Date: December 13, 2020
Privacy Policy
This document describes Groundlist's privacy policy. By using our service, you consent to this policy.
You own your contacts
We won't disclose, rent or sell your lists. We understand that lists are the crown jewels of a campaign. They are yours.
You may elect to share your lists via our service, but that is under your control.
Understand that when you use a plugin, you may be sharing your list with the creator of that plugin. For example, a plugin vendor that cleans your lists may need to send your data back to their servers. Check the privacy policy for any plugin provider who isn't us.
We may report aggregate, statistical information
We may publicly say things like "We have X campaigns using our system in Illinois and they have on average Y volunteers." We may report statistical data that is derived from your data, but does not identify you or or your campaign.
We own the rest of the data on the site
We gather user data, usage data, traffic, secondary data, activity, cookies and similar information. This information belongs to us. We may do with it as we please. We're not going to give our user list to vendors or anyone else, but we may allow vendors to advertise their wares to you on our site. We may put your logo on our website unless you ask us not to.
You may be responsible for having your own privacy policy
If you store contacts in our system with the personal details of individuals, then those individuals may have rights under various privacy laws. For example, if you collect personal details through your website and insert the information into one of your lists, then you may have to disclose or delete that information at the request of the individual. You are responsible for knowing the laws in your jurisdiction and complying with them. We do not monitor this, and aren't responsible for your compliance with the law.
Third-party providers
We use third-party services for certain site features. We may use Google Analytics to track site usage, a logging SaaS to aggregate usage logs, Stripe or similar processor for payments, an email vendor for transactional or promotional emails, and other vendors, which may change from time to time. Some of these providers will get some of your data. We will make best efforts to limit what they get and limit what they can do with the information to the extent practicable.
Data location
We host our site and service in the cloud. We currently use AWS in the midwest, but that may change. Your data will be stored in the United States and will be subject to U.S. law.
We take security seriously
The security of your account, and your campaign data, is extremely important. We use data security best practices to keep everything safe. We use https, salt and hash passwords, use proper security groups at our cloud provider, and comb our code to ensure that only authorized access is granted.
That having been said, this isn't Fort Knox. Hackers can sometimes get past even best practices. We do not assume liability in the event of a data breach.
You, too, must take security seriously
The system allows you to share your lists. Be careful how you share them. If you share them with the wrong person, or with the wrong permissions, you could suffer data loss. We assume no responsibility for this situation. We take backups, but cannot guarantee that they will always be available. You, too, can take backups.
Don't share your password, ever. If you need to share something with someone, make them get their own login.
We do not comply with the GDPR
This is an American company. If you want to use this service in the U.S. or in some other country that doesn't force you to put cookie consents on every website, go ahead.
But if you live in a country that is under the control of effete Brussels euro-bureaucrats, forget it. We don't answer to them. They are not entitled to impose rules on an American company. And for that reason we don't do business in Europe.
We encourage you to move to better place, like Texas.
California is a problem
If you want to use the system to store information on contacts located in California, talk to us first. California has a complex, poorly-written GDPR-like law that makes things a lot more complicated and expensive for everyone. We'll find a way for both you and us to comply with the law. If we can't do that and still look at ourselves in the mirror, then we may create a separate server just for you. In any case, you'll have to deal with the fools in Sacramento directly. (That's the price you pay for living in California.)
We will disclose things if the lawyers make us
Our commitment to keeping your data private goes away in the face of a court order, but only to the extent that the order requires it. We may also disclose your data if we believe the law requires it, or if we believe you are doing anything illegal, or if we need it to protect our rights. Our commitment to keeping your data private goes away if you sue us for anything, ever.
Contact
If you have questions about this policy, contact us here: https://groundlist.org/contact