Effective: July 01, 2022
Capitol AI, Inc. (" Capitol”, Capitol AI”, " we” or " us”) provides an enterprise Software-as-a-Service platform (the "Platform”) that enables companies to generate and share interactive, AI-powered, data stories and related services provided and/or made available by Capitol in connection with the Platform (all of the foregoing, collectively, the "the Capitol Services”). When we refer to the " Capitol Services” throughout this Privacy Notice, we mean, collectively, the Platform and any other services provided by us to you in connection with the foregoing.
This Privacy Notice describes how Capitol may process, use, transfer, store and disclose personal information in connection with the use of the Capitol Services. Please read this Privacy Notice carefully.
The term "personal information” or "personal data” means any information about an individual from which that person may be identified. For example, it may include your name, telephone number, email address, or payment information, and in some jurisdictions your IP address. It does not include data from which the identity of an individual has been definitively removed along with any identifiers connected to such individual (also known as anonymous or anonymized data).
Capitol may collect personal information when you:
Please note that certain information collected by us in connection with your use of the Capitol Services is controlled by the entity or other third party that has entered into the Capitol Terms of Service Agreement available at [www.capitol.ai/termsofuse] or other agreement (hereinafter, the " Agreement”) with Capitol for the access and use of the Capitol Services (such, entity and/or organization, the " Company”).
When Capitol collects or processes such information about your use of the Capitol Services as an authorized employee, contractor, and/or agent of the applicable Company ("Authorized Users”), we do so as a processor on behalf of the Company, who is acting as the controller. If you access and/or use the Capitol Services as an Authorized User, the Company determines its own policies regarding storage, access, modification, deletion, sharing, and retention of such information which may apply to your use of the Capitol Services if you are an Authorized User. If you are an Authorized User, please check with the Company about the Company’s the policies and settings it implements with respect to information you submit in connection with your use of the Capitol Services.
BY ACCESSING OR USING THE CAPITOL SERVICES, OR SUBMITTING INFORMATION IN CONNECTION WITH YOUR USE OF THE CAPITOL SERVICES, YOU ACKNOWLEDGE AND AGREE THAT YOU HAVE READ THIS PRIVACY NOTICE.
Capitol reserves the right to update or modify this Privacy Notice at any time. The revised Privacy Notice will be posted on our website located at www.capitol.ai (the " Site”). All updates and modifications to Privacy Notice will be effective from the day they are posted online (except as stated below). If we make any material changes to Privacy Notice, we post a notice of the changes on the Site and will notify the Company and/or Authorized Users through the user interface of the Platform. It is your responsibility to regularly visit and review the Privacy Notice. If you are a Company and you do not agree to any updates or modifications to the Privacy Notice, do not use or access the Capitol Services (or any part thereof). Your continued use of the Capitol Services after we have posted the updated Privacy Notice, or, in the event of material changes, ten (10) days following the date we posted the notice of such changes on the Site and/or through the Platform and/or App, as applicable, signifies to us that you acknowledge and agree to be bound by the revised Privacy Notice.
If you are a Company and/or Authorized User, Capitol may collect the following personal information in connection with your use of the Capitol Services:
Please be advised that we may ask you to update your information from time to time in order to keep it accurate. Additionally, if you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by data protection laws, we may collect, use and disclose such information for the purposes described in this Privacy Notice. For example, you should ensure the individual concerned is aware of the terms detailed in this Privacy Notice
When using or interacting with the Capitol Services we, or our authorized third-party service providers, automatically collect information about the use and interaction with the Capitol Services as described in the next sentence (collectively, " Usage Information”). We collect certain information about interactions with the Capitol Services, including information about the device used to interact with and/or access the Capitol Services, including, without limitation, IP address, MAC addresses, Wi-Fi BSSID and SSID, Authorized Users host name (e.g., Kelly’s MacBook), access dates and times, information about the approximate location of the person accessing the Capitol Services (as determined through the IP address), geolocation information related to the IP address only, crash data, and log data when accessing and using the Capitol Services.
Capitol uses Usage Information to provide the Capitol Services to the Company pursuant to the Agreement, and understand how the Capitol Services are being used by Company and its Authorized Users (which may include administrative and support communications with us), and other actions taken in connection with the use of the Capitol Services. We use this information for our internal purposes, specifically to operate, maintain, secure and improve the Capitol Services. We may also use this information to provide Company and/or its Authorized Users with notifications, recommendations, and information about specific features of the Capitol Services and/or additional products, services, or features we believe may be of interest to Company.
Cookies and Similar Technologies
We or authorized third parties collect certain information (including, without limitation, Usage Information) by automated means using cookies, web beacons, and server logs for analytic purposes. Capitol tracks users use of the Capitol Services, but does not track users across third party websites. A cookie is a small text file that is stored on a user's computer for record-keeping purposes. When Company and/or its Authorized Users access or use the Capitol Services, we may by means of cookies, beacons, tags, scripts, and/or similar technologies automatically collect technical information about the devices and software used to access the Capitol Services, such as the type of Internet browser or mobile device used, IP addresses or device IDs (or other persistent identifier that uniquely identifies a computer or mobile device on the Internet), the operating system of the computer or mobile device accessing the Capitol Services, and other similar technical information. Typically, all technical, analytics, and usage information is gathered by Capitol in anonymous form and does not identify any individual personally.
We use both session ID cookies and persistent cookies. These technologies (or a combination of them) are used to help us:
We may use third party tools and technologies to help us gather this information discussed above. For instance, we use products provided by Google, Inc., which includes Google Analytics to collect and process certain analytics data with technologies such as tracking pixels.
Google provides some additional privacy options described at www.google.com/policies/privacy/partners/ with respect to Google Analytics cookies. To opt out from Google Analytics, you can download a plug-in from http://tools.google.com/dlpage/gaoptout.
We also use Cloud Flare and Amazon Web Services to provide secure websites, APIs, and applications in the deployment and hosting of our software.
In some instances, we process personal information from third parties other than from you directly, which consists of:
In addition, we may collect certain information from third party databases to provide the Capitol services that does not identify any person or individual, for example, national databases of speed limits; however, if we combine or connect such information with personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be processed in accordance with this Privacy Notice.
With the personal information and other data (including Usage Information) collected by us, we process " Aggregated Data”, such as statistical or demographic data. Aggregated Data may be derived from personal information, but is not considered personal information under the law if it does not directly or indirectly reveal a person’s identity. If we combine or connect Aggregated Data with personal information so that it can directly or indirectly identify a person, we treat the combined data as personal information, which will be processed in accordance with this Privacy Notice.
We use personal information in the following instances:
Provide information to regulatory bodies when legally required, and only as outlined below in Legal Obligations and Security.
Aside from disclosing personal information to those of our personnel who are authorized to process the information in order to provide the Capitol Services and who are committed to confidentiality, we disclose personal information only to the third parties as described below.
We will share and disclose personal information of Authorized Users with the Company.
In addition, we will share and disclose personal information of Authorized Users in accordance with the Company’s instructions, including any applicable terms in the Agreement, and in compliance with applicable law and legal process. If you are an Authorized User, please consult with the Company to learn more about how your information may be used, shared and/or disclosed by us and the Company.
We share personal information with third parties that provide services to help us provide the Capitol Services, and to otherwise operate our business. The following categories of third parties collect data on our behalf or receive personal information:
For a list of all third-party service providers we use, please contact us. We require all third parties to respect the security of personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use personal information for their own purposes and only permit them to process personal information for specified purposes and in accordance with our instructions, unless the data is rendered fully anonymous.
We may also share data with third parties to whom we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use personal information in the same way as set out in this Privacy Notice.
Personal information that we collected through the Capitol Services may be shared with the employees, contractors, and agents of Capitol and our affiliated and subsidiary entities (" Affiliates”) who are involved in providing or improving the Capitol Services. We obligate the employees, contractors and agents of Capitol and our Affiliates to ensure the security and confidentiality of personal information and to act on that personal information only in a manner consistent with this Privacy Notice.
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States. Under such circumstances, unless prohibited by applicable law, we will attempt to provide the Company with prior notice that a request for personal information has been made. We will attempt to provide this notice by email, if the Company has given us an email address. However, government requests may include a court-granted non-disclosure order, which prohibits us from giving notice to the affected individual. In cases where we receive a non-disclosure order, we will notify the Company when it has expired or once we are authorized to do so.
Note that if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis.
If you are an Authorized User, please consult with your Company to learn more about how your Company responds to requests for information pursuant to legal orders.
If you are a Company and/or Authorized User, and have not otherwise opted out, or if you have opted in to receive direct marketing emails from us, we may use your personal information to send you marketing information about the Capitol Services, including, new feature releases, other Capitol products and services, and new products released by Capitol in the future that we think may interest you. We may carry out such direct marketing by email.
If you no longer wish to receive marketing communications, you have the right at any time to opt out as further explained in Your Choices.
If you are a Company (or its authorized representative) and would like to correct or update certain personal information (such as your or an Authorized Users’ contact information) please contact us at email@example.com and we will use reasonable efforts to correct and/or update such information. If you are an Authorized User, you must contact the Company to request corrections or updates to personal information of yours we may process on behalf of the Company.
You may manage your receipt of marketing and non-transactional communications (if applicable) by clicking on the "unsubscribe” link located on the bottom of any of our marketing e-mails. We will use commercially reasonable efforts to process such requests in a timely manner. As a Company and/or Authorized User, you cannot opt out of receiving transactional e-mails related to the Capitol Services (e.g., requests for support).
With respect to your choices regarding cookie and other tracking technologies, most web and mobile device browsers automatically accept cookies, but if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browsers or mobile devices. Please note, however, that by blocking or deleting cookies used on the Capitol Services, you may not be able to take full advantage of the Capitol Services.
Capitol does not process or respond to web browsers' "do not track" signals or other similar transmissions that indicate a request to disable online tracking of users who use our Service.
Capitol does not collect, or require any user to provide, any sensitive data about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic, and biometric data to use the Capitol Services.
Capitol does not target the Capitol Services to persons under the age of 16 and does not knowingly collect personal information from minors. Therefore, we ask you not to provide us with personal information of persons under the age of 16. If we learn that personal information of persons under 16 years of age has been collected on or through the Capitol Services, then we may deactivate the account or otherwise terminate access to the Capitol Services and/or make the user content inaccessible.
We do not directly collect or store any payment information. We use third-party, PCI-compliant, payment processors, which collect payment information on our behalf in order to complete transactions. Our administrators are only able to view limited transaction information via our payment processors’ portals.
Personal information is processed for the period necessary to fulfill the purposes for which it is collected (for example, in connection with the Capitol Services provided to Company pursuant to the Agreement), to comply with legal and regulatory obligations and for the duration of any period necessary to establish, exercise or defend any legal rights.
In order to determine the most appropriate retention periods for your personal information, we consider the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal information, and applicable legal requirements.
In some instances, we may choose to anonymize personal information instead of deleting it, for statistical use, for instance. When we choose to anonymize, we make sure that there is no way that the personal information can be linked back to any specific individual.
If you are an Authorized User, contact the applicable Company if you wish to request the removal of personal information under their control.
We have put in place reasonable and appropriate security measures designed to prevent personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. For example, we use encryption, secure socket layer, firewalls, and password protection. In addition, we limit access to personal information to those employees, agents, contractors and the third parties who have a business need-to-know.
We also have procedures in place to deal with any suspected data security breach; however, no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we take reasonable steps to provide secure services, by using the Capitol Services, you understand and assume the risks associated with your activities on the internet.
In addition, you have responsibility and control over protecting your personal information. For example, you, and not Capitol, is responsible for safeguarding your password, and other authentication information you use to access the Capitol Services. You should not disclose your authentication information to any third party and should immediately notify Capitol of any unauthorized use of your password.
In addition, as described in this Privacy Notice, Capitol cannot secure, and has no responsibility for, any personal information that you share or release on your own or that you request us to share or release.
The Capitol Services and servers are operated in the United States. If you are located outside of the United States, please be aware that your information, including your personal data, may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to use the Capitol Services, you hereby irrevocably and unconditionally consent to such transfer, processing, and use in the United States and elsewhere.
If you have any questions about this Privacy Notice, have additional questions, please contact us by email at: firstname.lastname@example.org.
© 2022 Capitol AI, Inc. All rights reserved.