TORO PRIVACY POLICY

Last Updated: May 13, 2020

Toro Data Labs, Inc. (“Toro,” “we,” “us,” or “our”) welcomes you. Our Services are subject to the following privacy policy (the “Privacy Policy”), which may be updated by us from time to time without notice to you. By clicking “I Agree,” accessing or using the Services, or otherwise manifesting your assent to this Privacy Policy, you agree to be bound by this Privacy Policy and the accompanying Terms of Use, which together make up the Agreement. If you do not agree to (or cannot comply with) all of the terms of this Privacy Policy, do not access or use the Services.

If you accept or agree to this Agreement on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity to the Agreement and, in such event, “you” and “your” will refer and apply to that company or other legal entity and any Authorized Users.

Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Use.

THE INFORMATION WE COLLECT AND HOW WE USE IT

In the course of operating the Services, Toro collects or receives the following types of information, which may include personal information.

Contact Information

We collect contact information on our Services or through other methods of communication; contact information typically includes your name, email address, and any information you provide in messages to us. If you are accessing the SaaS Product we also collect your username. Additionally, if you are requesting access to the On Prem Product you will need to provide your Amazon account ID. We use such contact information for purposes such as registering you for an account, providing you with a demo of our Products, providing you with information about the Services, responding to your inquiries, sending you email alerts (including marketing emails), or providing you the Services.

Payment Information

In order for us to process your payments for the Products, you will be required to provide certain billing information, which may include your credit card number, expiration date, bank account information, billing address, activation code, and similar information (collectively, “Payment Information”). You authorize our third-party payment vendors including, without limitation, Stripe, to collect, process, and store your Payment Information in accordance with their respective privacy policies. We reserve the right to change our payment vendors at any time, or to use additional payment vendors, at our discretion, and will update this Privacy Policy from time to time accordingly. By purchasing a Product, you agree to be bound by Stripe’s terms and conditions and privacy policy, which are available at https://stripe.com/legal and https://stripe.com/us/privacy, respectively.

Activity Information

The On Prem Product runs and stores data locally on your hardware. We will only have access to the data stored on the On Prem Product to the extent you provide us with remote access to resolve any issues with the On Prem Product.

If you use our SaaS Product, we will have access to User Data that you specify for the SaaS Product to query and the User Analytics. We do not have access to any data in your databases that you do not submit to the SaaS Product. The User Data is used to provide you the data analytics and management services through the SaaS Product.

Server Logs

Like most websites today, our web servers keep log files that record data each time a device accesses those servers, including when you access and use the SaaS Product. The log files contain data about the nature of such access, including the device’s IP address, user agent string (e.g., operating system and browser type/version), referral URL (i.e., the external source by which you arrived at our Website or the SaaS Product) and the pages you’ve clicked on while on our Website or when using the SaaS Product) (the “Usage Data”). We may use this Usage Data for purposes such as assisting in monitoring and troubleshooting errors and incidents, analyzing web traffic, fraud prevention and security, or optimizing the user experience.

Cookies

We collect information using “cookie” technology. Cookies are small packets of data that a website stores on your computer’s or mobile device’s hard drive (or other storage medium) so that your computer will “remember” information about your visit. We use both 1st and 3rd-party session cookies and persistent cookies. Below is a general primer on session and persistent cookies; information collected by cookies depends on its particular purpose. For more information, please see the information regarding analytics providers discussed further below.

● Session Cookies: We use session cookies to make it easier for you to navigate our Services. A session ID cookie expires when you close your browser.

● Persistent Cookies: A persistent cookie remains on your hard drive for an extended period of time or until you delete them. You can remove persistent cookies by following directions provided in your web browser’s “help” file. To the extent we provide a log-in portal or related feature on our Services, persistent cookies can be used to store your passwords so that you don’t have to enter it more than once. Persistent cookies also enable us to track and target the interests of our visitors to personalize the experience on our Website and SaaS Product.

In some cases, we may associate information that you have provided to us (e.g., email address) with the cookies that we use. In addition to facilitating the purposes described above, this is useful in understanding your engagement with other content related to our SaaS Product (e.g., email open rates, URL click-throughs).

If you do not want us to place a cookie on your hard drive, you may be able to turn that feature off on your computer or mobile device. Please consult your browser’s documentation for information on how to do this and how to delete persistent cookies. However, if you decide not to accept cookies from us, certain aspects of the Services may not function properly or as intended.

Third-Party Analytics Providers

We use one or more third–party analytics services to evaluate your use of the Website and SaaS Product, as the case may be, by compiling reports on activity (based on their collection of IP addresses, Internet service provider, browser type, operating system and language, referring and exit pages and URLs, data and time, amount of time spent on particular pages, what sections of the Website and SaaS Product you visit, number of links clicked, search terms and other similar usage data) and analyzing performance metrics. These third parties use cookies and other technologies to help collect, analyze, and provide us reports or other data.

By accessing and using the Website or SaaS Product, you consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this Privacy Policy. For more information on these third parties, including how to opt out from certain data collection, please visit the sites below. Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Website or SaaS Product.

For Google Analytics, please visit: https://www.google.com/analytics

For Mixpanel, please visit: https://help.mixpanel.com/hc/en-us/articles/360001113426-Opt-Out-of-Tracking

Geolocational Information

We automatically collect geolocation information from your device via your browser’s location services to the extent locations services are enabled on your device. Please consult your browser’s documentation regarding how to turn off location services. If you disable location services, you may not be able to use the full array of features and functionalities available through our Website or SaaS Product.

Aggregate Data

In an ongoing effort to better understand our users and the Website and SaaS Product, we might analyze Usage Data, User Data, and User Analytics output by the SaaS Product (and any Usage Data, User Data or User Analytics you voluntarily provide us with respect to the On Prem Product) in aggregate form to operate, maintain, manage, and improve the Services. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe the Services to current and prospective business partners and to other third parties for other lawful purposes.

Onward Transfer to Third Parties

Like many businesses, we hire other companies to perform certain business-related services. We may disclose personal information to certain types of third party companies but only to the extent needed to enable them to provide such services. The types of companies that may receive personal information and their functions are: hosting services, technical assistance, database management/back-up services, use analytics, email marketing platforms, customer service, payment processing, and communications services.

We may also disclose personal information to our parent companies, subsidiaries, affiliates, joint ventures, or other companies under common control in order to support the marketing and sale of our Products.

Business Transfers

In the event of a merger, dissolution, reorganization or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set forth in this Privacy Policy. This policy shall be binding upon Toro and its legal successors in interest.

Disclosure to Public Authorities

We are required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

OPT-OUT FOR DIRECT MARKETING; EMAIL MANAGEMENT

You may opt out at any time from the use of your personal information for direct marketing purposes by emailing the instructions to hello@torodata.io or by clicking on the “Unsubscribe” link located on the bottom of any Toro marketing email and following the instructions found on the page to which the link takes you. Please allow us a reasonable time to process your request. You cannot opt out of receiving transactional e-mails related to the Services.

HOW WE PROTECT YOUR INFORMATION

Toro takes very seriously the security and privacy of the personal information that it collects pursuant to this Privacy Policy. Accordingly, we implement reasonable and appropriate security measures to protect your personal information in our possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases or the databases of the third parties with which we may share your information (as permitted herein), nor can we guarantee that the information you supply will not be intercepted while being transmitted over the Internet. In particular, e-mail sent to us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.

CHILDREN

We do not knowingly collect personal information from children under the age of 13 through the Services. If you are under 13, please do not give us any personal information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide personal information without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us, please contact us at hello@torodata.io, and we will endeavor to delete that information from our databases.

IMPORTANT NOTICE TO ALL NON-US RESIDENTS

Our servers are located in the US and elsewhere. Please be aware that your information may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your country of origin. If you are located outside the United States and choose to use the Services, you do so at your own risk.

CALIFORNIA PRIVACY RIGHTS

Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to obtain certain information about the types of personal information that companies with whom they have an established business relationship (and that are not otherwise exempt) have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties. If you wish to submit a request pursuant to Section 1798.83, please contact Toro via email at hello@torodata.io.

DO NOT TRACK

Toro responds to “Do Not Track” settings and other related mechanisms at this time.

NEVADA PRIVACY RIGHTS

If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at hello@torodata.io with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A.

LINKS TO EXTERNAL WEBSITES

The Services may contain links to third-party websites (“External Sites”). Toro has no control over the privacy practices or the content of any such External Sites. As such, we are not responsible for the content or the privacy policies of such External Sites. You should check the applicable privacy policy and terms of use when visiting any such External Sites.

CHANGES TO THIS PRIVACY POLICY

This Privacy Policy is effective as of the last updated date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time with or without notice to you. By accessing the Services after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, our use of the information collected is governed by the Privacy Policy in effect at the time we collect the information. Please refer back to this Privacy Policy on a regular basis.

HOW TO CONTACT US

If you have questions about this Privacy Policy, please e-mail us at hello@torodata.io with “Privacy Policy” in the subject line.