Privacy Policy

1.    ACKNOWLEDGEMENT

By using our Software application and software, known by whatsoever name, you acknowledge that you have,

  • reviewed the terms of our End User License Agreement (EULA),

  • this Privacy Policy (Privacy Policy),

  • have the authority to act on behalf of any person for whom you are using the Product, and

  • agree that we may collect, use, and transfer your Data in accordance with this Privacy Policy.

  • if you are using our Product on behalf of a company, then you acknowledge that you are binding your company to this Privacy Policy.

 

“This Privacy Policy applies to our Customers. It is the responsibility of the Customer to determine if the Privacy Policy is consistent with its own treatment of end-user data.

If you choose to continue to use our application/software/products, it will imply that you have understood our privacy policy and agree to it”

 

2.    DEFINITIONS

 

2.1.    Company means TRUNDL LABS PRIVATE LIMITED, a private Limited Company incorporated in India, which is the owner of the brand and the software to which this policy relates. The terms “we”, “us” and “our” when used in this Privacy Policy are a reference to the Company.

2.2.    Customer means a direct customer of the Company. The terms “you”, “your” and “yours” when used in this Privacy Policy are a reference to the Customer.

2.3.    Apploud refers to any one or more software products that are branded under the Apploud name.

2.4.    Cookies are text files placed on your computer to collect standard internet log information and visitor behavior information.

2.5.    Data means Personal Information and User Data

2.6.    Data Subject means an identified or identifiable natural person who is a user of our Product.

2.7.    Law means all relevant legal and regulatory requirements applicable to you or us.

2.8.    Personal Information means information about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.

2.9.    Product in the context of this privacy policy refers to any one or more of our products owned by the Company wherever necessary deployment version of the product (Cloud or Server) is mentioned in this privacy policy, if not the relevant clause is applicable to both versions.

2.10.  Subprocessor means any processor engaged by us or by any other Subprocessor who agrees to receive from us or from any other Subprocessor, Personal Information exclusively intended for processing activities to be carried out on behalf of you after the transfer in accordance with your instructions, the terms of our EULA and this Privacy Policy.

2.11.  Supervisory Authority means the authority with the primary responsibility for dealing with the relevant data processing activity.

2.12.  Unsolicited Information includes any unsolicited communications by you to the Company.

2.13.  User Data means all information collected passively or actively from our Customers that is not Personal Information

 

3.    DATA COLLECTION, SHARING AND USAGE

 

3.1.        Software Versions

Our softwares come in two deployment versions to support corresponding variations in - Cloud & Server. Server instances are hosted within your infrastructure, neither we have any control nor any visibility into them.

Apart from your technical contact & billing contact, we do not receive any additional details in the case of Server version of our software. We will only use the technical & billing contacts to initiate product onboarding & to communicate billing information. Thus for the server (or data center or on-premise) version of our software - the responsibility of data security & infrastructure lies with you.

Majority of the clauses defined in this privacy policy apply to the Cloud version of our software, in which case your data is hosted on our servers.

3.2.        Collection of personal information

Your personal information is collected in order to provide the best possible experience with our software. Personal information is a broad concept & refers to any data points that can help identify an individual. 

For example, your email addresses are collected to send out email notifications related to app features. Without an email address, our products/services will fail to provide you the desired experience. We do not store your email address (received through integration with Atlassian Apps) into our database but are rather stored temporarily until the emails are dispatched. An exception is when you store email address as 'user content'.

Any neutralised (also called anonymised) data does not fall under the purview of personal information. Your personal information is neutralised before being used for analysing product usage patterns.

The software collects your personal information either directly from you or through its integration with Atlassian Apps (like Jira, Jira Service Desk, Confluence, or any other).” without this information, the software may not be able to provide you with the desired functionality.

3.3.        Modes of Information Collection

3.3.1. From your Account and profile information

We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services.

For example, you provide your contact information and, in some cases, billing information, when you register for the Services.

You also have the option of adding a display name, profile photo, job title, and other details to your profile information to be displayed in our Services.  We keep track of your preferences when you select settings within the Services

3.3.2. From your use of software

We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.  

3.3.2.1.  Log files:

When you interact with the Software, we generate log files to help us operate and improve our Services. Web log files includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences and system configuration information. For our Cloud Services, the information we collect includes the URLs you accessed, usernames as well as elements of content (such as Jira project names, project keys, status names, and JQL filters, and Confluence page titles and space names) as necessary for the Cloud Services to perform the requested operations. Occasionally, we collect Personal Data to information gathered in our log files as necessary to improve our Services for individual customers.

3.3.2.2.  Usage Data:

“Usage Data” is aggregated data about a group or category of services, features or users that should not contain Personal Information. If Usage Data contains Personal Information, it is a byproduct of our efforts to understand broader patterns and trends. It is not a concerted effort by us to examine the content of any particular user. By agreeing to this privacy policy, you agree to provide us with analytics information related to our Cloud & Server software usage. We may or may not provide the facility to opt-out of this information sharing. This information is used to improve the product & any corollary services.

3.3.2.3.  Others

If you create, input, submit, post, upload, transmit, and/or store information (“User Content”) while using our services, your Personal information such as name, email address or other contact information will be associated with that User Content. For example, information regarding a problem you are experiencing with the Software could be submitted to our Support Services or posted in our public forums. Any information, including Personal Information, that you submit to our Websites could be visible to the public unless submitted to a secure area in the Website.

The Services include the products you use, where we collect and store content that you post, send, receive and share. This content includes any information about you that you may choose to include.

 

3.3.3.  Installer Analytics, Software Updates & License Information from Server Version:

During the installation of Software (specifically Server version), the installer sends analytics information to us to understand where in the installation process users are experiencing trouble or dropping out.

3.3.4. Cookies and Other Tracking Technologies: 

We use various technologies to collect information, including cookies. Cookies are used to support functionality in our apps to personalize the user experience (e.g. storing layout details from the last time you visited a page).

3.3.5. Payment Information:  

We collect payment and billing information when you register for certain paid Services.  For example, we ask you to designate a billing representative, including name and contact information, upon registration.  You might also provide payment information, such as payment card details, which we collect via secure payment processing services.

3.3.6. Device and Connection Information:

We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience.  How much of this information we collect depends on the type and settings of the device you use to access the Services.  Server and data center Service administrators can disable collection of this information via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level. 

3.3.7. From other sources

In order to provide you with certain services, we may obtain Personal Information from our third-party service providers to verify and confirm the information you have submitted. For example, if you log into our Software through a third-party service, that service will share your Personal Information with us.

3.3.8. Other Partners:

We receive information about you and your activities on and off the Services from third-party partners, such as advertising and market research partners who provide us with information about your interest in and engagement with, our Services and online advertisements. 

3.3.9. Third-Party Providers:

We may receive information about you from third party providers of business information and publicly available sources (like social media platforms), including physical mail addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses and social media profiles, for the purposes of targeted advertising of products that may interest you, delivering personalized communications, event promotion, and profiling.

 

3.4.   Sharing/Disclosure of personal information or data

3.4.1. With our third-party service providers: 

Some of the services we provide require the involvement of our third-party service providers, such as web hosting providers, application development, maintenance, virtual infrastructure (including storage and backup), communications providers, customer relationship management providers, and software providers. We have carefully selected these third-parties and have taken steps to ensure that your Personal Information is adequately protected. We do not share your Personal Information with third-parties for their marketing purposes (including direct marketing).

3.4.2. Compliance with Laws and Legal Requests:

We may disclose your Personal Information to a third-party if we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request. In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect Atlassian, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person

3.4.3. Protection of Our Services:

We may disclose your Personal Information to a third-party, if we believe it is reasonably necessary to (a) to enforce our agreements, policies and terms of service; (b) to protect the security or integrity of the product and services; (c) to protect our product, our customers or the public from harm or illegal activities; or (d) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.

3.4.4. Business Transfers:

In the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition, any acquirer will obtain your personal information subject to our obligations under this Privacy Policy.

3.4.5. With Your Consent: 

We will share your Personal Data with third-parties when we have your consent to do so

3.5.   Data retention policy

We process the Data provided by you in accordance with the Privacy Policy and your instructions. We will promptly inform you if we cannot process your Data in accordance with the Privacy Policy.

You agree that we may collect and use technical data and related information, including without limitation, technical information relating to your device, system, and use of the Product(s), that is gathered periodically to facilitate the provision of software updates, product support, marketing efforts and other services and communications to you related to the Products, including providing you with information about services, features, surveys, newsletters, offers, promotions; providing other news or information about us and our select partners; and sending you technical notices, updates, security alerts, and support and administrative messages. We may use this technical data and related information, as long as it is in a form that does not personally identify you, except to the extent necessary to provide you with support, or communications to improve our products or to provide services or technology to you.

 

4.    SECURITY MEASURES

4.1.   Third party

Our software/(s) are hosted at Amazon Web Services (Amazon Web Services Website), a world-class hosting provider. For more information on their servers, security & privacy policy, please see AWS documentation. All of your data is transmitted over HTTPS; however, as of now we don't encrypt any of the information when storing.

4.2.   Internal Controls

4.2.1. TRUNDL LABS PRIVATE LIMITED has a strict policy in place to limit the production database access. According to the policy, it is possible to access production database only when requested by a customer/prospect who is evaluating or is facing a problem

4.2.2. We use a self-assessment approach to ensure compliance with the Privacy Policy. We verify periodically that the Privacy Policy is accurate and comprehensive for the information intended to be covered, prominently displayed, completely implemented, and accessible and in conformity with applicable Laws. We encourage interested parties to contact us with any concerns using the contact information provided

4.2.3. Disclaimers:

4.2.3.1.   While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

4.2.3.2.    If you use our server or data center Services, responsibility for securing storage and access to the information you put into the Services rests with you. We strongly recommend that server or data center users configure SSL to prevent interception of information transmitted over networks and to restrict access to the databases and other storage points used.

4.3.   Need to know basis:

We restrict access and use of Data to only those employees who are responsible for processing Data to fulfil our obligations under the Privacy Policy; and also maintain a list of our employees that have been granted access to Data.

 

5.    INCIDENT RESPONSE

Where there has been a security breach, data leakage or Personal Information is lost, destroyed or becomes damaged, corrupted or unusable, we will notify you as soon as practicable.

 

6.    YOUR OBLIGATIONS

You agree and warrant that:

6.1.   the processing, including the transfer itself, of Personal Information has been and will continue to be, carried out in accordance with all applicable Laws (and, where applicable, you have notified the Supervisory Authority in your country of such processing); 

6.2. all Data that you provide on behalf of a Data Subject has been obtained with the informed consent of the Data Subject;

6.3. you have assessed our security measures as described in clause 4 and believe our security measures ensure a level of security appropriate to the nature of the Data you provide to us

6.4. you will provide Data Subjects with a copy of the Privacy Policy or a description of our security measures, if requested by the Data Subject;

6.5. if applicable, you will deposit a copy of the Privacy Policy with the Supervisory Authority upon request or if such deposit is required under the applicable Laws.

 

7.    ACCESS TO DATA

7.1.   Data Subjects have the right to request that we update, correct or, upon request, erase personal Information in our possession. We will endeavour to provide the requested Personal Information within a reasonable time with or without a reasonable Fee.

7.2.   If you request a correction to your Personal Information, then we will take reasonable steps to correct that Personal Information within a reasonable time frame.

7.3.   To guard against fraudulent requests, we will require information to confirm your identity before granting access or making corrections.

7.4.   We may decline to provide a Data Subject with access to Personal Information including where we determine that the information requested may disclose:

7.4.1. the Personal Information of another individual; or

7.4.2. trade secrets or other business confidential information;

7.4.3. is subject to legal professional privilege;

7.4.4. is not readily retrievable and the burden or cost of providing the information would be disproportionate to the nature or value of the information;

7.4.5. does not exist, is not held, or cannot be located by us;

7.4.6. would pose a serious threat to the life, health or safety of any individual, or to public health or safety if it were accessed; or

7.4.7. is not permitted by Law to be accessed.

 

8.    SUBPROCESSING

8.1.   Some of our obligations under the Privacy Policy and EULA may be performed by Subprocessors. A Subprocessor will only be granted access to your Data where:

8.1.1. such access is for purposes consistent with the Privacy Policy; and

8.1.2. the Subprocessor agrees to be bound by the Privacy Policy.

8.2.  When we work with Subprocessors, we seek to provide the Subprocessor with only the information the Subprocessor needs to perform its specific functions.

 

9.        CROSS-BORDER TRANSFER OF DATA

9.1.   If you are using our Products in a country other than the India, your communications will result in the transfer of Data across international boundaries. The countries in which recipients of your Personal Information are most likely to be located is India.

9.2.   If you provide Personal Information, you acknowledge and agree that Personal Information may be transferred from your current location to the offices and servers of the Company and Subprocessors located primarily in India.

 

10.    WARRANTIES

We warrant that:

10.1.     you may withdraw your consent for us to process your Data at any time at which time the process under clause 13 will be followed;  

10.2.     we will process your Data in compliance with your instructions and the Privacy Policy. If we cannot provide such compliance for whatever reason, we will inform you promptly of our inability to comply, in which case you are entitled to suspend the transfer of Data and/or terminate your contract with us;

10.3.     we will not vary or modify clause the Privacy Policy without notifying you and obtaining your consent;

10.4.     we have no reason to believe that any Law prevents us from fulfilling the terms of the Privacy Policy. In the event of a change in the Law that is likely to have a substantial adverse effect on the warranties and obligations provided under the Privacy Policy, we will promptly notify you of the change as soon as we become aware, in which case you are entitled to suspend the transfer of Data and/or terminate your contract us;

10.5.     we will implement and maintain appropriate technical and organisation measures to meet the requirements of the GDPR. This does not alter your own obligations under these legal regimes;

10.6.     we will only use your Data for the purposes for which it is provided by you;

10.7.     we will not sell or otherwise redistribute to third parties the Data we collect from you;

10.8.     we will promptly notify you of:

10.8.1.       any legally binding request for disclosure of the Data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;

10.8.2.       any unauthorised access to or disclosure of Personal Information or any circumstances that are likely to give rise to such unauthorised access or disclosure, where there is a likely risk of serious harm to any Data Subject as a result of the unauthorised access or disclosure; and

10.8.3.       any request received directly from one of your customers or a Data Subject, without responding to that request, unless we have been otherwise authorised by you to do so;

10.9.    we will deal promptly and properly with all inquiries from you relating to the processing of your Data and we will abide by the advice of any Supervisory Authority with regard to the processing of the Data transferred; and

10.10. the processing services by any Sub-processor will be carried out in accordance with this privacy policy.

 

11.    SURVIVAL

The Privacy Policy will survive termination of the EULA and will remain in effect until we have deleted all of your Data.

 

12.    TERMINATION

On termination, you will have the choice of having all Data transferred to you or the Data being destroyed, unless Laws imposed on us prevents us from returning or destroying all or part of the Data. If we cannot return or destroy the Data, we warrant that we will guarantee the confidentiality of the Data and will not actively process the Data after termination.

 

13.    AUDIT OF MEASURES

13.1.     Where you are required by a Supervisory Authority to demonstrate compliance with privacy obligations, we allow and contribute to audits, including inspections.

13.2.     We will submit our data processing facilities for an audit of the measures referred to in clause 13.1 at the request of you and/or the Supervisory Authority.

13.3.     We will promptly inform you of the existence of any Laws that prevent us from being audited.

 

14.    UNSOLICITED INFORMATION

14.1.     If you submit unsolicited User Data, we will use it in accordance with the Privacy Policy.

14.2.     If you submit unsolicited Personal Information and we determine that we could not have collected the Personal Information in accordance with the Privacy Policy, we will destroy the information or ensure that the information is de-identified as soon as practicable. Otherwise, the Personal Information will be used in accordance with the Privacy Policy.

15.    JURISDICTION

This Privacy Policy is governed by and construed in accordance with the laws including but not limited to data protection laws of the Republic of India.

  • You agree to submit any dispute arising out of your use of the products to the exclusive jurisdiction of India.

  • You agree that the resolution for any dispute or conflicts will be in accordance with the laws including but not limited to data protection laws of the Republic of India.

16.    MAKING A COMPLAINT

You are entitled to lodge a complaint about our treatment of your Data with the relevant Supervisory Authority.

Before lodging a complaint with any Supervisory Authority, we encourage you to first attempt to resolve the complaint by contacting us using the details below. We will respond to your complaint within 30 days.

17.    CONTACT

If you have any questions about our Privacy Policy or our information practices, please contact below:

Email: legal@trundl.com