Last Updated: February 2021
Tugboat Logic Inc offers an application and associated services to help businesses (“Clients”) demystify security and compliance.
Tugboat Logic Inc is a USA registered company with offices in San Francisco and Calgary, Canada. For more information about our services please read https://www.tugboatlogic.com/products/.
- the use of www.tugboatlogic.com (“Website”),
- the use of our Community site https://community.tugboatlogic.com/
- the use of the application website https://my.tugboatlogic.com (“Application”),
- social media messages and marketing campaigns, and
- the use of our products and services.
- Website visitor
- End user of the Application (“End User”)
- Prospective client
- Job applicant, and Partners
Clients contract the use of our Application and give access to their employees and other third parties, as solely decided by them, by creating users who access the Application with their email address and credentials. The Clients’ administrators grant End Users roles which result in different permissions and access rights to the information held in the Client account.
Table of contents
- Personal information we collect
- How we use personal information
- How we share personal information
- How we secure personal information
- Your Rights
- How long we keep your personal information
- Other Important Information
- Contact Information
Personal information we collect
Information you choose to provide to us
We may ask you to provide personal information when:
- You use the Website to download articles, data sheets or eBooks
- You request a free trial or demo
- You refer a friend to us
- You connect with us directly via phone calls or video conferencing platforms
- We or Client account administrators grant you access to the Application
- You or Client account administrators upload or enter personal information into the Application
- You participate in a marketing/sales promotion
- You attend trade events and other industry networking events
- You register or attend a webinar or other event;
- You participate in programs we may offer from time to time
- You participate in chats and post on our community group, The Helm
- You pay for our Services. Please note we use Stripe for processing payments and do not hold any credit card data.
If you choose to provide us with a third party’s Personal Information (the person’s name, email and company) when taking part in our Referral Program, you represent that you have the third party’s permission to do so.
The personal information we collect may include first and last name, business email address, phone number, and company name.
As an End User of the Application, we collect your name, business email address and any comments you make in the Application and on our community pages, The Helm.
- employee names, email addresses, performance evaluations, reference checks and contractual agreements,
- vendor names, email addresses, contractual agreements or other personal data necessary to evaluate compliance with security requirements,
- credentials for the integrations to the automated evidence collection or other APIs in Tugboat Logic’s platform, and,
- customer names and email addresses used to share the Information Security program within Tugboat Logic’s platform
As a Job Applicant, we may also collect your resume and cover letter.
Information we collect automatically
We collect information about your visits to the Website and to the Application when you land on any of our web pages through cookies and similar tracking technology.
For further information about the types of Cookies we use, you can access our Cookie banner from the left corner of our website www.tugboatlogic.com.
The information collected includes:
- access times
- the pages you view
- the links you click on
- the search terms you enter
- actions you take in connection with any of the visited pages
- your device information such as IP address, location, browser type and language
- the Uniform Resource Locator (URL) of the website that referred you to our website and
- the URL you browse away from our pages, if you click on an external link
We may also collect information when you open email messages from us or click on links within those email messages.
Information we may collect from third parties
We may combine the information we collect as a result of your direct interactions with us with information obtained through other third party sources, such as Crunchbase, LinkedIn Navigator and Zoominfo. We also obtain and/or purchase lists from third parties about individuals and companies that may be interested in our products.
The personal information collected includes your name, email address, business address, job title, company name, and telephone number.
How we use personal information
We use your Personal Information to:
- Deliver the contracted Services and allow full use of the Application functionality as purchased by the Clients
- Deliver training and support to our Application End Users and/or carry out the transactions you have requested
- To communicate with you directly through emails, calls, chats, video conferencing
- Process payments for Application subscriptions
- Send communications to you about:
- new Application features and upgrades
- our services and offerings
- event announcements
- product notices and changes to our terms and policies
- particular programs in which you have chosen to participate
- promotional offers and surveys
- scheduling demos and managing free trials
- Advertise and market our products and services which may include delivering interest based advertisements on this Website and other sites or content syndication platforms and websites.
- Carry out market research to understand how to improve our Services and their delivery
- Create and manage marketing campaigns
- Generate sales leads and increase our market share
- Post comments and manage our community pages, The Helm
- Analyze user clicks and usage of the Application and Website to improve user experience and maximize usage of our Services
- Manage our Website and Application in order to maintain and deliver the contracted functionality and services,
- Enforce our Website and Application Terms and/or separate contracts (if applicable) with you
- Prevent fraud and other prohibited or illegal activities
- Protect the security or integrity of the Website, Application, our business or Services; or
- Otherwise, as disclosed to you at the point of collection or as required or permitted by law.
We do not sell your information to any third party.
How we share personal information
Our Application and Services
If you are an End User of our Application, your personal information may be viewed by other users in your organization with access to the Application.
We use third parties to help us provide our Services. They will have access to your information as collected by the Website or the Application, as reasonably necessary to perform the contracted tasks on our behalf. We sign contractual agreements to obligate them to protect the personal information, to only use it to deliver the contracted services to us, to prohibit them from selling it and not to disclose it without our knowledge and permission.
|Service Provider Name||Business purpose||Information collected by service provider||Data location|
|Avoma||Meetings recording and analysis||Names, email address, voice, opinions||USA|
|AWS||Application hosting||Names, emails, posts, any other information posted on the Application||USA|
|Crunchbase||Marketing||Public data related to individual company investors||USA|
|Drift||Website monitoring||IP address, pages visited, links clicked on||USA|
|Gainsight||Sales||IP address, names, emails, job titles, company, contact details||USA|
|Google Analytics||Web Analytics||IP address, geo location, browser details, pages visited||USA|
|Google Adwords and Google Display Network||Advertising||IP address, geo location, browser details, pages visited.||USA|
|Google suite of products||Communications and storage||Names, email address, company name, messages content||USA|
|Hubspot||Marketing||IP address, names, emails, job titles, company, contact details||USA|
|LeadIQ||Marketing||Names, contact details, job titles, companies||USA|
|Linkedin, Linkedin Navigator||Marketing/prospecting tool||Name, email address, access to Linkedin profiles (depending on user privacy settings)||USA|
|NetLine (TradePub.com)||Marketing||Names, emails, job titles, company, contact details||USA|
|Outreach||Sales||Names, emails, job titles, company, contact details||USA|
|Partner Stack||Partner database||Names, business contact information, location||Canada|
|Pendo||End User behaviour analysis||Aggregate information on usage of the Application, and basic user data (name, role, tittle, company name, email address).||USA|
|Quickbooks||Accounting||Customer names, address, product subscribed||Canada|
|SaaS Optics||Invoicing and Billing||Customer names, email addresses, contact info, products subscribed||USA|
|Square||Payments processing||IP address, browser types, customer names, transactions information.||USA|
|Vanilla Forums-provider of the Helm, Tugboat Logic community pages||Customer support, marketing||Names, emails, posts||USA and Canada|
|Zendesk||Service support||Customer names, email addresses, information posted by you regarding issues with the application functionality or your security program.||USA|
|Zoom Info||Marketing||Names, job titles, company, contact details||USA|
It is possible that we may need to disclose personal information when required by law, subpoena, or other legal process as identified in the applicable legislation.
We attempt to notify our clients about legal demands for their personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency.
Change in Control
We can also share your personal data as part of a sale, merger or change in control, or in preparation for any of these events.
How we secure personal information
We are committed to protecting the security of all of the personal information we collect and use.
We use a variety of physical, administrative and technical safeguards designed to help protect it from unauthorized access, use and disclosure. We have implemented best practice standards and controls in compliance with SOC2 requirements and other internationally recognized frameworks. We use encryption technologies to protect data at rest and in transit.
We provide the same suite of Services to all of our Clients and End Users worldwide.
We offer the following rights to all individuals regardless of their location or applicable privacy regulations.
For personal information we have about you, you can:
- Access your personal information or request a copy.
You have the right to obtain information about what personal information we process about you or to obtain a copy of your personal information.
If you have provided personal information to us, you may contact us to obtain an outline of what information we have about you or a copy of the information.
If you are a End User of the Application, you can log in to see the personal information in the account or approach your employer for more information.
- You have the right to be notified of what personal information we collect about you and how we use it, disclose it and protect it.
- Change or correct your personal information.
You have the right to update/correct your personal information or ask us to do it on your behalf.
You can edit your information through the user account in the Application or ask us to change or correct it by contacting us at DSAR Form.
- Delete or erase your personal information.
You have the right to request deletion of your personal information at any time. We will communicate back to you within reasonable timelines the result of your request. We may not be able to delete or erase your personal information but we will inform you of these reasons and any further actions available to you.
- Object to the processing of your personal information
You have the right to object to our processing of your personal information for direct marketing purposes. This means that we will stop using your personal information for these purposes.
- Ask us to restrict processing of your personal information
You may have the right to ask us to limit the way that we use your personal information.
- Export your personal data.
You have the right to request that we export to you in a machine readable format all of the personal information we have about you.
We do not process personal information through the use of automated means.
If you would like to exercise any of the rights described above, please contact us at DSAR Form
You also have the right to lodge a complaint with the local organizations in charge with enforcing the privacy legislation applicable in your territory.
How long we keep your personal information
We retain information as long as it is necessary to provide the Services to you and our Clients, subject to any legal obligations to further retain such information.
We may also retain information to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce our Terms of Service and take other actions permitted by law.
Information connected to you that is no longer necessary and relevant to provide our Services may be de-identified or aggregated with other non-personal data to provide insights which are commercially valuable to Tugboat Logic, such as statistics of the use of the Services.
Other Important Information
We process data in Canada as well as in the United States and rely on legally-provided mechanisms to lawfully transfer data across borders, such as contracts incorporating data protection and sharing obligations.
We will only collect and process personal data about you where we have a lawful reason for its collection.
When you visit our Website and provide us with your personal information, we collect and use it with your consent.
As an Application End User, you consent to our collection of your personal information when you log in for the first time. However, your employer has control of the account and may upload and share additional personal information. It is your employer’s responsibility to ensure the collection, use and sharing of the personal information uploaded to the Application complies with all applicable legislation.
You can review the terms and conditions of use here: https://my.tugboatlogic.com/terms
Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact DSAR Form.
How to select your communications preferences
You may choose to receive or not receive marketing communications from us. To stop receiving marketing communications, please click the “Unsubscribe” link in emails we sent you.
You may choose which information we collect automatically from your device by controlling cookie settings on your browser or by selecting your preferences in the Cookie banner located in the left corner of our website https://www.tugboatlogic.com/
Even if you opt out of receiving marketing communications, we may still communicate with you in connection with security and privacy issues, servicing your account, fulfilling your requests, or administering any promotion or any program in which you may have elected to participate.
You may contact us to exercise any of your rights or ask for more information about your personal information and our privacy practices by contacting us at DSAR Form.
For individuals based in European Union (EU), European Economic Area (EEA) and Switzerland.
If you are based in one of these jurisdictions, Tugboat Logic Inc is the controller of your personal data collected in the following instances:
- When you visit our Website https://www.tugboatlogic.com/
- When we process your personal data about for sales and marketing purposes
Tugboat Logic is a processor of all personal data processed on the Application, on behalf of our Clients. We only process the personal data under their direction. Please contact your employer or the organization that granted you access to the Application for details on their privacy practices.
We only process personal data if we have a lawful basis to do so. The lawful bases applicable to our processing as controller are:
- Consent. We will ask for your express and informed consent every time we collect your personal data under this legal basis.
- Contractual basis. We process the personal data as necessary to fulfill our contractual terms with you or our Clients.
- Legitimate interest. We process the names, contact details, job titles, companies of our existing and prospective clients for our marketing purposes, including market research and sales leads generation.
You have the following rights under the GDPR:
- Be informed about the collection and use of your personal dat
- Access your personal data
- Correct errors in your personal data
- Erase your personal data
- Object to the processing of your personal data.
- This right is also available to individuals whose personal data is processed by us for direct marketing purposes. If you object to processing of your personal data for direct marketing purposes, we shall stop processing within 30 days of receipt of your request.
- Export your personal data
- Restrict our processing of your personal data for specific reasons, including any of the purposes supported by the legitimate interest legal bases. (see section above).
We process personal data in Canada and USA and share it with our service providers also located in Canada, USA and other jurisdictions. We use standard contractual clauses as the data transfer mechanism of transferring EU data to countries subject to data transfer requirements. See table of our service providers here. (link to table above)
You may contact us at DSAR Form or you may contact our EU Data Representative at
Osano International Compliance Services Limited
25/28 North Wall Quay
Dublin 1, D01 H104
You may also lodge a complaint with your local supervisory authority EU Data Protection Authorities (DPAs) or Swiss Federal Data Protection and Information Commissioner (FDPIC). See their contact details here https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
For individuals based in California
This section provides additional specific information for consumers based in California as required by California Consumer Privacy Act of 2018 (“CCPA”)
Collection and Use of Personal Information
In the last 12 months, we have collected the following categories of personal information:
- Identifiers, such as your name, mailing address, email address, zip code, telephone number, or other similar identifiers.
- California Customer Records (Cal. Civ. Code § 1798.80(e)), such as username and password, company name, job title, business email address, and department.
- Internet/Network Information, such as your browsing history, log and analytics data, information about the device(s) used to access the Services and information regarding your interaction with our websites or Services and other usage data.
- Geolocation Data, such as information about your location (at country and city level) collected from your IP address.
- Sensory Information, the content, audio and video recordings of conference calls between you and us that we record where permitted by you and/or the law.
- Profession/Employment Information, that you include in your CV, cover letter and send to us when applying for a position.
- Other Personal Information, such as personal information you provide to us in relation to a survey, comment, question, request, article download or inquiry and any other information you upload to our Application or to our community pages, The Helm.
We collect personal information directly from you, from your browser or device when you visit our websites, from third parties that you permit to share your information or from third parties that share public information about you and as stated above.
See the section above “How we use personal information” to understand how we use the personal information collected from the California consumers.
Recipients of Personal Information
We share personal information with third parties for business purposes.The categories of third parties to whom we disclose your personal information may include: (i) our service providers and advisors, (ii) marketing and strategic partners; (iii) ad networks and advertising partners; (iv) analytics providers; and (v) social networks.
California Privacy Rights
As a California resident, you may be able to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):
- The Right to Know any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon verification of your identity:
- The specific pieces of personal information we have collected about you;
- The categories of personal information we have collected about you;
- The categories of sources of the personal information;
- The categories of personal information that we have disclosed to third parties for a business purpose, and the categories of
- recipients to whom this information was disclosed;
- The categories of personal information we have sold and the categories of third parties to whom the information was sold; and
- The business or commercial purposes for collecting or selling the personal information.
- The Right to Request Deletion of personal information we have collected from you, subject to certain exceptions.
- The Right to Opt Out of Personal Information Sales to third parties now or in the future. However, we do not sell your personal information
You also have the right to be free of discrimination for exercising these rights.
Please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products and services or engage with you in the same manner.
How to Exercise Your California Consumer Rights
To exercise your right to know and/or your right to deletion, please submit a request by completing the following form DSAR Form.
We will need to verify your identity before processing your request.
In order to verify your identity, we will generally require sufficient information from you so that we can match it to the information we maintain about you in our systems. Sometimes we may need additional personal information from you to be able to identify you. We will notify you.
We may decline a request to exercise the right to know and/or right to deletion, particularly where we are unable to verify your identity or locate your information in our systems or as permitted by law.
You may choose to designate an authorized agent to make a request under the CCPA on your behalf. No information will be disclosed until the authorized agent’s authority has been reviewed and verified. Once a request has been submitted by an authorized agent, we may require additional information (i.e. written authorization from you) to confirm the authorized agent’s authority.
If you are an employee/former employee of a Tugboat Logic Client that uses our application and services, please direct your requests and/or questions directly to your employer/former employer.
If you are a third party (auditor, business associate etc) who was given access to the Tugboat Logic application by a Tugboat Logic Client, please direct your requests and/or questions directly to the Tugboat Logic Client that gave you access.
Minors Under Age 16
Our application and services are intended for business use and we do not expect them to be of any interest to minors. We do not intentionally collect any personal information of consumers below the age of 16. We do not sell the personal information of California consumers.