1. Overview.
1.1. This privacy policy sets out how Go-Cort Inc., dba Apptoto (“Apptoto”, “Company”, “we”, “us” or “our”) collects, uses, and protects your personal information when you use or access our website, application(s), and any related products or services that we offer (collectively, “Services”). This Privacy Policy also describes how we share certain information with third parties and what you can do to control the use, collection, and sharing of your personal information. This Privacy Policy applies to all use or access of our Services and all information provided to us (whether by phone, email, or through the use of and registration for our Services), but does not apply to third parties’ sites or services that may be linked to or otherwise available through our Services.
2. Updates.
2.1. We may change this policy from time to time by updating this page. We will not, however, retroactively
change how we share your personal information without your consent. We will provide notice of any material changes we deem appropriate before they take effect. You should check this page from time to time to ensure that you are happy with any changes.
3. Information We Collect.
3.1. When your information is submitted to Company through our Services, or when you correspond with Company, Company receives and stores that information, including personal information. Personal information includes any information that could reasonably be used to personally identify you or a third party individual, including information automatically obtained through “cookies” when you use our Services, and information you provide to us when you register to use our Services or create a user account. Depending on how you use our Services, your information may include:
- Registration-related information (such as name, addresses, e-mail addresses, telephone numbers, occupation, information imported from social log-in permissions granted to us);
- information about the Services that you use, how frequently you use them, and your responses to the offerings and advertisements presented or made available by us;
- information about the searches you perform on our website or in our other Services and how you use the results of those searches;
- transaction-related information such as credit card or other preferred means of payment, billing information, or a history of purchases through our Services (while we collect credit card payment information, we do not store it – it is sent directly to our payment processors);
- customer service information about you as a user of our Services;
- location data;
- third person personal data that you as a subscriber (or trial user) provide to us and direct us to process, including information about appointments scheduled through Apptoto’s Online Booking feature, third person names, emails, phone numbers, postal codes, notes you’ve created, and related calendar appointment information for third persons including the “purpose” of a calendar meeting;
- calendar appointment information that you as a subscriber (or trial user) provide to us and direct us to process including date, time, title, location and subject;
- Information about subscription support requests including sales and support requests and responses, and your agreement to our policies and licenses;
- subscriber login portal password;
- information about any devices, connections and methods used to access and interact with us;
- or other information specifically related to your use of Services, including information that you publicly post using tools made available by us.
3.2. The processing of third party personal data that you provide to us and direct us to process is subject to a separate Data Processor Agreement.
3.3. If you use our single-sign-on functionality or use any social media platforms in connection with our Services, we may collect personal information that you make available to us through those social media platforms, including, without limitation, your profile and account information. Please remember that the privacy policies and practices of third parties govern your use of their products and services.
3.4. We may employ clear gifs (also known as web beacons), which are used to anonymously track the online usage patterns of our users. We may also use clear gifs in HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients. This information allows for more accurate reporting and improvement of our Services.
3.5. When you visit our website or otherwise use our Services, we also automatically receive and record certain information that your web browser provides, such as: your web request, IP address, browser type, browser language, referring/exit pages and URLs, platform type, domain names, type of device and operating system, pages, and information about your usage and interaction with our Services.
3.6. Cookies. In addition, we may use “cookies” (session ID or persistent) or similar technologies to record session identification such as browser type, pages, and information about your use and interaction with our Services. You may be able to opt-out of the cookies delivered by our Services by changing the settings on your internet browser. Please note that if you disable cookies in your browser settings, you may not be able to use all of our Services features. If you are a visitor to our website or a subscriber, then disabling cookies may affect your ability to access or use our Services and will limit our ability to provide you with Services and customer support. If you are a third party client of one of our subscribers viewing an appointment webpage, disabling cookies may slow your access to the appointment information.
4. How Company Uses Your Personal Information.
4.1. Services and Functionality. In summary, we only use your information to provide the Apptoto services advertised (i.e. appointment messaging and scheduling). We DO NOT sell your information. We do share your information with third parties as described below but only to provide the services offered. Specifically, we use the information we collect to contact you and send reminders, to allow you to link our Services to your social media accounts, to allow you to connect with us through social media platforms, to allow you to interact with our Services and other users, to improve the content or functionality of our Services, to provide you with information you specifically request, to provide product support, updates, and customer service, to contact you regarding new products, services, or upcoming events, and to comply with legal requirements. We also use the data you provide to us and direct us to process to create a web page for each appointment generated and to make our application functional. While fully customizable, the appointment page generally contains just your company name, and the date, time, and location of the appointment.
4.2. Third Parties Providing Services on Our Behalf. Except as provided in this Privacy Policy, we will not sell, rent, swap, or authorize any third party to use your email address or other personal information without your permission. With your consent, however, we may share personal information with third parties. We also engage third-party service providers within our Services and we may share information with those third-party service providers. The information we receive from such service providers is subject to this Privacy Policy. If and when we disclose personal information to service providers, those providers are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which Company discloses it to them.
Our Services may include features or functionalities provided by third parties. In the process of providing such functionalities within our services, your browser may automatically send certain technical information to the third party provider. The use of these third-party provided features or functionalities is subject to those third parties’ privacy policies. For example, without limitation, we may use a third party for ad serving, retargeting, remarketing, and/or for analytics, in which case, such third party may have access to your data, subject to their policies. These third-party vendors may use their own cookies and other third-party cookies together to (a) inform, optimize, and serve ads across the web based on your past visits to our website and others, and (b) report to us how your ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to our site. We encourage you to familiarize yourself with any third-party provider’s practices and policies before using their products or services. Except as stated elsewhere in this Policy, if and to the extent from time to time we use Double Click or another Google brand, or Facebook, for ad serving, analytics, remarketing, retargeting, etc., you can set certain preferences and opt-outs using Google Ads Settings, and Google Analytics’ currently available opt-outs.
4.3. Business Transfer. In the event that ownership of us was to change as a result of a merger, acquisition, or transfer to another company, your information may be transferred. If such a transfer results in a material change in the use of your information, you will be provided notice (which may be via updates to this page) about the choices you have to decline to permit such a transfer.
4.4. Administrative and Legal Reasons. In addition, we will disclose your personal information when we are required to do so by law or believe in good faith that such disclosures are required to: (1) comply with the law or with legal process, including but not limited to lawful requests by public authorities that may be made to meet national security or law enforcement requirements; (2) enforce any legal agreements between you and us, including without limitation, our End User License Agreement and Website Terms of Use Agreement for your use of our Services; (3) protect your safety or security; (4) protect the safety or security of the Company, our Services, our property, and our employees; or (5) protect the safety or security of third parties. Among other things, this means that if you provide false information or attempt to pose as someone else, information about you may be disclosed as part of any investigation into your actions.
5. Changing, Correcting, or Updating Your Information.
5.1. You can obtain access to the personal information we currently have on file for you and/or correct inaccuracies in such personal information by making a written request to Company by mail or email to the addresses contained in the “Contact Us” section below. Some of our Services may allow you to update your personal information through your user account. We will correct or remove inaccurate information as requested as long as we do not need to retain the information for legitimate business or legal purposes. We also reserve the right to verify whether the information is correct. For your protection, you may be asked to provide additional information to verify your identity before being granted access to your personal information.
6. Children.
6.1. Our Services are not directed to individuals under the age of 13, and we do not knowingly collect personally identifiable information from children under age 13. If you are under age 13, you are not authorized to use or access our Services. If we discover that we have received any personal information from a child under the age of 13, we will delete that information immediately. If you believe we have any information from or about anyone under age 13, please contact us at the address listed below.
7. Our Email Policy.
7.1. We comply with applicable law. We will not share, sell, rent, or authorize any third party to use your email address for commercial purposes without your permission. However if you upload or otherwise share email addresses or contact information, you are representing and warranting to Company that you have the appropriate permission to upload or share such information.
7.2. Company reserves the right to send you email related to your account status and notifications about significant changes to this Privacy Policy. We will also use your email address to respond to any email from you. Please be aware that if you send us an email, the information disclosed in your email may not be secure. We suggest that you exercise caution if sending personal or confidential information to us via email.
8. How We Protect Your Information.
8.1. We protect the security of your information through use of commercially reasonable security features. We also use TLS or SSL security when transmitting certain sensitive information. Of course, no security system is perfect and we do not guarantee that your information is absolutely safe or that information you transmit will not be intercepted. We are PCI-compliant in our collection and use of credit card data.
8.2. Also, we restrict access to your personal information to our employees, agents, subcontractors, or other personnel who need to know that information in order to provide you the goods or services offered through our Services. We do not share, rent, or lease your personal information to third parties not otherwise referenced in this policy. Keep in mind, however, that our Services allow you to provide personal information directly to third parties. This Privacy Policy does not govern the security of personal information that you provide to third parties.
9. HIPAA.
9.1. Sometimes, we are a business associate as that term is defined in the Health Insurance Portability and
Accountability Act of 1996 (“HIPAA”). In those instances, we will enter into a Business Associate Agreement (“BAA”) with each covered entity related to the protection, use, and disclosure of protected health information (as defined in HIPAA) provided to us in connection with providing our Services. We will also enter into a BAA with subcontractors, as necessary and applicable.
10. Shine the Light.
10.1. Under California Civil Code Sections 1798.83-.84, California residents are entitled to ask for a notice
identifying the categories of personal customer information that we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a current Company customer and California resident and would like a copy of this notice, please submit a written request to: Go-Cort, Inc., 61149 South Highway 97 #505, Bend, OR 97702.
11. Other Notices and Rights: European Union General Data Privacy Regulation (GDPR).
11.1. We disclose personal information to third party processors whose services are required for our Services to function, including, but not limited to:
- Amazon RDS
- Purpose: Main database storage for central user table and non HIPAA appointment & contact data.
- Zendesk.com
- Purpose: Email support case management.
- Close.io
- Purpose: CRM used to track sales calls and emails.
- Clearbit
- Purpose: Determine how likely a new user is fraudulent.
- Chargify
- Purpose: Subscription billing processor.
- Braintree
- Purpose: One of 3 payment gateways connected to Chargify.
- Stripe
- Purpose: One of 3 payment gateways connected to Chargify.
- Authorize.net
- Purpose: One of 3 payment gateways connected to Chargify.
- Scalyr
- Purpose: Logging aggregator.
11.2. We also disclose personal information to third party processors whose services are highly useful and assist in the functioning of our Services, including:
- Google Analytics
- Purpose: Anonymous usage tracking and marketing data.
- Facebook Pixel
- Purpose: Marketing.
- Mailchimp.com
- Purpose: Newsletter subscriptions and mailings.
- Mixpanel.com
- Purpose: Product engagement tracking.
- Fullstory.com
- Purpose: Product engagement tracking.
- Intercom.io
- Purpose: Email marketing and in-application support.
Except as may be prohibited by applicable law, our third party processors identities may change without notice. If you have questions about their identity, please contact us.
11.3. If you are a subscriber (or trial user) and a health care provider, then Company may obtain and process “special categories” of personal data from you about third parties in the European Union. “Special categories of personal data” as used in this policy means data about third parties in the European Union that may reveal “racial or ethnic origin, generic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health.” Company obtains and processes this type of data only at the direction of a subscriber (or trial user) controller of data and pursuant to a separate data processing agreement. By using the Services, you represent that you have obtained the appropriate consent to allow the processing of that data.
11.4. Lawful Bases. If you are in the European Union, we collect and process your personal information only when we have a lawful basis to do so. Lawful bases include your consent, the fulfillment of our contractual rights or obligations, complying with applicable law, and the legitimate interests of Company or third parties (provided that processing your data for a legitimate interest does not outweigh your rights and freedoms). Examples of a legitimate interest include (i) analyzing user data to maintain and improve our Services for all users; (ii) providing you with access to our Services; (iii) providing you with up-to-date information about new features of our Services; (iv) engaging third-party providers to deliver certain features of our Services; and (v) complying with record retention laws or other legal obligations. You may withdraw your consent or object to a legitimate interest at any time by contacting us at the information provided below.
11.5. Cross-Border Transfer. Our Service is hosted on U.S. servers. Any personal information you provide to us will be processed and stored on servers in the U.S., the laws of which may be deemed by other countries to have inadequate data protection. Accordingly, if you are located outside the U.S., you consent and continue to consent to the processing and storage of such data in the U.S. We have agreements in place with our affiliates and contractors that process your personal data that include standard contractual clauses to protect your rights with respect to your data.
11.6. If you choose not to provide personal information, you may be unable to access or use our Services.
11.7. Your Personal Information. If you would like to obtain a copy of your personal information provided to or collected by us, or if you would like to correct or delete such information from our database, send us an email at the email address listed at the bottom of this policy to submit a request. Depending on the law that applies where you live, you may have additional rights, such as the right to request that we send your information to another organization of your choice (where technically feasible) and, that we restrict our processing of your data.
11.8. Opting Out. If you are in the European Union, we send promotional and marketing communications only with your consent. If you no longer wish to receive these or other communications from us, send us an email at the email address listed at the bottom of this policy. You can stop receiving newsletter email communications from us by clicking on the “unsubscribe” link provided in such communications.
11.9. Improper Collection and Misuse of Personal Information. Please report any improper collection or misuse of personal information to the email address listed at the bottom of this policy. Depending on the law where you live, you may also have the right to file a complaint with your local data protection authority.
11.10. When you land on our webpage for the first time, your IP address may be collected and used to automatically process your geolocation in order for us to present to you the choice to opt-in or the choice to opt-out of our newsletter and other marketing. Depending on where you are located, you may have rights related to avoiding automated processing of your personal data or objecting to the same.
12. Retention of Personal Data.
12.1. Personal data of subscribers (and trial users), including third party personal data provided to us by subscribers, will be retained for one year after termination or expiration of the contract between us and the subscriber unless at the time of termination or expiration the subscriber (or trial user) requests to have the data deleted immediately. During a subscription term, you may elect to have data deleted automatically after one, two, or three years. Otherwise we continue to process that data to provide the Services. You may contact us at any time and request that personal data be deleted from our database.
13. “Do Not Track” Signals.
13.1. We do not respond to browser-based “do not track” settings or signals at this time.
14. Contact Us.
By Mail: Go-Cort, Inc., 61149 South Highway 97 #505, Bend, OR 97702
By phone: 888-318-3765
By email: support@apptoto.com