Privacy Policy

Last updated on 17 September 2024.

This Privacy Policy may be updated at any time. By using this Site, you consent to the terms of the current Privacy Policy

1. Introduction

Hampton Innovations Incorporated ("we," "us," or "our") is committed to maintaining robust privacy protections for its users. Our Privacy Policy ("Privacy Policy") is designed to help you understand how we collect, use, and safeguard the information you provide to us and to assist you in making informed decisions when using our Services.

For purposes of this Agreement, "Site" refers to the Company’s websites, which can be accessed at www.getroz.com, www.getroz.ai, www.rozcomply.com, and www.rozcomply.ai.

"Service" refers to the Company’s services accessed via the Site, in which users can upload their proprietary knowledge base to help inform Roz’s automation capabilities to answer questionnaires.

The terms "we," "us," and "our" refer to the Company. "You" refers to you, as a user of our Site or our Service.

By accessing our Site or our Service, you accept our Privacy Policy and Terms of Service (found here: www.getroz.com/legal/terms) and you consent to our collection, storage, use, and disclosure of your Personal Information as described in this Privacy Policy.

2. Information We Collect

We collect information about you when you provide it to us, when you use our services, and when we receive it from other sources, as detailed below. We will collect, use, store, and process this information solely for the purposes outlined in this policy or to contact you with information about our offerings.

2.1 Information Collected by Cookies

In effort to improve the quality of the Service, we track information provided to us by your browser or by our platform when you view or use the Service.

Use of Cookies

We believe in the privacy of our users, and therefore our website and services use only necessary cookies to ensure the proper functioning of our platform. These cookies are essential for basic functionalities such as authentication, security, and accessibility. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal Information about that user and keep a record of the user’s preferences when utilizing our services, both on an individual and aggregate basis. We do not use cookies for tracking, advertising, or any other non-necessary purposes. We do not collect or store personal data through cookies for marketing or analytics. 

Necessary Cookies

These cookies are essential for the website to function correctly and cannot be switched off in our systems. They are usually set in response to actions made by you, such as setting your privacy preferences, logging in, or filling in forms. Without these cookies, our services cannot be provided properly.

Examples of necessary cookies we use include

  • Authentication Cookies: To keep you logged in during your visit.
  • Security Cookies: To protect your data and the integrity of our services.
  • Availability Cookies: To ensure the availability and proper functioning of our product, as well as to identify and fix any issues. This may include collecting information such as your IP address, pages visited, date and time of visits, and browser type.

Managing Cookies

Since we only use necessary cookies, there are no additional settings or preferences required for managing cookies on our site. However, you can control and manage cookies through your browser settings. Please note that disabling necessary cookies may affect the functionality of our website and services. 

By using our website and services, you consent to the use of necessary cookies as described in this policy. As we do not use non-necessary cookies, no further action is required from you to disable such cookies.

2.2 Information You Provide Us by Registering for an Account

In addition to the information provided automatically by your browser when you visit the Site, to become a user to the Service you will need to create a personal profile. You can create a profile by registering with the Service and entering your email address, first name, last name, display name, role, and creating a user name and a password. By registering, you are authorizing us to collect, store, and use your profile information in accordance with this Privacy Policy.

2.3 Information You Provide Through Our Services

By using our services, you are consenting to your Content to be used, processed, and stored with our Subprocessors, as described in the Subprocessors section.

User-Generated Content: Our Services include features that allow you to create and store your documents and other User-Generated Content ("Content," as defined in the Terms of Service). We collect and store this Content, which may include any information about you that you choose to upload or store in our Services. 

Support Services/User Feedback: For customer support, you may submit requests or provide information about issues you encounter with a Service. To help diagnose issues or improve our services, we may request you to provide any of the following, a summary of the issue you are facing, documentation, screenshots, or additional information you deem relevant for resolving the matter. 

Payment Information: We may collect payment and billing information when you sign up for paid Services. You might also provide payment information, such as payment card details, which is collected and processed through external secure payment processing services.

2.4 Information We Do Not Collect

Personal Information

While we may receive personal information that you upload or store in your workspace or any of your content, we do not intentionally collect such sensitive personal information. The responsibility for any personal information within a user's workspace or content lies with the workspace owner.

Sensitive Data

We do not intentionally collect "Sensitive Personal Information" such as, but not limited to:

  • Personal data revealing racial or ethnic origin,
  • Political opinions,
  • Religious or philosophical beliefs,
  • Trade union membership,
  • Genetic data,
  • Biometric data (including for uniquely identifying a natural person),
  • Health and medical data associated with a natural person,
  • Information concerning a natural person's sex life or sexual orientation.

If you choose to store any Sensitive Personal Information on our servers, you are responsible for complying with any regulatory controls regarding that data.

Children’s Data

The Site and the Service are not directed to anyone under the age of 13. The Site does not knowingly collect or solicit information from anyone under the age of 13, or allow anyone under the age of 13 to sign up for the Service. In the event that we learn that we have gathered personal information from anyone under the age of 13 without the consent of a parent or guardian, we will delete that information as soon as possible. If you believe we have collected such information, please contact us at privacy@getroz.com.

3. How We Use and Share Information

3.1 Personal Information

Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent, or otherwise share for marketing purposes your Personal Information with third parties without your consent. We do share Personal Information with vendors who are performing services for the Company, unless otherwise stated in this Privacy Policy. 

In general, the Personal Information you provide to us is used to help us communicate with you. For example, we use Personal Information to contact users in response to questions, solicit feedback from users, provide technical support, and inform users about promotional offers.

We may share Personal Information with outside parties if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to meet any applicable legal process or enforceable governmental request; to enforce applicable Terms of Service, including investigation of potential violations; address fraud, security, or technical concerns; or to protect against harm to the rights, property, or safety of our users or the public as required or permitted by law.

In addition to the above disclosures, we may share your personal data to respond to lawful requests by law enforcement or other government authorities, including to meet national security requirements.

We may process your personal data for the below purposes: 

Purpose of ProcessingLawful Basis
To provide our products, Services, and Digital Properties to you, including processing and fulfilling transactions; enabling you to access the Digital Properties and our Services; operating, maintaining, and improving our Digital Properties and Services; communicating with you, such as by completing your support requests or providing security updates; and diagnosing, repairing, and tracking service and quality issues. Legitimate interests; Contract; Legal obligations
For our own business purposes, including maintaining internal business records and conducting internal reporting; collecting required information to perform accounting and similar business functions; auditing and managing projects related to our Services; performing IT security management and IT-related tasks, such as administration of our technologies and network; evaluating and improving our business, Services, and Digital Properties; and performing research and development of new products and services; and processing your survey and questionnaire responses.Legitimate interests; Contract; Legal obligations
For legal, safety, or security reasons, including to comply with legal requirements; establish, exercise, or defend against legal claims; protect the safety, security, and integrity of our property and the rights of those who interact with us or others; investigate any content or conduct policy violations; and detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity.These safety purposes may also involve collecting and processing special categories of personal data (i.e., health data), for office visits and events where necessary for public health or as required by applicable law.Legitimate interests; Contract; Legal obligations; Public interest
For marketing our products and Services or those of third parties, such as our business partners, including to solicit or publish testimonials or feedback about our products and Services; send you marketing and promotional communications or product recommendations (via email, phone, or other online and offline channels) about our Services or those of third parties; facilitate your participation in a contest or event; assess ad impressions or engage in contextual ad customization.You may opt out of marketing communications by clicking the “unsubscribe” link at the bottom of our marketing communications or contacting us via email to privacy@getroz.com. Consent (where required by law); Legitimate interests
To fulfill a referral request when you use our referral service to tell a friend about our Services, including by using the name, email address, title, and company name that you provide us to contact the person to whom you are referring. You must only provide others’ personal data if you have their consent to do so.Consent (where required by law); Legitimate interests
Corporate transactions, such as sales, mergers, acquisitions, reorganizations, bankruptcy, and other corporate events.Legitimate interests; Legal obligations
When you have voluntarily agreed to have your personal data processed.Consent

We will honor data subject rights to the extent required by law. You may under certain circumstances access, correct, update,or request deletion of your personal data (subject to exceptions) through the support portal or by sending an email to support@getroz.com

3.2 Non-Personal Information

In general, we use Non-Personal Information to help us improve the Service and customize the user experience. We also aggregate Non-Personal Information in order to track trends and analyze use patterns on the Site. This Privacy Policy does not limit in any way our use or disclosure of Non-Personal Information and we reserve the right to use and disclose such Non-Personal Information to our partners, and other third parties at our discretion.

In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. By using this Site, you consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our assets may continue to process your Personal Information as set forth in this Privacy Policy. 

4. Subprocessors

To ensure the smooth operation of our services, we work with third-party service providers, known as subprocessors, who process personal data on our behalf. These subprocessors assist us with essential functions such as cloud hosting, email delivery, data analytics, and customer support. We have implemented robust safeguards to ensure that your personal data is protected when processed by these subprocessors. The list of subprocessors can be found in our Terms of Service www.getroz.com/legal/terms.

4.1 Safeguards and Data Protection Measures

We are committed to ensuring that our subprocessors provide an adequate level of protection for your personal data. To achieve this, we:

  1. Data Processing Agreements: Enter into data processing agreements with each subprocessor that include stringent data protection obligations.
  2. Data Transfer Mechanisms: Ensure that any international data transfers are protected by appropriate safeguards.
  3. Regular Audits: Conduct regular audits and assessments of our subprocessors to ensure their compliance with our security standards and data protection policies.

4.2 Use of AI and Data Processing

We use artificial intelligence (AI) to enhance our services and provide you with better results and suggestions. By uploading documents to our site, you acknowledge and agree to the following:

  1. Evaluation with AI: Any document or content uploaded to our platform will be evaluated using AI technologies. This process helps us improve our product by generating embeddings and providing more accurate and personalized results and suggestions.
  2. Data Transfer to Subprocessors: As part of our AI evaluation process, your data, including any sensitive details provided by the user, may be transferred to our subprocessors. These subprocessors assist us in providing our services and are listed in the "Subprocessors" section in the Terms of Service www.getroz.com/legal/terms.
  3. Control of Uploaded Data: We cannot control the nature or content of the data that users upload to our platform. It is your responsibility to ensure that you do not upload any personal information or sensitive data that you do not want to be processed by our AI systems and other subprocessors. By using our platform, you consent to the processing of your information by our AI systems and subprocessors.
  4. User Responsibility: Any personally identifiable information (PII) or sensitive data uploaded to the system is at the discretion of the user. We encourage users to exercise caution and avoid uploading unnecessary personal or sensitive information.

5. How We Secure and Retain Information

We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password and other security measures, but, we urge you to take steps to keep your personal credentials safe. We further protect your information from potential security breaches by implementing security measures including, but not limited to, encryption, application monitoring, backup/recovery operations, and strong access controls. However, these measures do not guarantee that your information will not be accessed, disclosed, altered, or destroyed by breach. By using our Service, you acknowledge that you understand and agree to assume these risks.

Your personal data will be generally retained as long as necessary to fulfill the purposes for which we collected the personal data. Once you and/or your company have terminated the contractual relationship with us or otherwise ended your relationship with us, we may retain your personal data in our systems and records to ensure adequate fulfillment of surviving provisions in terminated contracts or for other legitimate business purposes, such as to evidence our business practices and contractual obligations, to provide you with information about our products and services, or to comply with applicable legal, tax, or accounting requirements. When we have no ongoing legitimate business need nor lawful legal ground to process your personal data, we will delete, anonymize, or aggregate it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible. 

6. Your Rights Regarding the Use of Your Personal Information

You have the right at any time to prevent us from contacting you for marketing purposes. When we send a promotional communication to a user, the user can opt out of further promotional communications by following the unsubscribe instructions provided in each promotional email. You can also indicate that you do not wish to receive marketing communications from us in the "Settings" section of the Site. Please note that notwithstanding the promotional preferences you indicate by either unsubscribing or opting out in the "Settings" section of the Site, we may continue to send you administrative emails including, for example, periodic updates to our Privacy Policy.

7. Data Protection Compliance

We are committed to protecting your personal data and respecting your privacy rights regardless of where you are located. Our data protection practices comply with international regulations, including the General Data Protection Regulation (GDPR) applicable in the European Economic Area (EEA), the United Kingdom General Data Protection Regulation (UK GDPR), the Swiss Federal Act on Data Protection (FADP), and the California Consumer Privacy Act (CCPA). 

By implementing these measures, we ensure that your personal data is protected to the same high security and compliance standard as required under the GDPR, UK GDPR, FADP, CCPA, and other applicable data protection laws, regardless of where it is processed.

7.1 Our Privacy Principles

  1. Transparency: We will always inform you about the data we collect, how we use it, and your rights regarding your data.
  2. Purpose Limitation: We collect and process your data only for specified, explicit, and legitimate purposes.
  3. Data Minimization: We collect only the data that is necessary for the purposes stated in this policy.
  4. Accuracy: We take reasonable steps to ensure that your data is accurate and up-to-date.
  5. Integrity and Confidentiality: We implement appropriate technical and organizational measures to ensure the security of your data.
  6. Accountability: We are responsible for, and can demonstrate compliance with, these principles.

7.2 Your Rights

As a data subject, you have rights under GDPR, UK GDPR, FADP, and CCPA, including:

  • Right to Access: The right to access your personal data.
  • Right to Rectification: The right to rectify inaccurate or incomplete data.
  • Right to Erasure: The right to erase your data (right to be forgotten).
  • Right to Restriction: The right to restrict the processing of your data.
  • Right to Data Portability: The right to data portability.
  • Right to Object: The right to object to processing.
  • Right to Withdraw Consent: The right to withdraw consent at any time (where processing is based on consent).

Under CCPA, California residents also have the following additional rights:

  • Right to Know: The right to know what personal information is being collected, used, shared, or sold, both as to the categories and specific pieces of personal information.
  • Right to Delete: The right to request deletion of personal information collected about you (with some exceptions).
  • Right to Opt-Out: The right to opt-out of the sale of your personal information.
  • Right to Non-Discrimination: The right not to be discriminated against for exercising any of these rights.

8. International Data Transfers

We operate globally, and your personal data may be transferred to, stored, and processed in countries outside of your country of residence, including the United States. These countries may have data protection laws that are different from the laws of your country.

We are committed to transparency regarding our data protection practices. Detailed information about the countries to which we transfer personal data, as well as the specific safeguards in place, is available in the "Subprocessors" section the Terms of Service www.getroz.com/legal/terms. We regularly review and update our data protection practices to ensure compliance with applicable laws and regulations.

9. Changes to Our Privacy Policy

The Company reserves the right to change this policy and our Terms of Service at any time. We will notify you of significant changes to our Privacy Policy by sending a notice to the primary email address specified in your account or by placing a prominent notice on our site. Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately. You should periodically check the Site and this privacy page for updates.

10. Contact Us

If you have any questions regarding this Privacy Policy or the practices of this Site, please contact us at: privacy@getroz.com 

Hampton Innovations Incorporated

Attn: Privacy Team

131 Continental Dr, Suite 305, Newark, DE 19713