Sixfold Website Privacy Policy

Last Updated: August 29, 2023


1. Introduction

This Privacy Policy covers how Sixfold AI, Inc. (“Sixfold”, “we”, “our” or “us”) collects, uses, discloses and stores information about you when you (as a visitor, account owner, registered user, or other user) access or use our (i) website (the “Website”), (ii) services provided by Sixfold as SAAS solutions via the Website or otherwise (the web-based application platform and the mobile/device App versions, the “Services”), (iii) Sixfold API, and/or (iv) any other product, service, or solution provided by Sixfold (“Other Solutions” and collectively with the Website, Services, and Sixfold API, the “Sixfold Package Solutions”). 

The Services will be subject to a separate SAAS Services Agreement and access to the Sixfold API will be governed by a separate API License Agreement. If any terms of the SAAS Services Agreement, API License Agreement, or other agreement governing the use of the Other Solutions conflict with the terms of this Privacy Policy, the terms of such other agreements shall have priority over any conflicting terms in this Privacy Policy. 

2. What Information We Collect and How We Collect It

In order to provide our Sixfold Package Solutions to you and to ensure that our Sixfold Package Solutions operate correctly, we collect various types of information, including information that identifies you or may identify you as an individual or the entity you represent (“personal information”). When you use our Website, contact us, create an account, or become a registered user of our Sixfold Package Solutions, we collect the following information: 

A. Information You Provide to Us:

i. If you use the contact information provided on the https://www.sixfold.ai Website to contact us directly, we collect your contact information which includes your email address and may collect your name, title, business association, and reason for contacting us. 

ii. When you sign up for a trial account, we collect your name, email, mobile phone number, business association, and password. When you purchase a plan to use our Sixfold Package Solutions requiring registration, we collect your name, email address, mobile phone number, business association, billing address, zip code, country, company, and any other information you voluntarily provide to us. 

B. Information We Automatically Collect When You Use Our Sixfold Package Solutions:

i. Internet Protocol Address (“IP address”).

ii. Usage Data. Information collected automatically through the Sixfold Package Solutions (or third-party services employed in the Sixfold Package Solutions) including the domain names of the computers, tablets, mobile phones or other devices used to access Sixfold Package Solutions (collectively, “Devices”) utilized by the users who use our Sixfold Package Solutions (the “Users”), the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Sixfold Package Solutions) and the details about the path followed within the Sixfold Package Solutions with special reference to the sequence of pages visited, and other parameters about the Device operating system and/or the User’s IT environment. 

iii. Information collected by cookies and other similar technologies. We use various technologies to collect information that include saving cookies to Users’ Devices. These tools help us understand and improve the performance of the Sixfold Package Solutions.

iv. Your Communications with Us.  We may collect information communicated with us when you request information about our Sixfold Package Solutions, or request customer or technical support, or otherwise communicate with us.

v. Job Applications.  We may post job openings and opportunities on our Website.  If you reply to one of these postings by submitting your application, resume, CV and/or cover letter to us, we will collect and use your information to assess your qualifications.

C. Information We Collect From Third Parties:

i. We may receive personal information about you from partners, third-party service providers, external organizations, social media websites, and other third-party sources.

3. How We Use The Information We Collect

A. Services.  We use the information we collect in connection with the Sixfold Package Solutions we provide. We use the information we collect to set up User accounts and registered users; provide, operate, and maintain Sixfold Package Solutions; process and complete transactions; provide customer service and support and respond to inquiries; send communications; prevent fraudulent activity; for registration and authentication purposes; and for any other purpose based on our legitimate interest.

B. Services Administration and Improvement.  We use the information we collect to administer and improve all of our Sixfold Package Solutions.

C. Analytics.  We use aggregated information that is collected to understand general information and trends related to our Sixfold Package Solutions, such as how many people have visited our Website during a given period of time and the types of Devices Users use with our Sixfold Package Solutions. This information cannot be used to identify an individual. We use this information to help improve our Sixfold Package Solutions.

D. Respond to Inquiries.  If you choose to contact us directly using the methods posted on our Website (by email, website form, chat bot, postal mail, or voicemail), we will respond to you using the contact information you provided in your inquiry.

E. Handling Payments.  We may use payment processing services to process payments by credit card, bank transfer or other means. We may process or securely store your payment information or the transaction may occur directly between you and the payment processing service. Some of these services may also enable the sending of timed messages to the User, such as emails containing invoices or notifications concerning payments. 

F. Tag Management.  Tag management allows us to manage the tags or scripts needed on the Services in a centralized fashion.

G. User Database Management.  This allows us to build user profiles starting with an email address, mobile phone number, personal name, or other pieces of information provided by the User, and to track user activities through analytics features. This personal data may also be combined with publicly available information about the User (such as social networks’ profiles) and used by us to build expanded private profiles, which can be used to display information and improve our Services. Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on our Services. 

H. Communications and Marketing.  When you submit an inquiry on our Website, sign up for our Services or Other Solutions, or access the Sixfold API, we may use your information to send you communications, including those for marketing purposes. You can opt out of receiving certain marketing or promotional communications from us at any time using the unsubscribe link in the email communications we send. 

4. Who We Share Your Information With

A. We do not rent, sell or share information about you with other people or non-affiliated companies. We do, however, share and disclose your information (including personal information) in the following instances:

i. Vendors and Service Providers.  We share your information with vendors and service providers with whom we engage to perform tasks on our behalf or to perform certain functions of our Services. This may include third parties having access to your information through the development or use of the Sixfold application programming interface. The vendors and service providers are bound by agreement to not further disclose any of your personal information without your approval. 

ii. Business Transactions.  If we are acquired or merged with another company, we will transfer collected information to the acquiring company.

iii. Public or Government Authorities.  Under certain circumstances, we may be required to disclose personal information if necessary to comply with a subpoena, court order or other formal governmental requests, to establish or exercise our legal rights or defend against legal claims, or to cooperate with government and/or law enforcement officials.

iv. Consent.  We share your personal information if you have asked us to do so or have given your consent. For example, with your consent, we may post User testimonials that may identify you.

B. We share aggregated information (i.e., information that CANNOT be used to identify an individual) for a variety of reasons, including under the following circumstances:

i. To make our Sixfold Package Solutions better, refine functions or add features, and foster transparency.

ii. If we are acquired or merged with another company, we will transfer aggregate information to the acquiring company.

iii. We may share aggregate information if necessary to comply with a subpoena, court order, or other formal government request to establish or exercise our legal rights or defend against legal claims, or to cooperate with government and/or law enforcement officials.

iv. For any lawful basis.

5. Cookies

The Sixfold Package Solutions may place cookies on your browser or, if you use the Services, on your Device, in order to identify you when you return to our Website, log in to our Services, and for other reasons in accordance with our cookie policy in place from time to time.

6. Data Retention

We will retain your data, including personal information, for as long as required by the purpose for which we collected the data, to provide Sixfold Package Solutions to you, or to the extent required by law.

7. No Responsibility for Third-Party Services, Websites or Content

A. As a service to our Users, or to enable certain functionalities or features, the Sixfold Package Solutions may contain links to third-party websites or applications (“Third-Party Sites”) or use third-party content (“Third-Party Content”) and may provide third-party services (“Third-Party Services”), including payment processors and other payment intermediaries that you may use in connection with your use of certain of our Sixfold Package Solutions. You use Third-Party Sites, Third-Party Content, or Third-Party Services (together, the “Third Party Solutions”) at your own risk. Some of these Third-Party Solutions used with our Services include [Stripe, Plaid, Yodlee, Google, and Unicorn Data Services] to name a few.  We may store payment credentials and/or send payment instructions to the issuing bank and take payment (one time or recurring) from a credit/debit/bank account provided by you.

B. Sixfold makes no claim or representation regarding Third-Party Solutions, and provides them or links to them only as a convenience. Inclusion in the Services or services of Third-Party Solutions does not imply Sixfold’s endorsement, adoption, or sponsorship of, or affiliation with, such Third-Party Solutions. Sixfold accepts no responsibility for reviewing changes or updates to, or the quality, content, policies, nature or reliability of Third-Party Solutions, or websites linking to the Sixfold Package Solutions. When you use Third-Party Solutions, the terms and policies of the providers of those Third-Party Solutions apply. You may need to expressly agree to terms of use and privacy policies to access or use some Third-Party Solutions required for certain features or functionalities of the Sixfold Package Solutions, and your failure or refusal to accept such terms or policies may prevent or restrict or access or use of some or all of our Sixfold Package Solutions. You should review applicable terms and policies, including privacy and data gathering practices, of any Third-Party Solutions, and should make whatever investigation you feel necessary or appropriate before proceeding with any transaction with any third party or agreement to access or use Third-Party Solutions.

C. The provider of Third-Party Solutions is solely responsible for such Third-Party Solutions, the content or information therein, any warranties to the extent that such warranties have not been disclaimed, any training, support or maintenance for the Third-Party Solutions, and any claims that you or any other party may have relating to those Third-Party Solutions or your use of them. Sixfold is acting as agent in providing such Third-Party Solutions to you; Sixfold is not a party to the license, use agreement, or other policies or terms between you and the provider with respect to such Third-Party Solutions; and Sixfold is not responsible for such Third-Party Solutions, the content or information therein, or any warranties or claims that you or any other party may have relating to such Third-Party Solutions or your use of them, including as part of the Sixfold Package Solutions.

8. Security

A. We take security very seriously. To help protect the privacy of data and personal information you transmit through use of our Sixfold Package Solutions:

i. We maintain physical, technical and administrative safeguards that are consistent with industry standards and applicable law.

ii. We update and test our security technology on an ongoing basis.

iii. We restrict access to your personal data to employees who need to know that information to provide benefits or services to you.

iv. We train our employees about the importance of confidentiality and maintaining the privacy and security of your information.

v. We conduct background checks on our employees before hiring them.

vi. We undergo SOC 2 Type II external audits of the effectiveness of our controls for security and confidentiality.

vii. We use state-of-the-art data centers to store the data we collect. Both cloud-based hosting companies maintain ISO/IEC 27001:2013 certifications and undergo SOC 2 Type II external audits of their controls. We understand our responsibilities in our cloud data centers’ shared security models.

viii. We monitor our systems and threat information services, to evaluate and respond to threats that could impact systems and data.

9. Encryption

All data transmitted between visitors to the Sixfold Website and users of the Services is encrypted in transit. Database backups are made daily and are encrypted in transit to storage (TLS) and in storage. Non-SSO application users register and set their own account passwords. Passwords are stored using a secure cryptographic one-way hash function (10 salt rounds), so no one else, including us at Sixfold, can read the passwords. We use a trusted library for this functionality. 

10. Physical Security

Our technical infrastructure is hosted on SOC2 audited data centers located in the United States. Physical security controls at these data centers include 24x7 monitoring, cameras, visitor logs, and entry requirements. 

11. Access Control

All services related to operations and infrastructure are accessible only through secure connectivity (e.g., SSL, SSH). Privileged systems and accounts require multi-factor authentication. Our back-office, service, and infrastructure password policies require minimum lengths, complexity, and lockout. We grant access to personnel on the basis of least privilege rules, review permissions quarterly and revoke access immediately after employee termination. 

12. Employees and Contractors

Our employees and contractors undergo national background checks where legal, are required to sign non-disclosure agreements, and complete security training. 

13. Vulnerability Management

Our systems and the Services undergo regular penetration and vulnerability scanning using updated threat knowledge bases. 

14. Incident Management

We maintain industry standard security incident response policies and procedures. 

15. Legal Basis for Processing Your Information (EEA, UK and Switzerland)

A. General.  If you are a User of our Sixfold Package Solutions located in the European Economic Area (EEA), United Kingdom or Switzerland, we rely on the following basis for processing:

i. Consent, where we have your consent to do so;

ii. Perform Contract, where we need the personal information to perform a contract with you;

iii. Legitimate Interest, where the processing is in our legitimate interests, as described in the “How We Use the Information We Collect” section of this document, and not overridden by your data protection interests or fundamental rights and freedoms; and/or

iv. Legal Obligation, where we have a legal obligation to collect or retain personal information or need the personal information to protect your vital interests or those of another person(s).

B. Controller and Processor.  Subject to the terms and conditions set forth in our Data Processing Addendum, Sixfold AI, Inc. is the owner of the Sixfold Package Solutions.  Sixfold is both controller and processor of personal data covered by the Privacy Policy for purposes of European data protection legislation.

C. Data Storage and Data Transfer.  We may transfer your personal data to countries other than the one in which you live. To the extent that personal data is transferred abroad, we will ensure compliance with the requirements of the applicable laws in the respective jurisdiction in line with our obligations. We will ensure that an adequate level of protection is provided for the information by using industry-standard security practices and standard contractual clauses where required.  If we transfer personal information that originates in the EEA, Switzerland, and/or the United Kingdom to a country outside of such regions, we will use commercially reasonable efforts to ensure that: (i) there are appropriate safeguards in place such as binding corporate rules or the approved EU standard contractual clauses between Sixfold and the recipient; (ii) the transfer is to a country that provides an adequate level of protection under applicable laws; (iii) one of the derogations for specific situations found in applicable law applies to the transfer including explicit consent, where such transfer is necessary for the performance of a contract or exercise, or the defense of legal claims; or (iv) the transfer is otherwise consistent with the requirements of applicable law.  By using the Sixfold Package Solutions, or by providing any information to us, you expressly consent to such transfer and processing.

16. Children

To the extent prohibited by applicable law, we do not allow use of our Sixfold Package Solutions by anyone younger than 18 years old. If you learn that anyone younger than 18 has unlawfully provided us with personal information, please contact us, and we will take steps to delete such information.

17. “Do Not Track”

Do Not Track (“DNT”) is a privacy preference that Users can set in certain web browsers. DNT is a way for Users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

18. Your Rights

A. We will take reasonable steps to allow you to access, review, update, rectify, or delete any personal data we hold about you. We will uphold these rights even if you are a resident outside of the EEA, United Kingdom or Switzerland. You have the following data protection rights:

i. Right of Access.  The right to obtain access to your personal data.

ii. Right to Rectification.  The right to erase or rectify inaccurate or incomplete data.

iii. Right to Erasure.  The right to obtain the deletion and erasure of your personal data in certain circumstances.

iv. Right to Portability.  The right to move, copy, or transfer personal data.

v. Right to Restrict Processing.  The right to restrict processing of personal data.

vi. Right to Object to Processing.  The right to object to processing of personal data for certain purposes.

B. If you wish to exercise one of these rights, please contact us by using the contact details below. We will ask you to verify your identity before responding to these requests. EEA, United Kingdom and Switzerland residents also have the right to lodge a complaint to a data protection authority. For more information, please contact your local data protection authority.

19. Supplemental Notice to California Residents

A. This Supplemental California Privacy Notice only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”) and California Privacy Rights Act of 2020 (“CPRA”). The CCPA provides California residents with the right to know what categories of personal information that Sixfold has collected about them and whether Sixfold disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months. California residents can find this information below:

Up to 12 months after you are no longer a User of our Sixfold Package Solutions or until you ask us to delete your Device data or online activity data

B. As described above, please note that we may also disclose personal information to our affiliates and third-party service providers, in connection with operations, corporate restructuring, to comply with law, or for compliance, fraud prevention and safety purposes. We do not sell your personal information.

C. Except as excluded above, the CCPA grants California residents the following rights:

i. Information. You can request information about how we have collected, used and shared your personal information during the past 12 months. We have made this information available to California residents without having to request it by including it in this Privacy Policy, in the chart above.

ii. Access. You can request a copy of the personal information that we maintain about you.

iii. Deletion. You can ask us to delete the personal information that we collected or maintain about you.

D. Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request.  If we deny your request, we will communicate our decision to you.  To the extent we collect sensitive personal information, we do so only to determine whether we are able to provide our Sixfold Package Solutions or as part of our ongoing service packages.  The CPRA allows you to limit the use or disclosure of sensitive personal information beyond what is reasonable and proportionate to the requested goods and services provided by Sixfold, which you may do by contacting us to make such request.  In addition, to the extent applicable under the CPRA: (i) you have the right to opt out of our sale or sharing of personal information; and (ii) if we sell any of your personal information, you have the right, at any time, to tell us not to sell your personal information.

E. To the extent that the CPRA is applicable to you in respect of your accessing our Sixfold Package Solutions, you have the right to request that we rectify inaccurate information about you.  By visiting your account settings or otherwise contacting us, you can correct and change certain personal information associated with your account.

F. You are entitled to exercise the rights described above free from discrimination, and to ask someone else to exercise your privacy rights for you as your authorized agent.

G. The CCPA requires us to verify the identity of the individual submitting a request to access or delete or rectify personal information (or written permission or other proof that you have appointed an agent to serve on your behalf) before providing a substantive response to the request.

20. Supplemental Notice for Nevada Residents

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal information to third parties who intend to license or sell that personal information. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. 

21. Direct Marketing

When you sign up for our Services or any of our Other Solutions you acknowledge that we can process your personal data to send you communications, including those for marketing purposes. You can opt out of receiving certain marketing or promotional communications from Sixfold at any time using the unsubscribe link in the email communications we send.

22. How to Contact Us

If you have any questions or complaints about this Privacy Policy or its implementation, you can contact us at info@sixfold.ai or send correspondence to:

Sixfold AI, Inc.

134 E. 93rd Street 5A

New York, NY 10128 

23. Changes to This Privacy Policy

We may update this Privacy Policy from time to time based on changes to applicable laws and regulations or other requirements applicable to us, changes in technology, changes to our collection or use of information, or changes to our business. Sixfold reserves the right, in its sole discretion, to change, modify or otherwise alter this Privacy Policy at any time, with or without notice. Unless otherwise specified, any changes or modifications will be effective immediately upon posting of the revised policy on this Website or other notice to you, and your continued use of any of our Sixfold Package Solutions after such posting or notice will constitute your agreement to be bound by such modified policies. You should from time to time review this Privacy Policy to understand the terms and conditions that apply to your use of our Sixfold Package Solutions. This Privacy Policy will always show the ‘last updated’ date at the top.  If you do not agree to the modified policy, you must stop using our Sixfold Package Solutions.