Privacy Policy Commercial Products (TSF, TSCache)
Summary and general principles:
We are all about privacy. The information we store: name, email, phone, and your company's name (if you provide it), and, if you purchase our products, MAC addresses (which are unique across all computers and other devices around the world) we don’t share with any third-party (except when you ask us). As an added precaution, we keep your phone and email address on our server only in encrypted form.
We engage carefully selected third-party partners and service providers who process personal data on our behalf in compliance with GDPR. From time to time, we appoint digital marketing agencies to conduct outreach and marketing activities on our behalf. As part of these activities, personal data may be processed in accordance with applicable data protection laws. Our appointed data processors include:
(i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro is registered with the ICO Reg: ZA346877. Their Data Protection Officer can be emailed at: dpo@sopro.io
(See also "Commitment and Enrollment in the EU-U.S. DPF (Data Privacy Framework) and UK and Swiss extensions to that framework" section later in this Policy Statement.)
We engage carefully selected third-party partners and service providers who process personal data on our behalf in compliance with GDPR. From time to time, we appoint digital marketing agencies to conduct outreach and marketing activities on our behalf. As part of these activities, personal data may be processed in accordance with applicable data protection laws. Our appointed data processors include:
(i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro is registered with the ICO Reg: ZA346877. Their Data Protection Officer can be emailed at: dpo@sopro.io
(See also "Commitment and Enrollment in the EU-U.S. DPF (Data Privacy Framework) and UK and Swiss extensions to that framework" section later in this Policy Statement.)
Cookie Policy: As part of using the Sopro Plugin, certain cookies are deployed on your website to support its functionality and performance. To ensure compliance with applicable data privacy regulations (such as GDPR and CCPA), it is important that these cookies are included in your website's cookie policy.
Cookies Used by the Sopro Plugin The Sopro Plugin uses cookies to enhance website performance, functionality, and analytics. Below is a summary of the cookies used by the plugin:
Regular Cookies
_obid
Purpose: Tracks unique visits to the site and relates them to the email campaign.
Expires: 1 year
Role: Performance / Analytical
_obid_visit
Purpose: Identifies a session across multiple pages; not linked to personal data.
Expires: 4 hours
Role: Advertising / Tracking
Webchat - Specific Cookies (Enabled Only If Webchat Function is Activated)
cuid_*
Purpose: Used as a session cookie in the webchat not linked to personal data.
Expires: 15 days
Role: Functional
Cookies Used by the Sopro Plugin The Sopro Plugin uses cookies to enhance website performance, functionality, and analytics. Below is a summary of the cookies used by the plugin:
Regular Cookies
_obid
Purpose: Tracks unique visits to the site and relates them to the email campaign.
Expires: 1 year
Role: Performance / Analytical
_obid_visit
Purpose: Identifies a session across multiple pages; not linked to personal data.
Expires: 4 hours
Role: Advertising / Tracking
Webchat - Specific Cookies (Enabled Only If Webchat Function is Activated)
cuid_*
Purpose: Used as a session cookie in the webchat not linked to personal data.
Expires: 15 days
Role: Functional
Personal data stored; how we store it; what we use it for; what we have access to:
- We keep the following information unencrypted on our server:
- Your First Name, Last Name, Company, Number of licenses purchased, Mac Addresses of your servers you have registered our product to execute on: This is not provided to any third-party (nor do we allow any third-party to access this through us). We use the Mac Address only to generate license files and keys so that we can audit the number of installed licenses you are using at any given time.
- We keep the following information that you provide during onboarding encrypted on our server where we have access to it.
- Your email address: We never give this out to any third-party; nor do we allow third parties to contact you through us by sending information to us to disseminate to you. (I.e., you will not be receiving marketing emails from any third party because you have provided us with your email.) As stated, this is kept encrypted on our server (to protect it in the unlikely event there is a breach). We use your email address to send you:
- OTPs:
- When you first sign up (onboard) with us, we send an OTP to ensure you have entered your email address correctly so that you can make use of the licenses you are about to pay for and so that we know we will be able to communicate with you with important updates...e.g., if there is a new release because the existing release will not run on a new version of OS/X or Windows; or, if there are improvements with more features, or, (unlikely) fixes due to a program flaw.
- When you download our app on a computer, the first time it executes it will send your email address and that computer's MAC address to our server. The server will only generate a license key file and send you the key for it if the email address you send matches one that still has unused licesnes AND, crucially, that the email address sent belongs to the person sending it. To that end, an OTP is sent to your email that you will need to enter each time you install our app on a new computer. You will have to enter this OTP in the App in order to obtain the license for a new computer (or existing computer if a new version of the App is installed). (Your used license count will not be incremented if installing a new version of the App on a computer that was already executing the App [as the same MAC address will be sent].)
- We will also send OTPs in other situations – e.g., if you discontinue service with us (though, we don’t know why you would ever want to do that!) and you decide to exercise your “right to be forgotten” and want your data completely removed from our server (because, we wouldn’t want anyone who didn’t like you to do that to you!), etc..
- Billing and account maintenance messages: If we haven't received your payment (or haven't received that you paid even though you had, which is possible only if our servers are down when you made the payment so our online reseller's system couldn't reach us AND when we reached out to them we couldn't verify your payment because their servers were down -- so, very rare -- we would send you an email asking you to try again later to download your license or offering you the opportunity to request a refund).
- Important email to notify you of new releases available to: Fix bugs (unlikely); Enhance functionality; or, if the existing App will no longer work on a new release of the Windows or OS/X operating system.
- We are planning a maintenance outage (or have an unexpected outage) and you won’t be able to request license keys for a new computer for a period of time;
- Occasional (not more than 4 times per calendar year) mail from us announcing our new products we are coming out with or with Company news.
- Your phone number: We never give your number to any third party (and never act on behalf of any third party when using it). As stated, this is kept encrypted on our server (to protect it in the unlikely event there is a breach). We use this only to send you an OTP if you wish to change your email. For this App, it is optional to provide your phone number. If you don't, you will have no way of changing your email on file with us (because, we won't believe you if you contact us unless you also retain access to your old email where we can send an OTP for verification). Should you drop your email that is on file with us and you still have remaining licenses that you are entitled to, you will lose these and have to purchase the product again to get a new license (or to update a license you already have on an existing device). We will not use your phone number for any other purpose other than verifying your identity at your request or if you give us permission to contact you on an issue you raise from your registered email with us.
How and where we store your personal data and how we protect it:
- We use Amazon AWS as our “data processor” (a GDPR term that means they manage the server infrastructure, computers, network and disks on our behalf but do not control this information as we are the “data controller”). Our servers at AWS are protected by secure keys and only we have access to these servers. Only a small group of senior employees specifically designated has access to these servers.
- Your email and phone number are stored encrypted, but with our password (not with your password(s)) as we need access to this information for the purposes already stated. In the unlikely event of a server breach, it would be extremely difficult for a malevolent actor to gain access to this information.
- Your license keys are also encrypted in a manner that would be extremely difficult for a malevolent actor to gain access -- even in the unlikely event of a server breach.
- We intend to store all information in the United States for now until we grow our revenues to a point where having a data center in Europe, the UK or Asia makes financial sense. This means that the U.S. Government could, technically, order us to provide them with data.
We strive to protect your privacy fully and we are all about privacy. Subscription revenues from our commercial applications and frameworks and maintenance from the aforesaid, as well as consulting revenues from supporting your use of these products (if you request our services beyond the extensive assistance we already provide as part of purchase and maintenance) are the ways we are compensated when we work to achieve your success -- never from advertising, from selling your information or from advertising on behalf of others. Though we have many layers of protection – both technical and procedural – and, though we believe that we deploy maximal protections that would render it, we hope, impossible for anyone to access your data, we cannot and do not provide any guarantees and we accept no liability. Having stated this, know that we never transfer your data to any third party (other than the aforementioned use of our Data Processor: Amazon AWS where AWS has no rights to access our data). You use this app at your own risk, though with the assurance that our very reputation rests on maintaining the privacy and security of our end users’ information.
Commitment and Enrollment in the EU-U.S. DPF (Data Privacy Framework) and UK and Swiss extensions to that framework:
We commit to all of the principles and rules set forth in the EU-U.S. DPF and its UK and Swiss extensions. The link to the EU-U.S. DPF is here:
EU-U.S. Data Privacy Framework (DPF). The DPF describes the principles to which our organization subscribes. Your complaints or inquiries can be sent to us in either of the two ways mentioned below. We strive to respond to any privacy requests or complaints within 2 weeks and commit to responding to you within 30 days. If you are dissatisfied with our handling of your privacy complaint or issue, you have the right to complain to an independent arbiter to investigate complaints related to non-compliance or non-conformity to DPF principles. The U.S. FTC (Federal Trade Commission) has jurisdiction over any personal data kept by us. In the event you are dissatisfied with the way we address your issue or complaint you have the right to escalate your complaint/issue outside our organization in accordance with the following guide with associated links that outlines a series of escalating steps you may take:
EU-U.S. DPF Procedures for submitting a complaint
EU-U.S. Data Privacy Framework (DPF). The DPF describes the principles to which our organization subscribes. Your complaints or inquiries can be sent to us in either of the two ways mentioned below. We strive to respond to any privacy requests or complaints within 2 weeks and commit to responding to you within 30 days. If you are dissatisfied with our handling of your privacy complaint or issue, you have the right to complain to an independent arbiter to investigate complaints related to non-compliance or non-conformity to DPF principles. The U.S. FTC (Federal Trade Commission) has jurisdiction over any personal data kept by us. In the event you are dissatisfied with the way we address your issue or complaint you have the right to escalate your complaint/issue outside our organization in accordance with the following guide with associated links that outlines a series of escalating steps you may take:
EU-U.S. DPF Procedures for submitting a complaint
As mentioned in prior sections of this Privacy Statement, we have an obligation to disclose your personal data to lawful requests of U.S. Government authorities (but, also, we have very little personal information -- your email, maybe your phone, and the MAC Address of your devices). You have the Right To Be Forgotten. For our commercial application, to exercise this right, please write to support@tessellationsoftware.com with subject "Right To Be Forgotten" (no quotes). Our customer support will arrange a time to send you an OTP (to ensure that it is you making the request -- or, will send one to your phone if you have one on file with us). If you confirm, we will delete you and we will no longer have your email and phone and you will lose any unused licenses.
As mentioned, although we don’t transfer your data to third parties excepting for our use of Amazon AWS and FastSpring as our reseller. In both cases, we exercise precautions in accordance with our high-level expertise and do not permit Amazon to use your data for their own purposes. AWS is where our servers sit and they provide infrastructure support to us for our servers, networking, communications, etc.. Our “data processor” (AWS) has certified to the EU-U.S. Data Privacy Framework (DPF) that they adhere to the DPF principles and therefore will not use any data we store with them that they might have access to. (Their access is even more limited than ours and, as repeatedly stated, our access is extremely limited.)
We reserve the right to change this Privacy Policy at any time. For any substantive change, we will notify you via email and/or through a link in our App.
How to contact us concerning Privacy issues:
Via mail:
Tessellation Software LLC
58 Sylvan Road N
Westport, CT 06880-2942, U.S.A.
Via email:
Send an email to: privacy@tessellationsoftware.com with ‘Subject:’ starting with any of the following:
Tessellation Software LLC
58 Sylvan Road N
Westport, CT 06880-2942, U.S.A.
Attn: Privacy Officer
Via email:
Send an email to: privacy@tessellationsoftware.com with ‘Subject:’ starting with any of the following:
Privacy Inquiry
Privacy Request
Privacy Complaint