Ervy: Microlearning platform for your company
Get started
Ervy: Microlearning platform for your company
Menu

Privacy Policy

Thank you for choosing to be part of our community and using the ervy.app website, owned and operated by WeAreDots, SIA, doing business as dots. (hereinafter referred to as “dots.”, “we”, “us”, or “our”).

Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal information with us.

When we refer to “dots.”, we mean the dots. entity that acts as the controller or processor of your information (see more detail in the “Identifying the Data Controller and Processor” section below).

Please also feel free to contact dots. at privacy@ervy.app if you have any questions about this Privacy Policy or dots.’s practices, or if you are seeking to exercise any of your statutory rights.

Applicability of this privacy policy

This Privacy Policy applies to dots.’s online workplace productivity tools and platform (collectively, the “Services”), ervy.app (the “Website”) and other interactions you may have with dots.

If you do not agree with the terms outlined in this Privacy Policy, do not access or use the Services, Website or any other aspect of dots.’s business.

This Privacy Policy does not apply to any third party applications or software that integrate with the Services through the dots.’s platform (“Third Party Services”), or any other third party products, services or businesses. In addition, a separate agreement governs delivery, access and use of the Services (the “Customer Agreement”), including the processing of any messages, files or other content submitted through Services accounts (collectively, “Customer Data”). The organization (e.g., your employer or another entity or person) that entered into the Customer Agreement (“Customer”) controls its instance of the Services (its “Workspace”) and any associated Customer Data. If you have any questions about specific Workspace settings and privacy practices, please contact the Customer whose Workspace you use. If you have received an invitation to join a Workspace but have not yet created an account, you should request assistance from the Customer that sent the invitation.

Identifying the data controller and processor

Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, Customer is the controller of Customer Data. In general, dots. is the processor of Customer Data and the controller of Other Information (See details under “What information do we collect?” section below)

What information do we collect?

dots. may collect and receive Customer Data and other information and data (“Other Information”) in a variety of ways:

Customer Data. Customers or individuals granted access to a Workspace by a Customer (“Authorized Users”) routinely submit Customer Data to dots. when using the Services.

Other Information. dots. also collects, generates and/or receives Other Information:

Workspace and Account Information. To create or update a Workspace account, you or your Customer (e.g., your employer) supply dots. with an email address, domain and/or similar account details. In addition, Customers that purchase a paid version of the Services provide dots. (or its payment processors) with billing details such as credit card information, banking information and/or a billing address.

Usage Information, such as:

  • Services Metadata. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way Authorized Users work. For example, dots. logs the Workspaces, channels, people, features, content and links you view or interact with, the types of files shared, and what Third Party Services are used (if any);
  • Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Website or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data;
  • Device information. dots. collects information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this Other Information often depends on the type of device used and its settings;
  • Location information. We receive information from you, your Customer and other third-parties that helps us approximate your location. We may, for example, use a business address submitted by your employer, or an IP address received from your browser or device to determine approximate location. dots. may also collect location information from devices in accordance with the consent process provided by your device.
  • Cookie Information. dots. uses cookies and similar technologies in our Website and Services to help us collect Other Information. The Website and Services may also include cookies and similar tracking technologies of third parties, which may collect Other Information about you via the Website and Services. For more details about how we use these technologies, please see our cookie policy/links.
  • Third Party Services. A Customer can choose to permit or restrict Third Party Services for its Workspace. Typically, Third Party Services are software that integrate with our Services, and a Customer can permit its Authorized Users to enable and disable these integrations for its Workspace. dots. may also develop and offer dots. applications that connect the Services with a Third Party Service. Once enabled, the provider of a Third Party Service may share certain information with dots. For example, if a cloud storage application is enabled to permit files to be imported to a Workspace, we may receive the user name and email address of Authorized Users, along with additional information that the application has elected to make available to dots. to facilitate the integration. Authorized Users should check the privacy settings and notices in these Third Party Services to understand what data may be disclosed to dots. When a Third Party Service is enabled, dots. is authorized to connect and access Other Information made available to dots. in accordance with our agreement with the Third Party Provider and any permission(s) granted by Customer (including, by its Authorized User(s)). We do not, however, receive or store passwords for any of these Third Party Services when connecting them to the Services.
  • Third Party Data. dots. may receive data about organizations, industries, lists of companies that are customers, Website visitors, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partners, or others that we use to make our own information better or more useful. This data may be combined with Other Information we collect and might include aggregate-level data, such as which IP addresses correspond to zip codes or countries, or it might be more specific: for example, how well an online marketing or email campaign performed.
  • Additional Information Provided to dots. We also receive Other Information when submitted to our Website or in other ways, such as if you participate in a focus group, contest, activity or event, apply for a job, enroll in a certification program or other educational program hosted by dots. or a vendor, request support, interact with our social media accounts or otherwise communicate with dots.
  • Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as Workspace setup details, is not provided, we may be unable to provide the Services.
How do we use your information?

Customer Data will be used by dots. in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. Customer may, for example, use the Services to grant and remove access to a Workspace, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services. In regards to Information provided to us, dots. is the processor of Customer Data and Customer is the controller.

dots. uses Other Information in furtherance of our legitimate interests in operating our Services, Website and business. More specifically, dots. uses Other Information:

  • To provide, update, maintain and protect our Services, Website and business. This includes use of Other Information to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities, or at an Authorized User’s request;
  • As required by applicable law, legal process or regulation;
  • To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Other Information to respond;
  • To develop and provide search, learning and productivity tools and additional features. dots. tries to make the Services as useful as possible for specific Workspaces and Authorized Users. For example, we may improve search functionality by using Other Information to help determine and rank the relevance of content, channels or expertise to an Authorized User, make Services or Third Party Service suggestions based on historical use and predictive models, identify organizational trends and insights, to customize a Services experience, or create new productivity features and products;
  • To send emails and other communications. We may send you service, technical and other administrative emails, messages, and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them. In addition, we may sometimes send emails about new product features, promotional communications or other news about dots. of which you may opt out (see section “Opting out of email marketing” below). If you have additional questions about a message you have received from dots. please reach out through the contact mechanisms described below;
  • For billing, account management and other administrative matters. dots. may need to contact you for invoicing, account management, and similar reasons and we use account data to administer accounts and keep track of billing and payments;
  • To investigate and help prevent security issues and abuse.

If information is aggregated or de-identified so that it is no longer reasonably associated with an identified or identifiable natural person, dots. may use it for any business purpose. To the extent information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data.”

Data retention

dots. will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law.

dots. may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Other Information after you have deactivated your account for the period of time needed for dots. to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes, and enforce our agreements.

How long do we keep your information?

We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.

We will only keep Information and/or Personal Data for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). No purpose in this policy will require us keeping your Information and/or Personal Data for longer than 2 years.

When we have no ongoing legitimate business need to process your Information and/or Personal Data, we will either delete or anonymize it, or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Information and/or Personal Data and isolate it from any further processing until deletion is possible.

How do we share and disclose information?

This section describes how dots. may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and dots. does not control how they or any other third parties choose to share or disclose Information. We only share Information with your consent, to comply with laws, to protect your rights, or to fulfill business obligations. This includes:

  • Customer’s Instructions. dots. will solely share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process;
  • Displaying the Services. When an Authorized User submits Other Information, it may be displayed to other Authorized Users in the same or connected Workspaces. For example, an Authorized User’s email address may be displayed with their Workspace profile;
  • Collaborating with Others. The Services provide different ways for Authorized Users working in independent Workspaces to collaborate, such as shared channels or email interoperability. Other Information, such as an Authorized User’s profile Information, may be shared, subject to the policies and practices of the other Workspace(s);
  • Customer Access. Owners, administrators, Authorized Users, and other Customer representatives and personnel may be able to access, modify, or restrict access to Other Information. This may include, for example, your employer using Service features to export logs of Workspace activity, or accessing or modifying your profile details;
  • Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide virtual computing and storage services, or we may share business information to develop strategic partnerships with Third Party Service providers to support our common customers;
  • Third Party Services. Customer may enable or permit Authorized Users to enable Third Party Services. We require each Third Party Service to disclose all permissions for information access in the Services, but we do not guarantee that they do so. When enabled, dots. may share Other Information with Third Party Services. Third Party Services are not owned or controlled by dots. and third parties that have been granted access to Other Information may have their own policies and practices for its collection, use, and sharing. Please check the permissions, privacy settings, and notices for these Third Party Services or contact the provider for any questions;
  • During a Change to dots.’s Business. If dots. engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of dots.’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements;
  • Aggregated or De-identified Data. We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective dots. customer the average amount of time spent within a typical Workspace;
  • To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation, or legal process;
  • To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property, or safety of dots. or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues;
  • With Consent. dots. may share Other Information with third parties when we have consent to do so.

We may process or share Personal Data based on the following legal basis:

  • Consent: We may process your Personal Data if you have given us specific consent to use your Information in a specific purpose.
  • Legitimate Interests: We may process your Personal Data when it is reasonably necessary to achieve our legitimate business interests.
  • Performance of a Contract: Where we have entered into a contract with you, we may process your Personal Data to fulfill the terms of our contract.
  • Legal Obligations: We may disclose your Information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
  • Vital Interests: We may disclose your Information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
Do we use cookies and other tracking technologies?

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies is set out in our Cookie Policy. You can find out more about this in our Cookies Policy.

Controls for do-not-track features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

Authentication using third party solutions

We do not knowingly solicit data from or market to children under 18 years of age. By using the Website or Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Website or Services. If we learn that Personal Data from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 18, please contact us at privacy@ervy.app .

Updating account information

Our Services may allow authentication through third party solutions (e. g. using Microsoft Office 365 account for sign in) that are not operated by us and are subject to the license, service, and/or privacy terms of the third party provider. If you use any third party solution for authentication on our Website or Services, we recommend you review the Privacy Policy of such third party provider. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party providers, their products or solutions used for authentication on our Website or Services.

If you use any third party solution for authentication on our Website or Services, you may not do so in any way that would subject our intellectual property or technology to obligations beyond those expressly included in our Customer Agreement and Privacy Policy. dots. assumes no responsibility or liability whatsoever for any third party product used to access our Website or Services. Customer is solely responsible for use of any third party product used to access our Website or Services and the use of any such product shall be governed by the license, service, and/or privacy terms between Customer and the publisher of the third party product (if any).

How can you review, update, or delete the data we collect from you?

If you would at any time like to review or change the information in your account or terminate your account, you can:

  • Log into your account settings and update your user account;
  • Contact us using the contact information provided below.

Upon your request to terminate your account, we will deactivate or delete your account and Information from our active databases. However, some Information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Customer Agreement and/or comply with legal requirements.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. For further information, please see our Cookies Policy.

Opting out of email marketing: You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below. You will then be removed from the marketing email list – however, we will still need to send you service-related emails that are necessary for the administration and use of your account. To otherwise opt-out, you may contact us using the contact information provided below.

What are your privacy rights?

Based on the laws of some countries, you may have the right to request access to the Personal Data we collect from you, change that data, or delete it in some circumstances. To request to review, update, or delete your Personal Data, please submit a request via privacy@ervy.app. We will respond to your request within 30 days.

You have the right:

  • to request access and obtain a copy of your Personal Data,
  • to request rectification or erasure;
  • to restrict the processing of your Personal Data; and
  • if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your Personal Data. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.

If we are relying on your consent to process your Personal Data, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.

If you are resident in the European Economic Area and you believe we are unlawfully processing your Personal Data, you also have the right to complain to your local data protection supervisory authority.

Dispute resolution

Any disputes relating to the processing of Personal Data shall be resolved by contacting dots.’s Data Protection Officer via e-mail privacy@ervy.app.

How do we keep your information safe?

We have implemented appropriate technical and organisational security measures designed to protect the security of any Personal Data we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your Personal Data, transmission of Personal Data to and from our Website is at your own risk. You should only access the Services within a secure environment.

Any Personal Data collected in the course of providing the Services is transferred to and stored in the data centres provided by Microsoft Corporation, which are located in the territories of the Member States of the European Union. Only authorised dots. employees have access to the Personal Data and they may access the data only for the purpose of resolving issues associated with the use of the Services (including resolving of disputes).

Our services are built in line with the following Zero Trust architecture principles:

1. Architectural awareness

When designing our services, we are aware of each architectural component. This helps us to identify all the resources used and prevent potential risks in the architecture.

2. Identify every event

We ensure that every identity representing a user, service, or device is uniquely identified. This helps us monitor user behavior, the device, and service health. We use a centralized SIEM (Security and Information Event Management) solution to track, hunt, and respond to security events. Just like our services, SIEM is cloud-native but architecturally separated to ensure data preservation and response capabilities in case of disruption to the application itself.

3. Use of policies

Each request for data or services is authorized by a policy. For every authorization request, there are specific Just-in-Time and Just-Enough-Access (JIT/JEA) policies in use.

4. Authenticate & authorize everywhere

Since our services work as a Microsoft Teams app, all users are authenticated by Microsoft 365 Single Sign-on (SSO) without requiring them to enter additional login credentials, reducing the risk associated with additional passwords to access our services. We recommend that you enforce Multi-Factor Authentication through Microsoft to increase the security of your credentials and in turn the security of the data you store on our services.

5. Don’t trust any network

All data within our services is encrypted both in transit (using TLS 1.2+) and at rest when stored in databases. In addition to the physical layer of protection provided by the Microsoft Azure platform, access to our services production environments is fully logged, audited, and restricted to a limited number of technical personnel during an incident investigation or limited set of maintenance works. Our services development is performed in entirely separate environments without use or access to customer data.

6. Choose services designed for Zero Trust

Our services were born in the cloud. All data is stored in highly secure Microsoft Azure datacenters, pinned to the EU locations. Microsoft Azure is designed with Zero Trust principles in heart.

What is our policy in case of data breach?

A privacy breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of Personal Data. You will be notified about data breaches when we believe you are likely to be at risk or serious harm. For example, a data breach may be likely to result in serious financial harm or harm to your mental or physical well-being. In the event that we become aware of a security breach which has resulted or may result in unauthorized access, use or disclosure of Personal Data we will promptly investigate the matter and notify the applicable Supervisory

Authority not later than 72 hours after having become aware of it, unless the Personal Data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

Do we make updates to this policy?

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

How can you contact us about this policy?

If you have questions or comments about this policy, you may email us at privacy@ervy.app or by post to:

WeAreDots, SIA

Kronvalda Boulevard 3-5,

Riga, LV-1010

Latvia

Phone: +371 67509912

info@wearedots.com