Updated: 27 February 2024
Effective: 28 March 2024
This Privacy Policy (“Policy”) describes how Tispr, Inc. (“Indy,” “we,” “our,” or “us”) and its affiliates collect, use, and share information in connection with an end user’s (“you,” “your,” or “user”) use of the Indy website and marketplace located at https://weareindy.com, our mobile applications, and other websites and online services that we make available to you and that link to this Policy (collectively, the “Services”). It also describes your rights and choices with respect to the information we collect.
By agreeing to this Policy when registering for an account on the Services and/or using any of our Services, or the features made available to you through the Services, you are agreeing to the terms of this Policy and consenting to the collection, use, and sharing of information in a manner consistent with this Policy.
We collect a variety of information in connection with the Services, including the following:
(a) You can visit the Site without submitting any information that we can use to identify you personally. However, if you use certain features on the Site, such as the “Contact Us” feature, you will be required to provide personal information. Such information could include, for example, your name, email address, or phone number.
(b) Registration and Profile Information. We collect your name, email address, and password when you register for an account on the Services. We also may collect other optional information you choose to provide as part of such registration and as part of creating your user profile and account within the Services. This may include, for example, your phone number, employment history, occupation, education, skills, achievements, languages, location, and avatar.
(c) Company, Marketplace, and Business Information. We collect information and data related to your company and the services that you provide on the Indy marketplace. For example, this may include information included in a company profile or team page, information about specific projects or services offered or requested, customer reviews and testimonials, files uploaded, created, or received from other users, and business records such as proposals, contracts, invoices, calendar data, business expense and accounting statements, data about contractors, timekeeping data, and other business-related information or documents.
(d) Usage and Communications Information. When you use the Services, we collect information about your use of the Services, such as the searches you conduct on the Services, the content that you post, share, and access on the Services, your interactions with other professionals or customers on the Services, and communications made through the Services.
(e) Information about Your Customers and Prospects. To help manage your business and customer relationships, we may collect certain information that you provide to us about your customers and prospective customers, such as name, email, address, and phone number, information about your interactions with them, sales management data and reports, and other information that you choose to provide to us. We also may receive information about your customers through your communications with them on the Services or in invoices or other business documents.
(f) Other Information You Provide to Us. We collect other information you choose to provide to us as part of using the Services or through customer service requests, surveys, and other communications. To the extent you decline to share certain information with us, we may not be able to provide some or all of the features and functionalities found on the Services.
(g) Automatically Collected Information. When you use our Services, we or our third-party service providers may automatically receive and record certain information from your device or through the Services. For example, this may include your device’s IP address, user-agent, web pages you visit or features you use within the Services, the date and time of your activities on the Services, time since your last visit, links you click, searches conducted, the website visited before navigating to the Services, your software and hardware attributes (including browser and operating system type and version, device screen size, mobile app version, device type, and device identifiers), and your general location inferred from IP address. To obtain such information, we or our third-party service providers may use the following technologies to recognize your device and collect information about your device and Services usage:
(h) Social Networking Information. We may allow you to create your Services account by logging in through a social networking site such as Facebook (“Social Services”). When you log into the Services using your Social Service account, the Social Service may provide us with access to certain information that you have provided to that Social Service (such as your first and last name, email address, and your avatar or profile picture). We also may allow you to import information about your Social Service contacts or connections to our own Services, or to post and manage social media content and responses through our Services. We will use, store and disclose such information in accordance with this Policy. Please remember that the manner in which Social Services use, store and disclose your information is governed by the terms and conditions and privacy policies of each Social Service, and not us.
(i) Transaction and Payment Information. We may collect your bank account or billing information to help you invoice and collect payments from customers or allow you to connect your personal payment services to your Indy account. In addition, our payment services providers, including but not limited to Stripe, PayPal, Zelle, and Plaid, may collect your credit or debit card and billing information directly to facilitate payments. Please visit the privacy policies of our payment services providers if you have questions regarding their privacy practices.
(j) Google APIs. Indy offers integration with a variety of Google application programming interfaces (APIs). Indy may collect Google users’ data through these APIs. In using Google APIs, Indy complies with the Google API Services User Data Policy, including its requirements related to limited use.
We and our service providers use information for a variety of purposes, including as follows:
(a) Provision of Services. We use collected information for the purposes for which you provided the information including, for example, to create and maintain a Services account for you, respond to a question that you e-mail to us, or process payments. We also use the collected information as necessary to provide the features and functionality of the Services to you and to manage our business.
(b) Updates and Troubleshooting. We may use the collected information to contact you regarding updates or modifications to the Services, to authenticate your account, to help troubleshoot problems, or to alert you to changes in our policies or agreements that may affect your use of the Services.
(c) Personalized Content and Advertising, Surveys, and Improvements. We may use the collected information to personalize the content and advertising that you and others see. We may also conduct surveys and analyze collected information relating to your use of the Services in order to help us improve the Services, and develop and improve other products and services.
(d) Newsletters, Promotional Emails, Offers, and Joint Marketing. We may use the collected information to provide you with newsletters, promotional materials, and offers via e-mail. We also may use your information to engage in joint marketing with other businesses that we believe may be of interest to you. We will give you the ability to opt out of receiving such e-mails in accordance with applicable law.
(e) Social Service Information. If you use a Social Service to log-in to your Services account, we may give you the ability to invite your Social Service connections to use the Services, import Social Service contacts or connections, and connect you to your Social Service connections on the Services. We also may help you post and manage social media content and responses through our Services.
(f) Compiling Aggregated Information. We may use the collected information to compile aggregated and non-personally identifiable statistics or reports that we may share with third parties.
(g) Legal Purposes. We may use the collected information for legal and other necessary purposes, including as described below in the section titled “Disclosure of Information.”
(h) Combination. We may combine information collected through the Services with other information that we or third parties collect about you in other contexts, such as our communications with you via e-mail, phone, or your customer service records. We use the collected information to constantly improve our Services and provide better Services to a specific user. We will treat such combined information in accordance with this Policy.
We disclose information to third parties in various contexts, including as follows:
(a) Publicly-Available Information. Information that you make available on your public profile, company page, and in offers to provide services to other users may be viewed by anyone who accesses the Services. Please be careful about the information that you choose to share on the Services and do not share any information that you would not want to be made public.
(b) Other Users. We may allow you to share information directly with other users of the Services. For example, if you offer or request services, add another user as a contact, post questions or comments to other users through the Services, add information to your profile, respond to surveys or requests to rate our mobile apps, or use other features of the Services, then your posts, questions, comments, profile, or other information may be seen by other users of the Services. Please ensure when using these features that you do not submit any information that you do not want to be shared with other users or the public.
(c) Third-Party Service Providers. We use contractors and third-party service providers to assist us in the operation of the Services, including service providers who assist us with providing customer service, managing our communications and e-mail newsletter, processing payments, performing data storage and processing services, and providing analytics services. Such third-party contractors or service providers may obtain access to the information you provide for the purposes described in this Policy.
(d) Aggregated Information. We may provide advertisers and other third parties with aggregated, non-personally identifiable information about our user base, including demographic information, interests, and usage patterns. This may include making available or publishing aggregated data regarding activity on the Services, including without limitation in relation to company and marketplace information.
(e) Business Arrangements and Joint Marketing. We may disclose information to third-party partners in furtherance of our business arrangements with them, including without limitation to jointly offer a product or service to you or create interoperability between our products and services and the products and services of such partners.
(f) Third-Party Plugins. The Services may integrate third-party plugins (such as a Facebook “like” button and Twitter “follow” button). Even if you do not click on these plugins, they may collect information about you, such as your IP address and the pages that you view. They also may set and/or access a cookie or use similar tracking technologies. These plugins are governed by the privacy policy of the company providing them.
(g) Legal Requirements. We may use and disclose any information where we believe, in our sole reasonable discretion, that doing so is necessary:
(h) Affiliates. We may disclose collected information to our affiliates for use as described in this Policy.
(i) Transfer as Corporate Asset. In the event of a merger, sale of capital stock or assets, investment, reorganization, bankruptcy, consolidation, or similar transaction involving Company, we may share the information we possess to facilitate the transaction, including during due diligence, or as a corporate asset to the acquiring entity.
(j) To manage our business.
We partner with third parties to engage in analytics, auditing, research, and reporting on our Services. These third parties collect information regarding your usage of the Services and may use server logs, cookies, web beacons, tags, pixels, mobile advertising IDs (such as Apple’s IDFA or Google’s Advertising ID), and similar technologies. We also may share user IDs with these third parties to track user activities across sessions and devices. These service providers include, but are not limited to, Google Analytics, Hotjar, and Mixpanel.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
We do not currently engage in interest-based advertising.
Our Services do not respond to browser Do Not Track signals at this time.
The information that we collect through or in connection with our Services is controlled by Tispr, Inc., which is headquartered in the United States at the address listed in the “Contacting Us” section below. Your information may be transferred to and processed in the United States for the purposes described above. Indy also may subcontract the processing of your data to, or otherwise share your data with, third parties in the United States or countries other than your country of residence. The data protection laws in these countries may be different from, and less stringent than, those in your country of residence. To the extent that we engage in such cross-border transfers, we may implement standard contractual clauses, contractual arrangements, or other mechanisms, as appropriate, to safeguard information that is transferred to other countries. By agreeing to this Policy when registering for an account on the Services and/or using the Services or by providing any information to us, you expressly consent to such transfer and processing.
Our Services are compliant with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data, the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
If you are an end user in the European Economic Area, Tispr, Inc. acts as data controller with respect to your personal data. We act as data processor with respect to the data you share with us about your customers and prospects. If you wish to contact us regarding any personal data processing issue, you may do so in accordance with Section 13 below.
Legal basis for data processing
To the extent required by law, our legal basis for processing information, as described above, will depend on the type of information at issue and the purpose for which it is collected and used, i.e.: the legal basis for data processing is following:
(a) Provision of Services - in scope of the data necessary to register the account and Transaction and Payment Information between Indy and you - Article 6(1)(b) GDPR (necessary for entering into an agreement and performance of Services); in scope of Profile Information – Article 6(1)(a) GDPR (your consent which you may withdraw anytime); in scope of Company, Marketplace and Business Information regarding to your company- Article 6(1)(a) GDPR (your consent which you may withdraw anytime) and regarding Information about Your Customers and Prospects and Other Information You Provide to Us regarding third persons – we process such data on your behalf acting as the data processor under Standard Contractual Clauses.
(b) Updates and Troubleshooting, including Usage and Communication Information and information used for providing features and functionality of the Services - Article 6(1)(f) GDPR (our legitimate interest in analyzing users’ activity, including activity history, to optimize services).
(c) Personalized Content and Advertising, Surveys, and Improvements - Article 6(1)(f) GDPR (legitimate interest of Indy in the promotion of our own or third-party goods or in improvement of our own Services).
(d) Newsletters, Promotional Emails, Offers, and Joint Marketing including Automatically Collected Information including in particular the use of Strictly Necessary Cookies and Analytics Cookies - Article 6(1)(f) GDPR (legitimate interest of Indy in the promotion of our or third-party goods or services) with reservation of any other requirements that may apply under applicable law.
(e) Social Service Information including Social Networking Information - Article 6(1)(a) GDPR (your consent which you may withdraw anytime).
(f) Compiling Aggregated Information - Article 6(1)(f) GDPR (our legitimate interest in analyzing users’ activity, including activity history, to optimize services).
(g) Legal Purposes - Article 6(1)(c) GDPR (necessity for compliance with a legal obligation), in conjunction with relevant provisions of law that may apply.
(h) Combination - Article 6(1)(f) GDPR (our legitimate interest in constant approval and optimization of our services).
(i) Asserting and defending claims arising from a contract or related to enabling participation in an event/holding an event, including debt collection and participation in court, arbitration and mediation proceedings - Article 6(1)(f) GDPR (our legitimate interest in the protection of our rights).
We’ll ask for your consent before using your information for a purpose that isn’t covered in this Privacy Policy.
Whenever the data are processed upon your consent, you have the Right to withdraw consent. You can exercise that right at any time by contacting us in the manner indicated in the Section 13 below.
Tispr, Inc. does not make any decisions involving the use of automated decision-making or profiling.
Your Rights
Under the GDPR regulations, you have numerous rights in relation to your personal data. Below is a general description of your rights:
a) Access to personal data. You can exercise your right to access your data at any time.
b) Rectification and completion of data. You have the right to demand that Indy corrects your personal data that is incorrect, as well as to demand that your incomplete personal data be completed.
c) Right to delete your data. You have the right to demand that the Indy removes your personal data in any of the following cases:
However, Indy will not be able to delete your personal data to the extent that its processing is necessary (i) to exercise your right to freedom of expression and information, (ii) to comply with a legal obligation requiring processing under European Union or Member State law, (iii) to establish, exercise or defend claims.
d) The right to restrict data processing. You have the right to request that Indy restricts the processing, in the cases where:
e) Right to object. You have the right to object to the processing of your personal data if we process the data in a legitimate interest, including for direct marketing purposes. To the extent that the data is processed for a purpose other than direct marketing, we may disregard your objection if we demonstrate that there are important legitimate grounds for processing that override your interests, rights and freedoms, or grounds for establishing, exercising or defending claims.
f) Right to withdraw consent. To the extent that the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing of your consent prior to its withdrawal.
g) Right to data portability. To the extent that your data is processed for the purpose of concluding and performing a contract or is processed on the basis of your consent and the processing of your data is carried out in an automated manner, you have the right to receive from Indy your personal data that you have provided to the Association in a structured, commonly used machine-readable format. You also have the right to send this personal data to another controller.
h) Right to complain. You have the right to lodge a complaint regarding our data processing with a supervisory authority. The EU Commission provides a list of supervisory authorities here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm In order to exercise the right to complain, you should contact the supervisory authority directly.
Upon creating your account, you provide your data on a voluntary basis, however, limited scope of data (name, email address, and password) is necessary to set up the account and keep using the Services and a failure to provide such data results in you being unable to enter into the agreement with us. When using the Services you provide Profile Information, Business Information or Information about Your Customers and Prospects voluntarily, however, the scope of data you provide to us may influence the functionality or the scope of the Services available for you. When legally justified, providing certain data may be obligatory, e.g. to fulfill tax and accountancy obligations. We may also obtain your personal data from Social Networking Information or Automatically Collected Information (for more details see Section 1 above).
Indy may subcontract the processing of your data to, or otherwise share your data with, third parties in the United States or countries outside the European Economic Area. In the event we engage in such cross-border transfers, we implement standard contractual clauses, contractual arrangements, or other mechanisms, as appropriate, to safeguard information that is transferred to our subcontractors in United States or other countries.
If you are a California resident, the California Consumer Privacy Act (“CCPA”) provides you with certain rights regarding your personal information, including the right to know about personal information collected, disclosed, or sold; the right to request that we delete personal information that we have collected from you; the right to opt-out of the sale of your personal information; and the right not to be discriminated against for exercising your rights. These rights are subject to certain exceptions.
If you are an Indy user and you create an account with us to use the Services, we may collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). We may have collected the categories of personal data described in Section 1 above, including following categories of personal information about you, over the past 12 months:
We collect the personal information listed above from the sources specified in Section 1, including following sources:
In the last 12 months, with your permission, we may have disclosed the categories of personal information subject to the CCPA, as laid out in Section 3 above, including:
We may have shared any of the information listed above with the parties and for the purposes described in Section 3 above.
If we maintain personal information about you that is subject to CCPA, you may exercise certain rights in connection with this data if you are a California resident.
California residents have the right to request that we disclose certain information about our collection and use of your personal information over the past twelve months (“Right to Know”). Once we receive and confirm your verifiable consumer request, we will disclose to you:
California residents have the right to request that we delete the personal information that we collected from you and retain, subject to certain exceptions (“Right to Delete”). Once we receive and verify your request, we will delete (and direct our service providers/vendors to delete) your personal information from our records, unless an exception applies.
The CCPA provides California residents with the right to opt-out of the sale of their personal information. We do not sell your personal information.
The CCPA provides California residents with the right not to receive discriminatory treatment for the exercise of their privacy rights conferred by the CCPA. We will not discriminate against you for exercising any of your CCPA rights.
If you are a California resident and wish to request for us to provide you with your Right to Know or Right to Delete, you may submit a request by us by contacting us in accordance with Section 13 below.
When you submit a request, we will confirm your identity by asking you to provide your name and email address associated with your account. We will verify your identity by matching the information you provide with what we have on file for you. We may ask you for additional information to verify your identity or to comply with your request.
You may authorize an agent to make a request on your behalf. To designate an agent, please provide a written and signed document by both you and the agent that authorizes the agent to act on your behalf. You may also use a power of attorney. We will still require you to provide information to allow us to reasonably verify that you are the person about whom we collected personal information.
If you wish to contact us regarding this California Privacy Notice, you may do so in accordance with Section 13 below.
Indy provides you with choices to review, access, and update your information or to exercise your privacy or data protection rights, as follows:
The Services may contain offers from other companies or links to websites or mobile apps of other third parties, including social media sharing features that link to third-party websites. If you follow a link to any of these websites or apps, please note that these websites and apps, and any services that may be accessible through them, have their own privacy policies. We are not responsible for the privacy practices of other websites or apps or the information you share through such other websites or apps. We encourage our users to be aware when they leave the Services and to read the privacy policies applicable to such third-party websites and apps. This Policy applies solely to information collected in connection with the Services.
Indy uses reasonable physical, technical, and administrative safeguards to protect your information against loss or unauthorized access, use, modification, or deletion. However, no security program is 100% secure, and thus we cannot guarantee the absolute security of your information. We retain your information for as long as reasonably necessary for our legitimate business purposes, to provide the Services to you, to fulfill the purposes described in this Policy, or as otherwise required or permitted by law. When we destroy your personal information, we do so in a way that prevents that information from being restored or reconstructed.
Without limiting the generality of the foregoing, the retention period is as follows:
a) for the data stored and obtained in connection with you registering at Indy account and/or using any of our Services – Indy will keep certain materials from Your Content for ninety (90) days after termination, after which all data related to your Indy Account, including Your Content, or any part thereof, will be deleted, preventing you from accessing or using any of the Service. Prior to the deletion, you will have an opportunity to export certain materials from Your Content. However, in the scope regarding the data processed to fulfill legal requirements, including tax and accountancy or to assert or defend legal claims – Indy will store data for the period as required by the applicable provisions of law or until the lapse of the limitation of claims period.
b) for the data processed on the basis of your consent - for the period necessary to achieve the purposes for which it was collected, and in any case not longer than until the date of withdrawal of your consent.
c) for the data contained in cookies - for a period of time corresponding to the life cycle of cookies stored on your devices.
The Services are not directed to children under 13 and the minimum age for use of Indy is 18. If you are a parent and believe your child under the age of 13 has used the Services and provided information to us through the Services, please contact us as described in the section below titled “Contacting Us” and we will work to delete that Services account and any such information.
We ask that you not send us, and you not disclose, any sensitive information that is not required to obtain or provide the Services (e.g., information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, or sexual orientation) on or through the Services or otherwise to us.
We may revise this Policy periodically in the future. When we make any material changes to this Policy, we will change the Effective Date and post the revised Policy to our Services. We encourage you to review the Policy periodically. We will treat your continued use of the Services following such change as your acceptance of the changes.
If you have any questions about this Policy, please email us at legal@weareindy.com with “Attn: Privacy Questions” in the subject line or contact us at:
Tispr, Inc.
Attn: Privacy Questions
8601 Lincoln Blvd Ste 180 #672,
Los Angeles, CA 90045