Xembly Privacy Policy

Effective as of Aug 8, 2023.

Where we are providing the Services based on an agreement in place with one of our business customers who is asking you to use our Services (for example your employer), we obtain and process your personal information on behalf of, and at the direction of, that business customer. In that context, our use of information that we process on behalf of our enterprise customers may be governed by our agreements with such customers. If you have concerns regarding your personal information that we process on behalf of a business customer, please direct your concerns to that business customer.

TABLE OF CONTENTS

  • Personal Information We Collect
  • How We Use Your Personal Information
  • How We Share your Personal Information
  • Your Choices
  • Other Sites, Mobile Applications and Services
  • Security Practices
  • International Data Transfers
  • Data Privacy Framework
  • Children
  • Changes to this Privacy Policy
  • How to Contact Us

Personal Information We Collect

Information you provide to us. Personal information you provide to us through the Service or otherwise includes:

  • Contact information, such as your first and last name, professional title, and email address.
  • Calendar information, such as who created the meeting, who said they would attend, the meeting subject, the type of call (e.g., teleconference, Google Meet or Zoom), edits to the meeting (i.e. rescheduling or canceling a meeting), the time and day that meeting is scheduled, the location of the meeting, and whether it is a recurring meeting.
  • Meeting audio and/or video recordings, our Service allows users to opt-in to generating meeting notes from video and/or audio recordings, if you opt-in to this feature, then we may access and use your video and/or audio recordings for the purposes of processing, organizing, and generating meeting notes as part of the Service.
  • Profile information, such as your username, email address, and your profile photograph for the Service as well as any accounts you connect to the Service.
  • Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
  • Usage information, such as information about how you use the Service and interact with us, including information you provide when you use any interactive features of the Service.
  • Communication information, such as when you interact with us (including through “Xena” our conversational AI feature) via email and/or Slack and your preferences for receiving communications about our Service and details about how you engage with our communications.
  • Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

Information we obtain from social media platforms. We may maintain pages for Xembly on social media platforms, such as Facebook, LinkedIn, Twitter, Google, YouTube, Instagram, and other third-party platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy.

Information we obtain from third parties. We may combine personal information we receive from you with personal information we obtain from other sources, such as publicly available sources. To access the full features of the Extension, you must login to a third-party platform (e.g., Google or Zoom account), or otherwise connect your account on the third-party platform to the Service. By doing so, you grant us access and agree to allow us to collect information from that platform. For example, this information includes your calendar information, username, email address, profile picture, and calendar metadata, including meeting names, attendees, and meeting start and end times. You can read more about your privacy choices in the “Connecting via Third-party account” portion of the “Your Choices” section.

Data Collected Automatically. We, and our service providers, may automatically log the following information about you, your computer or mobile device, and your activity over time on the Service and other online services:

  • Usage data, such as whether the Extension is installed, whether the Extension is enabled or disabled, whether you leave or open a new tab, pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, access times, information about your activity on a page or screen, duration of access, and whether you have opened our emails or clicked links within them.
  • Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.

Cookies and similar technologies. Some of the automatic collection described above is facilitated by the following technologies:

  • Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place.
  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
  • Session-replay technologies, such as those provided by FullStory that employ software code to record users’ interactions with the Services in a manner that allows us to watch DVR-like replays of those user sessions. The replays include users’ clicks, mobile app touches, mouse movements, and scrolls and keystrokes/key touches during those sessions.  These replays help us diagnose usability problems and identify areas for improvement.  You can learn more about FullStory at https://www.fullstory.com/legal/privacy-policy and you can opt-out of session recording by FullStory at https://www.fullstory.com/optout/.

XEMBLY DOES NOT SAVE OR STORE ANY DATA REGARDING YOUR ONLINE ACTIVITY BEYOND OR OUTSIDE THE EXTENSION FUNCTIONALITY AND/OR ANY CONNECTED CALENDARS.

Data about others. We may offer features that help users invite their contacts to use the Service (for example, to schedule a meeting), and we may collect contact details about these invitees so we can deliver their meeting invitations. Please do not refer someone to us or share their contact details with us unless you have their permission to do so.

How We Use Your Personal Information

We use your personal information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection:

To operate the Service. We use your personal information to:

  • provide, operate and improve the Service, including to generate automated meeting notes using your meeting audio and/or video recordings (if you request this feature), schedule meetings, track action items, set reminders, and optimize schedules;
  • provide information about our products and services;
  • communicate with you about the Service, including by sending you information about your use of the Service;
  • provide support and maintenance for the Service; and
  • to respond to your requests, questions, and feedback.

For research and development. We analyze use of the Service to analyze and improve the Service and to develop new products and services, including by studying use of the Service.

To comply with the law. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal processes, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Service; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

To create anonymous, aggregated, or de-identified data. We may create anonymous, aggregated, or de-identified data from your personal information and other individuals whose personal information we collect. Any meeting performance feedback given through the Services is provided to the requestor of such meeting performance anonymously. We make personal information into anonymous, aggregated, or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Cookies and similar technologies. In addition to the other uses included in this section, we may use the Cookies and similar technologies described above for the following purposes:

  • Technical operation. To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.
  • Functionality. To enhance the performance and functionality of our services.
  • Analytics. To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails. For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.

Retention. We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

For authenticated users of the Xembly platform, all data except video recordings and transcripts are retained for the life of the user.  Users can delete their account at any time via our user interface or by contacting support.  Video recordings and transcripts have a variable retention policy ranging from 0 days to life of the user that can be independently set by users of the Xembly service using their Xembly user interface.

How We Share your Personal Information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection.

Other Users. We may share feedback you provide regarding others who are identified as invitees/participants in your calendar meetings with such individuals. By default, we do not attribute your name to any feedback you provide related to other users and will not share your feedback with any other user unless at least one other person provides feedback related to such person.

Affiliates. We may share your personal information with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Service providers.  We may share your personal information with third parties that provide services on our behalf or help us operate the Service or our business (such as data storage (using AWS), hosting, information technology, customer support, email delivery, marketing, consumer research and website analytics).

Linked third-party services. If you log into the Service with, or otherwise link your Service account to a third-party service (such as Okta), we may share your personal information with that third-party service. The third party’s use of the shared information will be governed by its privacy policy and the settings associated with your account with the third-party service.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Your Choices

In this section, we describe the rights and choices available to all users.

Access or update your information. If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account. Updates can be made via the settings tab within the Chrome Extension.

Opt out of marketing communications. You may opt out of Xembly’s marketing-related emails by contacting us at legal@xembly.com. You may continue to receive service-related and other non-marketing emails.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Service to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services. We will tell you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means. Additionally, in certain circumstances and under applicable law, you may have the right to access and receive a copy of the personal information we hold about you, request that we rectify any inaccuracies, as well as request the deletion of personal information, by contacting us at the address below.

Connecting via Third-party account. When connecting to the Service via a third-party platform (e.g., Google account), you may have the ability to limit the information that we may obtain from the third-party at the time you login to the Service using the third-party’s authentication service or otherwise connect your account. Subsequently, you may be able to control your settings through the third-party’s platform or service. For example, you may access and change your privacy settings and unlink your Google account through the Google account Security page under “Third-party apps with account access.” If you withdraw our ability to access certain information from a third-party platform, that choice will not apply to information that we have already received from that third-party. You can also decide to revoke Xembly’s access to your Google account by visiting https://app.xembly.com/login and pressing the “Sign Out” button.

Uninstall, delete, or disable your Extension. You may, at any time, choose to uninstall, delete, or disable your Extension to stop sharing your information with us; however, we will be unable to provide you with our Services if you choose to do so. Note further that if you uninstall, delete, or disable your Extension, this will not affect information that we have already previously collected or received through the Extension or Service. If you wish to delete your account, please do so by using the settings panel of your Extension.

Other Sites, Mobile Applications and Services

The Service may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third-party websites, mobile applications or online services, and we are not responsible for their actions. Other websites, mobile applications and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Security Practices

The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information. Further, we do currently not have our own sign in functionality; we use the OAuth2 system provided by Google Sign In. You must prevent unauthorized access to your Google account and personal information by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

International Data Transfers

We are headquartered in the United States and have service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, or country where privacy laws may not be as protective as those in your state, province, or country.

Data Privacy Framework (DPF)

Xembly complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Xembly has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Xembly has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles. If there is any conflict between the terms in this privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.

To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Xembly commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact us using the contact details listed in the “How to contact us” Section below.

Although Xembly adheres to the principles of the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF frameworks, Xembly does not rely on the EU-U.S. Data Privacy Framework as a legal basis for transfers of personal data from the EU to third countries in light of the judgment of the Court of Justice of the EU in Case C-311/18. Nor do we rely on the Swiss-U.S. Data Privacy Framework in light of the policy paper of the Swiss Federal Data Protection and Information Commissioner of September 8, 2020. To learn more, visit the U.S. Department of Commerce’s Data Privacy Framework website. Xembly utilizes legally recognized mechanisms to facilitate the transfer of personal data from the European Union and Switzerland to the United States and other third countries. If you have a question about a particular mechanism or safeguard used by Xembly, please contact us using the contact details listed in the “How to contact us” Section below.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Xembly commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-data-privacy-framework for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

Finally, we adhere to the principles of the DPF (https://www.dataprivacyframework.gov/s/framework-text) as they relate to our organization being subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Under certain conditions, you may invoke binding arbitration as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to Xembly and following the procedures and subject to conditions set forth in Annex I of Principles. Our liability in cases of onward transfers to third parties is subject to applicable U.S. law.

Children

As a general rule, children are not allowed to use the Service, and we do not collect personal information from them. We define “children” as anyone under 13 years old. If we learn that we have collected personal information of a child without the consent of the child’s parent or guardian, we will delete it. We encourage parents with concerns to contact us at the contact address found at the bottom of this page.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service. We may, and if required by law will, also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the Service.

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Service (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

How to Contact Us

Please direct any questions or comments about this Policy or privacy practices to legal@xembly.com. You may also write to us via postal mail at:

Xembly, Inc.
Attn: Legal – Privacy
3415 Cascadia Avenue South
Seattle, WA 98144This “Privacy Policy” describes the privacy practices of Xembly, Inc. and our subsidiaries and affiliates (collectively, “Xembly“, “we“, “us“, or “our“) in connection with the https://www.xembly.com/ website, the Xembly browser extension (the “Extension“), and any other website or mobile application that we own or control and which posts or links to this Privacy Policy (collectively, the “Service“), and the rights and choices available to individuals with respect to their information.