Policy Overview

We've created the following legal overview to provide an overview of our operations and ensure the proper legal protections for our relationship with you. We have tried to make this as accessibleas possible but we understand you might still have questions after reading this.

If you still have any outstanding question after reading this policy, you may find answers in the Frequently Asked Questions (FAQ) Library on the main Policy Center page or contact us directly using the information in the Contact Us section.

Legal Definitions

Asmbl Inc.
(the “Company,” "us", "we", or "our") operates desktop, mobile and web-based applications (hereinafter referred to as the "Service").

This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data.

By using the Service, you agree to the collection, use, and sharing of information in accordance with this Privacy Policy.

Data Rights

We believe all people deserve certain rights to their control their data, regardless of our legal obligations as a company. You can be sure that we will respect the following data rights.

Right to Access

You have a right at any moment to request access to your data and a detailed overview of all data we have about you.

Right to Rectification

You have a right at any moment to request we update or otherwise make changes the data we have on record.

Right to Deletion

You have a right at any moment to request delete to your data and for that deletion to be permanent in nature.

Right to Portability

You have a right at any moment to request that your data be given to you in a machine-readable format.

Right to Opt-out

You have a right at any moment to request to opt-out of any data sharing, processing or other data activities you desire.

Right to Deny Automated Decisions

You have a right at any moment to deny our ability to use your data in order to generate automated decisions.

Your California Privacy Rights

Residents of California may request a list of third parties to which certain Personal Information obtained by Company was disclosed by Company during the preceding year for those third parties’ direct marketing purposes.

If you are a California resident and want such a list, please contact us using the information found in the Contact Us section on the Policy Center home page.
For all requests, you must put the statement “Your California Privacy Rights” in the body of your request, as well as your name, street address, city, state, and ZIP Code.  In your request, you need to attest to the fact that you are a California resident and provide a current California address for our response.  Please note that we will not accept requests via telephone, email, or by facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.

Third-Party Access

We use the following services in order to make our product work the way it does. These companies have access to your data and are what the industry would call either data controllers, data processors, or both.

Google Drive

Cloud storage service used by millions of businesses

Slack

Work moves faster with unlimited messages in search, external partners in channels and more.

Zoom

Zoom is one of the world's largest video conferencing services

Employees & contractors

Internal employees and contractors with access for contractual purposes

Heap

Heap is the only digital insights platform that shows you everything users do on your product or site, automatically surfacing the “unknown

Data Points Collected

We collect data points in order to make our product work the way it does. The following data points are what we collect directly but there may be other data points collected by third-party services we have to use to provide our services.

Email

Makes direct contact easier, also allows account management services, among other benefits

Home Address

Phone Number

School

Socioeconomic Status

Political Affiliation

Organizational Campus Involvement

Legal Basis for Processing Personal Data under the General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), the Company’s legal basis for collecting and using the personal information described in this Privacy Policy depends on the type of Personal Data we collect and the specific context in which we collect it.

We may process your Personal Data because:
1. We need to perform a contract with you
2. You have given us permission to do so
3. The processing is in our legitimate interests and it is not overridden by your rights
4. For payment processing purposesTo comply with the law

Cookies & Other Trackers

Many companies across the internet use cookies and other trackers but that's changing. Until then, it's important to know if a company is using these tools, and if so, why. Reasons my vary, including but not limited to: Basic Functionality, Website Traffic Analytics, Improved Service Offerings, Marketing and Advertising

Collects Cookies

Yes

We use cookies and other trackers throughout our site in order to monitor consumer behavior and use those insights to improve your experience.

Collects Cookies

No

We do not use cookies and/or other trackers on our site.
We use cookies and similar tracking technologies to track the activity on our Service and we retain certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

If you have the right browser and/or browser extensions, you can refuse our access to some or all cookies. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we may use:
1. Session Cookies. We use Session Cookies to operate our Service.
2. Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
3. Security Cookies. We use Security Cookies for security purposes.

How do you take control?

The reality is that the best way for you to take control of your digital footprint is to choose a browser that protects your privacy by default:

Learn more about your digital footprint

Most people have no idea where all of there data is or how they can take control of it. Say Mine is a service that will allow you to understand your digital footprint better.

Data Storage, Transfers & Access

Everyone wants to know where their data is stored, where it can be transfered and who is allowed access. As a company that relies on third parties to provide the services we offer, we are unable to control every aspect of this process but we do our best to ensure the services we use to provide you service are as reputable, trustworthy, and secure as possible.

Data Ownership

No

We and/or our data-sharing partners view data we collect as an asset owned by our company and may transfer and store your data as it wishes, within constraints of the law.

Data Ownership

Yes

We and/or our data-sharing partners do not view your data as an asset owned exclusively by our company and we are committed to asking you for permission before any new partnerships, integrations or other data transfers occur.

Data STored BY Company?

No

We do not own our own servers and therefore need to share data with third-party partners who own run cloud hosting services. This means your data may move to various places across the world, based on those partners' operations.
Your Personal Information may be transferred to, and maintained on, servers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

The Services are conducted in the United States. Your acceptance of and agreement to this Privacy Policy (as part of your acceptance of and agreement to the Terms by your access and use of the Services), followed by your submission of Personal Information represents your agreement to such transfers.

We will take all the steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Privacy Policy, and no transfer of your Personal Information will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Information.

Review the Third Party Services section, above, to learn more.

Retention of Data

We will retain your Personal Data only for as long as is necessary for providing the Service and for the purposes set out in this Privacy Policy, including to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis. Usage Data is generally retained for a shorter period of time, except when this data is used to improve and strengthen the security and/or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.

Where is your data stored?

More than 60 percent of internet companies rely on Amazon, Microsoft and/or Google to manage and store their data. This means your data is stored in different places all across the globe. This is both for security and business purposes.

Your information, including Personal Data, may be transferred to - and maintained on - computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

We will use the most commercially reasonable efforts to ensure that no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Assist Law Enforcement

Yes

We and/or our data-sharing partners will share data with government and law enforcement agencies if legally required by valid warrant, subpoena or other legitimate legal obligation.
Under certain circumstances, we may be required to disclose your Personal Information in order to comply with an applicable law or a valid order by a court or a government agency with applicable authority and jurisdiction.

We may disclose your Personal Information in the good faith belief that such disclosure is necessary to:

1. Protect and defend the rights or property of our company.
2. Prevent or investigate possible wrongdoing in connection with our platform services.
3. Protect the personal safety of members or the public.
4. Protect against legal liability.

Why assist government?

It's important to assist law enforcement when possible in order to uphold law and order within society. Some companies may encrypt information, which means they can not share all information but they may still participate in legal obligations up until the point they're incapable of sharing information.

Continue reading to understand our use of end-to-end encryption and other security measures that may impact our ability to share data with law enforcement or not, pending valid legal request.

End-to-End Encryption (E2EE)

Yes

We use E2EE to provide private communications and interactions.

End-to-End Encryption (E2EE)

No

This company does not use end-to-end encryption to provide private communications and interactions on their site. Continue reading to learn more about end-to-end encryption.

What does End-to-End Encryption do for privacy?

Encryption is the process of converting information or data into a code, especially to prevent unauthorized access. End-to-end encryption means a company has made it so that even if they wanted to know about what you're doing on their platform, they couldn't. And if they can't know, then nobody can know.

This can be good in the sense that you have much less to worry about in regards to being hacked or surveilled. However, complete end-to-end encryption can also be bad because law enforcement, platform owners, and others have no way of tracking or managing criminal behavior on the platform. Even some of the most privacy-protecting companies have tried, and failed, to provide robust end-to-end encryption that doesn't harbour criminals but it's harder than it appears. Neither path is perfect and both have potential pitfalls.

Learn more about end-to-end encryption by watching the video below.

Data Protection & Security

Companies that do not write their own code often have limited control over the security of your data. Often the security of your data is reliant on the bigger companies that provide the digital services to the smaller companies. There are, however, several things that smaller, less technical companies can do to improve the security of your data, including the following:

Password Management System

Yes

We require our company's employees to use a password management system.

Password Management System

No

We do not require our employees to use a password management system.

What is a password manager?

A password manager is a computer program that allows users to store, generate, and manage their personal passwords for online services. A password manager assists in generating and retrieving complex passwords, potentially storing such passwords in an encrypted database or calculating them on demand.

If used appropriately, the people using the password manager don't even know their own password most of the time, which makes it that much harder for someone to hack.

Two-Factor Authentication (2FA)

Yes

We require our employees to use 2FA where possible.

Two-Factor Authentication (2FA)

No

We do not require our employees to use 2FA.

What is 2FA?

Multi-factor authentication is an electronic method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence that they are the correct individual to whom access should be given.

Additional Details

A few other details about how we will respect you and your experience with our service.

Terms Subject to Change

Yes

We will, at times, need to update our policies as our services grow and evolve. We promise to make sure you're aware of all these changes.

Why do policies change so much?

Most companies are constantly working to improve their products and services. This means their policies need to be updated as well, in order to properly represent the product or service. Being required to ask for permission from every individual before making changes would make innovation excessively difficult. The most important part of change is that it is properly communicated, which we promise to do.

Children Age 13 and under

Yes

We provide services to children 13 and under, and follow all regulations required to protect the children on our platform

Children Age 13 and under

No

Our services are not intented for Children under the age of 13 years old and we do not provide protections
Our Service is not intended for children under the age of 13. Accordingly, we do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us at hello@mmhmm.app. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Why do policies change so much?

Most companies are constantly working to improve their products and services. This means their policies need to be updated as well, in order to properly represent the product or service. Being required to ask for permission from every individual before making changes would make innovation excessively difficult. The most important part of change is that it is properly communicated, which we promise to do.