Privacy Policy, Tana Labs, Inc.
TLDR: Personal data is your data. Tana does not own your data, nor do we sell it to others or use it for advertising. We will not read or access your private content without your consent unless required of us by law. For an overview of our stance on data privacy, please read our note about Privacy and Security.
Last updated: 02-14-2024
Tana Labs, Inc. safeguards your personal integrity
Tana Labs, Inc., (hereafter referred to as ”Tana”, “we” “us” and “our”) respects your privacy and we are committed to maintaining a high level of security and integrity regarding your personal data. Tana is also committed to ensuring that the processing of your personal data is carried out in accordance with applicable data protection legislation.
Scope of this privacy policy
This Privacy Policy describes how Tana, as a data controller, processes your personal data when you use our products, services, software and applications (our “Applications”), when you interact with us through mail, phone or social media or when you use or visit our website www.tana.inc (the “Website”). Our Applications, Website and other online and offline offerings are collectively referred to as our “Services”.
This Privacy Policy also describes your rights and choices in relation to your personal data.
If you are accessing our Services indirectly, for example, through your employer when we provide our Services to our company customers, we are processing your data on their behalf. This means that your employer is the data controller while Tana is a data processor. In such cases, please contact your employer for information about their processing of your personal data, including the use of data in Tana’s Services.
Controller and data protection officer
Tana (see full name and contact details in the end of the policy) is the data controller of the processing of your personal data described in this Privacy Policy. We are therefore responsible for ensuring that your personal data is processed correctly and securely in accordance with applicable legislation.
Tana has appointed a Privacy Contact. The Privacy Contact is responsible for, among other things, monitoring and ensuring that Tana’s processing of your personal data is carried out in accordance with applicable legislation. You can contact the Privacy Contact at security@tana.inc
What personal data do we process?
Personal data means any information that directly or indirectly relates to a natural, living person. Accordingly, personal data is information about you and your person, e.g. your name, contact information, pictures of you and your IP-address. Thus, content you upload to our Services, for example in the workspaces, may contain personal data that we process as a part of our services.
Processing means any operation performed on personal data, such as collection, storage, use, adaption, or disclosure.
We process the following categories of your personal data:
- User content: Tana offers interactive features that allow you to upload or enter information or content to our Services, such as text, calendars, agendas, comments, messages, documents and files. Such content entered or uploaded by you as a user of the Services may contain personal data. For more information regarding your User content, please see the section “Specific information regarding User content” below.
- Contact information: your name and email address;
- User data: your account name, login details, security question, optional profile photo, user settings, total storage options and used storage;
- Device data: IP-address, internet connection, operating system, time zone, device location, MAC address, screen resolution, unique device IDs, network and device performance, language settings, web browser settings, mobile carrier, internet service provider and equipment used;
- Usage data: cookie information, cookie identifies and technical information we collect regarding your use of the Website and our Applications by analysing your actions within our Applications, how you interact with the Applications and Website, which Services you use and frequency and duration of use, links you click and pages you visit before, during and after using the Services;
- Technical data logs: technical information generated through your use of our Webpage and services, such as response times, dates and times of usage and any encountered errors or crashes;
- Transaction data: information which is required for processing of a payment of your subscription to our Services such as bank account information, invoicing details, transaction history, receipts, purchase orders; and
- Communication data: information contained in your communications with us. For example, the information you provide us in any support messages or surveys you participate in, as well as any metadata related to communication.
Specific information regarding user content
User content is information and content that you enter into or upload to our Services. User content may contain personal data. Processing of your User content is necessary for us to fulfil our contract with you regarding the Services, provided that we have entered into a contract with you directly. If you are accessing the services through your employer or company, we are a data processor.
We will not process your User content (or other personal data) for purposes other than those set out in this policy without your consent, unless we are required to do otherwise by law or binding orders from government authorities or agencies. This means that we do not access or disclose your User content without your prior consent or unless it is required of us to fulfil our legal obligations, as described in our Terms and Conditions.
However, information about your usage of our Services may be used for tailored communication, eg. for product updates and other relevant material. You can always opt-out of such communications. Please read more about our processing of your personal data under section “Why do we process your personal data?”. For more information regarding our security measures, please read further below, under section “Security of your Personal Data”.
Why do we process your personal data?
Personal Data, such as data about your usage of the product, may only be collected and used for specified, explicit and legitimate purposes and may not be processed in a manner that is incompatible with those purposes. Tana processes your personal data for the following purposes:
- To administer and provide our Services;
- To analyse how users use our Services;
- To inform or communicate about our Services;
- To improve and personalize our Services;
- To comply with legal obligations;
- To analyse risks to our IT environment or business;
- To communicate with you when you contact us for any reason;
- To establish, exercise and defend legal claims;
- For administration in connection with an acquisition, restructuring or similar measures;
- To anonymise and aggregate data; and
- For other specific purposes to which you have given your consent from time to time.
In the tables below, you are provided with more information about our processing of your personal data when we are a data controller. There you can find details regarding which categories of personal data are processed in relation to each specific purpose, what legal basis we use for the processing and information regarding how long your personal data is retained.
To analyse the use of our Services
We process your personal data to conduct market and user analyses, for example by analysing statistics based on information gathered through our Services. The results of our analyses are used to improve, develop, replace and create new and existing services or functionalities, and to ensure an optimal user experience. For example, by way of analysing how end users interact with our Webpage and Applications, we can improve our user interface to make it more intuitive and helpful, or create new features that increase the value of the content we deliver or improve the quality of life when using our Services.
| Categories of data | Legal basis | Retention time |
|---|---|---|
| The processing is necessary for our legitimate interest to provide, improve, change or develop our current or new Services, or functionalities therein. | Your personal data is kept during the time you are a registered user of the Services. After this period, your data is aggregated in such a way that identification is no longer possible, and no personal data remains. For more information regarding our retention time for cookies, please see our Cookie Policy. |
To administer and provide the Services to you as a user
We process personal data to administer our relationship with our users, including storing user content, using it to provide the Services, sending information in an electronic format (not marketing) and storing any potential agreements and to process payments.
| Categories of data | Legal basis | Retention time |
|---|---|---|
| If you are a direct end-user that has entered into a contract with us, then our processing of your personal data is necessary for the purposes of performing the contract with you and to receive payments for our Services. | Personal data contained in receipts, order confirmations, agreements, or otherwise relating to transactions will be kept for seven years in accordance with the applicable accounting act. Personal data relating to communications and other actions needed in order to administer our relationship with you and to provide our Services are retained for as long as you are a registered and active user and 12 months thereafter. User content that is stored within your workspaces or other areas of the Services is retained until you remove or erase the content, or for as long as you are a registered user of the Services. Any user content that is subject to other users’ workspaces may be stored for a longer time, depending on such other users. We may keep your personal data for a longer time period if necessary to establish, exercise or defend a legal claim, e.g. in case of a dispute regarding payment. |
To inform and communicate with you about our Services
We process your personal data to communicate with you and inform you about Tana and our Services, for example by sending you our newsletter, if you have opted in to such communications. In order to do so, we need to understand what services you would be interested in receiving more information regarding.
| Categories of data | Legal basis | Retention time |
|---|---|---|
| Processing is necessary for the purposes of our legitimate interest to be able to market our Services. Sending you newsletter with marketing is based on your consent, if not the newsletter is about the use of the Service and additional related services provided by us. | Your personal data is kept for a period of 12 months from the date the personal data was collected or from the date when you last came in contact with us, whichever occurs later. You can easily opt-out from direct marketing by contacting us as further described in section titled “Contact Information” or by unsubscribing by means in described in the communication. For information regarding our retention time for cookies, please visit our Cookie Policy. |
To improve and personalize our Services
We process your personal data in order to improve and personalize our Services. Based on information gathered through your use of our services and their content, we can analyse end-user patterns. For example, by studying how end users navigate our services, we can improve the user interface to make it easier and more intuitive.
| Categories of data | Legal basis | Retention time |
|---|---|---|
| Processing is necessary for the purposes of our legitimate interests to provide, improve and develop our Services. | Your personal data is kept as long as you are a registered and active user and for a period of 12 months thereafter. After which period, your personal data is aggregated in such a way that identification is no longer possible, and no personal data remains. For information regarding our retention time for cookies, please refer to our Cookie Policy. |
To comply with legal obligations
In certain situations, we are required by law to process your personal data in certain ways. Such situations may for example be when we process your personal data to verify your identity when you contact us to exercise your rights as a data subject under applicable data protection law.
We also process your personal data as necessary to comply with our legal obligations relating to accounting, audits and taxes. This includes storing certain payment-related verifications for tax-declaration purposes for up to seven years.
We may also be required to share your personal data with government authorities. For example, if we are subject to a binding government request to disclose information, including personal data, for civil, administrative, criminal or national security purposes. In such events, the Tana Privacy Contact carefully reviews each request to make sure it satisfies applicable laws.
| Categories of data | Legal basis | Retention time |
|---|---|---|
The concerned categories of personal data depend on the legal obligation in question. Normally the following categories of data may be affected:
| We are required to process your personal data to comply with our legal obligations under applicable legislation. | Your personal data is kept for as long as necessary to comply with applicable legal obligation. For example: Personal data relating to transactions are stored for seven years according to the accounting act; or Personal data processed in order to verify your identity when you contact us to exercise your rights as a data subject are stored for the duration of your matter and then will then be erased in connection with your matters. We may retain your personal data for a longer time period if necessary to establish, exercise or defend a legal claim in case of a dispute regarding e.g. payment. |
To analyse risks to our IT environment or business
In order to ensure that our IT environment and business is secure from internal and external interruptions, threats or incidents we process certain personal data. For example, in relation to denial-of-service attacks and internal access logs.
| Categories of data | Legal basis | Retention time |
|---|---|---|
| Processing is necessary for the purposes of our legitimate interest of securing our IT and business environment. | Your personal data is kept for a period of 12 months. After this period, your data is aggregated in such a way that identification is no longer possible, and no personal data remains. We may keep your personal data for a longer time period if necessary to establish, exercise or defend a legal claim in case of a dispute. |
To communicate with you when you contact us for any reason
We process your personal data when you contact us through any means (e.g., phone, email, social media or by letter). We process your data in order to store and answer your communication, for example general questions or when you contact us in order to receive support.
| Categories of data | Legal basis | Retention time |
|---|---|---|
| Processing is necessary for the purposes of our legitimate interest to handle and answer your communication. | Your personal data and communication are stored and processed for as long as is necessary based on the matter and content of your communication, and for a period of 12 months thereafter. Whereafter your personal data are ereased, but we may retain certain aggregated or statistical information, for example relating to the reason for your communication. We may keep your personal data for a longer time period if necessary to establish, exercise or defend a legal claim in case of a dispute. |
To establish, exercise and defend legal claims
In case of dispute, we are entitled to process your data to establish, exercise or defend the legal claim.
| Categories of data | Legal basis | Retention time |
|---|---|---|
All categories of data, depending on the situation at hand and the applicable legal claim. | Processing is necessary for the purposes of our legitimate interest in the establishment, exercise or defence of legal claims. | Your personal data is kept for as long as necessary in order for Tana to establish and defend legal claims and, as applicable from time to time, the time thereafter required by law. |
For administration in connection with an acquisition, restructuring or similar measures
In case of a merger, divestiture, restructing, reorganization, dissolution or other sale or transfer of Tana’s assets, we may need to process your personal data in order to enable such transfer.
| Categories of data | Legal basis | Retention time |
|---|---|---|
All categories of data, except for User content. | The processing is necessary for the purposes of our legitimate interest of enabling mergers, divestitures, restructuring, reorganization, dissolution and other sale or transfers of Tana’s assets. | Your personal data will be processed for as long as necessary in order to fulfil the purpose with the processing. Personal data that is transferred to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Tana’s assets will not be stored by Tana after such transfer unless required to fulfill any of the other purposes set out above. |
To anonymize and aggregate data
We also process your personal data in order to create aggregated and anonymized data sets. These data sets cannot be used to identify you, either directly or indirectly together with other data, and therefore no longer constitute personal data. We use these anonymized data sets in order to analyse, research and develop our Services and business operations, as well as to find new customer segments.
| Categories of data | Legal basis | Retention time |
|---|---|---|
All categories of data, except for User content. | The processing is necessary for our legitimate interest to provide, improve, change or develop our Services in a way that is compliant with applicable data protection law and your right to privacy. | As the resulting data set is anonymised, no personal data is retained. |
Certain processing operations based on consent
In addition to the above-mentioned purposes, we may also process your personal data for certain specific purposes based on your explicit and informed consent. In such cases, the applicable purpose, concerned categories of data and retention times will be clearly explained to you at the time you provide your consent to the processing.
How long do we store your personal data?
Your personal data is stored as long as there is a need to preserve it in order to fulfil the purposes for which the data was collected in accordance with this Privacy Policy. Thereafter, your personal data will be deleted.
Contact information regarding company representatives is stored during such time the Company considers that the information is necessary to maintain the relationship with the company/organisation. Deletion shall take place when the Company becomes aware that the information is no longer adequate or relevant for the purpose, or at the request of the contact person.
More detailed information regarding retention times can be found above, in the tables under section “Why do we process your personal data”. For more further information regarding how long we store specific personal data, please contact us. Contact information is provided under section “Contact Information” below.
WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
Tana does not disclose personal data to third parties, except when necessary to fulfil a legal obligation or to fulfil our obligations to you, our customers and/or partners. Your personal data will not be sold to third parties for marketing purposes. Situations when your personal data may be disclosed to third parties are listed in the table below.
| Third party | Reason for third-party disclosure |
|---|---|
| Other companies within the Tana’s company group. | Personal data may need to be transferred to other companies within the Tana’s company group, since central functions such as marketing and finance are managed jointly within the group in which Tana is a part. |
| Suppliers of cloud solutions | Personal data may be transferred to suppliers of cloud solutions since Tana stores certain information in cloud solutions. |
| Suppliers and partners | Tana may disclose your personal data to AI providers, suppliers and/or partners, if the suppliers and/or partners need your personal data to fulfil their undertakings toward the Tana. Such supplier and partners include, but are not limited to, support services, consultants and others who help us provide the Services to you. In addition, our Application and Services may utilize Google API Services. Our Application and Services use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements. |
| Authorities | Personal data may be disclosed to authorities when necessary for compliance with legal obligations applicable to Tana. |
| Sale | If Tana intends to transfer all or part of its business, personal data may be disclosed to a potential buyer. |
Where do we process your personal data?
Tana may transfer your personal data to countries outside the EU/EEA. If personal data is transferred to a country outside the EU/EEA,
We will only transfer your personal data to third countries in situations where the European Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organization in question ensures an adequate level of data protection in accordance with GDPR Article 45.
In the absence of an adequacy decision, we may transfer personal data to a third country only if appropriate safeguards are provided, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. These safeguards may include Standard Contractual Clauses adopted by the European Commission, or other mechanisms as provided under Article 46 of the GDPR, such as Data Privacy Framework.The countries outside the EU/EEA to which we may transfer your personal data and the legal mechanism for the transfer are specified in the table below.
| Country outside the EU/EEA | Legal mechanism for the transfer |
|---|---|
| United States | Data Privacy Framework (for sertified processors) or Standard Contractual Clauses |
| Australia | Standard Contractual Clauses |
For further information regarding a specific transfer or to request a copy of the relevant documentation regarding the safeguards taken for a specific transfer, please contact us through our contact information stated below, under the section named “Contact Information”.
SOCIAL MEDIA
Regarding personal data that occurs and is processed on social media, such as Facebook, Twitter, Slack, YouTube and LinkedIn, we refer users to the policy provided by the respective service providers for information on how each service provider processes personal data. In the Tana’s view, the purpose of the processing is that representatives of existing and potential customers and partners to Tana shall be able to interact and maintain contact with us via social media, in order to contribute to good relationships with customers and partners and to make our Services widely accessible through several different channels. The processing is necessary for the purposes of the Company’s legitimate interest to market its brand and its products to existing and potential customers and to partners (legitimate interest).
YOUR RIGHTS
A summary of your rights according to applicable legislation is set out in the table below.
| Right of access | You have the right to access your personal data and to obtain a copy of the personal data concerning you that is processed by the Company. |
| Right to rectification | If the personal data concerning you that is processed by the Company is inaccurate, incomplete or outdated, you have the right to obtain rectification of such personal data. |
| Right to erasure | You have the right to request the erasure of personal data concerning you. Unless the Company has a legal basis to continue the processing of the personal data concerning you and the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed, such personal data shall be erased. |
| Right to object | Under certain circumstances you have the right to object against the Company’s processing of your personal data. |
| Right to restriction of processing | Under certain circumstances you have the right to obtain restriction of the processing of your personal data. Where processing has been restricted, the Company may only under certain circumstances carry out other processing activities concerning the personal data than storage. |
| Right to data portability | Where your personal data is processed based on your consent or on a contract with you, you have the right to receive the personal data concerning you in a machine-readable format and request that those data are transmitted to another controller. |
| Right to lodge complaints with a supervisory authority | If you are located in the European Economic Area or the UK, you have the right to lodge a complaint with a supervisory authority, for example the Norwegian Data Protection Authority (Datatilsynet), if you believe our processing of your personal data violates applicable law. |
Security of your personal data
You should always be able to feel safe when you provide us with your personal data. Therefore, Tana has implemented the security measures that are necessary to protect your personal data against unauthorised access, alteration and destruction. Tana will not disclose your personal data, other than as expressly provided by this Privacy Policy.
Cookies
Tana uses cookie-like techniques in order to provide certain functions on the Website and to improve the Website and to deliver better and more personal Services. Tana uses cookies in accordance with the Tana’s Cookie Policy.
If you do not share your personal data with Tana
If you do not share your personal data with us, Tana will not be able to fulfil its legal or contractual obligations towards you.
Changes
Tana reserves the right to change this Privacy Policy at any time. In the event of changes to this Privacy Policy, we will publish the amended Privacy Policy on the Website and in connection with our Services together with information on when the changes will come into effect and may also you in an appropriate manner.
Contact information
Contact us if you have any questions about this Privacy Policy, the processing of your personal data or if you wish to exercise your rights under this Privacy Policy or applicable legislation.
- Tana Labs, Inc.
- Corporate registration number (EIN): 86-2884752
- co/Nordic Innovation House 470 Ramona Street, Palo Alto CA 94301
- Email address: security@tana.inc