We may periodically update this policy. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified when you registered for this site. It is strongly recommended that you check this page periodically when you visit our website, referring to the date of the last time we modified the policy (on the bottom of this page).
Note that throughout this document we refer to you either creating and/or participating in an "advisory board." These may also be referred to as an advisory "panel," "committee," "group," "community," and/or "council." For the sake of simplicity in reading this document, we will refer to it as an "advisory board" from this point forward.
What personal information do we collect from the people that visit this website?
When registering on our site you will be asked for your first name, last name, email address, bio and profile picture to help you with your experience participating in advisory boards or creating your own advisory board. Note that only your first name, last name and email address are required in order to register for the service - a bio and profile picture are not required to participate.
As a Advise.Us customer (i.e., someone who runs advisory boards on this website) you may also be asked to provide additional personal information in the form of billing information (e.g., credit card number, billing address, expiration date, card security code). You will only be asked to provide this information if you choose to upgrade your account to any one of our paid products or annual subscription plans. We do not store your credit card information on our servers, and instead use a third-party service (Stripe.com) as a secure, PCI-compliant credit card processor.
Within each advisory board that you join, you may be asked for additional personal information as part of your participation in the advisory board. Please check with the administrator/moderator of the advisory board before you join to learn more about the personal information they may wish to collect as part of your participation in that advisory board.
Advise.Us does not control the personal information that is collected within individual advisory boards, although the information is stored on our servers. Please refer to the sections on hosting and security (in this document) to learn more about how we store and secure the personal information you choose to share in any advisory board on this site.
What personal information do we collect automatically?
In addition to the personal information that we collect from you directly, there is additional personal information that is collected automatically. This information includes the IP address of the computer you use to access this service.
We also automatically collect information regarding frequency that you access the service, the last time you signed in, the device you are using to access the service, the server on which the service operates and your internet service provider or mobile network. This processing is necessary for the legitimate interest of monitoring and resolving issues with the service, as well as for security/fraud prevention purposes.
When do we collect or process personal information?
We collect or process information from you when you register on our site, fill out a form (e.g., when registering for or creating an advisory board) or enter information on our site (e.g., when participating in an advisory board and/or when upgrading your account). We also collect or process information if you choose to upgrade an advisory board you are conducting to a paid version of the software.
Why do we collect or process personal information?
Personal information is necessary to facilitate discussion among members, moderators and/or observers in an advisory board. Without the ability to collect the personal information outlined above, our website would be unable to fulfill its intended purpose (i.e., to facilitate a discussion among people in an online advisory board).
How do we use your personal information?
We may use the information we collect from you when you register, sign up for an account, create an advisory board, participate in an advisory board, moderate an advisory board, observe an advisory board, respond to email communications related to an advisory board, surf the website, or use certain other site features in the following ways:
- To display information (replies, comments, media) provided in the context of an advisory board discussion.
- To personalize your experience and to allow us to deliver the type of content in which you are interested.
- To send necessary emails regarding your account and/or the advisory boards you are part of.
- To manage the distribution of participant honorariums (if applicable) on behalf of a customer.
- To provide technical support to customers and advisory board members.
- To administer an advisory board or other site feature.
How can you update or delete your personal information?
Please email us at [email protected] if you would like us to update and/or delete any of your personal information. Requests to have information updated/deleted are prioritized and the requested update/deletion will happen no later than 30 days after the request is made.
How long is your personal information retained?
If you have not signed in within a period of 2 years our system will automatically (and permanently) delete your account and all related personal information. If you wish to prevent this from happening, simply login to the site on a regular basis.
As a creator/moderator of an advisory board(s), how long is the information in your advisory board(s) retained?
Your advisory board(s) will be automatically deleted if there has not been any activity in the advisory board in the past 2 years. "Activity" is defined as any new discussions or replies posted in that advisory board. You will receive an email automatically from our system 30 days before your board is scheduled to be deleted to give you sufficient time to either add a new discussion or reply. Adding a new discussion or reply to an existing board will extend the time before your board would be deleted by 2 years.
Am I anonymous when participating in any advisory board on this site?
By default your first name and the first letter/initial of your last name will appear next to any replies/comments you leave in any advisory board. This is done to provide you with a degree of anonymity while participating. However, you can optionally choose to have your full name displayed when participating in any advisory board. Follow the steps below to optionally have your full name displayed alongside your replies:
- Sign-in to your account
- Click on the icon for your account (in the upper right corner of every page once you are signed in)
- Click "Edit Profile"
- Click the checkbox next to "Display my full name while participating (optional)"
- Click "Save & Continue" to save changes
Note that for some advisory boards the admins/moderators for the board may choose to enforce that only your first name and last initial are used. In this case you will not have the option to display your full name when participating in that particular advisory board.
How is your personal information secured?
The Advise.Us website and application is hosted at Heroku.com, with additional hosting and storage provided by Amazon Web Services (AWS). More information about the AWS infrastructure and security policies can be found at https://aws.amazon.com/security, while information on Heroku's infrastructure and security policies can be found at https://www.heroku.com/policy/security.
In addition to the security provided via Heroku and AWS, Advise.Us.com uses a security and content delivery solution provided by CloudFlare to provide additional security protections against a range of potential threats, including cross site scripting and DDoS attacks, SQL injection, comment spam, excessive bot crawling and email harvesting.
All information transferred to and from Advise.Us.com (including unauthenticated pages) are secured by end-to-end 128 bit SSL connections via GlobalSign Organization Validation CA. Backups of our production database are made automatically on a daily basis and retained for 7 days, after which point they are automatically and permanently deleted.
Where is your personal information processed/stored?
Who from the Advise.Us organization will have access to your personal information?
Is my personal information ever sold or rented to a third party?
Is my personal information ever shared with a third party?
We may share selected personal information with third-party service providers who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety.
In addition, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses. For example, we may release information on our overall site statistics for marketing purposes. This non-personally identifiable visitor information is only shared at an aggregate level.
Which third parties may receive my personal information in order to provide this service?
Below is a list of the specific third parties that we use to assist us with providing services to you, along with the purpose(s) for which we may share your personal information with these third parties and the specific personal information that is shared with these services.
- Heroku (https://heroku.com) - Heroku (a wholly-owned subsidiary of Salesforce.com) is a cloud platform where we host the Advise.Us application and database. Since it is our hosting and database provider, all personal information shared on the Advise.Us site is hosted at Heroku. Processing of data on Heroku happens in the United States.
- Amazon Web Services (https://aws.amazon.com) - Amazon Web Services are used to store selected files and attachments shared in any advisory board. Any files uploaded through forms on this website (e.g., avatars, photos, documents and file attachments to topics or replies) are stored using the S3 service at Amazon Web Services. Processing of data on Amazon Web Services happens in the United States.
- Cloudflare (https://cloudflare.com) - Cloudflare is a Content Delivery Network (CDN) service we use to cache content delivered to users around the world to improve site performance. Cloudflare is also used to improve site security. All traffic to and from this website is filtered through Cloudflare. Processing of data on Cloudflare happens in the United States.
- Google Analytics (https://google.com/analytics) - Google Analytics is a web analysis service provided by Google Inc. Advise.Us uses this service to monitor and analyze the use of the service. Google uses the data collected to track and examine the use of this application, prepare reports on its activities and share them with other Google services. Google may also use the data collected to contextualize and personalize the ads of its own advertising network. Processing of data on Google Analytics happens in the United States. Note that if you wish to opt-out of Google Analytics tracking on this website, please visit this page: https://tools.google.com/dlpage/gaoptout
- Stripe (https://stripe.com) - Stripe is a service that provides secure payment mechanisms to websites like Advise.Us. The personal information shared with Stripe includes your name, email address and billing information (note that billing information is not stored on our server - when entered on our site it is transferred directly to Stripe). Processing of data through Stripe happens in the United States.
- New Relic (https://newrelic.com) - New Relic is a monitoring service provided by New Relic Inc. We use this service to monitor application performance and track errors that may occur in the application for technical support purposes. As part of this monitoring, New Relic filters all communication between your browser and our application. Processing of data on New Relic happens in the United States.
- SendGrid (https://mandrill.com) - SendGrid is a transactional email service provided by SendGrid, Inc. We use SendGrid to send "transactional" email notices from the application, including emails when you register, join/create an advisory board, receive a reply in an advisory board and/or receive updates on activity happening in advisory board(s) you are part of. Personal information sent to SendGrid may include your email address, first name and last name, as well as the content of a reply/comment you have left on the site (if applicable). Processing of personal data on SendGrid happens in the United States.
Will you encounter third-party links on our website?
We do not include or offer third party products or services directly on our website. However, each advisory board is run independently by organizations (customers of Advise.Us) that are not be directly affiliated with Advise.Us. In these advisory board you may be solicited with offers for third-party products or services, which Advise.Us will not be aware of. Advise.Us does not endorse these third-party products and services posted in advisory boards not directly run by Advise.Us.
Do we use 'cookies' on the Advise.Us website?
How does our site handle do not track signals?
We do not honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. We don't honor them because:
- Capabilities do not currently exist to track signals.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
We do not specifically market to children under 13.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information related to your account and/or the advisory board(s) you are part of, respond to inquiries (e.g., for customer or advisory board member support), and/or other requests or questions. If you decide to run an advisory board on this site, we may from time-to-time email you with information related to new features, how-to and assistance/advice and (very occasionally) company news. This information is never sent to your advisory board members. You may unsubscribe at any time from these advisory board admin/moderator-related communications.
To be accordance with CANSPAM we agree to the following:
- NOT use false, or misleading subjects or email addresses
- Identify the message as an advertisement in some reasonable way
- Include the physical address of our business or site headquarters
- Monitor third party email marketing services for compliance, if one is used
- Honor opt-out/unsubscribe requests quickly
- Allow users to unsubscribe by using the link at the bottom of each email
If at any time you would like to unsubscribe from receiving future emails, you can:
- Follow the instructions at the bottom of each email; or
- Email us at [email protected]
How can you contact Advise.Us?
260 East Main Street, Suite #6317
Rochester, NY 14604
Last Updated on September 30th, 2018