Privacy Policy


Kona Privacy Policy

Effective: Oct 1, 2023

This Privacy Policy describes how Sike Insights d/b/a Kona (“Kona,” “we,” “our,” “us”) collects, uses, and discloses information, and what choices you have with respect to the information.

APPLICABILITY OF THIS PRIVACY POLICY

This Privacy Policy applies to:  our bot for Slack, the Kona bot website (heykona.com) (the “Website”), and other interactions (e.g., customer service inquiries, user conferences, etc.) you may have with us (collectively, the “Services”).  By using our Services, you are agreeing to the terms of this Policy.

Please note that a separate agreement governs delivery, access, and use of the Services (the "Customer Agreement"), including the processing of any messages, files or other content submitted through Services accounts (collectively, "Customer Data"). The organization (e.g., your employer or another entity or person) that entered into the Customer Agreement ("Customer") controls their instance of the Services (their "decision making tools" or "Surveys" or Other) and any associated Customer Data. If you have any questions about specific decision-making tool settings and privacy practices, please contact the Customer whose decision-making tool you use. If you have received an invitation to join a decision-making tool in a Slack workspace but have not yet created an account, you should request assistance from the Customer that sent the invitation.

INFORMATION WE COLLECT AND RECEIVE FROM YOU

We may collect and receive Customer Data, and Automatically Generated Information  and data ("Automatically Generated Information ") in a variety of ways:

Customer Data.

Customers or individuals invited to use a decision-making tool by a Customer ("Authorized Users") routinely submit Customer Data to us when using the Services, which may include: Company name, Slack domain name, organization structures, etc.

Personal Data.

We process personal data through our Services on behalf of our customers and in accordance with applicable law. In order to use our Services, Personal Data provided by the Customer directly or indirectly (invitation to access Personal Data from a Workspace, or other) are accessible by  Kona in order to generate and/or operate decision-making tools. Authorized Users may provide Kona us with their Personal Data directly at instances, for example when they provide feedback or request client support or in any way communicate with us. This Personal Data may include their name and contact information. We will not collect or process any sensitive Personal Data (as defined under applicable law) through  Kona unless we have received express consent or as otherwise permitted by law.

Automatically Collected Information.

We also collect, generate and/or receive automatically collected information (Automatically Collected Information) when you interact with our Services:

1. Usage Information.

Services Metadata. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way Authorized Users work. For example, we may log the decision-making tools, channels, people, features, content, and links you interact with, the types of files shared and what Third Party Services are used (if any).

Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Website or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.

Report data. When you or Customer participates and/or generates a decision-making tool, we collect all supplied or relative information in view to produce and supply you and/or customer with results in form of a Report. Reports are archived and are retrievable by Customer. Reports may also be used for research, statistical purposes in order to improve our efficiency, update our Services, as well as feedback in order to create and launch marketing campaigns.

Device information. We may collect information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this Automatically Generated Information often depends on the type of device used and its settings.

Location information. We may receive information from you, your Customer and other third-parties that helps us approximate your location. We may, for example, use a business address submitted by your employer, or an IP address received from your browser or device to determine approximate location in order to align our Services with your current time-zone. We may also collect location information from devices in accordance with the consent process provided by your device.

Cookie Information. We use cookies and similar technologies in our Website and Services that help us collect Personal Data. Cookies are small files that are stored on your computer by your web browser.  A cookie allows a website to recognize whether you have visited before and may store user preferences and Personal Data. For example, cookies can be used to collect or store information about your use of our Website during your current session and over time (including the pages you view and the files you download), your computer’s operating system and browser type, your Internet service provider, your domain name and IP address, your general geographic location, the website that you visited before the Website, and the link you used to leave the Website. The Website and Services may also include cookies and similar tracking technologies of third parties, which may collect Personal Data about you via the Website and Services and across other websites and online services. If you are concerned about having cookies on your computer, you can set your browser to refuse all cookies or to indicate when a cookie is being set, allowing you to decide whether to accept it.  You can also delete cookies from your computer.  You may also opt out of “third party cookies” by following the instructions provided in the Cookies Policy particulars before consenting to our use of Cookies when you visit our Website and Services. However, if you choose to block or delete cookies, certain features of our Website may not operate correctly. If you have any questions about our use of cookies, you may contact us at sid@heykona.com.


Third Party Services.

Typically, Third Party Services are software that integrates with our Services, and Customer can permit its Authorized Users to enable and disable certain integrations, while other (e.g. invoicing, billing, payments’ integrations) are required for the operation of Sike Insights therefore Customer or Authorized Users are required to use if they intend to use our Services. Once enabled, the provider of a Third-Party Service may share certain information with us. Authorized Users should check the privacy settings and notices in these Third-Party Services to understand what data may be disclosed to us. When a Third-Party Service is enabled, our Services are authorized to connect and access Automatically Generated Information made available to us in accordance with our agreement with the Third-Party Provider. We do not, however, receive or store passwords or means of payment/ transaction details (for example credit-card numbers) for any of these Third-Party Services when connecting them to the Services. Furthermore, for purposes of Due Diligence, Analytics, Client Support, Quality Control and Communication we may employ Third Party Services in view to acquire information and data, as well as Personal Data, in order to comply with our legal, contractual or client service and support obligations as well as improve our product. Such services may include (list non-exhaustive) Google Analytics, Segment, Stripe, etc.

HOW WE USE YOUR INFORMATION

Customer Data will be used by us in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. We are a processor of Customer Data and Customer is the controller. Customer may, for example, use the Services to grant and remove access to an Authorized User, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services.

In our role as a controller, our legal bases for processing your Personal Data are: 1) our legitimate interest in running and maintaining our business; 2) performance and fulfillment of our contracts; 3) your consent; and 4) compliance with our legal obligations. In many instances, more than one of these legal bases apply to the processing of your personal information.

More specifically, we use Personal Data:

- To provide, update, maintain and protect our Services, Website, and business. This includes use of Personal Data to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at an Authorized User’s request.

- As required by applicable law, legal process or regulation.

- To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Personal Data to respond.

- To develop and provide search, learning and productivity tools and additional features. We try to make the Services as useful as possible for Customers and Authorized Users. For example, we may improve configuration functionality by using Personal Data to help determine and rank the relevance of content, series and hierarchy of questions to an Authorized User, make Services suggestions based on historical use and predictive models, identify organizational trends and insights, to customize a Services experience, create new productivity features and products and apply machine learning capabilities in view to further improve insights.

- To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices, update policies, terms of use or requests for consent. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about us. These are marketing messages so you can control whether you receive them and you can unsubscribe from such service anytime.

- For billing, account management and other administrative matters. we may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments. Such data and information will be furthermore retained and used as may be required by applicable law.

- To investigate and help prevent security issues and abuse.

- To provide Kona’s Reports.

We may aggregate or deidentify information in accordance with applicable law and use it for the purposes outlined above. If we link any Personal Data with information that we collect from Third Parties, we will treat that information in accordance with this Policy.

GOOGLE API

Kona’s use and transfer of information received from Google APIs (specifically users’ Google Calendar data)  to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements. Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models.

DATA RETENTION

We will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. Depending on the Services plan, Customer may be able to customize its retention settings and apply those customized settings. The deletion of Customer Data and other use of the Services by Customer may result in the deletion and/or de-identification of certain associated Personal Data. We will delete any Personal Data we process on behalf of our Customers if instructed to do so.

When we are a controller, we retain Personal Data about you necessary to fulfill the purpose for which that information was collected or as required or permitted by law. We do not retain Personal Data longer than is necessary for us to achieve the purposes for which we collected it. When we destroy your personal information, we do so in a way that prevents that information from being restored or reconstructed.


HOW WE SHARE AND DISCLOSE YOUR INFORMATION

This section describes how we may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and we do not control how they or any other third parties choose to share or disclose Information. Furthermore, insights may be visible or accessible by Authorized Users, we do not control how they or any other parties chose to share or disclose such Information.

- Customer’s Instructions. We may share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process.

- Displaying the Services. When an Authorized User submits Personal Data, it may be displayed to other Authorized Users. Please consult the FAQ for more information on Services functionality.

- Collaborating with Others. The Services provide different ways for Authorized Users to collaborate. Personal Data, such as an Authorized User’s profile Information, may be shared, subject to the policies and practices.

- Customer Access. Owners, administrators, Authorized Users and other Customer representatives and personnel may be able to access, modify or restrict access to Personal Data and Customer Data. This may include, for example, your employer using Service features to export activity logs and reports.

- Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Personal Data or Automatically Generated Information and support our business. These third parties may, for example, provide virtual computing and storage services.

- Third Party Services. Customer may enable or permit Authorized Users to enable Third Party Services. When enabled, we may share Automatically Personal Data with Third Party Services. Third Party Services are not owned or controlled by us and third parties that have been granted access to Personal Data may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third-Party Services or contact the provider for any questions. If required by our policies or law, we will ask for your consent and/or the Customer’s before engaging any such service.

- Corporate Affiliates. We may share Personal Data with our corporate affiliates, parents and/or subsidiaries.

- During a Change to Sike Insights' Business. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Personal Data may be shared or transferred, subject to standard confidentiality arrangement and applicable legal requirements.

- Analytics.  We partner with certain third parties to obtain the automatically collected information discussed above and to engage in analysis, auditing, research, and reporting.  These third parties may use web logs or web beacons, and they may set and access cookies on your computer or other device.  In particular, the Website uses Google Analytics to help collect and analyze certain information for the purposes discussed above.  You may opt out of the use of cookies by Google Analytics here.

- Interest-based advertising.  The Services also enable third-party tracking mechanisms to collect information about you and your computing devices for use in online interest-based advertising. For example, third parties may use the fact that you visited our Website to target online ads to you.  In addition, our third-party advertising networks might use information about your use of our Website to help target advertisements based on your online activity in general. For information about interest-based advertising practices, including privacy and confidentiality, visit the Network Advertising Initiative website or the Digital Advertising Alliance  website. The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy.  If you prefer to prevent third parties from setting and accessing cookies on your computer or other device, you may set your browser to block cookies.  Additionally, you may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of companies participating in the Digital Advertising Alliance by opting out here.  Although our Website currently does not respond to “do not track” browser headers, you can limit tracking through these third-party programs and by taking the other steps discussed above.

- To Comply with Laws, enforce our rights, prevent fraud, and for safety. If we receive a request for information, we may disclose Personal Data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. We cooperate with law enforcement authorities, as well as with other third parties, to enforce laws, intellectual property rights and to prevent fraud. In response to a verified request by law enforcement or other government officials relating to a criminal investigation or alleged illegal activity, we can, and you authorize us to, disclose your name, e-mail address and website use history, with or without a subpoena. Without limiting the above, we will not disclose your Information to any law enforcement or other governmental officials without a subpoena or court order, except when we believe in good faith that the disclosure of information is necessary to protect our rights, enforce our policies, respond to claims that your use of our Services violates our Sike Insights' policies or rights or others, or protect anyone’s rights, property or safety, enforce contracts or policies.
SECURITY

We take security of data very seriously. We employ physical, technical, and administrative procedures to safeguard the personal information we collect online and work hard to protect all and Personal Data you provide from loss, misuse, and unauthorized access or disclosure. These security practices are in line with industry best practices. However, no website or platform is 100% secure, and we cannot ensure or warrant the security of any information you transmit to the Services or to us, and you transmit such information at your own risk.

AGE LIMITATIONS

To the extent prohibited by applicable law, we do not allow use of our Services and Website by anyone younger than 13 years old. If you learn that anyone younger than 13 has unlawfully provided us with Personal Data, please contact us and we will take steps to delete such information.

CHANGES TO THIS PRIVACY POLICY

We may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, We will provide additional notice, such as via email or through the Services. If you disagree with the changes to this Privacy Policy, you should deactivate your Services account. Contact the Customer if you wish to request the removal of Personal Data under their control.

INTERNATIONAL DATA TRANSFERS

We may transfer your Personal Data to countries other than the one in which you live for the purposes described above. We also may subcontract the processing of your data to, or otherwise share your data with, affiliates or third parties in the United States or countries other than your country of residence.  The data-protection laws in these countries may be different from, and less stringent than, those in your country of residence. By using the Services or by providing any personal or other information to us, you expressly consent to such transfer and processing.
When transferring data internationally from the EU or UK, we may rely on Standard Contractual Clauses or the UK International Data Transfer Agreement to meet the adequacy and security requirements for our Customers in those regions.

YOUR RIGHTS

As noted previously, we are generally a “processor” in relation to Customer Data that we process, including any Personal Data that we process on behalf of our Customers. If you have any questions about specific decision-making tool settings and privacy practices, including the rights that may be available to you, please contact the Customer whose decision-making tool you use.

If you are a resident of the EU, UK, or another jurisdiction with an applicable privacy law, you may have certain rights available to you in relation to Personal Data that we process as a controller. These rights may include:

- The right to be informed about our data collection practices;
- The right to access and rectify your data;
- The right to erase or delete your data;
- The right to data portability;
- The right to restrict and object to the processing of your data (including for direct marketing purposes);
- The right to opt-out of the sale of your information;
- The right to opt-out of marketing emails and text messages;
- The right to limit our use of any automated decision-making processes;
- The right to lodge a complaint to your local data protection authority; and
- The right to withdraw consent (to the extent applicable).

You may contact us using the contact information below to exercise any of these rights.

DATA PROTECTION OFFICER

To exercise any of the rights outlined above or to otherwise communicate with our Data Protection Officer, please email sid@heykona.com.

CONTACTING US

Please also feel free to contact us if you have any questions about this Privacy Policy or our practices, or if you are seeking to exercise any of your statutory rights. You may contact us at sid@heykona.com.

Read the Story
Our signature dog logo.

Get expert leadership advice when you need it.

Copyright (c) 2024. All Rights Reserved. Kona uses a large language model (LLM) for summarization, content, and coaching. Inaccurate content may be generated by LLMS.
Wave SVG