Efforia Inc. (“we”) welcomes you to our platform!
This Privacy Notice (“Privacy Notice”) applies to our platform (“Platform”), available following the link. It was most recently updated on October 30th, 2024.
The Privacy Notice describes which of your personal data the Platform collects, how it stores, processes, and uses it, and what happens when you use the Platform.
About Us
We are the controller of your data processed through the Platform. This means that we determine the purposes and means of personal data processing.
| Name | Efforia, Inc. | ||
| Company number | 7107378 | ||
| Address | 5 Union Square West #1399 New York, NY 10003 | ||
| help@efforia.com – for general inquiries | |||
| help@efforia.com – for privacy inquiries | |||
About You
When you visit the Platform, you become our user (“User”).
We divide the Users into categories so you can easily find details about the processing of your personal data. Pay attention that you can fall into several categories depending on your actions.
| Type of User | Description | ||
| Registered User | User who has registered on the Platform | ||
| Verified User | User who has passed the verification due to compliance with the necessary requirements | ||
| Product Dashboard User | User who fills in information in the Product Dashboard | ||
| Efforia Assistant User | User who chats with Efforia Assistant | ||
| Please note! We do not knowingly process the personal data of Users under the age of 13. If you are such a User or the legal representative of such a User, please contact us. | |||
Personal Data
Sources of Data
We receive your data when you visit the Platform and interact with it, depending on your actions on the Platform.
You can change your personal data by exercising your right to rectification or by the Platform functionality. Please note that the same lawful basis and storage terms apply to the changed data.
We may also (although we do not necessarily do so) receive data from third parties. It depends on your settings and the features you use.
Lawful Bases For Processing
To process your personal data, we rely on the following lawful bases:
- performance of the contract — for the processing of personal data necessary for the negotiating on, conclusion, and performance of a contract (mainly, the Terms of Use for Partners) with you;
- legitimate interest — for the processing necessary for the development of our services, taking into consideration your interests, rights, and expectations;
- legal obligation — for the processing as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorized public body;
- consent — for additional specific purposes.
If we collect personal data on the basis of legitimate interest or performance of the contract, we can use it for another purpose after checking that the new purpose is compatible with the original purpose.
When your data processing is based on a legal obligation or performance of the contract, you are obliged to provide your personal data. We need this data to comply with legal requirements or to properly provide you with our services. The failure to provide such data may have negative consequences, such as tax liability, inability to enter into a contract or provide services to you, etc.
Users’ Data
When you visit the Platform, we collect some data automatically. We collect some technical data about the Users to optimize performance, debug issues, and enhance features while ensuring security and privacy to improve the overall user experience.
Most of the technical data we collect are anonymous, but some data is associated with your IP address and device ID. Please read about personal technical data below.
| Data | Reasons for processing | Lawful basis |
| Information about the сoarse location (IP address, country) | The optimization of the performance, debugging, enhancement of the features’ proper functioning, administering and improvement of the Platform | Legitimate interest (ensuring the network and information security of our IT systems) |
| Technical device information and network information (including IP address, HTTP user agent, browser type, Internet Service Provider (ISP), User ID, device type, MAC, session identifiers (SSRC, Websocket identifier), authentication tokens, context data (such as HTTP header including “accept” field) | ||
| Data storage | ||
| We store the data for three (3) years from its collection | ||
We also need cookies to operate, support, and improve the Platform’s functionality.
| Data | Description | Reasons for processing | Lawful basis |
| Necessary cookies | Information that is necessary for the operation of the Platform | Improving your experience of using the Platform | Performance of the contract |
| Marketing cookies | Marketing information used to match relevant advertising to you | Marketing | Consent |
| Preference cookies | Information necessary for operating some services on the Platform | The operation of some services on the Platform | Consent |
| Data storage | |||
| Stored during the expiry period provided in our Cookie Notice. | |||
Registered Users’ Data
We collect some of your personal data when you create an account on the Platform and edit it.
| Data | Reasons for processing | Lawful basis |
| Username | To create you a profile | Performance of the contract |
| Password | ||
| Full name | To personalize your profile | Performance of the contract |
| Date of birth | ||
| Gender | ||
| Time zone | Legitimate interest (improvement of your use of the Platform) | |
| Biography | ||
| Profile photo | ||
| Phone number | ||
| Data storage | ||
| Stored until you delete your account. | ||
Verified Users’ Data
We collect data when you complete the necessary verification procedures. This is mostly business data, but your personal data may also be collected.
| Data | Reasons for processing | Lawful basis |
| Certificate of incorporation | To verify your company identity and complete the KYC/AML check | Legal obligation |
| Article of association | ||
| Ultimate beneficial owner list | ||
| Data storage | ||
| We store your documents during the length of the business relationship and for ашму (5) years after under the Terms of Use for Partners. | ||
Product Dashboard Users’ Data
We collect data when you use the Product Dashboard on the Platform. This is mostly business data, but your personal data may also be collected.
| Data | Reasons for processing | Lawful basis |
| Organization settings (organization information, e-commerce integrations, full name of organization managers) | To provide Participants with information about your company | Performance of the contract |
| Protocol information (measurements, Product & services, Protocol authors & coaches, approval status, Protocol objective, premium level advanced settings) | To create a Protocol or Product and offer it to Participants | |
| Product information (organization and provider, about the Product, Product reusability & consumability, fulfillment setup, Product cost, default participants content, Product managers) | ||
| Data storage | ||
| Stored until you delete your account, Product, or Protocol. | ||
Efforia Assistant Users’ Data
We collect some of your personal data when you chat with Efforia Assistant (AI).
| Data | Reasons for processing | Lawful basis |
| Text of messages | To design an Efforia challenge Protocol | Performance of the contract |
| Data storage | ||
| We do not store this data | ||
Data Received From Third Parties
We may receive some personal data from third parties. The amount of data collected, the purposes, and the lawful bases for processing are determined by the respective privacy documents of these third parties.
| Third party | Category of data | Privacy documents |
| Data for registration on the Platform | Privacy | |
| Microsoft | Privacy Statement | |
| Apple | Privacy Policy | |
| OpenAI | Communication with AI on author Protocol | Privacy Policy |
| Zendesk | Data regarding customer support | Privacy Notice |
| Intercom | Privacy Policy | |
| HubSpot | Meeting information | Privacy Policy |
| Zoom | Meeting recording | Privacy Statement |
Data Sharing With Third Parties
We can share your personal data with third parties without any harm to you and in full compliance with applicable law. In addition, we have implemented organizational and technical measures to ensure the security of personal data during data transfer to third parties.
| Third parties | Description |
| Analytics tools | We use analytics tools to understand and promote our business. |
| Payment services | We use payment services to process your payments and other transactions. |
| Social networks | We use various social networks to spread information about our activities. |
| Data storage services | We use various cloud services that allow us to securely store data on remote servers. |
| Contractors, services providers on Platform | We cooperate with service providers and contractors to provide you with their services, operate, develop, and improve the features and functionality of the Platform, fulfill your support requests, complete payment transactions, etc. |
| Providers of the services our team use | We use CRM systems, messengers, and other services in our organization to provide you with our services. |
| State authorities, courts, law enforcement agencies, etc | We may be obliged to transfer some of your data to tax authorities, courts, law enforcement agencies, and other governmental bodies:to comply with a government request, court order, or liable law;to prevent unlawful use of the Platform;to protect against claims of third parties;to help prevent or investigate fraud. |
| To get a detailed list of the third-party recipients of your personal data, contact us. | |
To share your data, we rely on the following lawful bases, depending on the case: consent, compliance with the law, legitimate interest, and performance of a contract.
Data Transfer
The personal data we collect is stored in the United States. Most of our recipients are also US and adhere to the same level of data protection as required by the Delaware Personal Data Privacy Act.
If you are an EU user, we ensure that your data is protected and processed in accordance with the General Data Protection Regulation. To share the data outside the EEA, we rely on the adequacy decision by the European Commission or the Data Privacy Framework participation of the recipient.
If the recipient does not participate in the Data Privacy Framework and its country is not deemed to provide an adequate level of protection for your personal data, we adopt Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
You can read more detailed measures to protect your personal data here.
Data Protection
We apply a variety of security measures appropriate to the possible risks.
| Organizational measures | |
| Staff training | Internal policies and instructions |
| Non-disclosure agreements (NDA) | Transfer protection |
| Access control mechanism | |
| Physical measures | |
| Video monitoring | Signaling |
| Limited access to premises | Round-the-clock security |
| Technical measures | |
| Two-factor authentication | Backups |
| Firewalls | Encryption of data |
| Implementation of HTTPS | End-to-end encryption |
Data Subjects Rights
You, as a data subject (individual), have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them depending on your residency.
European Economic Area and United Kingdom Residents
| Right | Description |
| Right to access | You can request information on whether personal data are being processed, and, where that is the case, access to this personal data and the information required by law. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| Right to restrict the processing | You may partially or completely prohibit us from processing your personal data in cases provided by law. |
| Right to data portability | You can request all the data you provided to us and request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data that is collected on the basis of legitimate interest. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right to file a complaint | If your request was not satisfied, you could file a complaint to the regulatory body. |
| To exercise your rights, contact us. | |
| For EEA residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here. | |
| For UK residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint at the Information Commissioner’s Office via number 0303-123-1113 or go online at www.ico.org.uk/concerns. | |
United States Residents
Your rights vary depending on the state of your residency, as indicated below.
| Right | Description | Area | |
| Right to access | You can request an explanation of the processing of your personal data. | California;Colorado;Connecticut;Delaware;Indiana;Iowa;Montana;New Hampshire; | New Jersey;Oregon;Tennessee;Texas;Utah;Virginia. |
| Right to correct | You can change the data if it is inaccurate or incomplete. | California;Colorado;Connecticut;Delaware;Indiana;Montana;New Hampshire; | New Jersey;Oregon;Tennessee;Texas;Virginia. |
| Right to delete | You can send us a request to delete your personal data from our systems. | California;Colorado;Connecticut;Delaware;Indiana;Iowa;Montana;New Hampshire; | New Jersey;Oregon;Tennessee;Texas;Utah;Virginia. |
| Right to portability | You can request all the data you provided to us and request to transfer data to another controller. | California;Colorado;Connecticut;Delaware;Indiana;Iowa;Montana;New Hampshire; | New Jersey;Oregon;Tennessee;Texas;Utah;Virginia. |
| Right to opt out of sales | The right to opt out of the sale of personal data to third parties. | California;Colorado;Connecticut;Delaware;Indiana;Iowa;Montana;New Hampshire; | New Jersey;Oregon;Tennessee;Texas;Utah;Virginia. |
| Right to opt out of certain purposes | The right to opt out of processing for profiling/targeted advertising purposes. | Colorado;Connecticut;Delaware;Indiana;Montana;New Hampshire; | New Jersey;Oregon;Tennessee;Texas;Utah;Virginia. |
| Right to opt out of the processing of sensitive data | The right to opt-out of processing of sensitive data. | California. | |
| Right to opt in for sensitive data processing | The right to opt in before processing sensitive data. | Colorado;Connecticut;Delaware;Indiana;Montana;New Hampshire; | New Jersey;Oregon;Tennessee;Texas;Virginia. |
| Right against automated decision-making | A prohibition against a business making decisions about a consumer based solely on an automated process without human input | California;Colorado;Connecticut;Delaware;Indiana;Iowa;Montana; | New Hampshire;New Jersey;Oregon;Tennessee;Texas;Virginia. |
| Private right of action | The right to seek civil damages from a controller for violations of a statute. | California. | |
| To exercise your rights, contact us. | |||
| We will answer your request within 30 to 60 days, depending on the state and legislative requirements. If your complaint is not satisfied, you can submit a complaint to the Federal Trade Commission. | |||
| Please note! Some states do not have privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us. | |||
Do Not Sell My Personal Information
California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of the “sale” of their personal information by a company governed by the CCPA.
We do not sell your personal information to anyone nor use your data as a business model.
However, we support CCPA by allowing California residents to opt out of any future sale of their personal information. If you would like to record your preference that we will not sell your data in the future, please contact us.
Do-Not-Track Requests
California residents visiting the Platform may request that we do not automatically gather and track information about their online browsing movements across the Internet.
Such requests are typically made through web browser settings that control signals or other mechanisms that allow consumers to exercise choice regarding collecting personal data about an individual consumer’s online activities over time and across third-party Platforms or online services.
We currently do not have the ability to honor these requests. We may modify this Privacy Notice as our abilities change.
Canada Residents
| Right | Description |
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete via request or profile settings on the Platform. |
| Right to delete | You can send us a request to delete your personal data from our systems or delete your account via Platform settings. We will remove all data unless some of them we have to store in compliance with the law requirements. |
| Right to data portability | You can request all the data you provided to us and request to transfer data to another controller. |
| Right to object opt-out | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right not to be subject to automated decision-making | You can object to being subject to automated-based processing to know if there are consequences concerning them due to such processing. |
| Right to lodge a complaint | If your request is not satisfied, you can file a complaint to the regulatory body. |
| To exercise your rights, contact us. We have 30 days to exercise your request from the moment it is received. If your complaint is not satisfied, you can file a complaint to the Office of the Privacy Commissioner of Canada. | |
Cookies
We use cookies that are needed for the Platform’s operation. By using cookies, we receive automatically collected data. You can read more in the Cookie Notice.
If you want to turn off cookies, you can find instructions for managing your browser settings at these links:
Privacy Notice Updates
The Privacy Notice is developed according to the Delaware Personal Data Privacy Act, General Data Protection Regulation, and the best privacy practices.
Existing laws and requirements for processing personal data are subject to change. In this case, we will publish a new version of the Privacy Notice on the Platform.
If there are material changes to the Privacy Notice or the Platform that affect your data privacy rights, we will notify you by displaying information on the Platform and, if necessary, ask for your consent.