Effective Date: Dec 28th, 2023
2. Scope of This Policy
This Policy applies to the information that we obtain through your use of "Services" or when you otherwise interact with TheySaid.
“Subprocessors” shall have the meaning ascribed to it in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”). Sub-processors are provided at https://www.theysaid.io/subprocessors.
“Services” means the services provided by TheySaid through its messaging and productivity platform (the “Platform”).
“Personal Information” means information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as family name, first name, photograph, postal address, email address, telephone numbers, date of birth, data relating to your transactions on the Website, detail of your orders and subscriptions, bank or credit card number, Payment Information as well as any other information about you that you choose to provide us with. The use of information collected through our Service shall be limited to the purpose of providing the Service for which you have engaged with us.
3. Data Protection Officer
To communicate with our Data Protection Officer, please email firstname.lastname@example.org
4. TheySaid is a Data Processor/Service provider for its customers
As Data Controllers, TheySaid’s customers are responsible for disclosing the rights of individuals (“Data Subjects”) with respect to their Personal Data and other information regarding the collection and use of that Personal Data, in accordance with the GDPR, CCPA, and other laws requiring such disclosures.
5. Personal Data Processed Under this Policy
TheySaid acts as a Data Process/Service Provider with respect to any Personal Data comprised in the Customer Data, By “Customer Data” we mean the content or information which individuals authorized by a customer submit to the TheySaid Service.
6. Information we collect
Registration and Contact Information. We collect personal information about you when you (a) register to use the Services and (b) otherwise provide contact information to us via email. This information you provide may include your username, first and last name, email address, mailing address or phone number. We do not collect or process any special category data from you (example: any data revealing racial/ ethnic origin, political opinions, religious/ philosophical beliefs, processing of genetic data, biometric data, etc.).
Payment Information. When you purchase the Services, we will also collect transaction information, which may include your credit card information, billing and mailing address, and other payment-related information (“Payment Information”).
Third Party Platforms. We may collect information when you interact with our advertisements and other content on third-party sites or platforms integrated into the Services, such as email, chat or social networking sites.
Analytics. We collect analytics information when you use Services to help us improve them. We may also share anonymous data about your actions on our website with third-party service providers of analytics services.
7. How We Use the Information We Collect
We use your information to administer your account, authenticate and provide access to Services and to process payment for the Services. We also will use your information to send you communication regarding the Services, including maintenance and customer support communications as well as promotions and special offers or information about new products and services.
Legal Basis for Processing (EEA only):
If you are an individual from the European Economic Area (EEA), our legal basis for collecting and using the personal information will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where: (a) we have your consent to do so, (b) where we need the personal information to fulfill our contractual obligations with you (e.g. to deliver the Services you have requested), or (c) where the processing is in our legitimate business interests (as defined in the GDPR). In some cases, we may also have a legal obligation to collect personal information from you, or we may otherwise need the personal information to protect your vital interests or those of another person.
Where we rely on your consent to process the personal information, you have the right to withdraw or decline or opt-out of providing your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
8. Usage of Google APIs
TheySaid Inc's use of information received from Google APIs will adhere to Google API Services User Data Policy including the Limited Use requirements.
9. Sharing of Information Collected
We do not sell, trade, share or transfer your personal information to third parties, except in the following limited circumstances:
We may share your personal information with third parties to permit such parties to provide services that help us to provide our business activities, which may include assisting us with marketing, advertising our product/service offerings, or providing, maintaining and improving the features and functionality of the Services, among other things (“Subprocessors”). All third parties are engaged under contract and obliged to meet appropriate security requirements and comply with all applicable legislation; We may share your personal information when we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to: (a) satisfy any applicable law, regulation, legal process or enforceable governmental request; (b) enforce a Customer Agreement, including investigation of potential violations thereof; or (c) protect against imminent harm to our rights, property or safety, or that of our users or the public as required or permitted by law; We may share your personal information with third parties (including our Subprocessors and government entities) to detect, prevent, or otherwise address fraud or security or technical issues; We may share your Payment Information to process your payments, as further described below; and We may share and/or transfer your personal information if we become involved in a merger, acquisition, bankruptcy, or any form of sale of some or all of our assets;
10. Payment Information
When you purchase the Services, any banking or credit card information you provide as part of your Payment Information is collected and processed directly by our payment processor. We never receive or store your full credit card information.
11. Onward Transfer of Personal Data
We may transfer information that we collect about you, including personal information, to affiliated entities, or to other third parties (including our Subprocessors) across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located outside the U.S. please note that you are transferring information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to the U.S. and the use and disclosure of information about you, including personal information, as described in this Policy. We shall at all times provide an adequate level of protection for the Customer Data processed, in accordance with the requirements of applicable Data Protection Laws.
12. Privacy Shield Frameworks
TheySaid participates in and has certified its compliance with the EU-U.S. and Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union and Switzerland to the United States. TheySaid has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Our certification, please visit https://www.privacyshield.gov/
TheySaid is overseen by the US Federal Trade Commission (FTC) and US laws shall be applicable to questions of interpretation and compliance with this Policy. JAMS is the US-based independent organization responsible for reviewing and resolving complaints about our Privacy Shield compliance – free of charge to you. We ask that you first submit any such complaints directly to us at email@example.com. If you are not satisfied with our response, please contact JAMS at www.jamsadr.com/eu-us-privacy-shield. In the event that your concern still is not addressed by JAMS, you may be entitled to a binding arbitration under Privacy Shield and its principles.
If we have received your personal information under the Privacy Shield and subsequently transfer it to a third party service provider for processing, we will remain responsible if they process your personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
Beginning January 1, 2020, in order for TheySaid (and you as Subscribers) to comply with the California Consumer Privacy Act of 2018, as amended (Cal. Civ. Code §§ 1798.100 to 1798.199), and any related regulations or guidance provided by the California Attorney General (collectively the “CCPA”), we have established the
CCPA Supplemental Privacy and Security Requirements Annex ("Annex")
. The terms of the Annex will be incorporated into all agreements under which you and/or your affiliates process personal information on behalf of TheySaid ("Agreements") effective January 1, 2020.
13. Communications Preferences
We offer those who provide personal information a means to choose how we use the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of our marketing emails or you may send a request to firstname.lastname@example.org
14. How Long We Retain Your Personal Information
We will retain your personal information for as long as is needed to fulfill the purposes outlined in this Policy, unless a longer retention period is necessary, required or permitted by law for archiving purposes in the public interest or for statistical purposes. We delete all your data upon written request, except as otherwise prohibited by applicable law.
15. Accessing and Updating your personal information
Where we have not obtained personal information from you directly, but from the Subprocessors or any other sources, you shall be intimated about the identity and contact details of the controller, purpose, recipients of personal information, etc. within a reasonable time period. To request this information please contact us at email@example.com. To make a request to have personal information returned to you or removed, please email firstname.lastname@example.org Requests to access, change, or remove your information will be handled within thirty (30) days.
To ensure fair and transparent processing, you shall have the right to request access to your personal information, or request rectification, deletion or restriction of the processing of your personal information by emailing
ou shall also have the right to request information of the recipients of the personal information and the right to know the source from where your personal information originated in the event it was not obtained directly from you.
17. Children’s Personal Information
We do not knowingly collect any personal information from children under the age of 18. If you are under the age of 18, please do not submit any personal information through our Websites or Services. If you have reason to believe that a child under the age of 18 has provided personal information to us through the website or Services, please contact us at email@example.com, and we will use commercially reasonable efforts to delete that information.
The security of your personal information is important to us. We maintain a variety of appropriate technical and organizational safeguards to protect your personal information. We limit access to personal information about you to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs. Further, we have implemented reasonable physical, electronic, and procedural safeguards designed to protect your personal information. No method of transmission over the Internet, method of electronic storage or other security methods are one hundred percent secure. Therefore, while we strive to use reasonable efforts to protect your personal information, we cannot guarantee its absolute security.
If you think you've found a security vulnerability, or a problem that puts our users, their emails, or messages at risk, please email our security team. We will respond within 72 business hours, and would love to work with you to make TheySaid safer for everyone firstname.lastname@example.org
20. Changes to This Policy
21. Contact Us