Last updated: March 31st 2020
Thanks for using Kami! Here we describe how we collect, use and handle your information when you use our websites, software and services (“Services”).
Personal information stored
In order to create a unique account, Kami does require that all users enter their email address and create a password, or use Google Single-sign-on, which is stored on the site, and may collect additional information such as name of organization, and whether they are a business users, teacher or student, in order to assign the user to the correct user group. Documents may be uploaded to Kami by users in order to share them with other users for collaborative processing. Kami does not store these files once the sharing process is completed. Annotations made by users are stored on the site in order to display them to other users viewing a shared document, and to display them to the user if the same file is later re-opened.
Please note that users can choose whether to share this information with us, but certain features may not function without it. As a result, users may not be able to access certain features if required information has not been provided. We will not require a user to provide more information than is reasonably necessary to provide the service to the user, and we use this personal data for no other purpose than providing the service to the user.
Users can annotate documents and provide comments to other users they share a document with. None of this information is shared with any third parties without the user’s consent. None of this information is used to display advertising. The Service does not display advertising whatsoever.
We collect and use the following information to provide, improve and protect our Services:
- Account – We collect, and associate with your account, information you give us like your name, email address, phone number, payment info, and physical address. Some of our services let you access your accounts and your information with other service providers.
- Services – When you use our Services, we store, process and transmit your files and information related to them (for example, the annotations you make ). If you give us access to your contacts, we’ll store those contacts on our servers only for you to use. This will make it easy for you to do things like sharing your stuff, and inviting others to use the Services.
- Usage – We collect information from and about the devices you use to access the Services, to aid trouble-shooting and optimisation ofthe Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services.
Access to your information is given only as discussed below, but we won’t give or sell it to advertisers or other third-parties.
- Other users you share it with – Our Services display information like your name and email address to other users in places like your user profile and sharing notifications. Certain features let you make additional information available to other users.
- You can also give third parties access to your information and account – for example, via Kami APIs. Just remember that their use of your information will be governed by their privacy policies and terms.
- Law & Order – We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of Kami or our users; or (d) protect Kami’s property rights.
- Stewardship of your data is critical to us and a responsibility that we embrace. We believe that our users’ data should receive the same legal protections regardless of whether it’s stored on our services or on their home computer’s hard drive. We’ll abide by our principles when receiving, scrutinizing and responding to government requests for our users’ data:
- Be transparent,
- Fight blanket requests,
- Protect all users, and
- Provide trusted services.
Review and Deletion of Personal Information
If you wish to review your personally identifiable information stored by Kami, you may email us your request at email@example.com . We will respond to your request within 30 days.
If your personally identifiable information changes, or if you no longer desire our service, you may correct, update, or delete it by making the change directly in the user profile in the Kami App, or email us at firstname.lastname@example.org . We will respond to your request within 30 days.
We will retain your information only for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services, contact us at email@example.com. We will only retain and use your information as necessary to comply with our legal obligations.
Cookies and similar technologies used
Technologies such as cookies, beacons, tags and scripts are used by Kami. These technologies are used to make it easier for you to navigate our site, to store your passwords so you don’t have to enter it more than once, analyzing trends, administering the site, tracking users’ movements throughout the site and to gather usage information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
As true of most Web Sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do not link this automatically-collected data to other information we collect about you.
Kami collects and analyzes data on how the service is used in the aggregate for the purpose of improving and enhancing its service. Kami does not analyze information on how particular individuals use the service as part of general reporting procedures or in the usual course of business. However, information on individual usage of the system, including but not limited to individual IP addresses, may be analyzed on a case-specific basis to resolve a technical difficulty or to assist in resolving or investigating any misuse of the service;
Is the Personal Information Secure?
Your account is protected by a password or your single-sign-on account for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but we cannot guarantee complete security. The transmission of information via the Internet is not completely secure. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
When you enter your information on our site we encrypt the transmission of that information using transport layer security (TLS). Firewalls are used to segregate application tiers and provide strict controls on access to resources within our networks. Your data is also encrypted at rest on the servers hosted by our cloud services partner Google Cloud Platform, in compliance with the following certifications and third-party attestations:
- SAS70 Type II audits
- Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS)
- ISO 27001 certification
- U.S. General Services Administration FISMA-Moderate level operation authorization
Third Party Service Providers used
We work with a number of third-party service providers to help improve the quality of our service. We have contracts with these third parties which guarantee that they do not share your information with any other third parties and protect the data at at least the same level as we do ourselves.
Kami uses the following third-party services in the App:
Kami uses the following third-party services on the Website:
- Google Analytics – Google Analytics is an analytics service used to help analyze your use of our Website and allow us to improve communication and useability. We use the information we get from Google Analytics only to improve our Website. We do not use Google Analytics within the Kami App. Our contract with Google Analytics requires that it does not share your information with any other third parties.
We will only contract with future service providers that are consistent with this policy or allow users a choice to send information to the future provider. Kami has liability for onward transfers to third parties unless we can prove we were not a party to the events giving rise to the damages.
European Union – GDPR Data Protection
If you are using Kami in the European Union, The EU General Data Protection Regulation (GDPR) will set a new standard for how companies use and protect EU citizens’ data. It took effect in May 2018.
The GDPR requires that when any EU personal data is hosted or processed outside of the European Economic Area, it must remain protected to an adequate standard in line with EU law. There are a few ways that Kami achieves this.
First, some of our EU customers’ data is processed in New Zealand (where our Headquarters are located). New Zealand is recognized by the EU as a territory that ensures an adequate level of data protection decided by 2013/65/EU: Commission Implementing Decision of 19 December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by New Zealand (notified under document C(2012) 9557) Text with EEA relevance.
When we hold EU customer data in other territories, like the US, we take other ‘Appropriate Safeguards’ that are prescribed by the GDPR. Specifically, we enter into Data Processing Agreements with Customers who require this. We rely on EU Standard Contractual Clauses (also called Model Clauses) published by the European Commission to protect EU data. These are standard form data export agreements that have been approved by the European Commission as a lawful basis for transferring personal data to non-EEA countries like the USA. Our standard Data Processing Agreement is available and can be downloaded here to sign upon request.
In compliance with the Privacy Shield Principles, Kami commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at firstname.lastname@example.org
Kami has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
Thirdly, we have verified that our US-based cloud hosting providers have self-certified under the E.U.-U.S. Privacy Shield framework.
- AWS has self-certified under the EU-US Privacy Shield. AWS also announced compliance with the CISPE Code of Conduct. The CISPE Code of Conduct helps cloud customers assess how their cloud infrastructure provider complies with its data protection obligations under the GDPR.
- Google Cloud Platform has likewise certified under the Privacy Shield. Google’s certification can be found here.
Notable Inc is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC)
GDPR Rights of Arbitration
In case of a dispute or non-resolution related to privacy issues, European users may invoke binding arbitration via your EU data protection authority (DPAs).
Disclosure and Permissions
We do not disclose personal information collected from users to third parties other than to persons who provide support for the operations of the service and who do not use the information for any other purpose, as detailed above.
We reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our Website.