Privacy Policy

This Privacy Policy describes how Yac Inc. ("Yac," "we", "us" or "our") handles personal information that we collect through our websites and mobile applications that link to it, including the Backtrack app described at usebacktrack.com (collectively, the “Service”), as well as through our marketing and other activities described in this Privacy Policy.

Backtrack app users: When you use the Backtrack app, note that recording:

begins as soon as you grant the app access to your microphone;
remains in progress at any time the red dot at the top of the app is flashing or the app indicates that recording is in progress;
does not stop when you navigate to other screens or apps; and
can be transcribed only for the “backtrack length” specified in your settings but recordings may be retained for the period described in the Security and Retention section below.

Individuals in the EEA/UK: See our Notice to European users for information about your personal information and data protection rights.

If you have any questions or concerns about this Privacy Policy, please contact us.
‍

Scope of this Privacy Policy

Each of our customers, not Yac, is responsible for their collection, use, and disclosure of personal information through our applications. Our customers’ privacy practices may differ from those set forth in this Privacy Policy. If you have questions or concerns about a customer’s handling of data collected through our apps, you should direct them to the customer.

This Privacy Policy does not apply to:

The handling of personal information by third parties with whom you interact through the Service, including the third party CRM services to which you transfer your Content, which is governed by those third parties’ own privacy policies; or
Our processing of data that does not pertain to an identifiable natural person and does not otherwise qualify as “personal information”, “personal data” or information within the scope of similar terms defined in applicable privacy laws.
Our processing of personal information as a data processor acting on behalf of an enterprise customer with whom we have entered into an agreement for the provision of our Services that differs from our standard online Terms of Service.

The Service is not intended for use by individuals for personal, family, household, or other consumer purposes, and the personal information covered by this Privacy Policy pertains to individuals acting in a business or commercial context.

‍

Personal information we collect

The personal information we collect from you, either directly or indirectly, will depend on how you interact with us and with our Service. In general, we collect personal information about you from the following sources:

Information you provide to us. Personal information you may provide to us includes:

Contact data. Full name, professional title, organization name, mailing address, email address, phone number, and other contact details.
Account data. The data you use to establish or access your Service account, such as your email address, phone number, and any password issued for your Service account, and any other information you choose to add to your Service account or profile, such as your credentials to the third party services you designate as the destinations of the Content processed by the Service or the workspaces you create.
Content. Data that you submit or upload to our applications, including some text
- recordings of the conversations you record with the application (and transcriptions of the conversations),
- the business contact and professional details that you upload (including business card images); and
- data you transfer to the application through your integrations to your third party services
Payment data. Any payment card data, banking details, or other data provided to pay for the Service, and information about your payment transactions.
Communications data. Information in your communications with us, including when you communicate with us through the Service, our Slack channels, email, social media, events, or otherwise.

‍

If we collect personal information not specifically listed above, we will use it consistent with this Privacy Policy or as otherwise explained at the time of collection.

‍

Automatic collection. As you navigate the Service, our communications, and other online services, we, our service providers, and advertising partners may automatically collect identifiable information about you, your computer or device, and your browsing actions and use patterns, such as:

Device data. Information about your computer or mobile device, such as operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique device identification numbers or other identifiers, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), use of spoofing, general location information associated with IP address (e.g., city, state, or geographic area), and precise geolocation of your mobile device when you grant us access to it through your device’s settings.
Usage data. Page and screen views, search terms, log-in information, what videos and other content you view, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, whether you have opened our emails or clicked links within them, and other functional information on Service performance (like diagnostics and crash logs).

Cookies and Web Technologies. Please see our Cookie Notice for details on the cookies and other technologies used to facilitate some of the automatic collection described above, and your choices for limiting these technologies.

‍

Third party sources. We combine personal information we receive from you or collect automatically when you use the Service with personal information we obtain from other sources, such as:

‍

Authentication services. When you log into the Service by using your credentials on a third party service, such as Google or Apple, that service may provide us with your name, email address, photo, and other data according to your settings in that service.
Third party integrations. If you choose to enable an integration with a third party service that you use, the third party may share some information about you with us according to your settings in that service, such as your name, email, or other content or information needed to facilitate the integration.
Payment processors. When you make payments through our payment processors (e.g., Stripe) or a mobile app store, the app store operator (e.g., Apple, Google), they will share information about the transaction with us. Payment processors and app store operators handle your information in accordance with their own privacy policies.
Data brokers. Third party data brokers provide us with contact details about prospective customers and contact updates that help us keep our customer contact details current.
Our business contacts. Our professional contacts share with us contact details about individuals in their networks, including prospective customers and partners.

‍

How we use your personal information

We use your personal information for the following purposes or as otherwise described in this Privacy Policy or at the time of collection:

Service delivery. We use your personal information to create, manage, and administer your Service account, provide the Service, process your payments, and to communicate with you about our Service (including via support and administrative messages).
Business operations. We use your personal information to administer and maintain our Service and our IT systems (including monitoring, troubleshooting, data analysis, testing, system maintenance, repair, and support, reporting and hosting of data) and to operate our business.
Research and development. We use your personal information for research and development purposes, including to analyze and improve the Service and our business in an informed way, subject to the applicable restrictions in our Terms of Service or other agreement with you, as applicable. As part of these activities, we may create aggregated, de-identified and/or anonymized data from personal information we collect. We make personal information into de-identified or anonymized data by removing information that makes the data personally identifiable to you. We may use this aggregated, de-identified or otherwise anonymized data and share it with third parties for our lawful business purposes, including to analyze, improve and promote the Service and our business.
Marketing. We, our service providers, and our third party advertising partners may collect and use your personal information for the following purposes:

‍

Direct marketing. We may contact you about our or our partners’ products and services via mail, email, or phone as permitted by law. You may opt-out of our marketing communications as described in the opt-out of marketing section below.
Targeted advertising. Third party advertising partners that we work with may use the technologies described in our Cookie Notice to collect the device data and usage data described above about your interaction with the Service, our communications, and other online services over time and with different browsers and devices. They use that information to serve online ads that they think will interest you on other online services and to measure their effectiveness. They may also use contact data we provide to try to target relevant ads on their platforms to our customers or prospective customers.

‍

Compliance and protection. We use your personal information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities. We also use your personal information to protect our, your or others’ rights, privacy, safety, or property (including by making and defending legal claims), including by conducting internal audits against our policies; enforcing the terms and conditions that govern the Service; and taking steps to prevent, investigate and deter fraud, cyberattacks or other unauthorized, unethical, or illegal activity.
Google User Data. In order to work with integrations such as Google Calendar, we need to access your data. We will only access the data that is necessary for the integration to work. This access allows our app to analyze your events to suggest meetings you might want to recover. We do not store any personal data obtained through this integration on our servers; all data is processed in real-time from Google’s servers with your consent and it is never shared or disclosed publicly. Additionally, user data obtained through this integration is never shared with third party tools, including AI models.

‍

How we share your personal information

You can use the Service to transfer your Content to certain third-party services that you designate (e.g., CRM services). In addition, we may share your personal information with the following categories of recipients and as otherwise described in this Privacy Policy or at the time of collection.

Service providers. Third parties that provide services on our behalf or help us operate the Service or our business (such as business applications, cloud hosting and infrastructure, content delivery network, information technology, cybersecurity, customer support, billing, customer relationship management, telecommunications, email delivery, marketing, advertising, payment processing, generative artificial intelligence, SDK package management, feature research, call/videoconference recording and transcription, customer research, and analytics).
Authentication services. When you log into the Service by using your credentials on a third party service, such as Google or Apple, that service may collect your credentials and other data to facilitate the authentication. See the service’s relevant settings or privacy policy for details. You can read Google’s privacy policy at https://policies.google.com/privacy and you can read Apple privacy policy at https://www.apple.com/legal/privacy/en-ww/
Payment processors. Third party payment processors, such as Stripe or app store operators like Apple and Google, that collect your payment card data and other transaction data to process your payments for the Service. You can read Stripe’s privacy policy at https://stripe.com/privacy. You can read Google’s privacy policy at https://policies.google.com/privacy and you can read Apple privacy policy at https://www.apple.com/legal/privacy/en-ww/
Advertising partners. Third party advertising partners for the targeted advertising purposes described above. Their use of your personal information is subject to their own privacy policies.
Affiliates. Our parent company and other corporate affiliates that we control, are controlled by, or with which we are under common control, for purposes consistent with this Privacy Policy.
Professional advisors. Professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
Business transferees. Parties (and their advisors) to transactions or proposed transactions involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, Yac or our affiliates (including, in connection with a bankruptcy or similar proceedings).

‍

Your choices

Your choices regarding the personal information we hold about you include the following:

Access or update your information. You may review and update certain Service account information in your settings and Backtrack users can delete their Backtrack recordings within the app.
Opt-out of marketing communications. You may opt-out of marketing emails by following the opt-out instructions in the email. Please note that if you opt-out of marketing emails, you may continue to receive service-related and other non-marketing emails.
Limit collection by cookies and other web technologies. For more information, see our Cookie Notice.
Disable location access. If you grant our apps access to your mobile device’s precise geolocation through your device’s settings, you can also disable access anytime through your device’s settings.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Third party services. You may be able to limit the information shared with us by third party services that you use to sign in to the Service or that you integrate with the Service. See your settings and the privacy policy for that service for details.
Delete your account. You can request that we delete your account by contacting us or by going to your in-app profile settings. Please note that if we delete your account, we will be unable to provide any online or digital services to you or support for past services you have requested.

‍

Other sites and services

The Service contains links to or integrations with online services operated by third parties, such as the sources and destinations of your Content. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or other online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites and online services you use.

‍

Security and Retention

We use various technical and organizational measures designed to protect the personal information we process. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.

The Backtrack app retains up to the last 20 minutes of the recording you initiate and all recording happens locally on your device - whatever you do not save gets automatically deleted.. The app settings also allow you to specify a “backtrack length”, which refers to the segment of the recording stored on the device (no longer than 20 minutes) that you can export for transcription and processing. Only when you elect to export the designated “backtrack length” will that portion of the recording be exported to our servers and retained as described below.

With respect to all of our Services we retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for the compliance and protection purposes described above. Factors determining the appropriate retention period for personal information include the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we process the personal information, whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information we have collected about you, we will either delete or anonymize it (so that it is no longer personally identifiable with you) or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will isolate your personal information from any further processing, employing security safeguards designed to protect it, until deletion is possible.

‍

International data transfers

We are headquartered in the United States and may use service providers that operate in the United States and other countries. These countries may have data protection laws that are not as protective as those where you live.

‍

Children

The Service is not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

‍

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledgment that the modified Privacy Policy applies to your interactions with the Service and our business.

‍

How to contact us

If you have questions or concerns about this Privacy Policy or our practices, please contact us at [email protected].

‍

Notice to European users

The information provided in this notice applies only to individuals in the United Kingdom (“UK”), the European Economic Area (“EEA”) and Switzerland (we collectively refer to these countries as “Europe”).

The personal information that we collect from you is identified and described in greater detail in the section of the Privacy Policy entitled Personal information we collect.

Controller. Yac Inc. is the controller of your personal information described in this Privacy Policy. See the Contact us section above for contact details.

Legal bases for processing. European data protection law requires that we have a “legal basis” for each purpose for which we process your personal information. Depending on the purpose for collecting your information, we may rely on one of the following legal bases:

The processing is necessary to perform a contract that we are about to enter into, or have entered into, with you (“Contractual Necessity”).
The processing is necessary to pursue our legitimate interests or those of a third party and we are confident that your privacy rights will be appropriately protected (“Legitimate Interests”).
We need to comply with laws or to fulfill certain legal obligations (“Compliance with Law”).
We have your specific consent to carry out the processing for the purpose in question (“Consent”). Generally, we do not rely on Consent as a legal basis for using your personal information other than in the context of direct marketing communications where required by applicable law.

The table below identifies the legal bases we rely on in respect of the relevant purposes for which we use your personal information. For more information on these purposes and the categories of personal information involved, see the section in the Privacy Policy entitled How we use your personal information.

‍

1. Processing purpose

2. Types of personal information processed

3. Legal basis

‍

Service delivery

Contact data
Account data
Content
Payment data
Communication data
Device data
Usage data

Contractual Necessity. If we have not entered a contract with you requiring use of this data, we process your personal information based our Legitimate Interests (in providing the Service you access or request)

‍

Business operations

Contact data
Account data
Communication data
Device data
Usage data

Contractual Necessity. If we have not entered a contract with you, we process your personal information based our Legitimate Interests (in operating, providing, and improving our business)

‍

Research and development

Contact data
Account data
Communication data
Device data
Usage data

Our Legitimate Interests (in analyzing and improving our Service and our business).

‍

Marketing and advertising

Contact data
Account data
Communication data
Device data
Usage data

Our Legitimate Interests (in promoting our products and services through marketing communications). In circumstances or in jurisdictions where consent is required under applicable data protection laws, we rely on your Consent to send direct marketing communications.

‍

Sharing your personal information as described in this Privacy Policy

Contact data
Account data
Communication data

We use the original legal basis relied upon if the relevant further use is compatible with the initial purpose for which the personal information was collected. Otherwise, we rely on your Consent.

‍

Compliance and Protection

All data relevant in the circumstances.

Compliance with Law (where processing is necessary to comply with our legal obligations). Otherwise, we rely on our Legitimate Interests (in protecting our, your or others’ rights, privacy, safety, or property).

‍

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

‍

Sensitive personal information. We do not require or expect to collect sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) and ask that you do not provide us with any such information.

‍

Your rights. European data protection laws give individuals in Europe the following rights regarding their personal information:

Right of access. You can ask us to provide you with information about our processing of your personal information and give you access to your personal information.
Right to rectification. If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.
Right to erasure. You can ask us to delete or remove your personal information where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law.
Right to restrict processing. You can ask us to suspend the processing of your personal information:

‍

if you want us to establish the information’s accuracy;
where our use of the information proves to be unlawful, but you do not want us to erase it;
where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or
if you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.

‍

Right to object. You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) to do so and you believe it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes.
Right to data portability. You have the right, in certain circumstances, to ask us to provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format.
Right to withdraw consent at any time. Where we are relying on consent to process your personal information you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

‍

Exercising those rights. Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal information or where certain exemptions apply. If we decline your request, we will tell you why, subject to legal restrictions.

To exercise any of these rights, please contact us. We may request specific information from you to help us confirm your identity and process your request.

‍

Your right to lodge a complaint with your supervisory authority. If you are not satisfied with our response to a request you make, or how we process your personal information, you can make a complaint to the data protection regulator in your habitual place of residence.

‍

For users in the EEA: The contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en

For users in the UK: The contact information for the UK data protection regulator is below:

The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Tel. +44 303 123 1113
Website: https://ico.org.uk/make-a-complaint/

For users in Switzerland: The contact information for the Swiss data protection regulator is available at www.edoeb.admin.ch.

‍

International data transfers. We are headquartered in the United States and may use service providers that operate in the United States and other countries. Therefore, we may transfer your personal information to recipients outside of Europe. Some of these recipients are in countries which have been formally recognized as providing an adequate level of protection for personal information by the European Commission and Secretary of State in the UK, in which case, we rely on the relevant "adequacy decisions".

Where the transfer is subject to the cross-border restrictions of applicable data protection law and no adequacy decision or regulations apply, we take appropriate safeguards to ensure your personal information remains protected in accordance with this Privacy Policy and applicable laws by entering into appropriate data transfer mechanism permitted under Article 46 of the GDPR / UK GDPR (as applicable), such as the European Commission's Standard Contractual Clauses or the UK International Data Transfer Addendum (as applicable). A copy of our data transfer mechanism can be provided on request.