Privacy Policy.

EFFECTIVE DATE: December 1, 2019

CrossKey  (“us”, “we”, or “our”) operates the website (the “Website”).

This page informs you of our policies regarding the collection, use, and disclosure of personal data

when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the

collection and use of information in accordance with this policy. Unless otherwise defined in this

Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and

Conditions, accessible from


Cookies means the small pieces of data generated by a website and stored on your device

(computer or mobile device), typically on the browser.

Data Controller means the natural or legal person who (either alone or jointly or in common with

other persons) determines the purposes for which and the manner in which any personal information

are, or are to be, processed.

Data Processors (or Service Providers) means any natural or legal person who processes the data

on behalf of the Data Controller.

Data Subject (or User) means any living individual who is the subject of Personal Data.

Personal Data means any information relating to an identified or identifiable natural person.

Service means the CrossKey  software as a service tools and services offered through the


Usage Data means data collected automatically either generated by the use of the Service or from

the Service infrastructure itself (for example, the duration of a page visit).


We collect several different types of information for various purposes to provide and improve our

Service to you.


Information you provide: When you register an account, we collect some Personal Data, such as

your name, title, email address, phone number, billing information and other similar information.

Content: You also provide Personal Data in content you upload to the Service, or which is uploaded

on your behalf (“Content”). In general, the Content you provide will be viewable and discoverable by

your users. In some cases, where content has been shared with users outside your email domain

extension, your information may be viewed by those additional users. We can, but have no obligation,

to monitor the Content you post on the Service.

Geo-Location Information: Content that you upload or share through the Service may contain

recorded location information. Location data does not collect or share any personally identifiable

information about you. Location data may be used in conjunction with personally identifiable


Device Identifiers: When you access the Service by or through a device, we may access, collect,

monitor and/or remotely store one or more “device identifiers”. Device identifiers allow us to uniquely

identify your device and are used to enhance the Service (including sending updates and information

from the Service). A device identifier does not collect or share any personally identifiable information

about you. A device identifier may be used in conjunction with personally identifiable information.

Analytics: When you access the Service on our website, we may collect information (using third party

services) using logging and cookies which can sometimes be correlated with Personal Information.

We use this information to monitor and analyse use and interest in the Service. See the section on

Service Providers” for more detail in this respect.

Log data: As with most websites and technology services delivered over the Internet, our servers

automatically collect information when you access or use our Websites or Services and record it in log

files. This log data may include the Internet Protocol (IP) address, the address of the web page visited

before using the Website or Services, browser type and settings, the date and time the Services were

used, information about browser configuration and plugins, language preferences and cookie data.

Cookie Information: We use cookies and similar technologies in our Website and Services that help

us collect certain Usage Data about you, which may become Personal Data due to direct association

with your account. The Websites and Services may also include cookies and similar tracking

technologies of third parties, which may collect information about you via the Websites and Services

and across other websites and online services. For more details about how we use these

technologies, please see the section on “Service Providers” below and our Cookie Policy.


We use information that we collect for the purpose of fulfilling our contractual obligations to you under

our Terms of Service, in furtherance of our legitimate interests in operating our Services, Websites

and business and/or where you have consented to such usage. These are the lawful basis for the

usage of your Personal Data. More specifically, We use Personal Data:

  • To provide, update, maintain and protect our Services, Websites and business. This includes use of Personal Data to support delivery of the Services under our Terms of Service, prevent or address service errors, security or technical issues, analyse and monitor usage, trends and other activities or at your request. We may use your email address or phone number to send you
  • Service-related notices (including any notices required by law, in lieu of communication by postal mail). If you correspond with us by email, we may retain the content of your email messages, your email address and our responses.
  • As required by applicable law, legal process or regulation. We may in certain instances be compelled by law to process your Personal Data in order to comply with a binding order. We will only do so to the extent reasonably required by that order.
  • To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Personal Data to respond.
  • To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications.
  • We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about us. These are marketing messages so you can control whether you receive them, and if you are resident in the EEA we will only send you these emails where you have consented to our sending them to you. .
  • For billing, account management and other administrative matters. We may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
  • To investigate and help prevent security issues and abuse.
  • For marketing purposes. We may also use your contact information to send you marketing messages. If you are in the EEA we will only to do if you have opted in to receive such communications. If you don’t want to receive these messages, you can opt out by following the instructions in the message.



If you are from the European Economic Area (EEA), CrossKey ’s legal basis for collecting

and using the personal information described in this Privacy Policy depends on the Personal Data we

collect and the specific context in which we collect it.

CrossKey may process your Personal Data because:

  • We need to perform a contract with you
  • You have given us permission to do so
  • The processing is in our legitimate interests and it’s not overridden by your rights
  • To comply with the law

We set out a more detailed breakdown of the legal basis for our use in the “How We Use Information”

section above.


CrossKey  will retain your Personal Data only for as long as is necessary for the purposes

set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to

comply with our legal obligations (for example, if we are required to retain your data to comply with

applicable laws), resolve disputes, and enforce our legal agreements and policies.

CrossKey will also retain Usage Data for internal analysis purposes. Usage Data is

generally retained for a shorter period of time, except when this data is used to strengthen the

security or to improve the functionality of our Service, or we are legally obligated to retain this data for

longer time periods.


Your information, including Personal Data, may be transferred to — and maintained on — computers

located outside of your state, province, country or other governmental jurisdiction where the data

protection laws may differ than those from your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that

we transfer the data, including Personal Data, to the United States and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your

agreement to that transfer.

CrossKey will take all steps reasonably necessary to ensure that your data is treated

securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take

place to an organization or a country unless there are adequate controls in place including the

security of your data and other personal information. Without limiting the foregoing, if we transfer

Personal Data originating from the European Union or Switzerland to other countries not deemed

adequate under applicable data protection law, then we ensure that adequate safeguards are in place

including without limitation ensuring that the Service Provider is EU-US Privacy Shield compliant or

requiring them to enter into the European Union Standard Contractual Clauses.


Disclosure for Law Enforcement

Under certain circumstances, CrossKey  may be required to disclose your Personal Data if

required to do so by law or in response to valid requests by public authorities (e.g. a court or a

government agency).

Legal Requirements

CrossKey  may disclose your Personal Data in the good faith belief that such action is

necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or property of CrossKey 
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability
  • Other lawful basis for disclosure

CrossKey  may disclose your Personal Data:

  • To our subsidiaries and affiliates.
  • To contractors, service providers, and other third parties we use to support our business solely for the purpose of them providing services to us.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred.
  • To fulfill the purpose for which you provide it.
  • For any other purpose disclosed by us when you provide the information.
  • With your consent.


The security of your data is important to us, but remember that no method of transmission over the

Internet, or method of electronic storage is 100% secure. While we strive to use commercially

reasonable means to protect your Personal Data in accordance with industry standards, we cannot

guarantee its absolute security.



If you are a resident of the European Economic Area (EEA), you have certain data protection rights.

CrossKey  aims to take reasonable steps to allow you to correct, amend, delete, or limit the

use of your Personal Data.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed

from our systems, please contact us using the contact information set out below.

In certain circumstances, where we act as Data Controller, you have the following data protection


  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you where we are the data controller and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
  • You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the information’s accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your

Personal Data. For more information, please contact your local data protection authority in the

European Economic Area (EEA).

If you wish to exercise any of the rights set out above, please contact us using the contact details


You will not have to pay a fee to access your personal information (or to exercise any of the other

rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or

excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure

your right to access your personal information (or to exercise any of your other rights). This is a

security measure to ensure that personal information is not disclosed to any person who has no right

to receive it.

We may also contact you to ask you for further information in relation to your request to speed up our



Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of

information. In general, We are the controller of information which we request or collect for the

purposes of maintaining the Service. Our customers are the controller of Personal Data which they

enter into the Service which is not requested by us, or which we may enter into the Service on their

behalf. Our Data Processing Addendum applies to the processing of any Customer Data to which the

General Data Protection Regulation (2016/679) applies.


We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to

provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how

our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and

are obligated not to disclose or use it for any other purpose.


We may use third-party Service Providers to monitor and analyze the use of our Service.

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic.

Google uses the data collected to track and monitor the use of our Service. This data is shared with

other Google services. Google may use the collected data to contextualize and personalize the ads of

its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing

the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript

(ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web



CrossKey  uses remarketing services to advertise on third party websites to you after you

visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads

based on your past visits to our Service.

Google AdWords is a remarketing service provided by Google Inc.

You can opt-out of Google Analytics for Display Advertising and customize the Google Display

Network ads by visiting the Google Ads Settings page:

Google also recommends installing the Google Analytics Opt-out Browser Add-on – for your web browser. Google Analytics Opt-out Browser

Add-on provides visitors with the ability to prevent their data from being collected and used by Google


For more information on the privacy practices of Google, please visit the Google Privacy & Terms web


Twitter remarketing service is provided by Twitter Inc.

You can opt-out from Twitter’s interest-based ads by following their


You can learn more about the privacy practices and policies of Twitter by visiting their Privacy Policy


Facebook remarketing service is provided by Facebook Inc.

You can learn more about interest-based advertising from Facebook by visiting this


To opt-out from Facebook’s interest-based ads follow these instructions from


Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by

the Digital Advertising Alliance. You can also opt-out from Facebook and other participating

companies through the Digital Advertising Alliance in the USA, the

Digital Advertising Alliance of Canada in Canada or the European Interactive

Digital Advertising Alliance in Europe, or opt-out using your mobile

device settings.

For more information on the privacy practices of Facebook, please visit Facebook’s Data


AdRoll remarketing service is provided by Semantic Sugar, Inc.

You can opt-out of AdRoll remarketing by visiting this AdRoll Advertising Preferences web


For more information on the privacy practices of AdRoll, please visit the AdRoll Privacy Policy web



Notwithstanding anything else in this Privacy Policy, if you provide the App access to the following types of your Google data, the App’s use of that data will be subject to these additional restrictions:

  • The App will only use access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
  • The App will not use this Gmail data for serving advertisements.
  • The App will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the App’s internal operations and even then only when the data have been aggregated and anonymized.


Our Service may contain links to other sites that are not operated by us. If you click on a third party

link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy

of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of

any third party sites or services.


Our Service does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from anyone under the age of 18. If

you are a parent or guardian and you are aware that your child has provided us with Personal Data,

please contact us. If we become aware that we have collected Personal Data from children without

verification of parental consent, we take steps to remove that information from our servers.


We may update our Privacy Policy from time to time. We will notify you of any changes by posting the

new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming

effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy

Policy are effective when they are posted on this page.