This Data Processing Addendum (“DPA”) supplements and is incorporated into Screendesk's Terms of Service or other agreement between Customer and Screendesk governing Customer’s use of and access to the Services (“Agreement”). Capitalized terms used below that are not otherwise defined have the meanings given to them in the Agreement.

1. Scope

1.1 Scope of DPA. This DPA applies to Screendesk’s processing of Personal Data to provide the Services to Customer pursuant to the Agreement.

1.2 Processor. The parties agree that Screendesk acts as a processor under Data Protection Law and/or service provider under CCPA for Customer in providing the Services to Customer.

1.3 Processing Activities. The subject matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data, and categories of data subjects are described in Exhibit A.

2. Processing of Personal Data

2.1 Screendesk Obligations. Screendesk will:

(a) process Personal Data only on documented instructions from Customer, including transfers of Personal Data to a third country or an international organization, unless required to do so by applicable law to which Screendesk is subject, in which a case Screendesk will inform Customer of the legal requirement before processing, unless prohibited by law;

(b) ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

(c) implement appropriate technical and organizational measures, including Screendesk's Security Measures, designed to protect Personal Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed and to ensure a level of security appropriate to the risk;

(d) respect the conditions for engaging other processors as required by applicable Data Protection Law and set forth in Section 4 below;

(e) taking into account the nature of the processing, assist Customer by appropriate technical and organizational measures, to the extent possible, to enable Customer to fulfill its legal obligations as a controller to respond to requests for exercising data subject rights pursuant to applicable Data Protection Law;

(f) taking into account the nature of processing and the information available to Screendesk, assist Customer in ensuring compliance with its legal obligations pursuant to applicable Data Protection Law regarding (i) security of processing, (ii) notification of and communication of Security Incidents, (iii) data protection impact assessments, and (iv) prior consultation with the applicable supervisory authority;

(g) at Customer’s choice, delete or return all Personal Data to Customer after the end of the provision of the Services, and delete existing copies unless applicable law requires storage of Personal Data;

(h) make available to Customer all information necessary to demonstrate compliance with its obligations under applicable Data Protection Law and allow for and assist with audits in accordance with Section 6 below, in each case at Customer’s expense; and(i) inform Customer if, in its opinion, an instruction infringes applicable Data Protection Law.

2.2 Customer Instructions. Customer instructs Screendesk to process Personal Data as documented in this DPA and the Agreement, and as otherwise necessary to provide the Services to Customer. Customer’s instructions to Screendesk for the processing of Personal Data will comply with all applicable laws, including Data Protection Laws.

2.3 Controller Authorization. If Customer is a processor, Customer warrants to Screendesk that Customer’s instructions and actions with respect to Personal Data, including its appointment of Screendesk as a subprocessor, have been authorized by the relevant controller.

3. Data Transfers

3.1 Customer Authorization. Customer authorizes Screendesk to perform Data Transfers:

(a) to any country subject to an adequacy determination by the European Commission;

(b) pursuant to the Standard Contractual Clauses; or

(c) any other legally valid data transfer mechanism. The Standard Contractual Clauses will only apply for Data Transfers to a country not recognized as having an adequate level of data protection if there is no other legally valid data transfer mechanism.

3.2 Standard Contractual Clauses. For Data Transfers out of the European Economic Area, Switzerland, or the United Kingdom pursuant to the Standard Contractual Clauses:

(a) the Controller-to-Processor Clauses will apply where Customer acts as a controller of Personal Data; and

(b) the Processor-to-Processor Clauses will apply where Customer acts as a processor of Personal Data, and Customer will fulfill any obligations Screendesk may have to Customer’s controller(s) as a processor.

4. Subprocessors

4.1 General Authorization. Customer hereby grants Screendesk general authorization to engage Subprocessors, subject to the terms of this DPA and the Agreement. Screendesk uses the Subprocessors listed at privacy.screendesk.io to provide the Services and will notify Customer of any intended changes concerning the addition or replacement of a Subprocessor via the mechanism listed on that page. If Customer provides a reasonable written objection to a new Subprocessor within 10 days of receiving notice, and Screendesk chooses not to suggest an alternative, Customer may terminate the Agreement after 30 days’ notice to Screendesk.

4.2 Subprocessor Requirements. Prior to the engagement of a Subprocessor, Screendesk will enter into a written agreement with the Subprocessor containing at least the same data protection obligations as those set out in this DPA, including providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of applicable Data Protection Law. If a Subprocessor fails to fulfill its data protection obligations, Screendesk will be liable to Customer for the performance of that Subprocessor’s obligations.

5. Security Incidents

5.1 Security Incident Notification. Upon becoming aware of a Security Incident, Screendesk will notify Customer without undue delay and promptly take reasonable steps to minimize harm and secure Personal Data.

5.2 Notification Description. To the extent possible, notification to Customer will describe the nature of the Security Incident, the likely consequences of the Security Incident, and the measures taken or proposed to be taken to address the Security Incident. Screendesk’s notification of or response to a Security Incident will not be construed as an acknowledgement by Screendesk of any fault or liability with respect to the incident.

6. Audits

6.1 Customer Audit. Upon Customer’s prior written request and subject to the confidentiality obligations, Screendesk will allow Customer or an independent third-party auditor that is not a competitor of Screendesk to access information or inspect Screendesk’s procedures relevant to the protection of Customer Data in order to audit Screendesk’s compliance with this DPA.

6.2 Process for Inspections. Inspections may be conducted no more than once per year and only in a manner that does not interfere with Screendesk’s normal business operations. Customer and Screendesk will mutually agree upon the scope, timing, and duration of the inspection, and Customer will reimburse Screendesk for reasonable fees associated with time spent on the inspection. Any deficiencies or reports created based on such access or inspection must be promptly shared with Screendesk and will be Screendesk’s Confidential Information.

7. CCPA Certification

Screendesk will not:

(a) sell Customer personal information;

(b) retain, use, or disclose any Customer personal information for any purpose other than for the specific purpose of providing the Services, including retaining, using, or disclosing Customer personal information for a commercial purpose other than providing the Service; or

(c) retain, use, or disclose Customer personal information outside of the direct business relationship between Customer and Screendesk.

8. General

This DPA is subject to the terms of the Agreement, including without limitation, those regarding dispute resolution, limitation of liability, and termination. If any of the provisions of this DPA conflict with the provisions of the Agreement, the provisions of this DPA will prevail.

9. Definitions

“CCPA” means the California Consumer Privacy Act of 2018 and any legislation or regulation that amends, replaces, or re-enacts it.“Controller-to-Processor Clauses” means the standard contractual clauses between controllers and processors approved by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021.

“Data Protection Law” means

(a) the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data effective 25 May 2018 (the General Data Protection Regulation) and any legislation or regulation that amends, replaces, or re-enacts it; and

(b) any other applicable data protection law or regulation of the European Union or the European Economic Area and their member states, Switzerland, and the United Kingdom.

“Data Transfer” means any transfer or onward transfer of Customer Personal Data out of the European Economic Area, Switzerland, or the United Kingdom to another country.“Personal Data” means personal data contained in Customer Data that is subject to applicable Data Protection Law or the CCPA.

“Security Incident” means a breach of Screendesk’s Security Measures causing the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed by Screendesk;

“Standard Contractual Clauses” means the Controller-to-Processor Clauses or the Processor-to-Processor Clauses, as applicable and as may be updated from time to time to the extent required by Data Protection Law.

“Subprocessor” means a third party engaged by Screendesk to processes Personal Data in order to provide parts of the Services under the Agreement.

The terms “controller”, “processor”, “data subject”, “personal data,” “processing" and “appropriate technical and organizational measures” have the meanings provided in applicable Data Protection Laws.The terms “business”, “commercial purpose”, “service provider”, “sell” and “personal information” have the meanings provided in the CCPA.

Exhibit A

Subject Matter of Processing

The subject matter of the processing is the Personal Data submitted to the Services by Customer pursuant to the Agreement.

Duration of Processing

The processing will continue until the expiration or termination of the Agreement, or as otherwise determined by Customer by deleting Personal Data from its account.

Nature and Purpose of Processing

Processing by Screendesk to provide the Services to Customer pursuant to the Agreement.

Types of Personal Data

Personal Data provided to Screendesk by Customer or its Authorized Users, including:

• Name, email address, and other account data;

• Video, audio, transcript data, and comments containing Personal Data;

• Transaction logs for transactions conducted by users using the Service;

• Information about the hardware and software used to access the Service;

• Information and analytics about use of the Service;

• Employee authentication information, such as user ID and department information;

• Other Personal Data uploaded or submitted by Customer or Authorized Users to the Services.

Categories of Data Subjects

Employees and other Authorized Users of Customer and any other individual whose Personal Data is uploaded or submitted by Customer or Authorized Users to the Services.

When we say “Company”, “we”, “our”, or “us” in this document, we are referring to Screendesk.

When we say “Services”, we mean any product created and maintained by Screendesk.

When we say “You” or “your”, we are referring to the people or organizations that own an account with one or more of our Services. We have specific ownership policies for our products: Screendesk.

We may update these Terms of Service in the future. These changes have been to clarify some of these terms by linking to an expanded related policy. Whenever we make a significant change to our policies, we will refresh the date at the top of this page and take any other appropriate steps to notify account holders.

When you use our Services, now or in the future, you are agreeing to the latest Terms of Service. That’s true for any of our existing and future products and all features that we add to our Services over time. There may be times where we do not exercise or enforce any right or provision of the Terms of Service; in doing so, we are not waiving that right or provision. These terms do contain a limitation of our liability.

If you violate any of the terms, we may terminate your account. That’s a broad statement and it means you need to place a lot of trust in us.

Account Terms

1. You are responsible for maintaining the security of your account and password. The Company cannot and will not be liable for any loss or damage from your failure to comply with this security obligation. We recommend users set up two-factor authentication for added security. In some of our Services, we may require it.

2. You may not use the Services for any purpose outlined in our Use Restrictions policy.

3. You are responsible for all content posted and activity that occurs under your account. That includes content posted by others who either: (a) have access to your login credentials; or (b) have their own logins under your account.

4. You must be a human. Accounts registered by “bots” or other automated methods are not permitted.

Payment, Refunds, and Plan Changes

1. If you are using a free version of one of our Services, it is really free: we do not ask you for your credit card and — just like for customers who pay for our Services — we do not sell your data.

2. For paid Services that offer a free trial, we explain the length of trial when you sign up. After the trial period, you need to pay in advance to keep using the Service. If you do not pay, we will freeze your account and it will be inaccessible until you make payment. If your account has been frozen for a while, we will queue it up for auto-cancellation.

3. If you are upgrading from a free plan to a paid plan, we will charge your card immediately and your billing cycle starts on the day of upgrade. For other upgrades or downgrades in plan level, the new rate starts from the next billing cycle.

4. All fees are exclusive of all taxes, levies, or duties imposed by taxing authorities. Where required, we will collect those taxes on behalf of the taxing authority and remit those taxes to taxing authorities. Otherwise, you are responsible for payment of all taxes, levies, or duties.

5. We process refunds according to our Fair Refund policy.

Cancellation and Termination

1. You are solely responsible for properly canceling your account. Within each of our Services, we provide a simple no-questions-asked cancellation link. You can find instructions for how to cancel your account in our Cancellation policy. An email or phone request to cancel your account is not automatically considered cancellation. If you need help cancelling your account, you can always contact our Support team.

2. All of your content will be inaccessible from the Services immediately upon account cancellation. Within 30 days, all content will be permanently deleted from active systems and logs. Within 60 days, all content will be permanently deleted from our backups. We cannot recover this information once it has been permanently deleted. If you want to export any data before your account is cancelled, we‘ve provided instructions to do so.

3. If you cancel the Service before the end of your current paid up month, your cancellation will take effect immediately, and you will not be charged again. We do not automatically prorate unused time in the last billing cycle.

4. We have the right to suspend or terminate your account and refuse any and all current or future use of our Services for any reason at any time. Suspension means you and any other users on your account will not be able to access the account or any content in the account. Termination will furthermore result in the deletion of your account or your access to your account, and the forfeiture and relinquishment of all content in your account. We also reserve the right to refuse the use of the Services to anyone for any reason at any time. We have this clause because statistically speaking, out of the hundreds of thousands of accounts on our Services, there is at least one doing something nefarious. There are some things we staunchly stand against and this clause is how we exercise that stance. For more details, see our Use Restrictions policy.

5. Verbal, physical, written or other abuse (including threats of abuse or retribution) of Company employee or officer will result in immediate account termination.

Modifications to the Service and Prices

1. We make a promise to our customers to support our Services until the end of the Internet. That means when it comes to security, privacy, and customer support, we will continue to maintain any legacy Services. Sometimes it becomes technically impossible to continue a feature or we redesign a part of our Services because we think it could be better or we decide to close new signups of a product. We reserve the right at any time to modify or discontinue, temporarily or permanently, any part of our Services with or without notice.

2. Sometimes we change the pricing structure for our products. When we do that, we tend to exempt existing customers from those changes. However, we may choose to change the prices for existing customers. If we do so, we will give at least 30 days notice and will notify you via the email address on record. We may also post a notice about changes on our websites or the affected Services themselves.

Uptime, Security, and Privacy

1. Your use of the Services is at your sole risk. We provide these Services on an “as is” and “as available” basis. We do not offer service-level agreements for most of our Services — but do take uptime of our applications seriously. Visit https://status.screendesk.io/ to see the status of our Services.

2. We reserve the right to temporarily disable your account if your usage significantly exceeds the average usage of other customers of the Services. Of course, we’ll reach out to the account owner before taking any action except in rare cases where the level of use may negatively impact the performance of the Service for other customers.

3. We take many measures to protect and secure your data through backups, redundancies, and encryption. We enforce encryption for data transmission from the public Internet.

4. When you use our Services, you entrust us with your data. We take that trust to heart. You agree that Screendesk may process your data as described in our Privacy Policy and for no other purpose. We as humans can access your data for the following reasons:

   1. To help you with support requests you make. We’ll ask for express consent before accessing your account.

   2. On the rare occasions when an error occurs that stops an automated process partway through. We get automated alerts when such errors occur. When we can fix the issue and restart automated processing without looking at any personal data, we do. In rare cases, we have to look at a minimum amount of personal data to fix the issue. In these rare cases, we aim to fix the root cause as much as possible to avoid the errors from reoccurring.

   3. To safeguard Screendesk. We’ll look at logs and metadata as part of our work to ensure the security of your data and the Services as a whole. If necessary, we may also access accounts as part of an abuse report investigation.

   4. To the extent required by applicable law.

5. We use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Services. You can see a list of all subprocessors who handle personal data in our Privacy Policy.

6. Under the California Consumer Privacy Act (“CCPA”), Screendesk is a “service provider”, not a “business” or “third party”, with respect to your use of the Services. That means we process any data you share with us only for the purpose you signed up for and as described in these Terms of Service and Privacy Policy. We do not retain, use, disclose, or sell any of that information for any other commercial purposes unless we have your explicit permission. And on the flip-side, you agree to comply with your requirements under the CCPA and not use Screendesk’s Services in a way that violates the regulations.

7. These Service Terms incorporate the Screendesk Data Processing Addendum (“DPA”), when the General Data Protection regulation (“GDPR”) applies to your use of Screendesk Services to process Customer Data as defined in the DPA. The DPA is effective as of September 28, 2021 and replaces and supersedes any previously agreed data processing addendum between you and Screendesk relating to the GDPR. If you prefer to have an executed copy of the Data Processing Addendum, you may sign a copy online. Regardless of whether you execute or not, we protect and secure your data to the high standards set out in the addendum.

Copyright and Content Ownership

1. All content posted on the Services must comply with U.S. copyright law.

2. We claim no intellectual property rights over the material you provide to the Services. All materials uploaded remain yours.

3. We do not pre-screen content, but reserve the right (but not the obligation) in our sole discretion to refuse or remove any content that is available via the Service.

4. The names, look, and feel of the Services are copyright© to the Company. All rights reserved. You may not duplicate, copy, or reuse any portion of the HTML, CSS, JavaScript, or visual design elements without express written permission from the Company. You must request permission to use the Company’s logo or any Service logos for promotional purposes. Please email us requests to use logos at support@screendesk.io. We reserve the right to rescind this permission if you violate these Terms of Service.

5. You agree not to reproduce, duplicate, copy, sell, resell or exploit any portion of the Services, use of the Services, or access to the Services without the express written permission by the Company.

6. You must not modify another website so as to falsely imply that it is associated with the Services or the Company.

Features and Bugs

We design our Services with care, based on our own experience and the experiences of customers who share their time and feedback. However, there is no such thing as a service that pleases everybody. We make no guarantees that our Services will meet your specific requirements or expectations.

We also test all of our features extensively before shipping them. As with any software, our Services inevitably have some bugs. We track the bugs reported to us and work through priority ones, especially any related to security or privacy. Not all reported bugs will get fixed and we don’t guarantee completely error-free Services.

Services Adaptations and API Terms

We offer Application Program Interfaces (“API”s) for some of our Services. Any use of the API, including through a third-party product that accesses the Services, is bound by the terms of this agreement plus the following specific terms:

1. You expressly understand and agree that we are not liable for any damages or losses resulting from your use of the API or third-party products that access data via the API.

2. Third parties may not access and employ the API if the functionality is part of an application that remotely records, monitors, or reports a Service user’s activity other than time tracking, both inside and outside the applications. The Company, in its sole discretion, will determine if an integration service violates this bylaw. A third party that has built and deployed an integration for the purpose of remote user surveillance will be required to remove that integration.

3. Abuse or excessively frequent requests to the Services via the API may result in the temporary or permanent suspension of your account’s access to the API. The Company, in its sole discretion, will determine abuse or excessive usage of the API. If we need to suspend your account’s access, we will attempt to warn the account owner first. If your API usage could or has caused downtime, we may cut off access without prior notice. Some third-party providers have created integrations between our Services and theirs. We are not liable or accountable for any of these third-party integrations.

Liability

We mention liability throughout these Terms but to put it all in one section:

You expressly understand and agree that the Company shall not be liable, in law or in equity, to you or to any third party for any direct, indirect, incidental, lost profits, special, consequential, punitive or exemplary damages, including, but not limited to, damages for loss of profits, goodwill, use, data or other intangible losses (even if the Company has been advised of the possibility of such damages), resulting from: (i) the use or the inability to use the Services; (ii) the cost of procurement of substitute goods and services resulting from any goods, data, information or services purchased or obtained or messages received or transactions entered into through or from the Services; (iii) unauthorized access to or alteration of your transmissions or data; (iv) statements or conduct of any third party on the service; (v) or any other matter relating to this Terms of Service or the Services, whether as a breach of contract, tort (including negligence whether active or passive), or any other theory of liability.

In other words: choosing to use our Services does mean you are making a bet on us. If the bet does not work out, that’s on you, not us. We do our darnedest to be as safe a bet as possible through careful management of the business; investments in security, infrastructure, and talent; and in general giving a damn. If you choose to use our Services, thank you for betting on us.

If you have a question about any of the Terms of Service, please support@screendesk.io.

This Privacy Policy describes how Screendesk collects, uses, and shares your personal information, as well as your choices and rights with respect to your personal information.

Scope of this Privacy Policy

This Privacy Policy applies to information that relates to you as an identifiable individual (often referred to as “personal information” or “personal data”) that Screendesk receives or collects when you interact with us or our services, website, and software (the “Services”).This Privacy Policy does not apply to any third-party services, websites, or software, such as third-party applications that may be integrated into our Services via API. Those services, websites, and software are subject to their own terms and privacy policies, and you should read those carefully.

Information We Collect

We collect and receive the following types of information:Information You Provide to Us:

• Account Information: To create an account for the Services or to enable certain features, we require that you provide us with information for your account such as name, email, password, and authentication credentials. If you sign up for a paid subscription, we (or our payment processors) may need your billing details such as credit card information, banking information, and billing address.

• Video and Other Customer Data: In using our Services, our customers submit video recordings, seek user support, or provide other Customer Data (defined in our Terms of Service) to us. Our use of and processing of Customer Data is governed by our Terms of Service.

• Other Information You Provide: We receive other information from you when you choose to interact with us in other ways, such as if you sign up for one of our webinars or e-books, participate in a research study, contest, sweepstake, or event, apply for a job, or otherwise communicate with us.

Information We Collect Automatically:

• Usage Data: We automatically collect usage data about how you interact with our Services when you use them. For example, this could be actions you take on our platform, such as number of videos you’ve recorded or viewed, your sharing activity, or what third-party integrations you enabled.

• Log Data: Our servers automatically log certain types of data when you visit or use our Services, for example, when you navigate through our website. This data is stored in our log files and includes, Internet Protocol (IP) address, type of device, operating system or browser, unique device identifiers, browser settings, date and time you visited or used our Services, the referring website, URL parameters, and error and crash reporting data.

• Information from Cookies and Similar Technologies: A cookie is a small piece of information that is downloaded to your device by your browser when you visit a website. We use cookies or similar technologies (including third-party cookies) to remember your preferences, understand how you interact with our Services or emails that we send you, maintain the security of our Services, and administer, improve and promote our Services. You can configure your browser to prevent cookies, but please note that disabling cookies may make some features or functionality unavailable to you.

Information We Receive from Third Parties:

• Third-Party Integrations: Third parties may create integrations built on Screendesk technology so that their applications can interoperate with Screendesk. If you choose to enable an integration, the third-party may share some information about you with us to make your experience more seamless, such as your name, email, or other content or information needed to facilitate the integration. Additionally, if you sign up or login to our Services using one of our single-sign-on providers (e.g., Google, Apple, etc.), we collect authentication information provided to us by the provider to allow you to log in.

• Marketing Information: We may receive marketing or demographic information about you from third parties or partners, for example, data about your organization or industry or other public information from sources like social media or online professional profiles. We may combine this information with other data we already have to improve your experience with our Services or inform you of Services we think may be of interest to you.

How We Use Your Information

We use your information in the following ways:

• To provide and maintain our Services.

• To analyze and improve our Services.

• To keep our Services secure and protect against fraud, abuse, and intrusion.

• To provide user support, information, and services requested by you.

• To send important account or security notifications.

• To promote our Services in accordance with applicable laws and regulations. If you’d like to unsubscribe from our marketing emails, click the “unsubscribe” link at the bottom of the email. You can also update your notification preferences in your account settings.

• To comply with our legal obligations, including responding to a court order or other valid legal process.

• For other purposes with your consent.

Please keep in mind that customers control their accounts and associated Customer Data. We use Customer Data according to our customers’ instructions and our Terms of Service. Customers are able to: (1) restrict, remove, disclose, and access content and information associated with the accounts in their Workspaces; (2) grant, deny, or limit access to those accounts and Workspaces; and (3) configure the privacy settings for those accounts and Workspaces. If you create a Screendesk account with your work email and you aren’t already part of your company’s Workspace, your company may have the ability to add your account (including the content in it) to its Workspace. We’ll give you notice before that happens.If information is aggregated or de-identified so that it can no longer be reasonably associated with an identifiable person, we may use it for any lawful purpose.

How We Share Your Information

We share information outside of Screendesk only as described below:

• Trusted Third Parties: We disclose information to our service providers or other third-parties so they can help us provide our Services and run our business. Examples include for storing Customer Data, payment processing, providing customer service, and helping us with our marketing activities. We’ll only disclose the information necessary for these parties to perform their services for us, and they’ll be bound by contractual obligations to protect your personal information.

• Other Users: When you collaborate with others, we display your basic account or profile information for context. For example, if you share a Screendesk recording with another user, we’ll let them know that it was you who shared it. Also, when users interact with a video or other content on our Services, we make certain usage information visible to the video owner and viewers, such as who viewed a video (if the viewer is logged in at the time of viewing) or how many times a video was viewed.

• Administrators: If you join a Workspace owned by another person or entity, the administrator of that Workspace has the right to access the content in it. Customers and their authorized users may choose to share and disclose information according to their own policies. Also, if you sign up for Screendesk with an email domain that is owned or managed by your employer or organization, we may share the fact that you have an account with us and some basic account information with your employer or organization.

• Change in Business Structure: If Screendesk is involved in a merger, acquisition, public offering, asset sale, insolvency, bankruptcy, or similar change in our business structure, we may need to disclose your information to those involved in the transaction, subject to confidentiality requirements.

• For Legal Reasons: We may release your information if we believe it is necessary to comply with the law, regulation, valid legal process, an enforceable government request, to prevent fraud or a security breach, enforce our policies or agreements, or protect our or others’ rights, property, or safety.

• With Your Consent: We’ll otherwise share your information only with your consent.For example, if you choose to enable a third-party integration, we may share account information and/or content from your account, but only as authorized by you when you enable or use the integration.

How We Protect Your Information

We are committed to protecting your information from unauthorized access, use, disclosure, and loss. We use industry-standard security practices to keep your information secure, such as encryption, access controls, physical security measures, and internal reviews of data collection, use, and storage. We’ve also obtained various compliance certifications and undergo ongoing audits to ensure continued security and compliance best practices.However, data transmissions over the internet cannot be guaranteed to be 100% secure or safe from intrusion by others. Be sure to use secure internet connections, protect your login credentials, and create strong passwords for your account.Learn more about our security and compliance efforts on our Security page.

Data Retention

We’ll retain information you store on our Services for as long as your account exists or as long as we need it to provide you Services. If you delete your account or your content from Screendesk, we’ll permanently delete your account or content within 30 days, unless we need to retain any information to comply with our legal obligations, resolve disputes, or enforce our agreements. For any other information we may receive or collect from you, we’ll retain that information for only as long as is necessary for the purposes described in this Privacy Policy.

Data Transfers

To provide our Services, we transmit, process, and store data in the United States and other locations around the world. For example, if you access our Services from a foreign country, data may be stored locally on the device you use to access the Services.We perform data transfers in accordance with applicable data protection law, using the following safeguards:

• Standard Contractual Clauses: Where required, we use standard contractual clauses to meet the data transfer requirements for processing personal data that is subject to the data protection laws of the European Economic Area (EEA), Switzerland, and UK and for other international transfers of Customer Data to the extent required by applicable law. Our Data Processing Addendum incorporates the standard contractual clauses.

• Other Valid Transfers: We will otherwise only transfer personal data to a country that the European Commission or UK authorities have determined provides an adequate level of protection for personal data or pursuant to another legally valid personal data transfer mechanism.

• Privacy Shield: While Screendesk remains self-certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and is committed to applying the Privacy Shield Principles to personal data received from the EU or Switzerland, we do not rely on those frameworks as a legal basis for personal data transfers. With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Screendesk is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. We are responsible for personal data we receive under the Privacy Shield, including onward transfers to third party agents acting on our behalf. Screendesk commits to cooperate with EU data protection authorities and comply with the advice given by those authorities with regard to human resources data transferred from the EU in the context of the employment relationship. Please send any questions or complaints regarding our Privacy Shield compliance to privacy@Screendesk.com or for unresolved complaints you may invoke binding arbitration, at no cost to you, from JAMS, which is an independent dispute resolution body in the United States. Competent EU and Swiss data protection authorities (or a panel established by those authorities) may also address complaints and provide appropriate recourse free of charge with respect to our Privacy Shield compliance. You can view Screendesk’s Privacy Shield certification on the Privacy Shield website.

Your Rights

When it comes to your personal information, you have the right to (subject to certain exemptions by law):

• Access your personal information.

• Delete your personal information.

• Correct or update your personal information.

• Transmit your personal information elsewhere.

• Object to or restrict the processing of your personal information.

You can exercise most of these rights through your Screendesk account. For example, if you wish to delete your personal information from Screendesk, you may permanently delete your account. You can also access and update your account information via your account settings page. If you are unable to exercise your rights through your Screendesk account, please contact the administrator of your Workspace, or otherwise you can send us your request.

Age Requirement

If you are under 13 years old (or the age of digital consent in your country), you may not sign up for Screendesk, and please do not send any personal information about yourself to Screendesk. If you believe that someone under 13 or the applicable age of digital consent has provided us with personal information in violation of this Privacy Policy, please contact us, and we will take steps to delete the information.

For EEA, Switzerland, and UK Data Subjects

In general, Screendesk is a processor of Customer Data. This means that we process Customer Data only according to our customers’ instructions in accordance with our Terms of Service. For a list of our subprocessors, please visit our Privacy for Humans page. Screendesk acts as a controller for other types of personal data where Screendesk determines the purposes and means of processing of that data, such as personal data used for marketing or research purposes.Where Screendesk acts as a controller of personal data, our lawful bases for processing include:

• Our legitimate interests (for example, to send you information about new features or upcoming product launches). You have the right to object to our use of your personal data for direct marketing at any time.

• As needed to comply with our contractual obligations (for example, if you sign up for a contest or promotion, we’ll process your personal data as needed for us to perform our obligations under the contest or promotion terms).

• To comply with legal obligations (for example, to respond to a law enforcement request or enforce or defend our legal rights).

• With your consent (for example, if you opt into receiving email marketing from us). You have the right to withdraw your consent at any time.

You may email us or contact if you have questions or issues relating to your personal data:

For California Residents

The California Consumer Privacy Act (CCPA) grants additional privacy rights to California consumers, such as the right to:

• Request to know about the categories or specific pieces of their personal information we collect, use, and disclose (including why we collect the information, where we get it from, and who we share it with).

• Request to delete their personal information.

• Not receive discriminatory treatment for exercise of their CCPA privacy rights.

If you send us a request, we will first validate your request by verifying your identity using your account information or other form of valid identification. An authorized agent may also make a request on a consumer’s behalf. Please note that, if you use Screendesk as an employee or agent of a business, we may not be required to grant your request to access/know or delete personal information, and we may ask that you contact your account administrator.CCPA also requires specific disclosures for California consumers:

• We explain the categories of personal information we have collected in the preceding 12 months and sources of that information above under “Information We Collect.”

• We explain the business or commercial purposes for collecting personal information above under “How We Use Your Information.”

• We explain the categories of personal information that we have disclosed to third parties in the preceding 12 months above under “How We Share Your Information.”

We do not sell personal information.

Updates to this Privacy Policy

We may update this Privacy Policy by posting the updates to our website. If an update materially impacts your rights or how we use your personal information, we will notify you either by email or other direct communication at least 30 days before the updates take effect. Any other revisions will become effective on the date the updates are posted by Screendesk.

Questions?

Email us questions at support@screendesk.io.

We also recognize that however good the maker’s intentions, technology can amplify the ability to cause great harm. That’s why we’ve established this policy. We feel an ethical obligation to counter such harm: both in terms of dealing with instances where Screendesk is used (and abused) to further such harm, and to state unequivocally that the products we make at Screendesk are not safe havens for people who wish to commit such harm. If you have an account with any of our products, you can’t use them for any of the restricted purposes listed below. If we find out you are, we will take action.

Restricted purposes

• Violence, or threats thereof: If an activity qualifies as violent crime in the United States or where you live, you may not use Screendesk products to plan, perpetrate, or threaten that activity.

• Child exploitation, sexualization, or abuse: We don’t tolerate any activities that create, disseminate, or otherwise cause child abuse. Keep away and stop. Just stop.

• Hate speech: You cannot use our products to advocate for the extermination, domination, or oppression of people.

• Harassment: Intimidating or targeting people or groups through repeated communication, including using racial slurs or dehumanizing language, is not welcome at Screendesk.

• Doxing: If you are using Screendesk products to share other peoples’ private personal information for the purposes of harassment, we don’t want anything to do with you.

• Malware or spyware: Code for good, not evil. If you are using our products to make or distribute anything that qualifies as malware or spyware — including remote user surveillance — begone.

• Phishing or otherwise attempting fraud: It is not okay to lie about who you are or who you affiliate with to steal from, extort, or otherwise harm others.

• Spamming: No one wants unsolicited commercial emails. We don’t tolerate folks (including their bots) using Screendesk products for spamming purposes. If your emails don’t pass muster with CAN-SPAM or any other anti-spam law, it’s not allowed.

• Cybersquatting: We don’t like username extortionists. If you purchase a Screendesk product account in someone else’s name and then try to sell that account to them, you are cybersquatting. Cybersquatting accounts are subject to immediate cancellation.

• Infringing on intellectual property: You can’t use Screendesk products to make or disseminate work that uses the intellectual property of others beyond the bounds of fair use.

While our use restrictions are comprehensive, they can’t be exhaustive — it’s possible an offense could defy categorization, present for the first time, or illuminate a moral quandary we hadn’t yet considered. That said, we hope the overarching spirit is clear: Screendesk is not to be harnessed for harm, whether mental, physical, personal or civic. Different points of view — philosophical, religious, and political — are welcome, but ideologies like white nationalism, or hate-fueled movements anchored by oppression, violence, abuse, extermination, or domination of one group over another, will not be accepted here.

How to report abuse

For cases of suspected malware, spyware, phishing, spamming, and cybersquatting, please alert us at support@screendesk.io.

For all other cases, please let us know by emailing support@screendesk.io. If you’re not 100% sure if something rises to the level of our use restrictions policy, report it anyway.

Please share as much as you are comfortable with about the account, the content or behavior you are reporting, and how you found it. Sending us a URL or screenshots is super helpful. If you need a secure file transfer, let us know and we will send you a link. We will not disclose your identity to anyone associated with the reported account.

Someone on our team will respond within one business day to let you know we’ve begun investigating.

*This policy and process applies to any product created and owned by Screendesk.

At Screendesk, our users’ privacy is at the core of our decision making. We provide a service that changes the way we work and allows us to be more expressive and informative in our daily work communication. Sensitive information may pass through our systems, and we don’t take that lightly.We have created this page to show you how our systems use your data. For more information about how we use personal data, please view our Privacy Policy.

Where does my data go within Screendesk?

Text-based Data

Your text-based data is comprised of things like your name, notifications, password, linked accounts like Google and Slack, video names, comments, transcripts, and so on. The majority of this data is stored on an encrypted database at both rest and in-transit within AWS.

Image and Video Data

This includes your avatars, videos and thumbnails. These files are stored on our encrypted S3 buckets, which can only be accessed by certain robots and engineers within our organization who have special access.

Where does my data go outside of Screendesk?

We only send data to trusted third-party systems that are subject to strict privacy and security controls. We think it’s important you understand not only what these systems are but also why we send your data to these systems. If you don’t agree with or understand our reasoning, please email us at support@screendesk.io. If you do not agree with your data going to a specific system, deleting your Screendesk account will permanently delete all of your data from all our systems. If you participate in a Screendesk paid account, only the Screendesk account administrator at your organization can delete your data. For folks coming to figure out GDPR compliance, the following third-party services act as data processors for us. When we work with these service providers in our capacity as a data processor for our customers' personal data, the General Data Protection Regulation (GDPR) calls these third-party service providers a sub-processor. A subprocessor is a third party data processor engaged by Screendesk who may have access to or process personal data: (i) on behalf of Screendesk customers; (ii) in accordance with customer instructions as communicated by Screendesk; and (iii) in accordance with the terms of a written contract between Screendesk and the subprocessor.

📞 Whereby

Location: United States

Nature of Processing: Video API platform

What: Provides the infrastructure to power our Instant Meet feature.

Why: Our core competency at Screendesk is ensuring async and sync support communication happens more effectively. Whereby is the easiest way to add video chat to our platform.

💭 Intercom

Location: United States

Nature of Processing: Customer support service

What: Intercom is a messaging and marketing platform that allows us to do customer success better. This is where you’re able to chat with us from that little bubble in the bottom-right of our web pages.

Why: Intercom has drastically increased our ability to address bugs and handle requests from our users (that’s you!) over when we used to primarily use email. As a part of being able to maintain your relationship with us on this platform, we have to know who you are. We only know this once you’ve created an account, but we use this information for various debugging purposes and to send you product updates and announcements.

📈 Amplitude

Location: United States

Nature of Processing: User analytics service

What: Amplitude is our main analytics platform. It allows us to track whether a feature or product is successful in delivering impact to our users, and it lets us discover new (anonymized) trends of usage via conversion funnels, event segmentation, data pathways, retention charts, and cohort analysis.

Why: If we are going to be a platform that delivers immense value to our users, we have to constantly be innovating.

☎️ Help Scout

Location: United States

Nature of Processing: Customer support service

What: Help Scout is our customer support ticketing system. It allows us to help track, prioritize, and solve customer support interactions.

Why: Help Scout has helped us nurture customer relationships with personalized, responsive support. It also allows us to have tool which centralizes customer support request and inquiries to ensure our customers receive the best response.

📊 Google Analytics

Location: United States

Nature of Processing: Data analytics service

What: Google Analytics is an analytics platform that more uniquely gives us certain nice-to-have "vanity" analytics and serves as a good place for understanding where on the web our users are coming from.

Why: It’s good to know where our users are finding us so we can promote our product more with those partners and channels or figure out whether there are tangential products that should be introduced to our platform.

🐦 Honeybadger

Location: United States

Nature of Processing: Error logging service

What: Honeybadger is used as our error logging platform. When you get an error, we get it too so we can better fix these bugs as soon as possible.

Why: No one likes bugs! Data sent to Honeybadger includes IP address and your Screendesk ID and no other personal information. We grab your IP to get a general location the error is happening in and potentially pin-down bugs that have to do with timezones. We send your user ID so we can more quickly search and diagnose issues surfaced by our users in our customer support panel (Help Scout). Your user ID does not reveal any other personal information to the engineer investigating the issue.

🔐 WorkOs

Location: United States

Nature of Processing: authentication and authorization process for our SaaS application and ensure that only authorized users have access to our product. (Enterprise customers only).

Why: This helps us meet compliance requirements, reduce the risk of security breaches, and provide a seamless user experience for our enterprise customers. Additionally, WorkOS allows us to centralize the management of user identities and permissions, simplifying the process of onboarding and offboarding users. By relying on WorkOS for identity management, we can focus on delivering value to our customers while leaving the complex identity management tasks to the experts.

Who has access to what within Screendesk?

Our non-technical team members have access to Intercom, which allows every person at Screendesk to be able to do customer support. Over time, this will become more restricted as we scale up the team to only be customer support individuals. Our technical team can be granted temporary access to our servers, video and thumbnail storage layers. This is only for debugging or development purposes. Each engineer has a unique key that identifies them within our systems. All actions are logged for 6 years. If their key is compromised, we have an instantaneous way of expiring that key, checking if their key was used by an outsider, and processes to remedy such situations and alert the affected user base. So far, this has never happened in Screendesk's history, and we’re very proud of that.

How can I export my data?

Videos: You can export all of your video data by downloading each individual video. Text-based Data: Your user information, folders and video metadata can be exported by emailing us. If you ever want to delete your data, deleting your account will permanently delete all of your data off our systems.

Useful Vocabulary

🔒 Encrypted

Encryption is a process where data is scrambled with a specific secret that only a select few have. If this data is stolen, it cannot be understood unless the stealer has the proper secret. All of your personally-identifiable data (videos, images and text) are encrypted at-rest and in-transit across all systems.

🏃 In-transit

Your data is being sent from one location to another (usually one server/computer to another)

🛌🏾 At-rest

Your data is physically being stored on a device (usually a server)

🕳️ S3 Bucket

This is where we store larger (usually media) files such as images and videos

🤝 Database

This is a server that stores data that relates to one another. In other words, this is where we can query to answer questions like: "what is a user?", "does a user own one or many videos?"

🤖 AWS

Short for Amazon Web Services. This is the cloud provider we use at Screendesk that allows us to rent storage and compute capacity from their data centers. If you have any questions about privacy at Screendesk, we are here to help. Email us at support@screendesk.io.