Last Updated: April 30, 2020
Your Privacy Matters
We are committed to be transparent with you about the data we collect about you and how it is used, shared, and transferred.
Any person who visits one of our websites or online services (e.g. Intrro.com) is a Visitor.
We will ask for your consent to use your data in certain cases, and you may withdraw that consent.
When relevant, we will ask you for explicit consent when you are using parts of the product that need access to different data that belongs to you - for example, we will ask you for separate consent to access your Google Contacts versus your LinkedIn connections, if and when you decide to import that data into Intrro.
You may withdraw your consent for future data collection through these sources by disconnecting the relevant account from your Settings page, or requesting via support lines.
1. The Information We Collect About You
We collect information about you directly from you, as well as from other sources, including other services with which we interact or integrate, others who post content or information about you, our customers (e.g., in their capacity as your employer), our partners, public sources, data analytics and tracking tools providers, social networks, and service providers.
1.1 Information You Provide To Us
You provide data to create an account with us and to use our Services.
To create an account, you provide certain identifiers including your name, email address and/or mobile number, and a password. If you register for a premium Service, we may ask you for payment (credit card) and billing information. We use certified PCI-DSS compliant external systems for payment processing and billing including Stripe and Bill.com.
Sign-In Using Credentials from Other Services
You may sign into our services using credentials from certain other sites, including Google and Microsoft Outlook. When you do so, we will collect your email address and other information that these sites provide to us.
Profile information is used to verify your identity and provide you with Intrro Services, including helping other people in your network to find you and potentially contact you for the purpose of introductions or new opportunities. An abbreviated version of your profile can be viewed by others when it is shared with them; although it may not be indexed by a search engine.
Posting and Uploading
We collect personal data from you when you provide, post or upload content to our Services, such as when you fill out a form or send invitations. If you opt-in to import your address book from your email provider or external sites, we receive your contacts (including contact information your service provider(s) or app automatically added to your address book when you communicated with addresses or numbers not already in your list).
If you import your LinkedIn data, we receive data about your LinkedIn connections and your LinkedIn profile, but the information we store and use is limited to your connections’ basic information such as full name, email, current job title, current company, and public websites. The information contained in your LinkedIn data exports may be changed by LinkedIn from time to time, and that would be reflected in what you share with us.
The purpose of importing LinkedIn connections is to make personalized recommendations to you about how to navigate your network when making introductions and getting referrals.
If you are an employee at a company that uses Intrro, your LinkedIn contacts information will be accessible to managers and recruiters at your company.
Neither Intrro, nor your employer will be able to access LinkedIn information about you that you generally consider private such as private messages, your LinkedIn posts, salary information, job applications, etc.
Intrro makes recommendations to your recruiting team about people in your network so that the recruiting team can request introductions to those people from you.
1.2 Information From Others
Others may provide information about you to us.
You and others may post content that includes information about you on our Services. Unless you opt-out, we collect public information about you, such as your current job title, your education and work history, links to your various public presences on the internet e.g., Twitter, Github, LinkedIn, and make it available as part of our Services (e.g., suggestions for your profile).
Contact, Profile and Other Information
We receive personal data about you when others import or sync their address book with our Services, or send messages using our Services (including invites or introduction requests).
Customers and partners may provide data to us. For example, your employer may provide us with an email to invite you into the service. In addition, we may receive information about you when other users refer you to us.
We also receive information about you when we use service providers to help us enrich the data that we have about you.
1.3 Service Use
We log your visits and use of our Services.
We log usage data when you visit or otherwise use our Services, including our sites, such as when you view or click on content (e.g., job postings), perform a search, share job openings, or apply for jobs. We use log-ins, cookies, device information and internet protocol (“IP”) addresses and log your use if you are registered user. We do not associate this with any particular person unless you are logged into our Services.
1.4 Cookies, Web Beacons and Other Similar Technologies
We collect data through cookies and similar technologies.
Do Not Track Signals. Currently our site does not respond to browser do-not-track signals. You may disable certain tracking by disabling cookies.
1.5 Your Device and Location
We receive data from your devices and networks.
We collect usage information about your messages.
We collect information about you when you send, receive, or engage with messages in connection with our Services. For example, if you get a Intrro invite, we track whether you have acted on it and may send you reminders. However, we are NOT able to read your emails (e.g., Gmail or Microsoft Outlook) when you use those providers as a way of authentication (e.g., Sign In with Google).
1.7 Workplace Provided Information
When your employer buys a premium Service for you to use at work, they may give us data about you.
An employer (or other person or entity procuring our Services for your use) may provide us information about their employees or contractors who make use of these Services. For example, we will get contact information for “Company Page” administrators.
We are improving our Services, which means we may collect new data from or about you and create new ways to use data.
2. How We Use Your Data
How we use your personal data will depend on which Services you use, how you use those Services and the choices you make in your settings. We use the data that we have about you to provide, support, promote, protect, personalize and make our Services more relevant and useful to you and others, as discussed in more detail below.
We use your data for the following purposes:
• Providing Support and Services: Including to authenticate you and authorize access to our Services; to communicate with you about your access to and use of our Services; to respond to your inquiries; to provide troubleshooting, fulfill your orders and requests, process your payments and provide technical support; and for other customer service and support purposes.
• Analyzing and Improving Services and Operations: Including to better understand how users access and use our Services, to evaluate and improve our Services and business operations, and to develop new Services; to conduct surveys and other evaluations (such as customer satisfaction surveys); and for other research and analytical purposes.
• Personalizing Content and Experiences: Including to tailor content we send or display on our websites and other Services; to offer location customization and personalized help and instructions; and to otherwise personalize your experiences.
• Marketing and Promotional Purposes: To send you newsletters, offers or other information we think may interest you; to contact you about our Services or information we think may interest you; and to administer promotions and contests.
• Securing and Protecting Our Business: Including to protect and secure our business operations, assets, Services, network and information and technology resources.
• Defending our Legal Rights: Including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties.
• Auditing, Reporting, Corporate Governance, and Internal Operations: Including relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy or restructuring of all or part of our business.
• Complying with Legal Obligations: Including to comply with the law, our legal obligations and legal process, such warrants, subpoenas, court orders, and regulatory or law enforcement requests.
In addition, we use your data for the more specific purposes set forth below.
Our Services help you connect with others, find and be found for work and business opportunities, find and be found for referrals and introductions, and participate in employee referral programs run by different companies.
We use your data to authenticate you and authorize access to our Services.
Our Services allow you to find, receive, and be found for introductions and referrals by colleagues, partners, clients, and other professional contacts. If you are connected with someone through your contacts (e.g., LinkedIn, address book) you both will be able to see each other’s professional profile information, and request introductions from each other’s networks.
We will use data about you (data provided through address book uploads or partner integrations) to suggest introductions, connections, and referrals for you and others (e.g., Members who share contacts in common with you) and enable you to invite others to become a Member or request an introduction from them, even if they are not a Member. It is your choice whether to invite someone to our Services or send an introduction request. You can choose whether or not to share your own list of connections with your network.
We use your profile, activity and other data, including your job title, name and picture, to provide recommendations to other Members in your network.
For example, if you are connected to both a recruiter and a potential candidate for a job, we may suggest to the recruiter that they reach out to you in order to get an introduction to the potential candidate for that job.
However, a recruiter you do not know would be unable to contact one of your friends directly by virtue of you importing your connections into Intrro.
Your profile can be found by those people in your second-degree network looking to hire or be hired by you, and may be obtained from public information or other Users even if you are not a User of our Services.
We will use your data to recommend job related introductions to you, show you and others who work at a company, in an industry, function or location or have certain job titles and connections.
We may use your profile to recommend jobs to you and you to recruiters at companies that are in your network.
Our Services allow you to collaborate with colleagues. Our Services allow you to communicate with other professionals. We allow you to store information and use tools to improve productivity such as message templating.
2.2 Premium Services
Our premium Services allow paying Members to search for and contact others through our Services, such as by searching for and contacting job candidates, and promote content through social media.
We sell premium Services that provide our customers customized-search functionality and tools (including messaging). A premium Services subscriber can store information he/she has about you in our premium Services, such as contact information or work history.
It is against our policy for Users to scrape or permanently take data that does not belong to them off Intrro. In certain cases, we permit Users to export data to approved Partner integrations (such as an Applicant Tracking System).
We contact you through multiple channels. We offer settings to control what and how often you receive some types of messages.
We will contact you through email, notices posted on our websites or apps, team chat applications like Slack, and other ways through our Services.
We will send you messages about the availability of our Services, security, or other service-related issues.
We promote our Services to you and others.
Consistent with your request, or our customer agreements, we send messages about how to use the Services, network updates, reminders, referral suggestions and promotional messages from us and our partners.
You may change your communication preferences at any time by signing into your Drafted accounts and updating your notification preferences, by contacting us at email@example.com or clicking the unsubscribe link in an email. Please be aware that you cannot opt-out of receiving service messages from us, including security and legal notices.
2.5 Customer Support
We use data to help you and fix problems.
We use the data (which can include profile, communication activity and activity history in some cases) needed to investigate, respond to and resolve complaints and Service issues (e.g., bugs).
We train our support staff to handle your personal information in compliance with our information security policies, including with respect to access rights. We use tools and monitoring like Hubspot, Fullstory, and Drift to help provide you with better support and services. We ensure that these external tools we use are compliant with our policies.
2.6 Aggregate Insights
We use data to generate aggregate insights.
We use your information to produce aggregate insights on an anonymized basis. For example we may use your data to generate statistics about our Users, their profession or industry, or the demographic distribution of visitors to a site.
2.7 Security and Investigations
We use data for security, fraud prevention and investigations.
3 How We Share Your Information
Any information you include on your profile, or publicly available information that is added to your profile automatically by our Services can be seen by others.
3.1 Service Providers
We may use others to help us with our Services.
We use others to help us provide our Services (e.g., maintenance, analysis, audit, payments, fraud detection, marketing and development). They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated to not to disclose or use it for other purposes. We also use service providers to help us enrich the data that we have about you.
3.2 Legal Disclosures
We share information when we are legally required to do so or when we believe it appropriate to do so.
We may need to share your data with professional advisors (such as attorneys), legal authorities, or regulatory bodies when we believe it’s required by law or to protect your and our rights and security or the rights and security of other users of our Services.
It is possible that we will need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you, (3) investigate and defend ourselves against any third-party claims or allegations, (4) protect the security or integrity of our Service (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of Intrro, our Members, personnel, or others. We attempt to notify Members about legal demands for their personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand. If we share data with a person under this section, as appropriate, we will take measures designed to safeguard your data.
3.3 Business Transfers
We share information if we engage in a business transaction.
We may disclose your information to another entity in connection with an acquisition, merger, sale or transfer of a business unit or assets, bankruptcy proceeding, if someone invests in us, or as part of any other similar business transaction, including during negotiations related to such transactions. If we share data with a person under this section, as appropriate, we will take measures designed to safeguard your data.
4. Your Choices & Obligations
4.1 Legal Basis for Processing Your Data
If you are an EU resident, we have an appropriate legal basis for processing your personal data.
If you are an EU resident, we will process your personal data based on one of the following legal bases: as necessary to fulfill a contract; our legitimate business interests provided we respect your rights; your consent; or if necessary, to comply with a legal or regulatory obligation.
4.2 Data Retention
We keep most of your personal data for as long as your account is open.
We retain the personal data you provide while your account is in existence or as needed to provide you Services. Even if you only use our Services when looking for a new job every few years, we will retain your information and keep your profile until you decide to close your account or exercise your right to be forgotten.
In some cases we choose to retain certain information in a depersonalized or aggregated form, for example some of the uses outlined in section 2.
Unless you opt-out or exercise your right to be forgotten, we will retain publicly available data about you in order to provide services to other Members who are connected with you.
4.3 Rights to Access and Control Your Personal Data
You can access or delete your personal data. You have choices about how your data is collected, used and shared.
By default, if there is a Intrro public profile about you - it is accessible to anyone who knows how to find it, including you, but it does not contain any information that is not already available about you, without your consent. Only people in your first or second degree network are able to contact you through Intrro, unless you opt-in otherwise.
You can opt out at any time by going to intrro.com/forget
4.4 Account Closure
If you choose to close your Intrro account, your personal data will generally stop being visible to others on our Services within 24 hours.
Account information is permanently deleted within 30 days or less of account closure, except as noted below.
We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our User Agreement, or fulfill your request to “unsubscribe” from further messages from us. We will retain de-personalized information after your account has been closed.
Information you have shared with others e.g., referrals you made to your employer remain visible after you closed your account, and we do not control data that other Members copied out of our Services. Your profile picture and name may continue to be displayed in the services of others (e.g., to show that you referred someone).
For further rights that may be available to you, please see section 5 below.
5. Your Rights
If you are an EU individual, you have certain rights under applicable law with respect to your information that we process.
EU Data Subject Request (Data Access Requests)
You may request reasonable access to your data on Drafted. We respond to all Data access requests within the timeframe required under applicable law, typically within 30 days, unless we need additional time to verify your identity or for other permissible purpose, and you can request a copy of your data by contacting us at firstname.lastname@example.org
For Members, most standard Data Access Requests are free of charge, unless there is an excessive number of requests or undue burden through such requests placed on us.
For customers and subscribers of our premium Services, most standard Data Access Requests are included in their subscription, unless there is an excessive number of requests or customized work we need to do in order to serve them.
When you request data from us, we are only able to provide data that belongs to you, and may ask to verify your identity to for security reasons.
If you are in the EU you may, under certain circumstances, also request that we delete your data here. If you wish to correct your information you can do so by editing your profile or by emailing us at email@example.com
In addition, Users may have the right to request that certain personal data be exported to another provider where technically feasible, and, under certain conditions, to object to, or restrict our use of certain personal data. You may also contact us to request that we rectify, delete, or stop processing your personal data, to withdraw, your consent to our processing, and, if you are an EEA resident, to exercise your opt-out rights or place a data portability request.
Requests should be directed to Privacy@intrro.com. Please keep in mind that certain services will not be available if you withdraw your consent, or otherwise delete or object to our processing of your personal data. We will respond to your request in accordance with applicable law, and we will inform you if we do not intend to comply with your request. You also have the right to lodge a complaint with a supervisory authority. For additional information see intrro.com/privacy
6. Other Important Information
We implement security measures to protect your data.
We implement security safeguards designed to protect your data, such as HTTPS. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us.
There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
6.2. Contact Information
You can contact us to resolve any complaints.
If you have questions or complaints regarding this Policy, please first contact Intro online, through our Live Chat support line or by emailing Privacy@intrro.com
6.3 Other Entities
We take measures to protect your data when we engage service providers to help us provide our Services.
Intrro does not sell your data to third parties. Intrro does use several service providers, for example, SendGrid for sending emails. The relevant parts of your data that are required for these services are shared with them, such as your email address for SendGrid to be able to send you a message on our behalf.
Intrro chooses external services carefully and does not use services if there is reason to believe that they will sell your personal data to others. Where possible, Intrro requires external services to be contractually obligated to only use and store data required for the specific purpose of providing services to Intrro or its Users.
6.4 International Transfers of Information
To facilitate our global operations, we transfer information collected globally for the purposes described in this policy.
If your information was collected in the European Union or you are an individual resident in the European Union, we will take steps to ensure that the information receives the same level of protection as if it remained within the European Union - in particular:
● when we share information among our affiliates, we make use of standard contractual data protection clauses; and
● when we share data with other third parties, we either ensure the importer is Privacy Shield compliant, make use of the standard contractual data protection clauses or put in place other appropriate legal mechanisms to safeguard the transfer.
As an individual resident in the European Union, you have a right to receive details of any safeguards that we have where your data is transferred outside the European Union, (e.g. to request a copy where the safeguard is documented, which may be redacted to ensure confidentiality).
7. California Privacy Rights and the California Consumer Privacy Act (CCPA)
If you are a California resident, you may have available to you under California law the rights described below.
In this section, we provide information for California residents, as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”), which requires that we provide California residents certain specific information about how handle their personal information, whether collected online or offline. Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. It does not include publicly available data as defined by the CCPA. This section does not address or apply to our handling of personal information that is subject to an exemption under the CCPA.
Except for the Right to Opt-out and the Right to Non-Discrimination described below, this section does not apply to California residents with whom we transact or communicate solely in the context of providing or receiving a product or service to or from a company that employs such residents or engages such residents as contractors. This section also does not apply to personal information we collect about job applicants, independent contractors, or current or former full-time, part-time and temporary employees and staff, officers, directors or owners of Intrro.
Categories of Personal Information that We Collect, Disclose, and Sell
In this section, we have set forth the categories of personal information that we collect from you, using terminology set forth in the CCPA. As a practical matter, our collection of data from California residents does not vary from other persons, and this section is not intended to differ from what is set forth above. We have identified whether we disclose that information for a business purpose (e.g., when we disclose to service providers who host our website or assist us with advertising).
Right to Opt-out of Sale of Personal Information
We do not sell your personal information.
Sources and Purposes
We collect the above categories of personal information from the sources described in Section 1 (The Information We Collect About You) and for the purposes described in Section 2 (How We Use Your Data).
Notice at Collection
Verifiable Requests to Delete and Requests to Know
Subject to certain exceptions, California residents have the right to make the following requests, at no charge:
Request to Delete: You may request that we delete your personal information, and we will delete such data upon verifiable request subject to any exemptions.
Request to Know: California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance. California residents also have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including the:
• categories of personal information collected;
• categories of sources of personal information;
• business and/or commercial purposes for collecting and selling their personal information;
• categories of third parties/with whom we have disclosed or shared their personal information;
• categories of personal information that we have disclosed or shared with a third party for a business purpose; and
• categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.
California residents may make Requests to Know up to twice every 12 months.
Requests to Know, and Requests to Delete may be submitted by emailing us at Privacy@intrro.com. We will respond to verifiable requests received from California consumers as required by law. An authorized agent submitting a request on behalf of a California resident must demonstrate that the resident provided written permission, signed by the resident authorizing the agent to act on the resident’s behalf. For requests for information and deletion, we may require that the California resident verify its own identity directly with us and directly confirm that the resident provided the authorized agent permission to submit the request.
Right to Non-Discrimination
The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA. Discrimination may exist where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices, rates, or penalties on residents who exercise their CCPA rights, unless doing so is reasonably related to the value provided to the business by the residents’ data.
At this time, we do not offer any financial incentives to persons based on whether they choose to provide personal information to us.
For more information about our privacy practices, you may contact us as set forth in the “Contact Information” section above.