PRIVACY POLICY

At Prompty, we firmly believe that being able to choose who you share your information with is of the utmost importance. Our commitment to both protecting your data and allowing you to retain control of your data is a core principle that is foundational to our platform.

1. Data Visibility Settings

Prompty grants users full control to manage the visibility of personal data. Each setting below describes how much of your information will be visible to the contact that you are sharing the information with. Prompty does not disclose the visibility settings that you assign to your connections.

Full Visibility - All information that you choose to share on your profile will be visible to connections that you grant full visibility to.

Limited Visibility - All information that you choose to share on your profile, excluding phone number, will be visible to connections that you grant limited visibility to.

Restricted Visibility - Only your profile picture, name, preferred pronouns (if chosen to be shown on profile), and personal strength will be visible to connections that you grant restricted visibility to.

Delete Connection - The connection will be removed from your list of connections. The party whose connection that you delete will be only able to view your restricted visibility profile. They will be unable to differentiate between being deleted or being granted restricted visibility (i.e. they will not know that they have been deleted from your list of connections)

2. Data Ownership

At Prompty, we recognize the significance of your personal data and uphold your rights in accordance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and the international standard of General Data Protection Regulations (GDPR).

Processing, as defined by the GDPR, encompasses any action or series of actions performed on personal data. These actions can include, but are not limited to, collecting, storing, using, transmitting, sharing, organizing, and deleting personal data (https://gdpr-info.eu/art-4-gdpr/).

We emphasize that your personal data will only be used for the core functionality of Prompty. We will not share your personal information with third parties unless legally mandated or necessitated by specific legal circumstances.

"Required by law or specific legal circumstances" may include, but are not limited to, situations such as:

1. a)
   Compliance with Legal Obligations: We may process your personal data to fulfill our legal obligations, including security audits required for regulatory compliance.
2. b)
   Protection of Rights and Safety: We may process your personal data when necessary to protect our rights or the safety of our users, employees, or the public.
3. c)
   Legal Claims: In the event of legal disputes, we may process your personal data to assert, defend, or establish legal claims.
4. d)
   Law Enforcement Requests: We may be required to disclose your personal data in response to lawful requests by law enforcement agencies or government authorities.

We will ensure that any processing is conducted in accordance with GDPR protection regulations. If you have any further questions or concerns about how we handle your personal data, please don't hesitate to contact our Data Security Officer at [email protected].

3. Opt-In Sharing

We firmly believe in consent-based interactions. Prompty operates on an opt-in sharing model, which means your data is never shared with other users without you first granting consent. When you connect with others using Prompty, you decide the level of access they have to your information. You can change the level of access that you share on an individual or aggregate basis at any time under “update profile”. You have full control over what is visible to others on Prompty, ensuring that you share only what you're comfortable with.

4. Robust Data Encryption

Prompty takes the security of your data seriously. We employ state-of-the-art encryption technologies to safeguard your data during transmission and storage. All customer data is encrypted at REST with AES-256 and in transit via TLS. Sensitive information like access tokens and keys are encrypted at the application level before they are stored in the database. Your information is fortified with the highest levels of security, ensuring it remains confidential and protected. For further details, refer to the security protocols of our database management provider, Supabase (https://supabase.com/security).

5. Transparency and Consent

Transparency is foundational to the development of trust. At Prompty, we are committed to providing complete transparency in data usage. Whenever your personal information is used for any purpose beyond the core functionality of the platform, we will seek your explicit consent. Your trust is our priority.

6. Data Deletion

We respect your right to control your data's destiny on the Prompty platform. You have the authority to close your account on Prompty at any time under ‘account management’. You will have two options for account deletion:

Hibernation: Hibernation grants all your connections, events, and communities “restricted visibility” of your profile. You will retain all your connections and your visibility settings will be restored to their current state upon your return. You will not be able to use Prompty while in hibernation mode. You can awaken your account from hibernation at any time that you wish by logging into Prompty.

Permanent deletion: Once your account deletion has been requested, your data will be permanently deleted from the Prompty Database within 14 days from your request. Your data will also be removed from all events and communities that you attended. This process is irreversible.

7. Data Portability

Data is exportable from the Prompty platform on an individual basis in the form of VCards, also referred to as the VCF file format. The VCF file format is a contact management file format used to store contact details and is compatible with contact management software such as Apple and Android smartphone contact directories and Outlook Address Book.

In the future, ‘My Connections’ will be exportable in CSV format for use in Microsoft Excel and Customer Relationship Management Software. Users will only be able to export the profile information of users that they have met. The information that is exportable will be limited by the visibility setting was assigned by the owner of the information.

8. Compliance with Privacy Regulations

Prompty adheres to industry standards of data protection and privacy. We are fully compliant with Canadian regulations PIPEDA and working towards achieving compliance with what is widely considered the world’s most stringent regulatory law by March 31, 2024; the EU’s GDPR. Our commitment to data protection is important to us and we will continually update our policies to ensure alignment with evolving regulations, including GDPR, to safeguard your data and privacy rights.

Personal Data Breach Policy: In line with GDPR, we adhere to regulatory personal data breach procedures. The GDPR defines a personal data breach as a "breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed."

All personal data breaches that are likely to result in a risk to the rights and freedoms of natural persons will be reported to the supervising authority within 72 hours of discovery, in accordance with Article 33 of the GDPR.

If a Personal Data Breach results from either (i) the negligence or intentional misconduct of Prompty or (ii) a material failure of Prompty to comply with the terms of this privacy policy, Prompty shall bear all costs associated with investigating and remediating the Personal Data Breach. Prompty shall provide reasonable reimbursement to users for any costs associated with notifying affected individuals as required by law or providing individuals with appropriate remediation services.