PRIVATE, SAFE, SECURE, YOURS.
We are constantly working to earn and deserve your trust. Your privacy and security are the highest priority in every decision we make.
Here's the bottom line: you, the user, are not our product. We work for you. You are our customer. Your data is always yours and yours alone. We're committed to following the industry's best security standards, such as GDPR, and our privacy by-design and privacy-by-default security model empowers you to control the information you own. You can remove your information from Punch at any time. When it comes to your data, you are the boss.
Take a look at our security and privacy policies for details on what we are doing to protect you. If you have concerns, questions, or suggestions, please reach out. We are always looking to improve.
Your Right to Privacy
We honor and protect your right to privacy.
Punch tracks the time you spend collaborating in your Slack, Google, Microsoft, Zoom, and other accounts so you can setup goals that improve where you spend time. When you connect these accounts to Punch, you authorize Punch to use data within them to interpret and visualize your time in order to help you manage your collaboration goals.
Punch is not intended for use by persons under the age of 16. If we become aware that a person under the age of 16 has provided us with information, we will take actions to delete such information from Punch.
Changes to this Policy
We reserve the right to revise, amend, or modify this policy and our other policies and agreements at any time and in any manner. The latest revision of this policy will be published at https://punch.in/privacy. We will provide notifications of any substantive changes to this policy to users in the Punch app experience and will ask users to consent to changes in the policy.
Collection and Use of Information About Punch Users
“Personal Information” is information that can be used to uniquely identify a natural person and is protected as personal data under applicable data protection law. Your Personal Information is considered confidential and private to you. Personal information is collected when you use Punch products and may be collected when you visit the Punch website.
“Non-Personal Information” is information that does not permit identification of any specific person. Non-Personal Information is collected when you use Punch products and may be collected when you visit the Punch website.
"Communications Information" is metadata from your communications applications, combined with any feedback you provide. The purpose of Communications Information is to track the time you spend in those applications, the parties or channels with whom you're communicating, and any subjective feedback you provide to annotate that metadata.
We may process any information we collect in the country where it was collected as well as in the United States.
Collection of Personal Information
By creating / updating an account with Punch, you provide us with Personal Information which may include but is not limited to: your name, picture, email addresses, social profiles, usernames, passwords, phone numbers, postal addresses, preferences, demographic information, and location information.
Users have the ability to report feedback to Punch to describe their experience or report errors. Punch stores the following information collected when a user provides feedback:
- Email address
- Feedback text
- Log data sent by the user
- Screenshot sent by the user
Punch provides forms on our website that potential customers can fill out to request information about our service. When you fill out one of these forms, you will provide personal data.
As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Websites or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.
We use Third Party Analytics that employ cookies and similar technologies, to collect and analyze information about use of the Services and report on activities and trends. These services may also collect information regarding the use of other websites, apps and online resources.
Use of Personal Information
We will never sell your Personal Information. We may share your Personal Information with third parties only in a manner consistent with the Third Party Disclosures in this policy.
We may use Personal Information to send you announcements related to our products and services. You can opt out of receiving these communications from us by updating your account settings to unsubscribe from these communications.
We may use Personal Information to help us develop, deliver and improve Punch and to understand and personalize your use of Punch. This includes use for internal purposes such as auditing or research and analysis of our products, services and communications.
We may occasionally use Personal Information to send you important notices such as software updates or notices related to your purchases and billing status, changes to our policies, or changes to our products or services. Because this information is critical in nature, you may not be able to opt out of receiving these notices for as long as you continue to use Punch.
We may use Personal Information to administer any special program you may have voluntarily entered into, such as a sweepstake, contest or promotion.
We may also combine your Personal Information with other information to improve Punch, our content, and advertising.
We will display your Personal Information in your profile page and elsewhere in Punch according to your preferences. Any information you choose to provide should reflect how much you want others to know about you.
Collection and Use of Non-Personal Information
Where possible, Punch aggregates or de-identifies data, including Communications Information, so it is no longer reasonably associated with an identified or identifiable natural person. Punch may use this anonymized data to improve Punch products for Punch users.
Punch will retain Personal Information in accordance with a user’s instructions, including any applicable terms in the Terms of Service and the user’s use of service functionality, and as required by applicable law.
You can remove all of the personal data Punch has derived and stored from your Communication Data at anytime by logging into the user interface of the application and deleting your account. You can also submit a request to email@example.com. Please be aware that when you remove your Punch data, some of the Communication Data may be reanalyzed by signing up again. However, some Communication Data captured in real-time prior to your data deletion, such as shared file activity and email triage cannot be recovered with a subsequent signup after your data deletion.
To remove all personal data Punch has collected through marketing effort, through interaction with other Punch users, or to remove personal data collected in Punch’s products, submit a request to firstname.lastname@example.org.
Punch keeps data backups with a 30 day retention period for disaster recovery. These backups may include Personal Information which will be purged automatically when the backup exceeds its retention period. Punch keeps log data for no less than 30 days and up to 186 days.
Updating or Requesting Your Information
In some cases, personal information can be updated within Punch. In the event that you need to update personal information and the Punch app does not support this or in the event that you wish to request access to your personal information that Punch stores, you can submit a request to email@example.com.
Technology Used to Collect Information
To collect information, we use various technologies, such as “cookies”, pixel tags and web beacons on our website, in Punch, and in email messages and advertisements. These technologies help improve the user experience – for example by keeping a user logged in and remembering their username or other information between sessions.
Third Party Relationships
SERVICE PROVIDERS WORKING WITH PUNCH
At times we may make certain Personal Information available to strategic partners and service providers solely for the purpose of assisting us in providing, enhancing or marketing Punch. For example, we may use third parties to process credit card and payment information in accordance with PCI compliance security guidelines.
We will verify any third parties with whom we share your Personal Information also publicly claim and represent their own adherence to GDPR Standards and employ privacy guidelines substantively consistent with those represented in this policy.
Some data included in Punch products is sourced from Third Party providers. This data is generally pulled from public sources and used to improve the product experience of Punch users. Any personal data that Punch receives from third parties will be treated with the same care that Punch treats data directly received from users and in accordance with Punch’s GDPR commitments.
If we receive personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.
LEGAL REQUIREMENTS AND POLICY ENFORCEMENT
We may be legally compelled – due to law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − to disclose your Personal Information or Non-Personal Information. We will only disclose information about you if we determine it is necessary or appropriately required by law related to a clear purpose of national security, law enforcement, or other issues of public importance. Unless legally restricted from doing so, we will attempt to notify you of any disclosure of your Personal Information we are legally-compelled to make.
We may also disclose information about you if we determine that disclosure is reasonably necessary to ensure compliance with our service terms, or to protect our operations or our other users.
In the event of a reorganization, merger, sale or change of ownership we may transfer any and all information, including Personal Information we collect, to the new owner.
LINKS TO EXTERNAL WEBSITES
Our websites may contain links to other sites that are not under our control. These websites have their own policies regarding privacy. You should review those policies when visiting third party websites. We are not responsible for linked websites, and we provide these links solely for the convenience and information of our users.
GOOGLE API SERVICES DATA COMPLIANCE
Our use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
It is your responsibility to keep your passwords used with Punch private and secure. We strongly recommend against sharing your logins and passwords with others.
We take industry standard precautions through administrative, technical and physical measures to protect your Personal Information and Non-Personal Information against loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction.
We use Secure Sockets Layer (SSL) encryption on all web pages that collect any Personal Information. Using an SSL-enabled browser such as Chrome, Firefox, Safari or Internet Explorer is required when your Personal Information is transmitted over the Internet.
When you use some features of Punch, such as sharing your Punch goal achievements on social media, the Personal Information and Non Personal Information you share are visible to others and can be read, collected, or used by them. You are responsible for the information you disclose in this way.
We take reasonable steps to ensure the integrity and security of our network and systems but cannot guarantee these security measures will prevent third parties from obtaining Personal Information or Non Personal Information by illegal actions or attacks. Should such an attack occur, we will notify you via email in accordance with local law and our commitment to GDPR and we will supply the appropriate authorities with available information on the third party in the event the attack comes under prosecution.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
Punch follows, but has not yet been self certified, the EU-U.S. and Swiss-U.S. Privacy Shield frameworks set forth by the U.S. Department of Commerce with respect to collection, use, and retention of Customer Data.
Punch follows, but has not yet been self certified, the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement for personal data submitted by our customers through Punch applications and services.
Your California Privacy Rights
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA.”
For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see the sections on "Collection" and "Use" above. We collect this information for the business and commercial purposes also described in detail above. We share this information with the categories of third parties described in the "Third Party Relationships" section above. Punch does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out).
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at firstname.lastname@example.org. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.
Punch is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).
In the event we are unable to resolve your concern, you may contact JAMS, which provides an independent third-party dispute resolution body based in the United States, and they will investigate and assist you free of charge. A binding arbitration option may also be available to you in order to address residual complaints not resolved by any other means. Stripe is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).