (ii) from whom we obtained such Personal Information, (iii) the reason why we collected such Personal Information, and (iv) with whom (if any) we have shared such Personal Information.
  2. Sale of your Personal Information. If we sell your Personal Information, which we currently do not, or disclose your Personal Information to third parties, upon request, we will provide you with (i) a list of the Personal Information that we have collected on you, (ii) a list of the Personal Information that we sell or disclose to others on you, and (iii) to whom we have sold or disclosed your Personal Information. A consumer can make such a request only twice in a 12-month period.
  3. Why we need your Information. We require such Personal Information to be able to provide to you our Services.
  4. Collect Information Only from you. Unless otherwise specified, we only collect Personal Information from you. We do not use others to provide us with your Personal Information.
  5. Disclosure of Personal Information. We only share your Personal Information with service providers, e.g., billing and collection agents, who enable us to provide our Services to you. We do not sell or give your Personal Information to third parties for purposes unrelated to our provision of Services to you.
  6. Right to have Personal Information Deleted. Upon request, we will delete all of your Personal Information that we have collected on you and will direct our Service Providers to also delete all of your Personal Information. But note that if we do delete all of this Personal Information, you will no longer be able to use our Services.
  7. Response. We will acknowledge receipt of your inquiry within ten (10) days of the receipt. We will respond within forty-five (45) days of receiving such request or query. Within this period, we are required to verify your identity before further action. Additionally, in order for us to respond to your request or query, we will need to collect information from the requesting party to verify their identity.
  8. Non-Discrimination Right. We will not discriminate against you for exercising any of your CCPA rights. We will not:
     1. Deny you goods or services.
     2. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
     3. Provide you a different level or quality of goods or services.
     4. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
  9. Financial Incentives. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
  10. Contact Information. You may contact us (i) at [email protected], (ii) by phone at our toll-free number +1-833-690-2124, or (iii) by writing to us at Privacy Officer, at Hasura, Inc. 576 Folsom St., Floor 3, San Francisco, CA - 94105, to (i) make a Personal Information Request, (ii) lodge a complaint about our use or storage of your Personal Information, (iii) ask us to delete such Personal Information, and/or (iv) discuss our Privacy Policy and/or anything that has to do with it. Additionally, in order for us to respond to your request or query, we will need to collect information from the requesting party to verify their identity to prevent fraudulent requests. As mentioned above, we will respond within forty-five (45) days of receiving such verifiable consumer request or query. We document our verification process for full compliance with the CCPA.
  11. Under 16. We will not sell your Personal Information if you are under the age of 16 unless we have the consent of your parent or your guardian nor will we sell it if you ask us not to do so.
  12. Opt Out Right. Although we do not currently sell your Personal Information, if we do so in the future, then upon your request, we will stop selling your Personal Information (sometimes called your Opt Out Right). You may send the request to Opt Out (i) to [email protected], (ii) by phone at our toll-free number +1-833-690-2124, or (iii) by writing to us at Privacy Officer, Hasura, Inc. 576 Folsom St., Floor 3, San Francisco, CA - 94105.
  13. Personal Information that We Store. For your information, we store/collect the following Personal Information on you including your full name, email address, geolocation, and information about your internet connection, the equipment you use to access our Website, and usage details of your use of our Services.
• FOR OUR NEW YORK CUSTOMERS
  We will fully comply with the letter and the spirit of the New York Shield Act (the “Act’), which became effective on January 1, 2020, to the fullest extent that it is applicable to us. We have adopted reasonable safeguards to protect the security, confidentiality, and integrity of your private information, as defined in the Act ("Private Information"). We will securely protect any personal information, as defined in the Act ("Personal Information"), and/or Private Information in accordance with the requirements set forth in the Act. We will notify you of any unauthorized access to or disclosure of your Personal Information or your Private Information in accordance with the requirements of the Act.
• THE US CAN-SPAM ACT OF 2003
  The US CAN-SPAM Act establishes requirements for commercial messages, gives recipients the right to have businesses stop emailing them, and spells out penalties for violations. Per the CAN-SPAM Act, we will:

  1. not use false or misleading subjects or email addresses;
  2. identify the email message as an advertisement in some reasonable way;
  3. include the physical address of Hasura, Inc., which is 576 Folsom St., Floor 3, San Francisco, CA - 94105;
  4. monitor third-party email marketing services for compliance, if one is used;
  5. honor opt-out/unsubscribe requests quickly; and
  6. give an “opt-out” or “unsubscribe” option.

  If you wish to opt out of email marketing, follow the instructions at the bottom of each email or contact us at [email protected] and we will promptly remove you from all future marketing correspondences.
• CHILDREN UNDER THIRTEEN (13)
  Hasura Services are not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. If we learn we have collected or received personal information from a child under 13, we will delete that information. If you believe we might have any information about a child under 13, please contact us at [email protected].
• ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
  You can review and change your Personal Information by logging into the Platform and visiting your Account page. You can also request us to make changes to your Personal Information by sending us an email at [email protected], if you are unable to make the change on the Account. However, we reserve the right to deny your request if we believe the change would violate any applicable law or legal requirement.
• CHANGES TO OUR PRIVACY POLICY
  Hasura reserves the right, at its sole discretion, to change or modify this Policy at any time. In the event, we modify this Policy, such modifications shall be binding on you only upon your acceptance of the modified Policy. We will inform you about the modifications via email or comparable means within 15 days of such modification. We will also post the modified version on this page. Your continued use of the Cloud Platform, Enterprise Platform, Engine and the Services shall constitute your consent to such changes. Hasura may change, modify, suspend, or discontinue any aspect of the Cloud Platform, Enterprise Platform, Engine and/or Services at any time without notice or liability.
• COPYRIGHT INFRINGEMENT/DMCA NOTICE
  If you believe that any content on our Website, Engine, Cloud Platform or Enterprise Platform violates your copyright, and wish to have the allegedly infringing material removed, the following information in the form of a written notification (pursuant to 17 U.S.C. § 512(c) (“DMCA Takedown Notice”) must be provided to our designated Copyright Agent. It is our policy to terminate the accounts of repeat infringers.

  1. Your physical or electronic signature;
  2. Identification of the copyrighted work(s) that you claim to have been infringed;
  3. Identification of the material on our services that you claim is infringing and that you request us to remove;
  4. Sufficient information to permit us to locate such material;
  5. Your address, telephone number, and e-mail address;
  6. A statement that you have a good faith belief that use of the objectionable material is not authorized by the copyright owner, its agent, or under the law; and
  7. A statement that the information in the notification is accurate, and under penalty of perjury, that you are either the owner of the copyright that has allegedly been infringed or that you are authorized to act on behalf of the copyright owner.

  Hasura’s Copyright Agent to receive DMCA Takedown Notices is Anand Rajkumar, [email protected], at HASURA, INC. Attn: DMCA Notice, 576 Folsom St., Floor 3, San Francisco, CA - 94105. You acknowledge that for us to be authorized to take down any content, your DMCA takedown notice must comply with all the requirements of this Section. Please note that, pursuant to 17 U.S.C. § 512(f), any misrepresentation of material fact (falsities) in a written notification automatically subjects the complaining party to liability for any damages, costs and attorney's fees incurred by us in connection with the written notification and allegation of copyright infringement.
• Anti-Bribery Compliance
  Hasura represents and warrants that it is fully aware of and will comply with, and in the performance of its obligations hereunder will not take any action or omit to take any action that would cause it or its customers to be in violation of, (i) U.S. Foreign Corrupt Practices Act, (ii) U.K. Anti-Bribery Act, (iii) India Prevention of Corruption Act of 1988, or (iv) any other applicable anti-bribery statutes and regulations, and (v) any regulations promulgated under any such laws. Company represents and warrants that neither it nor any of its employees, officers, or directors is an official or employee of any government (or any department, agency or instrumentality of any government), political party, state owned enterprise or a public international organization such as the United Nations, or a representative or any such person (each, an "Official"). Company further represents and warrants that, to its knowledge, neither it nor any of the Supplier Personnel has offered, promised, made or authorized to be made, or provided any contribution, thing of value or gift, or any other type of payment to, or for the private use of, directly or indirectly, any Official for the purpose of influencing or inducing any act or decision of the Official to secure an improper advantage in connection with, or in any way relating to, (A) any government authorization or approval involving Hasura or (B) the obtaining or retention of business by Hasura. Supplier further represents and warrants that it will not in the future offer, promise, make or otherwise allow to be made or provide any payment and that it will take all lawful and necessary actions to ensure that no payment is promised, made or provided in the future by any of the Supplier Personnel.
• CONTACTING US
  To ask questions or comment about this Policy and our privacy practices, contact us at:
  Privacy Officer
  Email: [email protected]
  

  Address:
  Hasura, Inc,
  576 Folsom St., Floor 3,
  San Francisco, CA - 94105, USA
  

  If you are a resident of India and have any questions or concerns regarding this Policy or our privacy practices, please write to us at the following address:
  The Grievance Officer
  Name: Anand Rajkumar
  Email: [email protected]

  Address:
  Hasura, Inc,
  576 Folsom St., Floor 3,
  San Francisco, CA - 94105, USA
  

  
  PLEASE NOTE: WE DO NOT SELL YOUR PERSONAL INFORMATION, NOR DO WE INTEND TO DO SO.
  
  IF YOU USE OUR CLOUD PLATFORM, ENTERPRISE PLATFORM, ENGINE AND/OR SERVICES, YOU HAVE AGREED TO AND ACCEPTED ALL OF THE TERMS AND CONDITIONS DESCRIBED IN THIS POLICY AND THE TERMS AND CONDITIONS SET FORTH IN OUR WEBSITE TERMS OF USE AND HASURA CLOUD TERMS OF SERVICE AND/OR HASURA GRAPHQL ENGINE LICENSE AND/OR SUPPORT AND CONSULTING SERVICES AGREEMENT, OR ANY OTHER AGREEMENT THAT YOU HAVE ENTERED INTO WITH HASURA. IF YOU DO NOT AGREE WITH THE TERMS OF THIS POLICY, OUR WEBSITE TERMS OF USE AND OUR HASURA CLOUD TERMS OF SERVICE AND/OR HASURA GRAPHQL ENGINE LICENSE AND/OR SUPPORT AND CONSULTING SERVICES AGREEMENT, OR ANY OTHER AGREEMENT THAT YOU HAVE ENTERED INTO WITH HASURA, PLEASE DO NOT ACCESS OR USE HASURA CLOUD PLATFORM, ENTERPRISE PLATFORM, ENGINE OR SERVICES.