How Information is Collected:

Directly from Users: We collect information that you provide directly, including when you:

• Register for an Account: Creating a user profile or signing up for services.
• Make a Purchase: Buying products or services.
• Contact Us: Communicating with us via email, phone, or forms.
• Participate in Surveys or Promotions: Engaging in our surveys, contests, or promotional activities.

Through Automated Means: We also collect information through automated technologies, such as:

• Cookies: Small files stored on your device to track preferences and usage.
• Do Not Track: Some web browsers may transmit “Do Not Track” (DNT) signals. At this time, Redpoint does not respond to DNT signals. As there is no universally accepted standard for how to respond to such signals, we do not alter our data collection and usage practices when we detect a DNT signal from your browser.
• Web Beacons: Invisible images used to understand user behavior.
• Analytics Tools: Such as Google Analytics, to analyze trends and performance.

From Third Parties: We may also obtain information from third-party sources, including:

• Business Partners: Collaborating with other companies or industry organizations.
• Publicly Available Sources: Information publicly available online or offline.
• Social Media Platforms: If you connect or share through social media channels.

Purpose of Collection:

We collect and process information for purposes including:

• Providing and Enhancing Services: Fulfilling orders, offering support, and improving user experience.
• Marketing and Communication: Sending newsletters, promotional materials, and updates.
• Compliance and Security: Meeting legal requirements, protecting our rights, and ensuring the security of our services.
• Research and Analysis: Conducting research, analysis, and development to innovate and enhance our offerings.

We only use Sensitive Personal Information for purposes expressly permitted by applicable privacy laws. We do not use it to infer characteristics about individuals or for cross-context behavioral advertising.

Data Retention:

We retain Personal Information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention period may vary depending on the type of data, the nature of our relationship with you, and legal obligations. For example, we may retain account information for as long as your account is active, and for a reasonable period thereafter in case of reactivation. We may also retain information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Commitment to Security:

Redpoint is fully committed to ensuring the security of the information we collect and handle. We understand the importance of safeguarding your Personal Information and have implemented comprehensive measures to protect it.

Security Measures:

We employ a range of security measures, including:

• Encryption: Utilizing encryption technologies to protect the information during transmission and storage.
• Access Control: Implementing strict access controls to ensure that only authorized personnel have access to your information.
• Network Security: Utilizing firewalls, intrusion detection systems, and regular security assessments to protect against unauthorized access.
• Secure Development Practices: Following industry best practices in software development to ensure that our products and services are secure.
• Third-Party Vetting: Conducting assessments of third-party service providers to ensure they meet our security standards.
• Incident Response: Having an incident response plan in place to handle any potential security breaches effectively.
• Compliance with Standards: Aligning with industry standards and certifications, including our current SOC 2 Type 2 report and ISO 27001 certification.

User Rights:

General Rights:

• Access: You have the right to request access to the Personal Information we hold about you.
• Correction: You may request correction of inaccurate or incomplete information.
• Deletion: You can request the deletion of your information under certain circumstances.
• Object or Restrict Processing: You may object to or request restrictions on the processing of your information.
• Data Portability: You may request to receive a copy of your information in a commonly used electronic format.

Specific Rights under Various Laws:

California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You can request details about the specific pieces of information we have collected about you, the categories of sources, the business purpose, and the categories of third parties with whom we share the information.
• Right to Delete: You can request the deletion of your Personal Information.
• Right to Opt-Out of Sales or Sharing: You can opt-out of the sale or sharing of your Personal Information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit our use or disclosure of your Sensitive Personal Information to purposes authorized under the CPRA.

General Data Protection Regulation (GDPR):

• Right to Object to Processing: You have the right to object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
• Automated Decision Making and Profiling: You have rights related to automated decision-making, including profiling.

Colorado Privacy Act (CPA), Utah Consumer Privacy Act (UCPA), Nevada Internet Privacy Bill (SB260), New York Privacy Act (NYPA):

• Right to Access, Correct, Delete: Similar to the CCPA and GDPR, you may request to access, correct, or delete your Personal Information.
• Right to Data Portability: You may request your data in a portable and readily usable format.

Virginia Consumer Data Protection Act (CDPA) as amended in 2024:

• Right to Opt-Out of Profiling: You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
• Right to Access, Correct, Delete: You may request to access, correct, or delete your Personal Information.
• Right to Data Portability: You may request your data in a portable and readily usable format.

Response Time:

We will respond to verified requests as required by applicable law and within the time frames stipulated in the specific acts mentioned above.

Children’s Privacy:

Redpoint’s website and services are not intended for children under 13, in compliance with COPPA.

International Data Transfers:

General Overview:

Redpoint operates globally and may transfer, store, and process your Personal Information outside of your country of residence. These international data transfers are conducted to enable us to provide our services, comply with legal obligations, and optimize our operations.

Countries Involved:

The data may be transferred to countries that may not have the same data protection laws as your country of residence. These countries may include the United States, members of the European Economic Area (EEA), the United Kingdom, and other locations where Redpoint or its third-party service providers operate.

Compliance with Legal Requirements:

When transferring Personal Information across international borders, Redpoint complies with applicable legal requirements, including the General Data Protection Regulation (GDPR) for transfers involving EEA residents and the UK GDPR for transfers involving UK residents.

Transfer Mechanisms:

Redpoint employs various legal mechanisms to ensure the lawful transfer of Personal Information, including:

• Adequacy Decisions: Transferring data to countries recognized by the European Commission and/or the UK government as providing an adequate level of data protection.
• Standard Contractual Clauses (SCCs): Using contracts approved by the European Commission and the UK Information Commissioner’s Office (ICO) that obligate both parties to protect Personal Information.
• Consent: Where applicable, obtain explicit consent from you for the transfer.
• Binding Corporate Rules (BCRs): Implementing company-wide rules that ensure a consistent level of protection for Personal Information.

Third-Party Transfers:

When sharing your Personal Information with third-party service providers outside your jurisdiction, Redpoint ensures that such third parties are contractually bound to adhere to appropriate data protection standards and legal requirements.

Security Measures:

Redpoint takes measures to protect your Personal Information during international transfers, ensuring that it is treated securely and in accordance with this Privacy Policy. This includes utilizing encryption, secure servers, and other technical and organizational measures.

 

Contact Us:

If you have any concerns or complaints regarding this Privacy Policy or Redpoint’s handling of your Personal Information, please contact us using the details below. We take all privacy-related inquiries seriously and will respond in accordance with applicable laws.

Mail:
Redpoint Global Inc.
Attn: Information Security
34 Washington Street, Suite 205
Wellesley Hills, MA 02481

Email: [email protected].

Changes to This Policy:

Redpoint reserves the right to update this Privacy Policy from time to time to ensure ongoing alignment with applicable laws and evolving business practices. Any updates to this Privacy Policy will be posted on our website. This Privacy Policy is reviewed periodically as part of Redpoint’s internal data governance and information security management processes.

Definitions:

For the purposes of this Privacy Policy, the following terms have the meanings set forth below:

• “Aggregated Data” means information that has been combined with data from others and summarized or grouped in a way that it no longer identifies or can be used to identify an individual.
• “Anonymized Data” means information that has been processed in such a way that it cannot reasonably be used to identify a specific individual, either directly or indirectly.
• “Children” refers to individuals under the age of 13, in accordance with the Children’s Online Privacy Protection Act (COPPA), or under the age of 16 in jurisdictions with similar child data protection provisions.
• “Controller” (or “Business,” under U.S. state laws such as CCPA) means the entity that determines the purposes and means of the processing of Personal Information.
• “Cookies” are small text files stored on a user’s device by a website or application to help remember preferences, improve user experience, and collect analytics data.
• “Cross-Context Behavioral Advertising” means targeting advertising to a consumer based on Personal Information obtained from the consumer’s activity across different websites, applications, or services that the consumer does not intentionally interact with.
• “Data Subject” means an identified or identifiable natural person whose Personal Information is being processed.
• “International Data Transfer” means the transfer of Personal Information from one country to another, especially where the receiving country does not offer the same level of data protection as the country of origin.
• “Non-Personal Information” (or “NPI”) refers to data that cannot be used to identify or contact a specific individual. Examples include aggregated information, anonymized data, usage statistics, and generalized demographic information.
• “Personal Information” (or “PI”) means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular individual or household. This includes, but is not limited to, names, email addresses, physical addresses, phone numbers, payment information, identification numbers, IP addresses, and employment details.
• “Processing” means any operation or set of operations performed on Personal Information, whether or not by automated means, including but not limited to collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, alignment or combination, restriction, erasure, or destruction.
• “Processor” (or “Service Provider,” under U.S. state laws) means the entity that processes Personal Information on behalf of a Controller/Business.
• “Profiling” refers to any form of automated processing of Personal Information to evaluate certain personal aspects of an individual, in particular to analyze or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
• “Sale” and “Sharing” of Personal Information refer to the disclosure of Personal Information to third parties for monetary or other valuable consideration, or for purposes of cross-context behavioral advertising, as defined under applicable laws such as the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
• “Sensitive Personal Information” means Personal Information that is subject to special protection under applicable law, including but not limited to Social Security numbers, driver’s license numbers, financial account credentials, precise geolocation, health or biometric data, and information revealing race, religion, sexual orientation, or union membership.
• “Third Party” means an entity other than Redpoint and the individual to whom the data pertains, including service providers, business partners, regulatory bodies, or affiliated companies.
• “Web Beacons” (also known as pixel tags or clear GIFs) are small graphic images embedded in web pages or emails that track user behavior or confirm whether an email was opened.