Privacy Policy

This Privacy Policy was last updated on March 28, 2024

Introduction

CAKE Software, Inc. (“Company,” “Us,” “Our,” or “We”) respects Your privacy and is committed to protecting it through Our compliance with this Privacy Policy. Please read this Privacy Policy carefully to understand Our policies and practices regarding the Personal Information We collect from You, how We use it, how We share it, Your rights and choices, and how You can contact Us about Our privacy practices. To the extent that You are an End User or a Visitor, this Privacy Policy also outlines Your rights as a data subject, including the right to object to some uses of Your Personal Information by Us.

This Privacy Policy applies to Personal Information We collect about You from various sources, as further described in the “Personal Information We Collect and How We Collect It” section below.

Definitions

Affiliate” means any entity that now or hereafter (i) directly or indirectly owns or controls, is owned or controlled by, or is under common ownership or control with a Us, and (ii) is under common management with Us.

B2B Party” means a customer, supplier, vendor, or business partner (any of which can be a sole proprietorship or a formal legal entity) with whom We have a business relationship and who directly or indirectly provides Us with B2B Representative and/or End User Personal Information in connection with those B2B Representatives’ or End Users’ use of Our Products or otherwise.

B2B Representative” refers to individuals who work for or on behalf of a B2B Party, or in the event that the B2B Party is a sole proprietorship, the B2B Representative is the sole proprietor.

End User” means individuals who do business with, or otherwise interact with, a B2B Party but who are not doing business with Us directly.

Personal Information” means any information that identifies or relates to an individual or can be used in conjunction with other information to identify an individual, whether such information is explicitly regulated by applicable law or otherwise.

Processing” means any operation or set of operations which is performed on Personal Information, encompassing the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or erasure of Personal Information. The terms “Process”, “Processes” and “Processed” will be construed accordingly.

Product(s)” means the products and services that We offer, including, but not limited to, software, software-as-a-service, support/maintenance, professional services, and hosting services.

Visitor” means (i) any individual that visits the Website, including a B2B Representative or End User, or (ii) anyone that otherwise communicates with the Company that is not a B2B Representative or End User.  For the sake of clarity, a B2B Representative or End User that visits the Website shall only be deemed a Visitor with respect to their activities while visiting the Website.

Website” means any publicly accessible website hosted by or on behalf of the Company which is not part of a Product.

You” and “Your” mean B2B Party, B2B Representative, End User, or Visitor, depending on the context as further explained in this Privacy Policy, and if there is no context which specifically identifies any of the foregoing, then “You” or “Your” means all of the foregoing collectively.

Scope, Generally (Controller vs. Processor)

Our Role as a Processor

Generally speaking and without regard to any particular definition under applicable law, We are a data processor (“Processor”) when We do not determine the purpose and means of Processing the Personal Data of B2B Representatives and End Users, and We only Process that Personal Information in accordance with the specific instructions of a B2B Party, as is the case when We Process Personal Information only as necessary to provide Our Products to a B2B Party. We receive instructions from B2B Parties through agreements We have with those B2B Parties, including any ancillary data privacy agreements or addenda (collectively a “B2B Agreement”). This Privacy Policy does not apply when We Process Personal Information as a Processor.

When You are a B2B Party and We act as a Processor with respect to the Personal Information that We receive from You or on Your behalf, You alone are responsible for providing appropriate privacy notices and disclosures to Your B2B Representatives and End Users with respect to Your Processing of their Personal Information.  You cannot rely on this Privacy Policy as a means for satisfying Your privacy notice and disclosure obligations.

When You are a B2B Representative or an End User and We act as a Processor with respect to Your Personal Information, the B2B Party with whom You have a relationship is responsible for providing appropriate notices and disclosures to You about how they Process Your Personal Information and You must refer to that B2B Party’s privacy policy or other notices for information regarding their privacy practices, Your rights, and how You exercise those rights.

Our Role as a Controller

Generally speaking and without regard to any particular definition under applicable law, We are a data controller (“Controller”) when We determine the purpose and means of Processing the Personal Information of B2B Representatives and End Users, as is the case when a B2B Party permits Us to Process that Personal Information in ways that relate to Our Products but are not strictly necessary in order to perform those Products.  This Privacy Policy only applies when We Process Personal Information as a Controller.

When You are a B2B Party and We act as a Controller with respect to the Personal Information that We receive from You or on Your behalf pursuant to a B2B Agreement, We are responsible for providing appropriate privacy notices and disclosures to Your B2B Representatives and End Users with respect to Our Processing of their Personal Information as a Controller.  However, pursuant to the B2B Agreement, You agree to comply with all applicable laws, including those which may require You to provide notice to or gain consent from Your B2B Representatives and End Users prior to giving Us permission to Process that Personal Information as a Controller.  Specifically, You and Your legal advisors should consider whether You need to list Us in Your privacy policy and notify Your End Users of Our privacy practices by linking to this Privacy Policy.

When You are a B2B Representative or an End User and We act as a Controller with respect to Your Personal Information, this Privacy Policy describes Our privacy practices, including the Personal Information We collect from You, how We use it, how We share it, Your rights and choices, and how You can contact Us about Our privacy practices.  However, as mentioned in the “Our Role as a Processor” section above, You must refer to the privacy notices and disclosures of the B2B Party with whom You have a relationship for more information regarding that B2B Party’s privacy practices, including any notices or disclosures with respect to that B2B Party’s transfer of Your Personal Data to Us for Our Processing as a Controller.

When You are a Visitor, We are a Controller with respect to Your Personal Information. We Process Your Personal Information in accordance with this Privacy Policy and any other agreement We may have directly with You.  This Privacy Policy describes Our privacy practices, including the Personal Information We collect from You, how We use it, how We share it, Your rights and choices, and how You can contact Us about Our privacy practices.


Part A: Information for All Individuals (subject to applicable law, where stated)

Personal Information We Collect and How We Collect It

For B2B Representatives

When You are a B2B Representative, We collect the following Personal Information about You from the following sources:

Categories and Types of Personal Information We Collect Sources From Which We Collect Your Personal Information
Identifiers, including real name, a postal address, an email address, IP address, telephone number, and login credentials

• From a B2B Party with whom You are employed or otherwise do business

• From You directly when You provide it to Us through communications or otherwise

• From Your use of the Products

• From Your use of Our Website, including collection via cookies and other automated data collection technologies

• From third party vendors, such as data brokers

• From Our Affiliates

• From publicly available sources

Financial Information, including bank account number, credit card number, debit card number, or any other financial information that is NOT combined with any required login credentials; and insurance policy number
Commercial information, including records of products or services purchased, obtained, or considered
Internet or other similar network activity, including information on a Your interaction with the Website
Geolocation data, including imprecise physical location derived from IP address and/or wifi networks
Professional or employment-related information, including records of job title, employer information, and current employment status

 

For End Users

We are not a Controller with respect to any End User Personal Information

For Visitors

When You are a Visitor, We collect the following Personal Information about You from the following sources:

Categories and Types of Personal Information We Collect Sources From Which We Collect Your Personal Information
Identifiers, including name, email address, telephone number, and IP address

• From You directly when You provide it to Us through communications or otherwise

• From Your use of Our Website, including collection via cookies and other automated data collection technologies

• From a submission through Our referral program

• From third party vendors

• From Our Affiliates

• From publicly available sources

Internet or other similar network activity, including browsing history, search history, or information on Your interaction with the Website, including length of visit, number of page views, and search queries You make on the Website
Geolocation data, including imprecise physical location derived from IP address and/or wifi networks
Commercial information, including records of products or services purchased, obtained, or considered

How We Use and Disclose Your Personal Information

For B2B Representatives

Categories and Types of Personal Information Purpose for Processing Legal Bases
Identifiers, including real name, a postal address, an email address, IP address, telephone number, and login credentials

·

• To answer Your questions, handle complaints, and otherwise communicate with You

• To provide the Products and process Your orders for Products

• To improve or upgrade the Products or Website

• To verify an individual’s authorization to access the Products

• To prevent fraud or misuse of the Products or Website

• Processing is necessary for Our legitimate interests, including:

o Providing You with customer service support

o Conducting marketing activities

o  Preventing fraud

• To send You marketing messages or promotional materials from Us • Your consent
Financial Information, including bank account number, credit card number, debit card number, or any other financial information that is NOT combined with any required login credentials; and insurance policy number • To process payment for Products •  Processing is necessary for performance of a contract

• To prevent and reduce fraud and misuse of the Products or Website

• To enforce compliance with the Website Terms of Use and other agreements

• Our legitimate interest in monitoring and preventing fraud or harm
Commercial information, including records of products or services purchased, obtained, or considered

• To supplement Our customer records

• To improve Our Products and analyze Our performance

• To conduct marketing activities, which includes providing advertisements relevant to You

•  Processing is necessary for Our legitimate interests, including:

o  Keeping up to date customer records for purposes such as upgrading or downgrading Products

o  Improving the quality of Our Products

o  Conducting marketing activities

Internet or other similar network activity, including browsing history, search history, information on a consumer’s interaction with the Website or advertisement • To analyze trends with respect to B2B Representatives’ interactions with Our Products • Our legitimate interest in improving the quality of Our Products
Geolocation data, including imprecise physical location derived from IP address and/or wifi networks

• To permit or prevent connection to B2B Party Products, and allow multiple B2B Representatives to access a single instance of the B2B Party Product

• To prevent fraud and unauthorized access to the Products

• Processing is necessary for Our legitimate interests, including:

o  Controlling access to the Products;

o  Preventing fraud and unauthorized access to the B2B Party Products

o  Enhancing security of the Product and the Websites

Professional or employment-related information, including job title and company information

 

• To supplement Our records regarding who is authorized to access a B2B Party Products

• Processing is necessary for Our legitimate interests, including:

o  Controlling access to the Products;

o  Preventing fraud and unauthorized access to the B2B Party Products

o  Enhancing security of the Product and the Websites

 

When You are a B2B Representative, We disclose Your Personal Information described below to the following categories of third-parties and for the following purposes:

Categories and Types of Personal Information Categories of Parties to Whom We Disclose the Information Purpose for Disclosing
Identifiers, including real name, a postal address, an email address, IP address, telephone number, and login credentials

• Service Providers

• To prevent fraud and unauthorized access to the B2B Party Products

• To enhance security of the Products and Website

 

• Third-party integration partners, Our corporate Affiliates, and B2B Parties

• Pursuant to Your request, We may introduce You to third-party integration partners, our Affiliates, or other B2B Parties.

Financial Information, including bank account number, credit card number, debit card number, or any other financial information that is NOT combined with any required login credentials; and insurance policy number

• Service Providers

• To perform administrative functions with respect to the Products, including payment processing and financing

Internet or other similar network activity, including browsing history, search history, information on a consumer’s interaction with the Website or advertisement

• Service Providers

• To undertake internal research and analytics for product development and demonstration

Geolocation data, including imprecise physical location derived from IP address and/or wifi networks

• Service Providers

• To perform administrative functions with respect to the Products, including but not limited to providing the Products to You, including maintaining or servicing accounts, providing customer service

Professional or employment-related information, including job title and company information

• Service Providers

• To perform administrative functions with respect to the Products, including but not limited to providing customer support

 

For End Users

We are not a Controller with respect to any End User Personal Information

For Visitors

When You are a Visitor, We Process Your Personal Information described below for the following purposes and based on the following legal bases:

Categories and Types of Personal Information Purpose for Processing Legal Bases
Identifiers, including a real name, IP address, email address, and telephone number

 

• To improve the Website

• To analyze trends and conduct audits with respect to:

o  ad impressions for unique visitors; and

o  verification of positioning and quality of ad impressions

• To undertake internal research and analytics for product development and demonstration

• To prevent fraud or misuse of the Website

• To conduct targeted advertising/cross-context behavioral advertising

• Processing is necessary for Our legitimate interests, including:

o Preventing fraud

o  Improving the quality of Our Products and the Website

o  Providing relevant advertisements

o  Conducting marketing activities to offer You Products that may be of interest to You

 

• To contact you regarding information about our Products in response to You filling out a form on the Website

• Your consent

Internet or other similar network activity, including browsing history, search history, information on a consumer’s interaction with the Website or advertisement

• To improve or upgrade the Website using non-essential cookies

• To collect data using non-essential cookies for the purpose of conducting targeted advertising/cross-context behavioral advertising

• With respect to non-essential cookies, Your consent

• To improve or upgrade the Website using strictly necessary cookies

 

• With respect to strictly necessary cookies, Our legitimate interest in improving the Website and learning about Visitor interaction with the Website

Geolocation data, including imprecise physical location derived from IP address and/or wifi networks

• To improve or upgrade the Website

• To conduct targeted advertising/cross-context behavioral advertising

• Processing is necessary for Our legitimate interests, including:

o  Improving the Website and learning about Visitor interaction with the Website;

o Conducting marketing activities to offer You Products that may be of interest to You

Commercial information, including records of products or services purchased, obtained, or considered

• To conduct marketing activities, which includes providing advertisements relevant to You

• Processing is necessary for Our legitimate interests, including providing relevant advertisements to You

 

When You are a Visitor, We disclose Your Personal Information described below to the following categories of third-parties and for the following purposes:

Categories and Types of Personal Information Categories of Parties to Whom We Disclose the Information Purpose for Disclosing
Identifiers, including a real name, IP address and email address

 

• B2B Parties

• To introduce You to B2B Parties at Your request

• Service Providers

• To perform administrative functions with respect to the Products, including but not limited to fulfilling orders and transactions, providing analytics services and other similar services

• To perform services for Us, such as marketing and customer support

• Third-party advertisers

• To conduct targeted advertising/cross-context behavioral advertising on Our behalf

Internet or other similar network activity, including browsing history, search history, information on a consumer’s interaction with the Website or advertisement

• Service Providers

• To improving the Website, analyze Our performance, and learn about customer trends and interests

• Third-party advertisers

• To conduct targeted advertising/cross-context behavioral advertising on Our behalf

Geolocation data, including imprecise physical location derived from IP address and/or wifi networks

• Service Providers

• To improve the Website, analyze Our performance, and learn about customer trends and interests

• Third-party advertisers

• To conduct targeted advertising/cross-context behavioral advertising on Our behalf

 

Aggregated, Deidentified, and Anonymized Data

We create aggregated, deidentified, or anonymized data derived from Our use of Your Personal Information, and such data can be used by Us as permitted by applicable laws and regulations. We will not attempt to re-identify the data.

Other Purposes for Processing and Disclosing Your Personal Information

We may also Process and disclose Your Personal Information:

  • To competent public authority, government, regulatory or fiscal agency where it is necessary to comply with any court order, law, or legal process, including to respond to any government or regulatory request.
  • To enforce or exercise Our rights under any agreement which governs Your relationship with Us, including Our rights under any such agreements that may be exercised for billing and collection purposes.
  • If We believe disclosure is necessary or appropriate to protect Our rights, property, or safety, Our customers, or others. This may include the exchange of information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
  • Subject to some restrictions under applicable laws, We may transfer, whether for consideration or otherwise, Your Personal Information as an asset that is part of a bankruptcy, merger, or other similar transaction involving all or any portion of Our business. Any such transfer does not affect Your rights under any applicable laws.

No telephone or SMS information will be shared with third parties or Affiliates for their own marketing/promotional purposes. All the above disclosures exclude text messaging originator opt-in data and consent, which will not be shared with any third parties. We will only send SMS/telephone communications when We have the appropriate consent to do so or as otherwise permitted by law.

Information We Collect Through Automatic Data Collection Technologies

As You navigate through and interact with Our Website, We may use automatic data collection technologies to collect certain information about Your equipment, browsing actions, and patterns, including:

  • Information about your estimated location as may be determined from the IP Address;
  • Information about the device you are using, such as:
    • Internet Protocol (or IP) address or device ID/UDID, protocol and sequence information;
    • Browser language and type; and
    • Hardware model, operating system, application version number, device or browser data;
  • Domain name system requests;
  • Browsing history, time spent at a domain, time and date of your visit, number of clicks, or location data; and
  • HTTP headers, application client and server banners.

The information We collect automatically does, in some cases, include Personal Information, or We may maintain it or associate it with Personal Information We collect in other ways or receive from third parties. These activities help Us improve Our Website and Products and deliver a better and more personalized experience, including by enabling Us to:

  • Estimate Our audience size and usage patterns;
  • Store information about Your preferences, allowing Us to customize Our Website according to Your individual interests;
  • Speed up Your searches; and
  • Recognize You when You return to Our Website.

The technologies We use for this automatic data collection may include:

  • Cookieless Tracking Technology. When You visit Our Website, Our Website runs a script that stores information about how You interact with the Website. The script only runs while You are visiting the Website, and will not persist when You leave the Website.
  • Cookies. When You visit Our Website, a “cookie” may be sent to Your computer. A cookie is a small piece of data that is sent to Your Internet browser from a web server and stored on your computer’s hard drive. When You visit the Website again, the cookie allows the Website to recognize Your computer. Cookies may store user preferences and other information to assist Your navigation between pages efficiently, remember preferences, and improve the user experience. You can choose whether to accept cookies by changing Your Internet browser settings, which may impair or limit some functionality of the Website.
    • Cookies can be “persistent” or “session” cookies. Persistent cookies remain on Your personal computer or mobile device when You go offline, while session cookies are deleted as soon as You close Your web browser.
    • We use first party cookies, which are cookies that We place on Your device ourselves, and third party cookies, which are cookies that We allow third parties to place on Your device.

In some cases, You may also block the use of non-essential cookies altogether using cookie management technology available to You when you visit the Website.  You may also leverage any of the methods identified in the “Exercising Your Rights” section below in order to opt-out of certain cookies.

Google Cookies and Tracking Technologies

Google Analytics

We use Google Analytics to track information about how You interact with Our Website and Products so that We can make improvements. We also use analytics cookies to test pages, features or new functionality of the Website and Products to see how Our users react to them.

In order to collect this information, Google Analytics may set cookies on Your browser or mobile device, or read cookies that are already there. Google Analytics may also receive information about You from apps You have downloaded, that partner with Google. We do not combine the information collected through the use of Google Analytics with Personal Information. Click https://policies.google.com/technologies/partner-sitesto learn about how to control information used by Google Analytics. Google’s ability to use and share information collected by Google Analytics about Your visits to the Website to another application which partners with Google is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. Please review those and see https://policies.google.com/privacy or information about how Google uses the information provided to Google Analytics and how You can control the information provided to Google.  Please also visit https://tools.google.com/dlpage/gaoptout/ for information about a Google Analytics opt-out browser add-on.

As mentioned previously, in some cases, You may also block the use of non-essential cookies altogether using cookie management technology available to You when you visit the Website.  You may also leverage any of the methods identified in the “Exercising Your Rights” section below in order to opt-out of certain cookies.

Google Advertising Services

Third party vendors, including Google, use cookies to serve ads based on Your prior visits to Our Website or other websites.  Google’s use of advertising cookies enables it and its partners to serve ads to You based on Your visit to Our Website and/or other sites on the internet. This means after You are done using Our Product or accessing Our Website You may see some advertisements about Our Products elsewhere on the internet.  You may opt out of personalized advertising by visiting www.aboutads.info.

Third-Party Use of Cookies and Other Tracking Technologies

Our website may contain content and links to other sites that are operated by third parties that may use cookies. We do not control these third-party sites or cookies and this Privacy Policy does not apply to them. Please consult the terms and conditions and Privacy Policy of the relevant third-party site to find out how that site collects and uses Your information and to establish whether and for what purpose they use those cookies. If You are unclear who the responsible third party is, You can contact Us using any of the methods identified in the “Exercising Your Rights” section below.

Data Privacy Framework and International Data Transfers

In order to carry out the Processing activities described above, We may make use of subcontractors that act on Our behalf as Processors. These subcontractors will be contractually obligated by Us to Process Your Personal Information only in accordance with Our instructions, only for the purposes described above, and only for the period of time necessary to preform those purposes.

In some cases, these subcontractors may be located outside of the data privacy jurisdiction in which You reside.  In the event such international data transfers are necessary, Company complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively, the “DPF”) as set forth by the U.S. Department of Commerce.  Company has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the Processing of Personal Information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Company has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the Processing of Personal Information received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the aforementioned Principles shall govern.  To learn more about the Data Privacy Framework program, and to view Our certification, please visit https://www.dataprivacyframework.gov/. In certain situations, We may be required to disclose Personal Information in response to lawful requests from law enforcement and national security authorities of that jurisdiction, such as when disclosure is required to meet national security or law enforcement requirements.

In compliance with the DPF, Company commits to resolve DPF Principles-related complaints about Our collection and use of Your Personal Information. EU, UK, and Swiss individuals with inquiries or complaints regarding Our handling of Personal Information received in reliance on the DPF should first contact Us using the Contact Information provided at the end of this Privacy Policy. In compliance with the DPF, Company commits to refer unresolved complaints concerning Our handling of Personal Information received in reliance on the DPF to JAMS, an alternative dispute resolution provider based in the United States with operations globally.  If You do not receive timely acknowledgment of Your DPF Principles-related complaint from Us, or if We have not addressed Your DPF Principles-related complaint to Your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to You. In some cases, the DPF gives You the right to pursue binding arbitration. You can do this to resolve complaints not resolved by Us or Our third-party dispute resolution provider, as described in Annex I to the DPF.

The Federal Trade Commission has jurisdiction over Company’s compliance with the DPF. In accordance with the DPF, Company is also liable for onward transfers to third parties that Process Personal Information in a way that does not follow the DPF unless Company was not responsible for the event giving rise to any alleged damage.

For questions or comments about Our practices with respect to international data transfers, please refer to the “Contact Information” section at the end of this Privacy Policy.

Consequences of Not Providing Your Personal Information

Personal Information gathered by Us for the purposes defined in this Privacy Policy may be required by Us, either directly or indirectly, in order for Us maintain a relationship with You; therefore, Your failure to provide Us with Your Personal Information may negatively affect Our ability to:

  • Provide the Products to You and fulfill Our contractual obligations with You;
  • Fulfill legal requirements;
  • Enter into a contract with related parties and continuing to contract with those related parties; or
  • Maintain contact with You.

Data Security and Storage

We have implemented technical, administrative, and physical security measures that are designed to protect Your Personal Information from unauthorized access, disclosure, use, and modification. Such measures include the encryption of sensitive information. We regularly review Our security procedures to consider appropriate new technology and methods. Even so, please be aware that no security measure is perfect. Thus, We cannot guarantee the security of Your Personal information at all times. You should always be vigilant when it comes to the protection of Your Personal Information.

Retention Period

Subject to any opt-out rights You may have and all applicable laws, We retain Your Personal Information for only as long as reasonably necessary to carry out the purposes for which We originally collected it, as set forth in this Privacy Policy.  Notwithstanding the foregoing, we may continue to retain Your Personal Information to comply with our legal and regulatory obligations; to enable fraud monitoring, detection and loss prevention activities; to comply with our tax, accounting, and financial reporting obligations; and where required by our contractual commitments to third-parties.  The retention period may also depend on the terms of any B2B Agreement we have with a B2B Party.

Children Under the Age of 16

Our Website and Products are not intended for children under 16 years of age. You may not knowingly or unknowingly provide Us Personal Information of minors under 16 years of age through Your use of the Website or Products. We do not knowingly collect Personal Information from children under 16. We do not sell or share Personal Information of children under age 16. No one under age 16 may provide any Personal Information to Us.  If You are under 16, do not use or provide any Personal Information on Our Website or through Our Products. If We learn We have collected or received Personal Information from a child under 16 without verification of parental consent, We will delete that information. If You believe We might have any information from or about a child under 16, please contact Us using the Contact Information provided at the end of this Privacy Policy.

Your Privacy Rights

Depending on Your location and subject to applicable law and certain other limitations, You may have the rights set forth below with respect to Your Personal Information.  To exercise any of the following rights, please refer to the “Exercising Your Rights” section at the end of this Privacy Policy.

Right of Access. You have the right to receive confirmation as to whether or not Your Personal Information is being Processed, and, where that is the case, access to and a copy of that Personal Information.

Right of Rectification. You have the right to request that We correct or update Your Personal Information that is inaccurate, incomplete or outdated.

Right to Erasure. You have the right to request the deletion of Your Personal Information in certain circumstances (but only where they are no longer required for a legitimate business purpose or required by law).

Right to Opt-Out of Direct Marketing and Targeted Advertising. To the extent that We Process Your Personal Information for the purposes of direct marketing or targeted advertising (as those terms are defined by the applicable laws of the jurisdiction in which you reside, but which generally means the display of an advertisement to You based on Personal Information about You obtained or inferred over time from Your activities across nonaffiliate websites, applications, or online applications), or to the extent that we provide Your Personal Information to others for those purposes, you have the right to opt-out of that activity.

Right to Opt-Out of the Sale of Personal Information. To the extent that We sell Your Personal Information (as that term is defined by the applicable laws of the jurisdiction in which you reside), You have the right to opt-out of that activity.

Right to Opt-Out of Automated Profiling.  You have a right to opt out of any automated Processing of Your Personal Information, including for profiling purposes (as those terms are defined by the applicable laws of the jurisdiction in which You reside, and subject), but only to the extent that such Processing activities are used to make decisions which produce legal effects, or similarly significant effects, that affect You.

Right to Restrict Processing. You have the right to restrict the Processing of Your Personal Information in certain circumstances, such as when We consider another request that You have submitted.

Right to Object. In certain circumstances, You have the right to object to the Processing of Your Personal Information where the Processing is necessary for performance of a task carried out in the public interest, for Our legitimate interests, or for the legitimate interests of others. You also have the right to object where Personal Information is Processed for direct marketing purposes or for scientific or historical research purposes or statistical purposes.

Right to Data Portability. In certain circumstances, You have the right to receive Your Personal Information in a structured, commonly used, machine-readable and interoperable format and have the right to transmit that Personal Information to another organization.

Right to Withdraw Consent. In those cases where Processing is based on consent, and subject to applicable local law which provides otherwise, You have the right to withdraw Your consent at any time. This will not affect the validity of the Processing prior to the withdrawal of consent.

Right to Complain. If You believe We have not Processed Your Personal Information in accordance with applicable law, You may file a compliant with Us using the mechanisms provided for in the “Exercising Your Rights” section at the end of this Privacy Policy. If you are a resident of the EU or the UK, You may also have the right to make a complaint to an applicable Supervisory Authority or seek a remedy through the courts. A list of Supervisory Authorities for residents of the EU or EEA is available at: https://edpb.europa.eu/about-edpb/board/members_en. For residents of the UK, the Information Commissioner’s Office may be reached at: https://ico.org.uk/your-data-matters/.

Right to Correct. You have the right to request the correction of any inaccuracies in the Personal Information We hold about You, subject to certain limitations.

Promotional Offers from the Company. You have the right to opt-out of Our use of your contact information to promote Our own or third parties’ products or services.  This opt out does not apply to information provided to Us as a result of a product purchase, warranty registration, product service experience or other transactions.


Part B: Additional Information for Residents of Particular Jurisdictions

Information for Residents of All “US Privacy Law States” (as hereinafter defined)

If You are a resident of California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia (each a “US Privacy Law State”), We Process Your Personal Information in accordance with the state privacy law that is applicable in Your US Privacy Law State, which is one of the following:

  • In California: the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (the “CCPA”);
  • In Colorado: the Colorado Privacy Act (the “CoPA”);
  • In Connecticut: the Connecticut Personal Data Privacy and Online Monitoring Act (the “CPDP”);
  • In Montana: the Montana Consumer Data Privacy Act, which goes into effect October 1, 2024 (the “MCDPA”);
  • In Oregon: the Oregon Consumer Privacy Act, which goes into effect July 1, 2024 (the “OCPA”);
  • In Texas: the Texas Data Privacy and Security Act, which goes into effect July 1, 2024 (the “TDPSA”);
  • In Utah: the Utah Consumer Privacy Act (the “UCPA”); and
  • In Virginia: the Virginia Consumer Data Protection Act (the “VCDPA”).

If You are a resident of any one of the US Privacy Law States, then this “Information for Residents of All US Privacy Law States” section discloses Our privacy practices and Your rights as a resident of any one of those US Privacy Law States.  The disclosures in this section are in addition to those disclosures set forth in (i) Part A of this Privacy Policy, and (ii) for California residents, the “Supplemental Information for California Residents” section of this Privacy Policy below.  To the extent that anything in Part B of this Privacy Policy conflicts with anything in Part A of this Privacy Policy, the conflicting content in Part B shall take precedence.

Sale of Personal Information

We do not sell Your Personal Information.

A transfer, whether for consideration or otherwise, of Your Personal Information as an asset that is part of a bankruptcy, merger, or other similar transaction involving all or any portion of Our business is not a “sale” under the laws of US Privacy Law States.

Targeted Advertising / Cross-Context Behavioral Advertising

Generally speaking, “targeted advertising” and “cross-context behavioral advertising” are defined under the applicable laws of US Privacy Law States as the display of an advertisement to You based on Personal Information about You obtained or inferred over time from Your activities across nonaffiliate websites, applications, or online applications.

We may share Your Personal Information with third parties for targeted advertising or cross-context behavioral advertising purposes. In the preceding twelve (12) months, We have shared the following categories of Personal Information, for the identified commercial purposes, to the following third parties:

Categories and Types of Personal Information Categories of Third-Party Recipients Commercial Purpose for Disclosure

• Identifiers, including an IP address

• Internet or other similar network activity, including browsing history, search history, information on a consumer’s interaction with the Website or advertisement

• Geolocation data, including imprecise physical location derived from IP address and/or wifi networks

• Third-party advertisers

• To conduct targeted advertising/cross-context behavioral advertising on Our behalf.

 

To opt-out of this sharing of Your Personal Information, please refer to the “Exercising Your Rights” section at the end of this Privacy Policy. Additionally, if Your browser communicates the Global Privacy Control opt-out signal, We will honor such opt-out signal as a valid request to opt-out of this sharing of Your Personal Information Processed. You can learn more about the Global Privacy Control at www.globalprivacycontrol.org.

Your Rights as a Resident of a US Privacy Law State

As an individual residing in a US Privacy Law State, You have the rights set forth below with respect Our use and disclosure of Your Personal Information, subject to some limitations as set forth in the laws of those US Privacy Law States.  To exercise any of the following rights, please refer to the “Exercising Your Rights” section at the end of this Privacy Policy.

Right to Know and Data Portability. You have a right to request additional information about the categories of Personal Information collected, sold, disclosed, or shared; purposes for which this Personal Information was collected, sold, disclosed, or shared; categories of sources of Personal Information; and categories of third parties with whom We disclosed or shared this Personal Information. You have a right to receive this information in a portable and, to the extent technically feasible, in a readily useable format that allows You to transmit this information to another entity without hindrance.

Right to Opt-Out of Our Sale of Your Personal Information. To the extent that the “Sale of Personal Information” section above indicates that We sell Your Personal Information, You have a right to opt-out of those sales. As stated above, to exercise this right to opt-out, please refer to the “Exercising Your Rights” section at the end of this Privacy Policy.

Right to Opt-Out of Our Sharing or Use of Your Personal Information for Targeted Advertising or Cross-Context Behavioral Advertising. To the extent that the “Targeted Advertising / Cross-Context Behavioral Advertising” section above indicates that share or use Your Personal Information for either of those activities, You have a right to opt-out of those activities. As stated above, to exercise this right to opt-out, please refer to the “Exercising Your Rights” section at the end of this Privacy Policy.

Right to Withdraw Consent to Use Sensitive Personal Information. To the extent that the “Personal Information We Collect and How We Collect It” section above indicates that We use Your Sensitive Personal Information, You have a right to withdraw Your consent to allow Us to use that Sensitive Personal Information. As stated above, to exercise this right to opt-out, please refer to the “Exercising Your Rights” section at the end of this Privacy Policy.

Right to Deletion. You have the right to request the deletion of Your Personal Information, subject to certain limitations.

Right to Correct. You have the right to request the correction of any inaccuracies in the Personal Information We hold about You, subject to certain limitations.

Right to Non-Discrimination. We will not discriminate against You for exercising any of Your rights identified in this section of the Privacy Policy.  For example, charge You a different price, or provide a different level or quality of goods or services just because You exercised Your rights under this section of the Privacy Policy; however, We may offer You financial incentives that can result in different prices, rates, or quality levels, provided that (i) You provide Your revocable, opt-in consent to participate in such financial incentive programs, (ii) the financial incentives reasonably relate to the value of Your Personal Information, and (iii) We provide written terms that describe the program’s material aspects.  Furthermore, there may be situations where Your Personal Information is required by Us, either directly or indirectly, in order for Us maintain a relationship with You.  Please refer to the “Consequences of Not Providing Your Personal Information” section in Part A of this Privacy Policy for more information.

Right to Appeal.  You have the right to appeal any decision made by a Us regarding Your privacy rights identified in this section.

As a reminder, when You are a B2B Representative or an End User and We act as a Processor with respect to Your Personal Information, the B2B Party with whom You have a relationship is responsible for providing appropriate notices and disclosures to You about how they Process Your Personal Information and You must refer to that B2B Party’s privacy policy or other notices for information regarding their privacy practices, Your rights, and how You exercise those rights.

Supplemental Information for Residents of California

This “Supplemental Information for California Residents” section applies to natural persons who are California residents.  If You are a consumer located in California, We Process Your Personal Information in accordance with the CCPA.  The disclosures in this section are in addition to those in (i) Part A of this Privacy Policy and (ii) the “Information for Residents of All US Privacy Law States” section of Part B of this Privacy Policy.  To the extent that anything in the preceding items (i) or (ii) conflicts with anything in this “Supplemental Information for California Residents” section, the conflicting content in this section shall take precedence.

Notice at Collection

Categories of Personal Information We Collect. The categories of Personal Information We may collect and have collected about You in the preceding 12 months are: Identifiers, Financial information, Commercial information, Internet or other similar network activity, Geolocation data, and Professional or employment-related information. Additional information about each category, along with the sources from which We collected that Personal Information, is contained in the “Personal Information We Collect and How We Collect It” section of this Privacy Policy.

Business Purposes for Collection and Use of Personal Information. The business purposes for which We collect Your Personal Information include: providing Our Products and services, providing customer services including support and maintenance, conducting advertising and marketing, performing administrative functions, and ensuring security and compliance. Further detail about Our business purposes for collecting Your Personal Information, information on why We disclose Your Personal Information, along with the categories of third-parties to whom We disclose that Personal Information, are identified in the “How We Use and Disclose Your Personal Information” section of this Privacy Policy.

Commercial Purposes for Collection and Use of Personal Information (Sale and Sharing). We may sell some of the Personal Information We collect or share it with third parties for targeted / cross-context behavioral advertising, as indicated in the “Sale of Personal Information” and “Targeted Advertising / Cross-Context Behavioral Advertising” sections in Part B of this Privacy Policy. Please see the “Your CCPA Rights” section below (which incorporates by reference the “Your Rights as a Resident of a US Privacy Law State” section above) for information on Your rights with respect to Our selling or sharing of Your Personal Information, including Your right to opt out of these activities.

Retention Period of Personal Information. We retain Your Personal Information as set forth in the “Retention Period” section of this Privacy Policy.

Sensitive Personal Information

We do not Process Your “sensitive” Personal Information, as that term is defined by the CCPA.

California Shine the Light Law

You may ask Us to provide You with a list of the types of Personal Information that We have disclosed during the preceding year to third parties for their direct marketing purposes, and the identity of those third parties. If You are a California resident and would like such a list, please refer to the “Exercising Your Rights” section at the end of this Privacy Policy.

Notice of Financial Incentives

We may offer programs, benefits, and other offerings related to the collection, retention and use of Your Personal Information that may be deemed a “financial incentive” or “price or service difference” under the CCPA. The types of Personal Information collected by Us from You or someone on Your behalf for this purpose includes Identifiers (name, email address, address, and telephone number) and limited Commercial Information (the Products You have purchased or are interested in purchasing). In exchange for that Personal Information, we will grant you a one-time reward in the form of a gift card, the value of which depends on the agreement We sign with the referred party.

To opt-in to the financial incentive, you must provide a referral through Our referral program. If the party You refer meets the qualifications provided in Our referral program terms of use and enters into an agreement with Us, You are eligible to receive the financial incentive.

There is no obligation to participate in Our offers of financial incentives. You have the right to withdraw from a financial incentive by contacting Us using the methods set forth in the “Exercising Your Rights” section at the end of this Privacy Policy, and we will not discriminate against You for exercising this right.  Each financial incentive or price or service difference related to Company’s collection and use of Your Personal Information is based upon Our reasonable, good-faith determination of the estimated value of such Personal Information to Us, taking into account the value of the financial incentive and the anticipated benefit Company may receive.

Your CCPA Rights

As an individual residing in California, You have the rights identified in the “Your Rights as a Resident of a US Privacy Law State” section of this Privacy Policy with respect Our use and disclosure of Your Personal Information.

In addition to those rights, if the “Sensitive Personal Information” section above indicates that We Process Your Sensitive Personal Information for the purpose of inferring characteristics about You, You have the right to limit that particular use of Your Sensitive Personal Information to certain permitted purposes under the CCPA, such as (i) to provide the goods or services reasonably expected by an average consumer who requests those goods or services; (ii) to prevent, detect, and/or investigate security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted Personal Information; (iii) to resist malicious, deceptive, fraudulent, or illegal actions directed at Us and to prosecute those responsible for those actions; (iv) to ensure the physical safety of natural persons; (v) for short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a current interaction with Us; (vi) to perform services on Our behalf; (vii) to verify or maintain the quality or safety of the Products; and/or (viii) for purposes that do not infer characteristics about You.

To exercise any of these rights, please refer to the “Exercising Your Rights” section at the end of this Privacy Policy.

Information for Residents of Delaware

This “Information for Delaware Residents” section applies to residents of Delaware. We will not share Your Personal Information with nonaffiliated third parties, except as described in this Privacy Policy or as otherwise permitted by law.

Information for Residents of Nevada

This “Information for Nevada Residents” section applies to residents of Nevada.  If You are a resident of Nevada, We Process Your Personal Information in accordance with the “Nevada Privacy of Information Collected on the Internet from Consumers Act.”  The disclosures in Part A of this Privacy Policy also apply to residents of Nevada, except in the event that anything in this section conflicts with the sections above, in which case this section shall take precedence.  For the sake of clarity, the disclosures in the “Information for Residents of All US Privacy Law Statesdo not apply to residents of Nevada.

Nevada residents have the right to request that We do not sell certain Personal Information to select third parties for monetary consideration, even if their Personal Information is not currently being sold.  To exercise this right, please refer to the “Exercising Your Rights” section at the end of this Privacy Policy.

You may be placed on Our internal Do Not Call List by by contacting Us via the information set forth at the end of this Privacy Notice. Nevada law requires that We also provide You with the following contact information: Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Suite 3900, Las Vegas, NV 89101; Phone number: 702.486.3132 or 888.434.9989 (Toll-free); email: AgInfo@ag.nv.gov.

Information for Residents of Oregon

This “Information for Oregon Residents” section applies to residents of Oregon. We will not share Your Personal Information and Browsing Information with nonaffiliated third parties for marketing purposes, except after You have been informed by Us of such sharing and had an opportunity to indicate that You do not want a disclosure made for marketing purposes.

Information for Residents of Vermont

This “Information for Vermont Residents” section applies to residents of Vermont. We will not share Your Personal Information and Browsing Information with nonaffiliated third parties, except as permitted by Vermont law, such as to process Your transactions or to maintain your account. In addition, We will not share information about Your creditworthiness with Our Affiliates except with Your authorization. For joint marketing in Vermont, We will only disclose Your name, contact information and information about Your transactions.

Information for Residents of Canada

For a copy of any brochures or other information that more thoroughly explain Our policies, standards, or codes with respect to Our Processing of Your Personal Information, including information about the roles and responsibilities of the members of Our personnel throughout the lifecycle of the Our Processing of Your Personal Information, please contact Us using the mechanisms provided for in the “Exercising Your Rights” section at the end of this Privacy Policy.

Information for Residents of Australia

This “Information for Australia Residents” section applies to residents of Australia.  If You are resident of Australia, We Process Your Personal Information in accordance with the Australian federal Privacy Act of 1988.  The disclosures in Part A of this Privacy Policy also apply to residents of Australia, except in the event that anything in this section conflicts with the sections above, in which case this section shall take precedence.

If You are an Australian resident, and You are dissatisfied with Our handling of any complaint You raise under this Policy, You may wish to contact the Office of the Australian Information Commissioner.


Changes to Our Privacy Policy

We reserve the right to amend this Privacy Policy at Our discretion and at any time. When We make changes to this Privacy Policy, We will post the updated Privacy Policy on the Website and update the Privacy Policy’s effective date. The date the Privacy Policy was last revised is identified at the top of the page. If You would like Us to notify You of any changes to this Privacy Policy, You must ensure We have an up-to-date, active, and deliverable email address for You; otherwise, You are responsible for periodically visiting Our Website and this Privacy Policy to check for any changes.

Exercising Your Rights

The following methods are available to send Us a request to exercise Your rights defined in this Privacy Policy or that You are otherwise entitled to under applicable law:

CAKE Software, Inc.
Attn: Data Subject Access Request
11350 McCormick Road
Suite 200 Hunt Valley, MD 21031

Not all of Your rights can be exercised through each individual method.  In some cases, You may need to utilize more than one method to exercise all of Your rights.  If You have any doubt as to whether a particular method is effective with respect to a particular right, please contact Us using the email method specified above.

All requests must provide sufficient information for Us to be able to verify You are the person whose Personal Information We hold.  Whenever possible, You must describe Your request in enough detail so that We can properly locate the Personal Information related to the request. We cannot respond Your request unless We can verify Your identity and locate Your Personal Information. You may designate, in writing or through a power of attorney, an authorized agent to make requests on Your behalf by contacting Us using the same methods. We may still require You to directly verify Your identity and confirm that You provided the authorized agent permission to submit the request.

Contact Information

To ask questions, or comment about this Privacy Policy and Our privacy practices, or for any other privacy-related inquiries, please:

Email Us at Privacy@getcake.com

Write Us at the following postal address:

CAKE Software, Inc.
Attn: Heather Pruger, General Counsel
11350 McCormick Road
Suite 200 Hunt Valley, MD 21031

This Privacy Policy was last updated on 28 March 2024.