CoCalc - Privacy Policy
Last Updated: August 23, 2023
Protecting your privacy is really important to us. With this in mind, we’re providing this Privacy Policy to explain our practices regarding the collection, use and disclosure of information that we receive through our Services. This Privacy Policy does not apply to any third-party websites, services or applications, even if they are accessible through our Services. Also, please note that, unless we define a term in this Privacy Policy, all capitalized terms used in this Privacy Policy have the same meanings as in our Terms of Service. So, please make sure that you have read and understand our Terms of Service.
Revisions to this Privacy Policy
Any information that is collected via our Services is covered by the Privacy Policy in effect at the time such information is collected. We may revise this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we’ll notify you of those changes by posting them on the Services or by sending you an email or other notification, and we’ll update the "Revision history" below to indicate when those changes will become effective.
1 Purpose
This Privacy Policy is incorporated by reference into the Sagemath Terms of Service (the “Terms”). The terms “Sagemath”, “we”, and “us” include Sagemath, Inc. and our affiliates and subsidiaries. This Privacy Policy explains our online and offline information practices, the kinds of information we may collect, how we intend to use and share that information, and how you can opt out of a use or correct or change such information. All other terms not defined in Section 13 or otherwise herein will have the meanings set forth in the Terms.
2 Scope
This Privacy Policy applies to Personal Information that is Processed by Sagemath in the course of our business, including on Sagemath websites (each a “Site”), mobile applications, forums, blogs, and other online or offline offerings (collectively the “Services”). All individuals whose responsibilities include the Processing of Personal Information on behalf of Sagemath are expected to protect that data by adherence to this Privacy Policy.
Sagemath complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Sagemath has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Sagemath has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit www.dataprivacyframework.gov. Additionally, Sagemath may protect information through other legally valid methods, including international data transfer agreements.
This Policy applies to all Sagemath’s operating divisions, subsidiaries, affiliates, and branches, including its U.S. affiliates certified under the DPF program and any additional subsidiary, affiliate, or branch of Sagemath that we may subsequently form.
3 TRANSPARENCY/NOTICE—TYPES of Personal Information We Collect and How We Use It
The types of Personal Information we may collect (directly from you or from Third-Party sources) and our privacy practices depend on the nature of the relationship you have with Sagemath and the requirements of applicable law. Some of the ways that Sagemath may collect Personal Information include:
-
You may provide Personal Information directly to Sagemath through interacting with the Services, participating in surveys, and requesting Services, or information.
-
As you navigate the Services, certain passive information may also be collected about your visit, including through cookies and similar technologies as described below.
We endeavor to collect only that information which is relevant for the purposes of Processing. Below are the ways we collect Personal Information and how we use it.
3.1 Types of Personal Information We Collect
Sagemath collects Personal Information regarding its current, prospective, and former clients, customers, users, visitors, guests, and Employees (collectively “Individuals”).
Information You Provide Directly to Us. When you use the Services or engage in certain activities, such as registering for an account with Sagemath, responding to surveys, requesting Services or information, or contacting us directly, we may ask you to provide some or all of the following types of information:
Communications with Us. We may collect Personal Information from you such as email address, phone number or mailing address when you choose to request information about our Services, register for Sagemath’s newsletter or a loyalty program that we may offer, request to receive customer or technical support, or otherwise communicate with us.
-
Surveys. We may contact you to participate in surveys. If you do decide to participate, you may be asked to provide certain information which may include Personal Information. All information collected from your participation in our surveys is provided by you voluntarily.
-
Posting on the Services. Sagemath may offer publicly accessible forums, blogs, and social media pages. You should be aware that, when you disclose information about yourself in on Sagemath’s forums, blogs, and social media pages, the Services will collect the information you provide in such submissions, including any Personal Information. If you choose to submit content to any public area of the Site, such content will be considered “public” and will not be subject to the privacy protections set forth herein.
Automatic Data Collection. We may collect certain information automatically through our Services or other methods of web analysis, such as your Internet protocol (IP) address, cookie identifiers, mobile carrier, mobile advertising identifiers, MAC address, details about your browser or device, geo-location information, Internet service provider, pages that you visit before and after using the Services, and other information about how you use the Services.
Information from Other Sources. We may receive information about you from other sources, including through Third-Party services and organizations to supplement information provided by you. This supplemental information allows us to verify information that you have provided to Sagemath and to enhance our ability to provide you with information about our business, products, and Services.
3.2 How Sagemath, Inc. Uses Your Information
We Process Personal Information about Individuals for the following business purposes:
To Provide Products, Services, or Information Requested:
- Generally manage Individual information and accounts;
- Respond to questions, comments, and other requests;
- Provide access to certain areas, functionalities, and features of Sagemath’s Services;
- Contact you to answer requests for customer support or technical support;
- Allow you to register for events.
Administrative Purposes:
- Measure interest in Sagemath’s Services;
- Develop new products and Services;
- Ensure internal quality control;
- Verify Individual identity;
- Communicate about Individual accounts and activities on Sagemath’s Services and systems, and, in Sagemath’s discretion, changes to any Sagemath policy;
- Send email to the email address you provide to us to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance;
- Process payment for products or services purchased;
- Process applications and transactions;
- Prevent potentially prohibited or illegal activities;
- Enforce our Terms.
Marketing Sagemath Products and Services:
- To tailor content, advertisements, and offers;
- To notify you about offers, products, and services that may be of interest to you;
- To provide Services to you and our sponsors;
- For other purposes disclosed at the time that Individuals provide Personal Information;
- Otherwise with your consent.
You may contact us at any time to opt out of the use of your Personal Information for marketing purposes as set forth below.
-
Research and Development. Sagemath may use Personal Information to create non-identifiable information that we may use alone or in the aggregate with information obtained from other sources, in order to help us to optimally deliver our existing products and Services or develop new products and Services. We may share anonymous Individual and aggregate data for research and analysis purposes.
-
Direct Mail, Email and Outbound Telemarketing. Individuals who provide us with Personal Information, or whose Personal Information we obtain from Third Parties, may receive periodic emails, newsletters, mailings, or phone calls from us with information on Sagemath’s or our business partners’ products and services or upcoming special offers/events. We offer the option to decline these communications at no cost to the Individual by following the instructions set forth below.
-
Anonymous and Aggregated Information Use. Sagemath may use Personal Information and other information about you to create anonymized and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access Sagemath’s Services, or other analyses we create. Anonymized or aggregated information is not Personal Information, and Sagemath may use such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes. We may share this information within Sagemath and with Third Parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
-
Sharing Content. Sagemath’s Services may offer various tools and functionalities that allow you to share content. For example, Sagemath allows you to provide information about your friends through our referral services, such as inviting a collaborator to a project. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services. Email addresses that you may provide for a friend or colleague will be used to send your friend or colleague the content or link you request, but will not be collected or otherwise used by Sagemath or any other Third Parties for any other purpose. The Services also allow you to share your content with Third Parties such as GitHub and NPM. Any Personal Information you choose to share with these Third Parties is not covered by this Privacy Policy. We encourage you to review the privacy policy of these Third Parties before submitting your Personal Information.
-
Other Uses. Sagemath may use Personal Information to pursue our legitimate interests, such as direct marketing, marketing research, network and information security, and fraud prevention and any other purpose disclosed to you at the time you provide Personal Information or otherwise with your consent.
3.5 Third-Party Payment Processing
When you make purchases through the Services, we process your payments through a Third-Party application, including Stripe, PayPal, (together with any similar applications, “Payment Processor”) and Social Networking Sites (“SNS”) such as Facebook, GitHub, Google, or Twitter. The Third-Party application may collect certain financial information from you to process a payment on behalf of Sagemath, including your name, email address, address and other billing information.
4 Human Resources Data
Sagemath collects Personal Information from current, prospective, and former Employees, their contact points in case of a medical emergency, and beneficiaries under any insurance policy (“Human Resources Data”). The Human Resources Data we collect may include title, name, address, phone number, email address, date of birth, passport number, driver’s license number, Social Security number or other government-issued identification number, financial information related to credit checks, bank details for payroll, information that may be recorded on a CV or application form, language abilities, contact information of third parties in case of an emergency and beneficiaries under any insurance policy. We may also collect Sensitive Human Resources Data such as details of health and disability, including mental health, medical leave, and maternity leave; information about national origin or immigration status; and optional demographic information such as race, which helps us achieve our diversity goals.
We Process Human Resources Data for a variety of business purposes including:
- Workflow management, including assigning, managing and administering projects;
- Human Resources administration and communication;
- Payroll and the provision of benefits;
- Compensation, including bonuses and long-term incentive administration, stock plan administration, compensation analysis, including monitoring overtime and compliance with labor laws, and company recognition programs;
- Job grading activities;
- Performance and employee development management;
- Organizational development and succession planning;
- Benefits and personnel administration;
- Absence management;
- Helpdesk and IT support services;
- Regulatory compliance;
- Internal and/or external or governmental compliance investigations;
- Internal or external audits;
- Litigation evaluation, prosecution, and defense;
- Diversity and inclusion initiatives;
- Restructuring and relocation;
- Emergency contacts and services;
- Employee safety;
- Compliance with statutory requirements;
- Processing of Employee expenses and travel charges; and
- Acquisitions, divestitures, and integrations.
5 Onward Transfer—Sagemath May Disclose Your Information
5.2 International Data Transfers
You agree that all information collected via or by Sagemath may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States, the European Union, in the cloud, on our servers, on the servers of our affiliates, or the servers of our service providers, in order to provide the Services.
6 Opt-Out (RIGHT TO object to PROCESSING)
6.1 General
You have the right to object to and opt out of certain uses of your Personal Information. Where you have consented to Sagemath’s Processing of your Personal Information or Sensitive Personal Information, you may withdraw that consent at any time and opt out of further Processing by contacting [email protected]. Even if you opt out, we may still collect and use non-Personal Information regarding your activities on our Services and/or information from the advertisements on Third-Party websites for non-interest based advertising purposes, such as to determine the effectiveness of the advertisements.
6.2 Email and Telephone Communications
If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. We will process your request within a reasonable time after receipt. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding Sagemath and our Services and you will not be able to opt out of those communications (e.g., communications regarding updates to our Terms or this Privacy Policy).
We maintain telephone “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within 60 days after receipt, or such shorter time as may be required by law.
6.3 Mobile devices
Sagemath may occasionally send you push notifications through our mobile applications with notices that may be of interest to you. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. Sagemath may also collect location-based information if you use our mobile applications. You may opt out of this collection by changing the settings on your mobile device.
6.4 Human Resources Data
With regard to Personal Information that Sagemath receives in connection with the employment relationship, Sagemath will use such Personal Information only for employment-related purposes as more fully described above. If Sagemath intends to use this Personal Information for any other purpose, Sagemath will notify the Individual and provide an opportunity to opt out of such uses.
6.5 “Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
7 Rights of Access, Rectification, Erasure, and Restriction
In accordance with applicable law, you may have the right to: (i) request confirmation of whether we are processing your personal information; (ii) obtain access to or a copy of your personal information; (iii) receive an electronic copy of personal information that you have provided to us, or ask us to send that information to another company (the “right of data portability”); (iv) restrict our uses of your personal information; (v) seek correction of inaccurate, untrue or incomplete personal information; and (vi) request erasure of personal information held about you by Sagemath, subject to certain exceptions prescribed by law. If you would like to exercise any of these rights, please contact us as set forth below.
We will process such requests in accordance with applicable laws. To protect your privacy, Sagemath will take steps to verify your identity before fulfilling your request.
8 Data Retention
Sagemath retains the Personal Information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
9 Security of Your Information
We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.
By using the Services or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services or sending an e-mail to you. You may have a legal right to receive this notice in writing.
10 Children’s Privacy
The Services are not directed to children under 16 years of age, and Sagemath does not knowingly collect Personal Information from children under 16 years of age. If we learn that we have collected any Personal Information from children under 16 years old, we will promptly take steps to delete such information.
11 Redress/Compliance and Accountability
If you have any questions about our privacy practices or this Privacy Policy, please contact Sagemath by email at [email protected]. We will address your concerns and attempt to resolve any privacy issues in a timely manner.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Sagemath commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Sagemath at the contact information provided above.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Sagemath commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
Such independent dispute resolution mechanisms are available to citizens free of charge. If any request remains unresolved, you may contact the national data protection authority for your EU Member State.
You may also have a right, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms; for additional information, see www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2. The Federal Trade Commission has jurisdiction over Sagemath’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
12 Other Rights and Important Information
12.1 Changes To Our Privacy Policy and Practices
We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.
12.2 California Privacy Rights
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the Third Parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. Sagemath does not share Personal Information with Third Parties for their own marketing purposes.
12.4 Compliance
This Policy shall be implemented by Sagemath and all its operating divisions, subsidiaries and affiliates. Sagemath has put in place mechanisms to verify ongoing compliance with DPF Principles and this Policy. Any Employee that violates these privacy principles will be subject to disciplinary procedures.
13 Definitions
The following capitalized terms shall have the meanings herein as set forth below.
-
“Agent” means any Third Party that Processes Personal Information pursuant to the instructions of, and solely for, Sagemath or to which Sagemath discloses Personal Information for use on its behalf.
-
“Employee” refers to any current, temporary, permanent, prospective or former employee, director, contractor, worker, or retiree of Sagemath or its subsidiaries worldwide.
-
“Personal Information” is any information relating to an identified or identifiable natural person (“Individual”).
-
“DPF Principles” means the seven (7) principles of the Data Privacy Framework: (1) notice, (2) choice, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access, and (7) recourse, enforcement, and liability. Additionally, it includes the sixteen (16) supplemental principles described in the Data Privacy Framework: (1) sensitive data, (2) journalistic exceptions, (3) secondary liability, (4) performing due diligence and conducting audits, (5) the role of the data protection authorities, (6) self-certification, (7) verification, (8) access, (9) human resources data, (10) obligatory contracts for onward transfers, (11) dispute resolution and enforcement, (12) choice – timing of opt-out, (13) travel information, (14) pharmaceutical and medical products, (15) public record and publicly available information, and (16) access requests by public authorities.
-
“Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
-
“Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes Personal Information regarding EU residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the Individual’s sex life; or (8) information relating to the commission of a criminal offense.
-
“Third Party” is any company, natural or legal person, public authority, agency, or body other than the Individual, Sagemath or Sagemath’s Agents.
14 Revision history
Title | Effective Date |
---|---|
Sagemath Privacy Policy | 2015-05-03 |
Updated Sagemath Privacy Policy | 2018-10-05 |
Updated Sagemath Privacy Policy | 2018-10-29 |
Updated Sagemath Privacy Policy - Privacy Shield | 2020-02-04 |
Updated Sagemath Privacy Policy - temporarily remove mention of Privacy Shield | 2020-02-06 |
Updated Sagemath Privacy Policy - restore mention of Privacy Shield | 2020-02-20 |
Updated Sagemath Privacy Policy - revise JAMS link | 2022-09-15 |
Updated Sagemath Privacy Policy - Data Privacy Framework instead of Privacy Shield | 2023-08-23 |
A revision control history for this web page can be found at github.com/sagemathinc/cocalc/commits/master/src/packages/next/pages/policies/privacy.tsx.
Questions?
Please contact us at [email protected] if you have any questions about our Privacy Policy.