logo

OsmoLoop Privacy Policy

  • Effective Date: Jan 15, 2025
  • Last Updated: Jan 15, 2025

1. Introduction

OsmoLoop Inc. ("OsmoLoop", "we", "us", "our") provides a B2B education platform (the "Service"). This Privacy Policy describes how we collect, use, share, and protect information, including personal data, when you visit our website osmoloop.com (the "Site") or when our customers ("Customers") and their authorized end users ("End Users") use our Service.

This Policy explains what data we collect, why we collect it, how it's used and shared, and your rights regarding your data.

Important Note for End Users: OsmoLoop provides the Service to our Customers (typically your employer or the organization you are affiliated with). Your organization acts as the data controller for the personal data processed through the Service. OsmoLoop primarily acts as a data processor on behalf of the Customer. If you are an End User, please direct privacy inquiries and requests regarding your personal data to your organization (the Customer).

2. Information We Collect

We collect information in the following ways:

Information Provided Directly by Customers and End Users:

  • Account Information: When a Customer or End User registers for an account, we collect information such as name, email address, company name, and potentially Slack workspace ID and Slack user ID (for integration purposes).
  • Customer Data: We process data uploaded or provided by Customers and End Users through the Service, which may include business documents, Slack messages, responses to assessments or training modules, feedback, and other content necessary for the Service's functionality. This Customer Data may contain personal data of End Users or others.
  • Communications: If you contact us directly (e.g., for customer support), we may collect your name, email address, and the content of your communications.

Information Collected Automatically:

  • Log Data: When you use the Site or Service, our servers automatically record information, including your IP address, browser type, operating system, referring URLs, pages visited, device information, and timestamps.
  • Usage Data: We collect information about how you interact with the Service, such as features used, actions taken, time spent, and performance metrics. This may be collected using cookies and similar technologies (see Section 6).
  • AI Processing Data: Information generated during the processing of Customer Data by AI models (e.g., analysis results, generated content drafts) is processed but primarily associated with the Customer account.

Information from Third Parties:

Integrations (e.g., Slack, Google Workspace): If Customer integrates the Service with third-party platforms, we may receive information from those services as authorized by Customer or End User (e.g., Slack user ID, workspace ID, message content for processing). Use of such data is governed by the terms of the integration and this Policy.

3. How We Use Information

We use the collected information for the following purposes:

  • To Provide and Maintain the Service: Operate, deliver, secure, and manage the Service, including user authentication, processing Customer Data, providing personalized training, generating assessments, and enabling integrations.
  • To Improve and Develop the Service: Analyze usage patterns, troubleshoot issues, develop new features, and improve the functionality and user experience. We use aggregated and anonymized data for these purposes.
  • To Communicate with You: Respond to inquiries, send service-related announcements (e.g., maintenance, security alerts, updates to terms), and provide customer support.
  • For AI Functionality: To process Customer Data using AI models (including third-party models) to generate content (e.g., SOPs), analyze interactions, provide insights, and personalize the learning experience as directed by the Customer. We use Customer Data to provide the Service to that specific Customer and do not typically use one Customer's data to train general models for other customers unless data is aggregated and anonymized or explicit consent is obtained.
  • For Security and Compliance: To prevent fraud, enforce our Terms, comply with legal obligations, and protect the rights, property, and safety of OsmoLoop, our users, and the public.
  • For Billing and Account Management: To process payments (if applicable) and manage Customer accounts.

4. How We Share Information

We do not sell your personal data. We share information only in the following circumstances:

  • With Service Providers: We share information with third-party vendors and service providers who perform services on our behalf, such as cloud hosting (Google Cloud Platform), AI model providers (Google), communication tools, analytics providers, and payment processors (if applicable). These providers are contractually obligated to protect the data and use it only for the purposes we specify.
  • With Integrated Third Parties: If Customer enables integrations through third parties (e.g., Slack, Google Workspace), information may be shared with those third parties as necessary to facilitate the integration. This sharing is governed by the Customer's agreement with those third parties.
  • Within Customer Organization: Information related to an End User's activity (e.g., assessment results, training progress) may be shared with the authorized personnel within the Customer organization (e.g., managers, administrators) as configured by the Customer.
  • For Legal Reasons: We may disclose information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • Business Transfers: If OsmoLoop is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality agreements. We will notify you via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information.
  • Aggregated/Anonymized Data: We may share aggregated or anonymized information (Usage Data) that does not directly identify you for research, analytics, or reporting purposes.

5. Data Storage and Retention

Storage Location:

We primarily store and process data in the United States (specifically, Google Cloud Platform in Iowa). By using the Service, you consent to the transfer, processing, and storage of your information in the U.S.

Retention Period:

We retain personal data associated with Customer accounts for as long as the Customer account is active or as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Customer Data is generally retained according to the Customer's instructions or agreement. We may retain Usage Data indefinitely for analysis and service improvement. Upon termination, data is handled as described in the Terms of Service (typically deletion after a 30-day export window).

6. Tracking Technologies

Cookies:

We may use cookies (small text files placed on your device) and similar technologies (e.g., web beacons, pixels) to operate the Site and Service, analyze usage, and enhance user experience. You can typically control cookies through your browser settings. Disabling cookies may affect the functionality of the Site or Service. Currently, we do not engage in cross-site tracking for targeted advertising purposes.

Analytics:

Google Analytics. The Website uses a tool called "Google Analytics" to collect information about use of the Website. Google Analytics collects information such as how often users visit this Website, what pages they visit when they do so, and what other websites they used prior to coming to this Website. We use the information we get from Google Analytics to maintain and improve the Website and our products. We do not combine the information collected through the use of Google Analytics with personal information we collect. Google's ability to use and share information collected by Google Analytics about your visits to this Website is restricted by the Google Analytics Terms of Service, available at https://marketingplatform.google.com/about/analytics/terms/us/, and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. You may learn more about how Google collects and processes data specifically in connection with Google Analytics at http://www.google.com/policies/privacy/partners/. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.

Logs:

The information inside the log files includes internet protocol (IP) addresses, type of browser, messaging information Internet Service Provider (ISP), time stamps, and any other information your integration or browser may send to us. We use such information to analyze trends, diagnose issues, and gather other information related to the facilitation of our product.

7. Use of Artificial Intelligence (AI)

The Service uses AI to process Customer Data and provide features. This involves:

  • Data Processing: AI models process Customer-provided documents, Slack messages, and user interactions to generate outputs like SOPs, assessments, and personalized training plans.
  • Third-Party Models: We may use third-party AI providers (like Google). Their use of data is governed by our agreements with them, which typically restrict use to providing the service to us.
  • Data Usage for Improvement: We may use anonymized and aggregated data derived from AI processing to improve the underlying models and the Service generally, but we do not use identifiable Customer Data from one customer to train general models accessible by other customers without consent.
  • Customer Responsibility: Customers are responsible for ensuring they have the necessary rights and consents to allow OsmoLoop to process their Customer Data using AI as described.

8. Data Security

We implement reasonable technical and organizational measures designed to protect the security, confidentiality, and integrity of the information we process. These measures include access controls, encryption (where appropriate), and regular security assessments. However, no security system is impenetrable, and we cannot guarantee the absolute security of your information.

9. Your Choices and Rights

  • End Users: As noted, OsmoLoop primarily acts as a data processor for Customer Data. End Users should contact their organization (the Customer) to exercise any rights they may have regarding their personal data under applicable laws (e.g., access, correction, deletion). We will assist our Customers in responding to such requests as required by law and our agreements.
  • Account Information: Customers and End Users can typically review and update their account information through the Service settings.
  • U.S. State Privacy Rights (e.g., CCPA/CPRA): Residents of certain U.S. states may have additional rights regarding their personal information. If OsmoLoop meets the applicability thresholds for such laws, we will honor those rights (e.g., right to know, delete, correct, opt-out of sale/sharing). Currently, OsmoLoop processes data primarily as a service provider/processor for its Customers. Direct requests under these laws concerning data processed on behalf of a Customer to that Customer. For inquiries about data OsmoLoop controls (e.g., website visitor data), contact privacy@osmoloop.com.
  • GDPR/UK GDPR: If you are located in the European Economic Area or the UK, you may have rights under GDPR/UK GDPR. As OsmoLoop processes End User data primarily as a processor, please contact your organization (the controller).

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected such information, we will take steps to delete it.

11. Third-Party Links

The Site or Service may contain links to other websites or services not operated by OsmoLoop. This Privacy Policy does not apply to third-party practices. We encourage you to review the privacy policies of any third-party sites or services you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last Updated" date, posting the new policy on our Site, or through other communication channels (like email or in-app notification). Your continued use of the Service after the changes become effective constitutes your acceptance of the revised policy.

13. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@osmoloop.com.