Privacy Policy

Effective date: 07/12/18 (see most recent version here) — Click here for key changes

Our approach to your privacy boils down to not being a jerk and doing the right thing. You should never feel surprised about the information we know about you or when we contact you. Every interaction should be valuable to both you and us.

If you ever feel like the information we know about you is surprising, or you're annoyed when we contact you, please let us know. We don't want to be jerky jerks.

When it comes to being stewards of your information, we'll do the right thing. We won't be jerks and use it without your permission, and will give you the upmost control over your information.

Also, we strive to collect the least amount information as possible about you. Information takes up space, and we like space 😊.

Why should you trust us?

Because you support us with your financial support, and our relationship with you helps us achieve our company vision. It's not good to anger people you're in a relationship with. That's bad for taco business, our personal happiness, and helping spread kindness throughout the world.

If for any reason you don't agree with this privacy policy, please do not use any of our Services for any reason. Our Services are defined as anything HeyTaco, LLC creates and owns.

Here's a list of sections to learn more about your privacy:

• What we collect and why
• Where your information is stored and protections
• Cookies and how we use (hint: we don't eat them)
• Who has access to your data
• How you can control your data

First, a note about who you are

If you use HeyTaco's Services you are either a Member or an Administrator. Your HeyTaco Community is made up of Members and Administrators. Administrators have access to all Member data and have control of your Community's settings and data.

If you are not an Administrator and have data questions, request, or concerns please contact your Administrator so they can fulfill your needs. If you cannot contact your Administrator or have a dispute, please contact us at [email protected].

What we collect and why

When an Administrator adds HeyTaco to your chat platform (ie. Slack, Discord, Microsoft Teams, etc.), we collect information necessary for our Services to function. We also collect information if you give it to us.

Any of the information we collect from you may be used in one of the following ways: (a) Personalize your experience. (b) Better respond to your individual needs. (c) Operate and improve our Services (d) Improve customer service. (e) contact you.

Here is what we collect and why:

• Names and URLs of chat platforms you use with HeyTaco
  • Used to display names in the product, identify your platform for support, and associate information about your platform to itself.
• The number of people in your chat platform
  • We use this for product functionality and internal reporting.
  • Example: you unlock Gifts when you give tacos to 50% of your team.
• Your name and/or display name
  • To identify you in the product so we and people in your group can find you.
  • We get this information from you or the chat platform you're using HeyTaco with.
• Your avatar
  • This is a picture you chose to represent your delightful self. It's collected from the picture you gave us or the one you're using in the chat platform with HeyTaco.
• Email address
  • Your account Administrator uses this to relate your information to other systems like Slack or an HR system of record. It can be used to create customized reports like Taco Spaghetti 😊 too.
  • If you are an Administrator, we may use your email to contact you regarding your product usage. This includes things like billing, troubleshooting, cancellation reason, and welcoming you to the product. We strive to send the least email possible.
  • If you are a Member, we won't email you unless you or your Administrator gives us permission to do so. To change your permission, visit your settings page or click here.
• Information about taco messages
  • We only store messages directed at the HeyTaco application. We use this information to operate, maintain, and provide to you the features and functionality of our Service. We store the message, timestamp, giver, receiver, and where the message was located (i.e. channel name, Slack, etc..)
  • This means we cannot see all the messages in your chat platform. In order for us to see your message it must be directed at HeyTaco. In Slack this means HeyTaco can only see messages if the message includes a taco emoji, or a taco reaction has been added to the messsage, and HeyTaco is a member of the channel or group message.

If you have any questions about the information we collect please contact us at [email protected].

Where your information is stored and protections

Security and storage

We use Heroku and Amazon Web Services as hosting providers in the United States to store and protect your information. They are up to date and setup with the latest security standards and undergo recurring security assessments to protect your information.

When you submit information via our service, your information is protected and encrypted both at rest and in transit though secure connections. We implement a variety of security measures to maintain the safety of your personal information. If your personal data is exposed to an unknown 3rd party we will notify you within 72 hours of the incident being reported.

HeyTaco may transfer your data to countries you don't live in. We offer European Union Model Clauses, known as Standard Contractual Clauses, to meet General Data Protection Regulation requirements for Administrators and Members who are citizens of the European Union. A copy of our data processing addendum, including Model Clauses, is available by contacting us.

If you have any questions about data security and storage please contact us at [email protected]

How long do we retain data about you?

We use historical data about people who use our Services to generate internal research reports and for you to view historical information about your own usage.

If you stop using the service, your data is also available to Administrators for your HeyTaco account. Your old data can be used by Administrators to see historical taco giving, messages you gave and received, and any other data collected about you.

We remove your personal data after an Administrator removes and/or stops using our Services and sufficient time has passed to warrant data removal.

The Administrators for your account are responsible for your data. In most circumstances, they must approve of any data removal or modifications. If you are a Member from the European Union and your Administrator will not request to remove your data please contact us [email protected].

Cookies and how we use them (hint: we don't eat them)

Cookies are small files a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.

We use cookies to aggregate data about site traffic and site interaction so that we can offer better Services now and in the future. We may contract with third-party service providers to assist us in better understanding our site visitors and operate HeyTaco. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our Services.

Here's a few examples of how we use cookies:

• To keep you logged in to the website.
• We use cookies for website surveys to learn more about changes we make to the product and your reaction to them.
• We use cookies to see how people interact with the website and our app in chat platforms to compute product usage metrics and monitor inflows of new prospects.
• We use cookies to help us contact people whose billing information is no longer valid.
• Our customer support software has cookies that enable onsite support widgets and help us better assist you.

You have the right to accept or reject our cookies. You can exercise that right by not using our Services and/or using your web browser to accept or refuse cookies. You can visit your web browser's help menu to learn more about how to accept and reject cookies.

If you ever have questions or feedback about cookies we use, please let us know at [email protected].

Who has access to your information

Your information will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the Services requested. We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. An example is our payment processor. They use your email address and name to send you receipts for your payments.

• Stripe (https://stripe.com)
  • Billing and payment processor for purchases. (Administrator contact data only)
• Heroku (https://www.heroku.com)
  • Hosting provider for app and data storage.
• Amazon Web Services (https://aws.amazon.com)
  • Hosting provider for app and data storage.
• Google Analytics (https://www.google.com/analytics)
  • Service analytics to track and analyze Service usage.
• ProfitWell (https://www.profitwell.com)
  • Helps us do billing updates and analyze subscriptions. (Administrator contact data only)
• GrooveHQ (https://www.groovehq.com)
  • Our customer support software.
• HotJar Ltd. (https://www.hotjar.com)
  • If you leave your name or email in a survey, it’s stored with HotJar until we remove it.
• Typeform (https://www.typeform.com)
  • If you leave your name or email in a survey, it’s stored with Typeform until we remove it.
• Quickbooks (https://quickbooks.intuit.com)
  • Certain Administrators may do billing and payment through Quickbooks

We may also release your information when we believe releasing it is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable information may be provided to other parties for marketing, advertising, or other uses. An example of this would be creating an advertisement about how people who use HeyTaco on Slack recognize each other X times per month on average. This is where you aggregate data to make it so the people behind it cannot be identified.

How you can control your data

Depending on if you are an Administrator or Member, you will have different rights regarding your data. If you are an Administrator, you can request for us to send, remove or modify any information about your account. You can export data on Administrator page of your HeyTaco site or by emailing us. To permanently remove your data, you must email us at [email protected], and we will remove your data within 30 days of notice.

If you are a Member, you can export some of your personal data on your Profile page. If you would like to view, modify, or remove all or some of your data please contact your Administrator and have them email us to do so. If you don't know your Administrator or have questions please email us at. [email protected].

Consent

If you do not consent to the collection, use or disclosure of your personal information as outlined in this policy, please do not provide any personal information to our Service or agree to our Terms of Service and Privacy Policy. If you have provided personal information and no longer consent to its use or disclosure as outlined herein, please notify us at [email protected].

Data Protection Authority

Subject to applicable law, you have the right to (i) restrict HeyTaco’s use of your Personal Data and (ii) lodge a complaint with your local data protection authority. If you are a resident of the European Economic Area and would like to lodge a complaint please contact your Data Protection Authority. You can find a list of Data Protection Authorities by clicking here. (http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)

Please contact us before lodging a complaint. We will do our best to meet your needs, adhere to applicable laws, our Terms of Service, and this Privacy Policy.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will post those changes on this page.
Last Updated on July 12th, 2018

Key changes

• Added clearer and easier to understand language and HUMOR
• Provided additional explanation of what data is collected and how it's used
• Added information about how you can control your data
• Added information about how we use cookies
• Added information about how your information is stored
• Added information about who has access to your information
• Added information about how your email address is used
• Added information about how to lodge complaints

Contacting Us

If there are any questions regarding this privacy policy you may contact us here: [email protected]