Privacy Policy

Last updated: Oct 28, 2024

General Information

Avoma, Inc. (“Avoma”) has created this privacy policy to let you know what information we collect when you access and use the Avoma web site and the service we provide via our intelligent meeting assistant, why we collect it, and how it is used. Our Privacy Policy is governed by our Terms of Use.

By accessing and using this Site and availing yourself to our Services, you consent to the data practices described in this Privacy Policy and our Terms of Use. We may periodically make changes to this Privacy Policy. We will notify you about material changes in the way we treat personally identifiable information by sending an email message to the email address you most recently provided to us and/or by prominently posting a notice on our Site. It is your responsibility to review this Privacy Policy frequently and remain informed about any changes, so we encourage you to visit this web page often. If you do not consent to this Privacy Policy, please do not access and use the Site and our Services.

Our Services are not intended for use by children under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from Children. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.

The Identifiable Information That You Provide

As a user, you may log in to the Service, including through our Website. We will ask you to provide personal information, including your name, your company name, and your email address.

When you, or someone on your behalf, contact us we may receive and process any personal information that you provide us. This information can be used to provide the Service or to contact or identify you. Personal information may include but is not limited to, your name, email address, and telephone number.

When you use our Service to record, transcribe, analyze and share the recordings of web conferencing meetings and dialer phone calls and take notes for those meetings and calls, collectively Content, may contain personal information.

The Identifiable Information That We Collect

When you access the Website, our servers log certain ‘traffic/session’ information from your device, such as your user agent and the Internet Protocol (IP) address.

When you use the Website, we collect information about your Service activity, for example your log-in and log-out time, the duration of Service sessions, the content uploaded and downloaded, viewed web-pages or specific content on web-pages, activity measures and geo-location.

What Do We Do With The Identifiable Information?

We use the personal information we collect and receive to provide the Service, to enable the Service’s tools and features, to study and analyze the functionality of the Service, to provide support, to measure Service activity for pricing purposes, to maintain the Service, to make it better and to continue developing the Service.

We may use the Customer’s email address to contact the Customer when necessary, to send Customer reminders, and to provide Customer information and notices about the Service. We may include commercial and marketing information.

We obey the law and expect you to do the same. If necessary, we may use your identifiable information to enforce our terms, policies, and legal agreements, to comply with court orders and warrants, and lawful requests by public authorities, assist law enforcement agencies (including to meet national security requirements), to collect debts, prevent fraud, misappropriation, infringements, identity thefts, and any other misuse of the Service, and to take any action in any legal dispute and proceeding.

We commit to process personal information solely for the purposes described in this policy. To the extent relevant and possible, we will make efforts to maintain the information accurate, complete and up-to-date.

Sharing Identifiable Information With Others

We share your personal data with third parties who help Avoma provide its services. This includes Amazon Web Services, Inc. who provide data center hosting, Twilio, Inc., who provide calling functionality, Rev.com, Inc., who provide transcription services, OpenAI, who provide AI Notes, and Deepgram, who provide transcription services.

Our Customers and their meeting participants or call receivers have access to the recordings, transcription, and our analysis. They may share access to the recordings with their other colleagues and relevant third parties.

We do not sell, share, rent or lease your personally identifiable information. We may share your identifiable information with service providers and other third parties, if necessary to fulfill the purposes for collecting the information, provided that any such third party will commit to protect your privacy as required under the applicable law and this policy.

We may also share personally identifiable information with companies or organizations connected, or affiliated with us, such as subsidiaries, sister-companies and parent companies, with the express provision that their use of such information must comply with this policy.

Additionally, a merger, acquisition or any other structural change may require us to transfer your personal information to another entity, provided that the receiving entity will comply with this policy.

We may be liable for onward transfers to third parties in violation of the Data Privacy Framework Principles. For further information, please below see, as applicable, the EU-US Data Privacy Framework , the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. Data Privacy Framework chapter of this policy.

Disclosure of Information to Authorities

We may need to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Aggregated and Analytics Information

We may use analytics tools, including Google Analytics, HubSpot, FullStory, Segment, Mixpanel. These tools help us understand users’ behavior on our sites and applications, including by tracking page content, and click/touch, movements, scrolls, and keystroke activities. The privacy practices of these tools are subject to their own policies and they may use their own cookies to provide their services. For further information about cookies, please see the ‘Cookies’ section in this policy. Further information about the privacy practices of our analytics service providers is available at:

https://www.google.com/policies/privacy/partners/; https://legal.hubspot.com/privacy-policy; https://www.fullstory.com/legal/privacy/; https://segment.com/docs/legal/privacy/; and https://mixpanel.com/legal/privacy/.

From time to time, we may use additional or alternative analytics services. We will provide a notice of these changes on our website, and to our Customers through email or other available electronic means.

We use anonymous, statistical or aggregated information, which may be based on extracts of your personal information, for legitimate business purposes including for testing, development, control and operation of the Service. We may share such information with our partners. It has no effect on your privacy, because there is no reasonable way to extract data from the aggregated information that can be associated with you. We will share your identifiable information only subject to the terms of this policy, or subject to your prior consent.

Accessing Your Personal Information

At any time, you may contact us at: help@avoma.com and request to access the identifiable information that we keep about you. We will make good-faith efforts to locate the data that you request to access.

If you find that the information that we keep about you is not accurate, complete or updated, then please provide us the necessary information to correct it.

Under your right of access, you may obtain confirmation from us of whether we are processing personal data related to you, receive a copy of that data, so that you could verify its accuracy and the lawfulness of its processing, request the correction, amendment, or deletion of the data if it is inaccurate or processed in violation of the applicable law or the Data Privacy Framework Principles (as further explained below).

Choice

At any time, you may choose (opt out) whether your personal information is (i) to be disclosed to a third party, other than to third parties who act as our agents to perform tasks on our behalf and under our instructions, or (ii) to be used for a purpose that is materially different from the purposes for which it was originally collected, pursuant to this policy, or subsequently authorized by you or (iii) unsubscribe our mailing lists, newsletters or disable your account. You may exercise your choice by sending us an opt-out request to: help@avoma.com.

However, we may store and continue using or making available certain personal information that is related to you. For further information, please read the Data Retention section in this policy.

Note that if your personal information is included in the content that was provided to the Service by one of our Customers. You may want to contact the Customer who provided that content and request that your personal information is removed.

Some web browsers offer a “Do Not Track” (“DNT”) signal. A DNT signal is a HTTP header field indicating your preference for tracking your activities on the Website or through cross-site user tracking. Our Website does not respond to DNT signals.

Accountability for Onward Transfer

Avoma complies with the above Notice and Choice Principles when transfering personal information to a third party. In the context of an onward transfer, Avoma is responsibile for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on our behalf. Avoma remains liable under the DPF Principles if its agents process such personal information in a manner inconsistent with the DPF Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

California Privacy Rights

If you are a California resident, California Civil Code grants you certain rights. To make such a request, please contact us at help@avoma.com.

Your rights

Avoma will not sell or share your Data as such terms are defined in the California Privacy Rights Act (“CPRA”).  CPRA creates rights which include:

1. the right to correct inaccurate personal information;

2. the right to limit use and disclosure of sensitive personal information

3. the right to know (request disclosure of) personal information collected, from whom it was collected, why it was collected, and, if sold, to whom;

4. the right to delete personal information collected;

5. the right to opt-out of the sale of personal information (if applicable);

6. the right to opt-in to the sale of personal information;

7. the right to non-discriminatory treatment for exercising any rights; and

8. the right to initiate a private cause of action for data breaches.

Response to Requests

When you ask us to exercise any of your rights under this policy and the applicable law, unless you make the request from the account’s administrative owner, we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, to avoid disclosure to you of personal information related to others and to ask you questions to better understand the nature and scope of data that you request to access.

We may redact from the data which we will make available to you, any personal information related to others.

Data Retention

We retain different types of information for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements under the applicable law.

We may need to keep personal information for as long as necessary to support the purposes of processing under this policy and for additional legitimate business purposes, for example, for record-keeping, for cyber-security management purposes, legal proceedings, and tax issues.

We may keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable information when we no longer need to process the information.

In any case, as long as you use the Service, we will keep information about you, unless we are required by law to delete it, or if we decide to remove it at our discretion.

Transfer of Data Outside Your Territory

We may store and process information in various sites throughout the globe, including in sites operated and maintained by cloud-based service providers. At any time, you may opt-out of such transfer by emailing a request to help@avoma.com.

EU-US Data Privacy Framework; the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework

Avoma complies with the EU-US Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)as set forth by the US Department of Commerce.  Avoma has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Avoma has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

We have certified that we adhere to the Data Privacy Framework Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.

If there is any conflict between this Privacy Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles will govern. To learn more about the Data Privacy Framework program, and to view our certification page, please visit https://www.dataprivacyframework.gov/ . The Federal Trade Commission (FTC) has jurisdiction over our compliance with the EU-US Data Privacy Framework.

Cookies

Cookies are packets of information sent to your web browser and then sent back by the browser each time it accesses the server that sent the cookie.

Some cookies are removed when you close your browser session. These are the “Session Cookies”. Some last for longer periods and called “Persistent Cookies”.

We use both types. We use Persistent Cookies to remember your log-in details and make it easier for you to log-in the next time you access the Service. We may use this type of cookies and Session Cookies for additional purposes, to facilitate the use of the Service’s features and tools.

Every browser allows you to manage your cookies preferences. Please bear in mind that disabling cookies may complicate or even prevent you from using the Service.

Information Security

We and our hosting services implement systems, applications and procedures to secure your personal information, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information.

These measures provide sound industry standard security. However, although we make efforts to protect your privacy, we cannot guarantee that the Service will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.

Dispute Resolution

We do periodical assessments of our data processing and privacy practices, to make sure that we comply with this policy, to update the policy when needed, and to verify that the policy is displayed properly and accessible. If you have any concerns about the way we process your personal information, you are welcome to contact our privacy team at: help@avoma.com.

We will look into your query and make good-faith efforts to resolve any existing or potential dispute with you.

In compliance with the EU-US DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Avoma commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Avoma at: help@avoma.com.

We have further committed to refer unresolved privacy complaints under the EU-US Privacy Framework Principles to the EU Data Protection Authorities. Please contact the EU Data Protection Authorities for more information and to file a complaint, at no charge. You may find the relevant contact details at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Additionally, if you are an EU data subject, you may invoke binding arbitration in certain cases, as further described in Annex I of the EU-U.S. Data Privacy Framework Agreement. For further information, please visit the Data Privacy Framework web site at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction or contact our privacy team.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Avoma commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Changes to This Privacy Policy

From time to time, we may update this policy. If the updates have minor if any consequences, they will take effect 7 days after we post a notice on the Website. Substantial changes will be effective 30 days after our notice was initially posted.

Note that if we need to adapt the policy to legal requirements, the new policy will become effective immediately or as required.

Contacting Us

Please contact us by emailing to help@avoma.com with any questions regarding this Privacy Policy.