Whistic Privacy Policy

Effective May 24, 2018


1. Scope – Privacy Policy, Terms of Service, and Third Party Links

1.1 Privacy Policy. This Privacy Policy (this "Privacy Policy") applies to information we collect, receive, or use on or in connection with websites owned or controlled by Whistic, Inc., a Delaware corporation, or its affiliated companies ("Whistic" or "we" or "our" or "us"), including www.whistic.com, applications, products, features, services, marketing, email or other site-related electronic communications, whether online or offline, or any portion thereof (collectively, the "Service"). Affiliated companies are entities that control, are controlled by or are under common control with Whistic.

1.2 Terms of Service. This Privacy Policy and the Whistic Terms of Service ("Terms of Service"), which can be found at https://www.whistic.com/terms, and is incorporated herein by reference, are an agreement (collectively, this "Agreement") between Whistic and you ("You" or "your" or "you"), a user of the Service. By accessing or using the Service, you acknowledge and agree to this Privacy Policy and the Terms of Service. If you choose to not agree with the Privacy Policy or the Terms of Service, you may not use the Service.

1.3 Third Party Websites or Services. The Service contains links to third party websites or services, including third party applications or software that you may choose to integrate with the Service through Whistic’s website (“Third Party Services”). Please be aware that this policy does not apply to, and we are not responsible for, the content or privacy practices of such Third Party Services. We encourage our users to be aware when they leave Whistic’s Service and to read the privacy statements of any other site, application or software that you use, which may collect information about you.

2. Information Collection. We may collect and receive information that identifies you ("Personal Information") and other information and data related to you and your use of the Service (“Other Information” and together with Personal Information, “Information”):

2.1 Personal Information About You.

2.1.1 Information that you provide to us when you register for an account, such as your name, address, profile image, title, phone number, and email address;

2.1.2 Information that you provide to us when you purchase a product or service, including, without limitation, payment, billing, contact, physical address, and related information;

2.1.3 Information that you provide if you email, phone, contact or communicate with us or our third party service providers, such as your name, title, email address or phone number.

2.2 Other Information You Provide.

2.2.1 Information that you provide to us if you participate in a promotion;

2.2.2 Information that you provide or upload while using the Service, including company information related to a security review request or for use in a security profile or for internal assessment purposes. You may also upload Personal Information about your company or vendor contacts (such as their names, titles, and other contact information);

2.2.3 Information from public databases and third parties;

2.3 Usage Information.

2.3.1 Traffic and usage information generated from your visit to the Service, for example: traffic data, pages you visit, features you use, browser information, operating system, IP address, cookie information, and the type of device that you use to access the Service;

2.3.2 De-identified, aggregate information about you and our other users, such as the numbers and frequency of users and their characteristics and information about similar groups of users, or users that live in a particular geographical area. This data is used in the aggregate as a statistical measure and not in a manner that would identify you personally. This aggregate information generally is collected through the use of cookies and beacons;

2.3.3 De-identified, aggregate data related to the security reviews conducted using Whistic, such as the average length of time it takes to complete a security review, the average number of users involved in a security review, and other related data;

2.3.4 Information regarding the videos you view on the Service.

2.4 Children Under the Age of 13. The Service and its content are not intended for children under the age of 13. We do not knowingly collect or solicit any information from anyone under the age of 13 or allow people under the age of 13 to register for the Service or provide any Information to or on our websites. In the event that we learn that we have collected Personal Information from a child under age 13 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at support@whistic.com.

3. Tracking Technologies We Use. We may use one or more of the following tracking technologies, and similar future tracking technologies, to automatically collect Information: cookies, local shared objects, web beacons, unique telephone numbers, general log information and referral information from third-party services.

3.1 "Cookies" are alphanumeric identifiers that we transfer to your computer’s hard drive through your Web browser to enable our systems to recognize your browser and tell us how and when pages in the Service are visited and by how many people. We give users a choice whether to opt in to the use of cookies during their first visit to our site. Users can control the use of cookies at the individual browser level. The "Help" portion of the toolbar on the majority of browsers will direct you on how to prevent your browser from accepting new cookies, how to command the browser to tell you when you receive a new cookie, or how to fully disable cookies. We recommend that you leave the cookies activated because cookies allow you to use many features of the Service.

3.2 "Web beacons," also known as an Internet tags, pixel tags or clear GIFs, link web pages to web servers and their cookies. Web beacons can be embedded in web pages, videos, or emails, to collect certain types of information from your browser, check whether you have viewed a particular web page or email message, and determine, among other things, the time and date on which you viewed the content, the IP address of your computer, and the URL of the web page from which the content was viewed.

3.3 "Local shared objects," sometimes known as Flash cookies, may be used to store your preferences or display content based upon what you have viewed on various websites to personalize your visit.

4. How We Use Your Information. We may use the Information that we collect or receive about you for any of the following purposes:

4.1 To provide, operate, maintain, troubleshoot, improve, and promote the Service;

4.2 To enable you to access and use the Service, including uploading, downloading, collaborating and sharing content and information with other users or third parties;

4.3 To contact you for account management, customer service, billing and support reasons, and to process and complete transactions, including sending billing, invoice, and related account information;

4.4 To send transactional messages, including responding to your comments, questions, and requests;

4.5 To send you technical notices, product or service updates, security alerts, and support and administrative messages;

4.6 To send promotional communications, such as providing you with information about products, services, features, newsletters, offers, promotions, events and updates;

4.7 To monitor and analyze trends, usage, and activities in connection with the Service and for marketing, advertising, administrative, account management, analytical, research, optimization, and other purposes. For example, we may use statistical analyses of usage data in order to measure interest in the various areas of the Service, for research and development purposes, or to inform business prospects or partners about the use of the Service and our website;

4.8 To investigate and prevent fraudulent transactions, unauthorized access to the Service, and other illegal activities;

4.9 To personalize the Service’s content, features or advertisements;

5. Third Party Services. You have the ability to determine whether to access certain Third Party Services through Whistic’s Service. For example, we may include links to third party websites, which you may choose to click through or not. We may also offer you the opportunity to install software that integrates with Whistic’s Service. If you decide to enable these integrations, the Third Party Service provider may collect certain information from you, such as your name and email address or other information you provide directly through the Third Party Service. The Third Party Service provider may share this information with Whistic to facilitate the integration, but Whistic does not control the use of any information that you provide through Third Party Services. We recommend that you review the privacy policies of these Third Party Services to understand what information the provider may collect and how that information may be used.

6. Information Sharing.

6.1 How Long We Retain Your Information. We may retain your Information as long as you are a registered user, or to meet our legal obligations, resolve disputes, or enforce our agreements. When we no longer have a business need to process your Information, we may either delete it or aggregate it for anonymous use. You may also request that we delete your Personal Information at any time. If we cannot delete or aggregate some of your Information, such as when it is archived in our backup systems, then we will store, but not otherwise further process, that Information until it is deleted pursuant to our data retention policies.

6.2 Service Providers. We engage service providers to assist us in delivering the Services and to support our business. We may share your Information, including, without limitation, Personal Information, with such service providers subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and on the condition that the third parties use your Information only on our behalf and pursuant to our instructions. Additional information regarding the service providers that may process your Information on our behalf (“subprocessors”) will be provided upon request.

6.3 Payment Processors. If you utilize any paid Whistic Service, we will share your payment information with our bank to process payments made by check.

6.4 Authorized Personnel. Our employees, agents, consultants, and contractors may have access to user Information on a need-to-know basis only. Such authorized personnel are bound by strict confidentiality obligations and our other security measures and policies.

6.5 Business Transactions. If the Service or Whistic considers or engages in a merger, acquisition, bankruptcy, dissolution, reorganization or sale of assets or stock, financing, or similar transaction, user Information may be shared or transferred, subject to confidentiality protections and security measures no less protective than as outlined in this Privacy Policy.

6.6 Government, Law Enforcement or Third Parties. We may disclose any Information, including, without limitation, Personal Information, that we deem necessary, in our sole discretion and without your prior permission, to comply with any applicable law, regulation, legal process or governmental request. We also may exchange Information, including, without limitation, Personal Information, with other companies and organizations to protect the rights, property, or safety of Whistic and its affiliates, personnel, users, third parties, or others. We reserve the right to disclose a user’s Information, including, without limitation, Personal Information, to law enforcement and regulatory agencies if we believe, in good faith, that the user is in violation of the Terms of Service (https://www.whistic.com/terms), even without a subpoena, warrant or other court order.

6.7 Social Media Networks. We may include applications or widgets from social media networks that allow interaction or content sharing by their users. These widgets, such as a Facebook "Share" or "Like" button, are visible to you on the web page you visit. Integration between the Service and social media networks such as Facebook, Twitter and others may allow social media networks in which you participate to collect information about you, even when you do not explicitly activate the network’s application or widget. Please visit the applicable social media network’s privacy policy to better understand their data collection practices and choices they make available to you. The privacy policy of the social media network controls the collection, use and disclosure of all personal information transmitted to that network.

7. Rights to Choose and Opt-Out. We provide you the ability to exercise certain controls and choices regarding our collection, use and sharing of your Information.

7.1 In accordance with local law:

7.1.1 You can choose not to provide information to us, although your use of our site will be limited.

7.1.2 You may correct, update and delete your account information, as described below.

7.1.3 You may change your choices for email subscriptions and newsletters through your user account settings, by contacting us as described below, or by following the unsubscribe instructions included in the email.

7.1.4 You will be given the choice on your first visit to our website whether to opt in to the use of cookies. You can also set your browser to refuse all or some cookies or alert you to when cookies are being sent. However, it’s important to remember that many of our services may not function properly if your cookies are disabled.

7.2 If you are from certain territories (such as the European Economic Area), you may have the right to exercise additional rights available to you under applicable laws, including, in certain circumstances:

7.2.1 Right to erasure: You may have the right to require us to erase your Personal Information (the “right to be forgotten”).

7.2.2 Right to object: You may have the right to object to the processing of your Personal Information, including for direct marketing purposes.

7.2.3 Right to restriction of processing: You may have the right to restrict the processing (other than storage) of your Personal Information, such as to verify the accuracy of your Personal Information or if the information is being unlawfully processed.

7.2.4 Right to data portability: You may have the right to be provided with your Personal Information in a commonly used format or to require that we transmit your Personal Information directly to others.

In each case, however, we may have a right to retain certain Personal Information for legal and administrative purposes. If you would like to exercise your rights, please email us at support@whistic.com. We may require that verify your identity before we process your request.

7.3 Accessing and Correcting Your Information. If you have a Whistic account, you can help ensure that your contact information and preferences are accurate, complete, and up to date by logging in to your Whistic account or by emailing us at support@whistic.com. For other Personal Information we hold, we will provide you with access for any purpose including requesting that we correct the data if it is inaccurate or delete the data if we are not required or permitted to retain it by law. You can contact as provided below to request such information. We cannot delete your Personal Information except by deleting your user account. We may not accommodate a request to change or delete your Personal Information if we believe that the change would violate any law or legal requirement, if the information is necessary for the establishment, exercise or defense of legal claims, or to protect others’ rights. We may also not remove Personal Information from our backup systems. If you have made comments via the Services and shared those comments in collaboration with others, then copies of your comments may remain viewable in cached and archived pages, or might have been copied or stored by other website users.

8. Security of Your Information.

8.1 Security Measures. We have put in place physical, electronic, and managerial procedures designed to help prevent unauthorized access, to maintain data security, and to use correctly the Information we collect and receive. These safeguards vary based on the sensitivity of the Information.

8.2 Your Responsibilities. The safety and security of your Information also depends on you. Where we have given you a password for access to certain parts of our website, you are responsible for keeping this password confidential. Where you have chosen a password, you are responsible for ensuring that it is regularly changed and sufficiently strong. We also encourage you to use additional security measures that may be available to you via the Services, including Single Sign On (SSO) and two-factor authentication.

8.3 No Security Guarantees. Although we take appropriate measures to safeguard against unauthorized disclosures of Information, we cannot assure you that Information will never be disclosed, altered or destroyed in a manner that is inconsistent with this Privacy Policy.

9. Changes to the Privacy Policy. We may change our Privacy Policy at any time and from time to time, in our sole discretion. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on our website. We encourage visitors to frequently check this page for any changes to the Privacy Policy. The most recent version of the Privacy Policy is reflected by the version date located at the top of this Privacy Policy. Your continued use of the Service after any change in this Privacy Policy will constitute your acceptance of the changes.

10. California Privacy Rights and Do Not Track Disclosures.

10.1 Privacy Rights. California residents have the right to request information regarding the disclosure of your Information by us to third parties for the third parties’ direct marketing purposes. California law also permits registered users who are minors to request and obtain deletion of certain posted content. To make any such requests, please email us at support@whistic.com or contact us at the address below.

10.2 Do Not Track Disclosures. Some web browsers include "Do Not Track" settings. We do not currently take action to respond to Do Not Track signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a standard once one is created.

11. Users from Other Jurisdictions. By using the Service, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and consent to having your data transferred to and processed on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you do not accept this Privacy Policy, please do not use the Service. The Service is controlled and operated by Whistic in the United States, subject to Utah law. If you are not a resident of the United States or you are located in the European Economic Area or anywhere else outside the United States and choose to use the Service or provide Information to us, please note that we will transfer the Information, including Personal Information, to the United States and process it there. Your acceptance of this Privacy Policy, followed by your submission of such Information represents your agreement and consent to that transfer. We do not represent or warrant that the Service, or any portion thereof, is appropriate or available for use in any particular jurisdiction. Those who choose to access the Service do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules and regulations. You also are subject to United States export controls in connection with your use of the Service and are responsible for any violations of such controls, including, without limitation, any United States embargoes or other federal rules and regulations restricting exports. We may limit the availability of the Service, in whole or in part, to any person, geographic area or jurisdiction that we choose, at any time and in our sole discretion.

12. Contact Information. If you have any questions, feedback or to report a violation regarding the Privacy Policy, you may email us at info@whistic.com or contact us by mail addressed to:


Whistic, Inc.
1982 W. Pleasant Grove Blvd, Suite H 
Pleasant Grove, UT 84062 
Attn: Privacy Policy