Privacy Policy

When we refer to "Personal Data", we mean information that is defined as personal data by law. This includes information that identifies you directly or indirectly, including unique identifiers like IP addresses or cookie IDs.

We collect and process Personal Data of the following categories of individuals:

1. User Data: Personal Data concerning: 

(A) commercial customers’ (“Commercial Customers”): (i) internal focal persons who directly engage with us in relation to their Factify account (e.g. billing contacts and authorized signatories), (ii) Customers’ account administrators (“Account Admin”), and (iii) authorized users of the Platform; or 

(B) individual customers who are authorized users of the Factify Platform and who create a document using the Factify Services (a “Factified Document”) and share them with others (“Individual Customers”, and together with Commercial Customers, “Customers”) 

(collectively referred to as “Users”).

2. Customer Data: Personal Data that is submitted to, or processed by, the Platform, relating to individuals with whom Customers share Factified Documents (“End Users”). 

We process Customer Data on behalf of and under the instruction of the respective Customer in our capacity as a “data processor”, in accordance with our data processing addendum with them. For more information, please refer to Section I below. Accordingly, this Privacy Policy – which describes our independent privacy and data processing practices as a “data controller” – with respect to the Platform and our websites, does not apply to the processing of Customer Data. If you have any questions or requests regarding Customer Data, please contact your account administrator(s) (“Account Admin”) directly.

3. Visitor Data: Personal Data relating to our website’s visitors, participants at events, and any other prospective customer, user or partner (collectively, “Prospects”) who visit or otherwise interact with our programs, marketing and social activities and our websites, digital ads and content, emails, integrations or communications under our control (“Site(s)”).

By using the Service, you acknowledge and freely agree that your Personal Data will be collected and processed as described in this Privacy Policy. You are not legally required to provide us with your Personal Data. If you do not consent to the collection or processing of your Personal Data, we may be unable to provide you with certain features of the Service, and in some cases, may be unable to provide access to the Service altogether. For example, if you do not share your phone number or email address, we won’t be able to open a user account for you. If you do not agree with how we process your Personal Data, please do not use our Services.

A. PERSONAL DATA WE COLLECT & PROCESS

1. When you use the Platform, we collect the following Personal Data directly from you:

A. Registration Information (Users and End Users): In order for Users to sign up to the Service, you must create an account, which includes your name, email address, account username and other information that the Services require to set up your account. Some of this information is necessary to set up the account (e.g. your email address) and some is voluntary.

End Users have the option to sign up for an account, in which case we will collect the same type of Registration Information on the End User as we do on Users. Alternatively, End Users can access and interact with a Factified Document anonymously, in which case we will not collect Registration Information. However, in such a case we will still collect certain identifiers relating to the session during which the End User has accessed a Factified Document (see data collected automatically below).

B Payment Data (Customers): If you subscribe to our Service for a fee, we receive information related to such purchase, such as the last four (4) digits of your credit card number or a token that indicates that you’ve paid for the Services.

C.Data from APIs (Users and End Users who have set up a Factify account): If you connect your Factify account to other third-party services (e.g. Google/Microsoft), we collect Personal Data via APIs for services with which we integrate (for example your name and email address). 

D. Event Data (Customer Data): We will collect and process data relating to verifiable events created when you interact with a Factified Document. For example, if you access a Factified Document, highlight the section of a document, comment on a section of a document, these events will be collected.‍

E.Content Data (Customer Data): Any Personal Data that is contained within a Factified Document.

I. AI Inputs and Outputs (Customer Data): We will collect and Process any Personal Data which is related to your interaction with Factify’s AI assistant, including any input and output. 

When you use the Services, we automatically collect the following Personal Data:

1. Computer/Mobile Device Data (Users and End Users): Connectivity, technical and usage data, such as IP addresses and approximate general locations derived from such IP addresses, device and application data (like type, operating system, mobile device or app id, browser version, location and language settings used), user-customized IDs (where Personal Data is included), activity logs, the relevant cookies and pixels installed or utilized on your device, and the recorded activity (sessions, clicks, use of features, logged activities and other interactions). 

We collect the following Personal Data from third-party sources:

1. Publicly Available Data: We may receive Personal Data from other sources, such as publicly available data, strategic and joint marketing partners, social media platforms, people with whom you are friends or otherwise connected with on social media platforms, as well as from other third parties. This information comes from third-party sources outside of your direct interaction with the Service.

2. Website, Social Media and Blog Visitors. When you visit our Sites, interact with our social media assets, visit us at an event, or post on our blog, we collect the following Personal Data:

1. Contact Information (Prospects): When you send us a message through the contact form on our Site, we collect any data you provide, such as your email, and the content of your message. 

ookies, Activity and System Data (Prospects): We automatically collect data about your computer or mobile device, including your IP address, device ID, browsing history (e.g. the other sites you've visited before ours), and your activity on our site (e.g. what pages you visited, for how long, and what links you clicked on). For more information about the cookies we use and how to adjust your preferences, see the Cookies and Similar Technologies section below. 

1. Forms and Inquiries (Prospects, Users and End Users): Personal data contained in any forms and inquiries that you may submit to us, including support requests, interactions through social media channels and instant messaging apps, registrations to events that we host, organize or sponsor, and participation in our online and offline communities and activities); surveys, feedback and testimonials received; expressed, presumed or identified needs, preferences, attributes and insights relevant to our potential or existing engagement; as well as phone call and video conference recordings (e.g., with our customer experience or product consultants), as well as written correspondences, screen recordings, screenshots, documentation and related information that may be automatically recorded, tracked, transcribed and analyzed, for purposes including analytics, quality control and improvements, training, and record-keeping purposes.
2. Social Media Interactions (Prospects): If you are a member of any social media groups, we process any Personal Data you provide, including your name, profile, posts, responses, reactions, and private messages to our page and/or account.

For the purposes of the California Consumer Privacy Act (“CCPA”), specifically in the last twelve (12) months, we have collected some or all of the following categories of Personal Information: Identifiers; Professional or Employment-Related Information; Internet or other Electronic Network Activity Information; Customer Records Information; Geolocation Information; Inferences; and Audio, electronic, visual or similar Information. We do not collect, use or disclose sensitive personal information as defined in the CCPA.

B. PERSONAL DATA USES & LEGAL BASES

1. Registration Information. We use your Registration Information to allow you access to our Service (performance of a contract with you), save your preferences, contact you regarding the Service, protect the security of our Service, prevent fraud, and address any issues that arise (legitimate interest). We may use your Registration Information to send you marketing communications about our Service, including newsletters and updates about new services that we believe may be suitable to you. Where required, we will collect your consent prior to sending you any marketing communications, and you may opt-out of marketing communications and/or our newsletter at any time. See the relevant section below for more details.
2. Payment Information. We use this Personal Data to process your payment (performance of a contract) and to prevent fraud (legitimate interest). 
3. Data from APIs. We use this Personal Data to enhance your profile (performance of a contract).
4. Computer/Mobile Device Data. We use this Personal Data to monitor, secure, and improve our Services (legitimate interest).
5. Publicly Available Data. We use this Personal Data to improve our Services and to better understand your interests and preferences (legitimate interest).
6. Forms and Inquiries; Social Media Interactions. We use the feedback (including any Personal Data) you provide to fix specific bugs, generally improve our Services, and develop new products and services (legitimate interest). We use any Personal Data sent in a message to us in order to respond to your message.
7. We use analytical data and data about interaction with our Sites to generate aggregated analytics data about the use of our Site and Service, to maintain and improve the Site and Service and to develop new products or services. We also use statistical data to prevent fraud and protect the security of our Site and Service. We process this Personal Data based on our legitimate interests to develop and improve our products and services, to fix bugs, to improve stability, and to prevent fraud.
8. In addition, we use the Personal Data above, in whole or in part, to provide support and technical assistance, Conduct internal operations, including troubleshooting, data analysis, testing, research and statistical purposes, to comply with our legal obligations and in order to be able to protect our rights and legitimate interests, including in order to improve the Services, maintain our data processing records and for general administrative purposes.

C. PERSONAL DATA SHARING

We do not sell your personal information to third parties.

We will share your information with our affiliate companies.

We share your Personal Data with our affiliated companies, including Factify Technologies IL Ltd., where this is necessary to provide you with our products and services and so that we can manage our business. 

We will share your information with our service providers helping us to operate the Service.

We will share your personal information with service providers, who assist us with the internal operations of the Service. These services provided by our service providers include cloud hosting services, user authentication, application monitoring and logging, feature management, AI generation, application tracing, source code hosting, email management, and analytics. These companies are authorized to use your Personal Data only as necessary to provide these services to us and not for their own purposes. 

If you violate the law, we will share your information with competent authorities.

If you violate any applicable law, your information will be shared with competent authorities and with third parties (such as legal counsel and advisors), for the purpose of handling the violation. 

We will share your information if we are legally required.

We will disclose your Personal Data if we are required to do so by a judicial, governmental or regulatory authority. 

We will share your information if the operation of the Service is organized within a different framework.

If the operation of the Service is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition) or if we are looking to sell our company, liquidate assets, or merge with another, we will share your information with other interested parties as part of negotiations toward that transaction, or as a result of that transaction, as applicable, provided that those entities agree to be bound by the provisions of this Privacy Policy, with reasonably necessary changes taken into consideration. 

We will share your information with Services integrations. 

When you or your Account Admin choose to integrate your account with third-party services, the provider of such integrated third-party Services may receive certain relevant data about or from your account, or disclose certain relevant data from the account on the third-party provider’s service, depending on the nature and purpose of such integration. Note that we do not receive or store your passwords for any of these third-party Services (but do typically require your API key in order to integrate with them). If you do not wish your data to be disclosed to such third-party service, please contact your Account Admin. 

We will share your information with Customers and other Users. 

If you are a commercial User, your Personal Data may be disclosed to the Commercial Customer owning the account to which you are subscribed as a User (including data and communications concerning your profile), as well as other Users of that account. Your Personal Data and activity within the Service may also be monitored, processed and analyzed by the Account Admin. This includes instances where you contact us for help in resolving an issue specific to a team of which you are a member (and which is managed by the same Customer). If you are an End User, your Personal Data will be shared with the User who shared the Factified Document(s) with you.

We will share your information contained in Feedback or Recommendations.

If you submit a public review, feedback, public blogs or forums note that we may (at our discretion) store and present your review publicly, on our Sites and Service. If you wish to remove your public review, please contact us at privacy@factify.com. If you choose to send others an email or message inviting them to use the Service, we may use the contact information you provide us to automatically send such invitation email or message on your behalf. Your name and email address may be included in the invitation email or message.

We will share your information to Protect Rights and Safety. 

We may disclose your personal data to others if we believe in good faith that this will help protect our rights, property or safety, any of our Users or Customers, or any members of the general public.

D. SECURITY AND DATA RETENTION

‍We retain your Personal Data until you request its deletion and thereafter for compliance and legal purposes.‍

We may retain your Personal Data for as long as it is reasonably needed to maintain and expand our relationship and provide you with our Services and offerings; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (e.g. as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), all in accordance with our data retention policy and at our reasonable discretion. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of such data, the potential risk of harm from unauthorized use or disclosure of such data, the purposes for which we process it, and the applicable legal requirements. If you have any questions about our data retention policy, please contact us by email at privacy@factify.com.

We implement measures to secure your Information.

We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute security. Therefore, although efforts are made to secure your personal information, it is not guaranteed, and you cannot expect, that the Service will be immune from information security risks. The measures we take include:

Technical Measures. The electronic safeguards we employ to protect your personal data include secure servers and firewalls. We encrypt data in transit and at rest using secure TLS/SSL protocols.

Access Control. We limit access to your personal data only to authorized personnel who have a need to know, including account managers, customer support staff, and software developers. We review these permissions regularly and revoke an employee's access immediately after his/her termination. A very small sample size might be infrequently accessed by the engineering team to fix errors, improve summary quality, and improve the application, which will only be done with consent from the customers to assist and support with issues. You can opt out of the latter depending on the subscription plan.

Internal Policies. We maintain and regularly review and update our privacy related and information security policies.

Personnel. We require employees to sign non-disclosure agreements according to applicable law and industry customary practice.

Database Backup. Our databases are backed up and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity.

E. DATA LOCATION AND INTERNATIONAL DATA TRANSFER

We and our authorized Service Providers (defined below) maintain, store and process personal data in the United States (US), Europe, Israel, and United Kingdom (UK), and other locations as reasonably necessary for the proper performance and delivery of our Services, or as may be required by applicable law.

While privacy laws vary between jurisdictions, we are committed to protect personal data in accordance with this Privacy Policy, customary and reasonable industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.

For any transfers from the European Economic Area or the UK to other countries, we rely on standard contractual clauses (SCCs) or the UK IDTA for transfers, where applicable.

F. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

You have the right to access, update or delete your Personal Data and to obtain from us a copy of your Personal Data.

If you are an individual in the EU or in California, you have the following rights:

• Access: You have the right to request access to your Personal Data and obtain a copy of it.
• Rectification: You have the right to request that we correct any inaccurate or incomplete Personal Data.
• Erasure: You have the right to request that we erase your Personal Data in certain circumstances, such as when it is no longer necessary for the purpose for which it was collected.
• Restriction of processing: You have the right to request that we restrict the processing of your Personal Data in certain circumstances, such as when you contest the accuracy of the information.
• Data portability: You have the right to request that we provide you with a copy of your Personal Data in a structured, commonly used, and machine-readable format.
• Right to object: You have the right to object to the processing of your Personal Data where the processing is based on our legitimate interests.

If you wish to exercise any of these rights, contact us at privacy@factify.com.

We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason for this. If you contact us to make a request relating to Personal Data which we process as a data processor on our Customer’s behalf (for more detail see section I below), we may refer your request to our Customer who is responsible for responding to you, as the Data Controller.

You have a right to submit a complaint to the relevant supervisory data protection authority.

Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or of an alleged infringement of the GDPR.

G. COOKIES AND SIMILAR TECHNOLOGIES

What are Cookies?

A cookie is a small piece of text that is sent to your browser by a website you visit. This piece of text acts as a sort of tag, letting the website know that it's you (really, your device) that's visiting. There are other technologies that act similarly, like web beacons, pixel tags, and Device IDs for apps, but for simplicity's sake we'll refer to them all as "Cookies".

Websites and platforms can place their own cookies (called "first-party cookies") but can also place cookies from other sites (called "third-party cookies"). If your browser holds both first and third-party cookies for a given website or platform, both the website and the third party are notified when you visit the site. We may place both first and third-party cookies on our Site and Platform.

How We Use Cookies

While the specific names and types of cookies we use may change from time to time, they generally fall into one of the categories listed below.

Cookie Type

Function

Necessary

These cookies allow the Service to work correctly. They enable you to access the Service, move around, and access different services, features, and tools. These cookies cannot be disabled.

Functionality

These cookies remember your settings, preferences, and other choices in order to help personalize and streamline your experience.

Security

These cookies help us identify and prevent security risks. They may be used to store your session information to prevent others from changing your password without your login information.

Performance/Analytics

These cookies collect analytical information to help us understand how you use our Service, for example whether you have viewed messages, clicked on links, and how long you spent on each page. This helps us improve our Service to better suit your needs.

‍

Third Party Cookies

In addition to our first-party cookies, if we place cookies from the following third parties, they will be listed below:

How to Adjust Your Preferences

Most web browsers are initially configured to accept cookies, but you can change the settings so your browser refuses all cookies or certain types of cookies. In addition, you are free to delete any existing cookies at any time. Please note that some features of the services may not function properly when cookies are disabled or removed. For example, if you delete cookies that store your account information or preferences, you will be required to input these each time you visit.

Below are links to instructions regarding the blocking of Cookies on commonly used web-browsers: Chrome, Internet Explorer and Microsoft Edge, Mozilla Firefox and Safari.

We use Google Analytics to gain insights on how our users use our Services. For more information about how Google collects information as part of the Analytics service and how you can control such use, see: www.google.com/policies/privacy/partners/.

H. COMMUNICATIONS

We engage in Services and promotional communications, through email, phone, SMS and notifications within our Platform.

We may contact you with important information regarding our Services. For example, we may send you notifications (through any of the means available to us) of changes or updates to our Services, billing issues, log-in attempts or password reset notices, etc. Our Customers, and other Users on the same account, may also send you notifications, messages and other updates regarding their or your use of the Services. You can control your communications and notifications settings from your user profile settings, or otherwise in accordance with the instructions that may be included in the communications sent to you. However, please note that you will not be able to opt-out of receiving certain Services communications which are integral to your use (like password resets or billing notices).

We may also notify you about new features, additional offerings, events and special opportunities or any other information we think you will find valuable. We may provide such notices through any of the contact means available to us (e.g. phone, mobile or email), through the Services, or through our marketing campaigns on any other sites or platforms. You may ‘opt-out’ of using your information for marketing communications by sending an email to: privacy@factify.com, or as otherwise provided in our marketing communications. By doing so, we will mark the Personal Data, which is required to contact you for marketing communications, as “unsubscribed”.

I. DATA CONTROLLER/PROCESSOR

Certain data protection laws, such as the GDPR and the CCPA, typically distinguish between two main roles for parties processing personal data: the “data controller” (or under the CCPA, “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA, “service provider”), who processes such data on behalf of the data controller (or business). Below we explain how these roles apply to our Services, to the extent that such laws and regulations apply.

Factify is the “data controller” of Users’ and Prospects’ Personal Data, except for Event Data, Content Data and AI Inputs and Outputs, as defined in Section A above. Accordingly, we assume the responsibilities of a data controller (solely to the extent applicable under law), as set forth in this Privacy Policy.

Factify is the “data processor” of End User Personal Data, as well as Event Data, Content Data and AI Inputs and Outputs, as defined in Section A above, as submitted or otherwise processed by our Customers and their Users in their accounts. We process such data on behalf of our Customer (who is the “data controller” of such data) and in accordance with its reasonable instructions, subject to our Terms, our Data Processing Addendum (to the extent applicable) and other commercial agreements with such Customer.

Our Customers are solely responsible for determining whether and how they wish to use our Services, and for ensuring that all individuals using the Services on the Customer’s behalf or at their request, as well as all individuals whose Personal Data may be included in Customer Data processed through the Services, have been provided with adequate notice and given informed consent to the processing of their Personal Data, where such consent is necessary or advised, and that all legal requirements applicable to the collection, use or other processing of data through our Services are fully met by the Customer. Our Customers are also responsible for handling data subject rights requests under applicable law, by their Users and other individuals whose data they process through the Services.

If you would like to make any requests or queries regarding personal data we process as a data processor on our Customer’s behalf, including accessing, correcting or deleting your data, please contact the Customer’s Account Admin directly.

J. MISCELLANEOUS

You may have access to third-party services through our Service. Please note that all use of third-party services is at your own risk and subject to such third party's terms and privacy policies. We do not take any responsibility for the performance of other services.

The Services are not intended for minors under the age of 16. We do not knowingly collect information from minors under the age of 16.

From time to time, we may change this Privacy Policy, in which case we will post a notice of such change on the Site and endeavor to send you an email notification. The latest version of the Privacy Policy will always be accessible on the Site.

If you have any questions or requests concerning your personal data or about our privacy practices and policies, you may contact us, at: privacy@factify.com.

‍