Thinglink Acceptable Use Policy
Last updated Fri May 25 00:00:00 UTC 2018
This AUP is structured as follows. Section I contains general rules applicable to all users. Section II contains rules applicable to users of the specific types of ThingLink service accounts. Finally, Section III contains rules for the use of third party content from ThingLink partners.
I. General rules for the use of the ThingLink service
- You must not annotate and/or display (i) any material protected by copyright or other intellectual property rights without the prior approval of the respective rights holder, nor (ii) any illegal, offensive, threatening, libelous, defamatory, obscene or otherwise objectionable material, nor (iii) any material that may not be appropriate for all audiences (including pornography and other adult content).
- You must not use the ThingLink service for any illegal, fraudulent or unauthorized purpose. You agree to comply with all local laws regarding online conduct and acceptable content.
- You must not copy any elements of the ThingLink service, including the code and the design, or our name, trademark, logo or other prorietary information, without our prior written consent.
- You must not attempt to circumvent or breach any security or any authentication measures put in place by ThingLink.
- You must not create or submit unwanted tags to any images.
- You must not transmit any worms or viruses, any code of a destructive nature or otherwise interfere with the operation of the Thinglink service.
- You must not provide us or any other users of the ThingLink service any false or misleading information.
- You must not attempt to replicate or circumvent any of the functionality of the ThingLink service with any unauthorized solutions created by you or by a third party.
- You must not collect from any third parties personal data or personally identifiable information in violation of any data protection and/or privacy laws
II. Rules specific to different types of ThingLink accounts
You agree to comply with the following account-specific rules, the applicable rules depending on the account type you have.
- You must not use the ThingLink service for commercial purposes, including, but not limited to publishing images on commercial websites.
- You must not use the ThingLink service for advertising third party products or services in consideration of payment or other benefit in any form without a separate prior written consent from ThingLink.
- You must not use any third party tools to track the use of your material submitted to the ThingLink service without ThingLink’s prior written approval
ThingLink Free Business and Premium Business
- You must not use the ThingLink service for advertising third party products or services in consideration of payment or other benefit in any form without a separate prior written consent from ThingLink.
- You must not use the ThingLink service on multiple properties
- You must not use any third party tools to track the use of your material submitted to the ThingLink service without ThingLink’s prior written approval
- You must not use any third party tools to track the use of your material submitted to the ThingLink service without ThingLink’s prior written approval
III. Rules specific to third party content
Getty Images. The following restrictions apply to the use of content for which Getty Images International, its group companies, or its other licensors are the rightholders (referred to as "Getty Content");
- You may only use Getty Content in a non-commercial manner, and may not sell, modify, re-use, re-sell, distribute, display, reproduce, or make any other use of Getty Content without a prior written authorization from us.
- You may not take any action that would enable the file-sharing of Getty Content
- You may not use Getty Content in logos, trademarks, services marks, or any other branding or identifiers
- You may not take any measures to circumvent any features that disable your operating system’s standard right-click feature on Getty Content
- You may not download any Getty Content on a stand-alone basis
We reserve all rights to take appropriate action in case of a breach of these rules, including, but not limited to, removing the offending content, or either suspending or terminating the account of the person in breach. We need to do that because we want to make sure that all of our users can enjoy the service, and not get harmed by the actions of the few who might not have others best interests at heart.
Terms of Service
Last updated 25 May 2018
Welcome to www.Thinglink.com, the website and online service of Thinglink (as defined in Section 14 below). This page explains the terms by which you may use our online and/or mobile services, web site, APIs, and software, including any manuals, instructions or other documents or materials that we make available to you and which describe the functionality, components, features or requirements of the service, including any aspect of the installation, configuration, integration, operation, use, support or maintenance thereof provided on or in connection with the service (collectively the “Service”).
PLEASE READ THIS AGREEMENT CAREFULLY TO ENSURE THAT YOU UNDERSTAND EACH PROVISION. THIS AGREEMENT CONTAINS A MANDATORY INDIVIDUAL ARBITRATION AND CLASS ACTION/JURY TRIAL WAIVER PROVISION THAT REQUIRES THE USE OF ARBITRATION ON AN INDIVIDUAL BASIS TO RESOLVE DISPUTES, RATHER THAN JURY TRIALS OR CLASS ACTIONS.
Use of Service
- Eligibility. You may use the Service only if you can form a binding contract with Thinglink, and only in compliance with this Agreement and all applicable local, state, national, and international laws, rules and regulations, (including without limitation all applicable laws regarding online conduct and acceptable content, the transmission of technical data exported from the United States or the country in which you reside, privacy, and data protection). In order to register for an account, we may, at our discretion, allow you to sign up through a third-party service provider, such as Facebook, Microsoft, Twitter, or Google. The Children’s Online Privacy Protection Act (COPPA) prohibits online service providers from knowingly collecting personally identifiable information from children under 13 years of age without verifiable parental consent (“Consent”). Accordingly, students accessing the Service subject to Consent provided via their education institution, as allowed under COPPA, will require the use of a unique invitation code supplied by their education institution in order to create an account. Any use or access to the Service by anyone under 13 without Consent, is strictly prohibited and in violation of this Agreement. The Service is not available to any Users previously removed from the Service by Thinglink.
- Thinglink Service. Subject to the terms and conditions of this Agreement and your payment of any applicable fees, you are hereby granted a non-exclusive, limited, non-transferable, revocable license to use the Service as permitted by the features of the Service during the term of this Agreement. You shall employ all physical, administrative and technical controls, screening and security procedures and other safeguards necessary to: (a) securely administer the distribution and use of all access credentials and protect against any unauthorized access to or use of the Service; and (b) control the content and use of User Content (as defined below), including the uploading or other provision of User Content for processing by the Service. ThingLInk reserves all rights not expressly granted herein in the Service and Thinglink Content (as defined below). Thinglink may terminate this license in accordance with this Agreement. We may from time to time in our sole discretion engage third parties to provide, maintain, and/or improve the Service (each, a “Subcontractor”).
Unless you are an educator, parent or guardian managing your student, child or ward’s account, you may never use another User’s account. When creating your account, you must provide accurate and complete information, and you must keep this information up to date. You are solely responsible for the activity that occurs on your account, and you must keep your account password secure. We encourage you to use “strong” passwords (passwords that use a combination of upper and lower case letters, numbers and symbols) with your account. You must notify Thinglink immediately of any breach of security or unauthorized use of your account. Thinglink will not be liable for any losses caused by any unauthorized use of your account.
You may control your User profile and how you interact with the Service by changing the settings in your settings page. By providing Thinglink your email address you consent to our using the email address to send you Service-related notices, including any notices required by law, in lieu of communication by postal mail. We may also use your email address to send you other messages, such as changes to features of the Service and special offers. If you do not want to receive such email messages, you may opt out or change your preferences in your settings page. Opting out may prevent you from receiving email messages regarding updates, improvements, or offers.
- Account Types and Fees. Thinglink offers the Service to both individuals and entities, including businesses and educational institutions. For descriptions of all account types and features currently available and our policy that governs their use, please see Account Descriptions and the Acceptable Use Policy. As our Service is constantly developing, please consult them regularly.
- Free Access. If you register for a free user account or elect to receive a free trial version of a paid version of the Service (each, “Free Access”), we will provide you access to the selected version of the Service free of charge until the earlier of (a) the end of the free trial period, or (b) the start date of any Purchased Service subscriptions ordered by you for any such version of the Service, or (c) termination by us in our sole discretion. We may, without prior notice, create usage limits for your Free Access to the Service. Additional terms and conditions may appear on the registration web page of the Free Access version of the Service to which you subscribe. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding.
- Purchased Access. “Purchased Access” means access to any version of the Service that you purchase under an Order, as distinguished from those provided as Free Access. Purchased Access to the Service may be subject to additional terms set forth for the applicable version of the Service to which you subscribe. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding.
- Changes. We reserve the right, in our sole discretion, to make any changes to the Service that we deem necessary or useful to: (a) maintain or enhance (i) the quality or delivery of the Service, (ii) the competitive strength of or market for the Service or (iii) the Service’s cost efficiency or performance; or (b) to comply with applicable Law.
- Service Rules. You agree not to engage in any of the following prohibited activities: (i) copying, distributing, or disclosing any part of the Service in any medium, including without limitation by any automated or non-automated “scraping”; (ii) using any automated system, including without limitation “robots,” “spiders,” “offline readers,” etc., to access the Service in a manner that sends more request messages to Thinglink servers than a human can reasonably produce in the same period of time by using a conventional on-line web browser (except that Thinglink grants the operators of public search engines revocable permission to use spiders to copy publicly available materials from Thinglink.com for the sole purpose of and solely to the extent necessary for creating publicly available searchable indices of the materials, but not caches or archives of such materials); (iii) transmitting spam, chain letters, or other unsolicited email; (iv) attempting to interfere with, compromise the system integrity or security or decipher any transmissions to or from the servers running the Service; (v) taking any action that imposes, or may impose at our sole discretion an unreasonable or disproportionately large load on our infrastructure; (vi) uploading invalid data, viruses, worms, or other software agents through the Service; (vii) collecting or harvesting any personally identifiable information, including account names, from the Service; (viii) using the Service for any commercial solicitation purposes; (ix) impersonating another person or otherwise misrepresenting your affiliation with a person or entity, conducting fraud, hiding or attempting to hide your identity; (x) interfering with the proper working of the Service; (xi) accessing any content on the Service through any technology or means other than those provided or authorized by the Service; or (xii) bypassing the measures we may use to prevent or restrict access to the Service, including without limitation features that prevent or restrict use or copying of any content or enforce limitations on use of the Service or the content therein.
We may permanently or temporarily terminate or suspend your access to the Service without notice and liability if in our sole determination you violate any provision of this Agreement. If you become aware of any actual or threatened activity prohibited by in this Section 1(h), you shall immediately: (a) take all reasonable and lawful measures within their respective control that are necessary to stop the activity or threatened activity and to mitigate its effects (including, where applicable, by discontinuing and preventing any unauthorized access to the Service and permanently erasing from their systems and destroying any data to which any of them have gained unauthorized access); and (b) notify us of any such actual or threatened activity.
You are solely responsible for your interactions with other Thinglink Users. We reserve the right, but have no obligation, to monitor disputes between you and other Users. Thinglink shall have no liability for your interactions with other Users, or for any User’s action or inaction.
- User Content
Some areas of the Service allow Users to post or provide content such as profile information, videos, images, music, comments, questions, and other content or information on the Service (any such materials a User submits, posts, displays, or otherwise makes available on the Service is referred to as “User Content”). We claim no ownership rights over User Content created by you. The User Content you create remains yours; however, by providing or sharing User Content through the Service, you agree to allow others to view, edit, and/or share your User Content in accordance with your settings and this Agreement. Thinglink has the right (but not the obligation) in its sole discretion to remove any User Content that is shared via the Service.
You agree not to post User Content that: (i) may create a risk of harm, loss, physical or mental injury, emotional distress, death, disability, disfigurement, or physical or mental illness to you, to any other person, or to any animal; (ii) may create a risk of any other loss or damage to any person or property; (iii) seeks to harm or exploit children by exposing them to inappropriate content, asking for personally identifiable details or otherwise; (iv) may constitute or contribute to a crime or tort; (v) contains any information or content that we deem to be unlawful, harmful, abusive, racially or ethnically offensive, defamatory, infringing, invasive of personal privacy or publicity rights, harassing, humiliating to other people (publicly or otherwise), libelous, threatening, profane, obscene, or otherwise objectionable; (vi) contains any information or content that is illegal (including, without limitation, the disclosure of insider information under securities law or of another party’s trade secrets); (vii) contains any information or content that you do not have a right to make available under any law or under contractual or fiduciary relationships; or (viii) contains any information or content that you know is not correct and current or (ix) violates any school or other applicable policy, including those related to cheating or ethics. You agree that any User Content that you post does not and will not violate third-party rights of any kind, including without limitation any Intellectual Property Rights (as defined below) or rights of privacy. To the extent that your User Content contains music, you hereby represent that you are the owner of all the copyright rights, including without limitation the performance, mechanical, and sound recordings rights, with respect to each and every musical composition (including lyrics) and sound recording contained in such User Content and have the power to grant the license granted below. Thinglink reserves the right, but is not obligated, to reject and/or remove any User Content that Thinglink believes, in its sole discretion, violates any of these provisions. You understand that publishing your User Content on the Service is not a substitute for registering it with the U.S. Copyright Office, the Writer’s Guild of America, or any other rights organization.
For the purposes of this Agreement, “Intellectual Property Rights” means all patent rights, copyright rights, mask work rights, moral rights, rights of publicity, trademark, trade dress and service mark rights, goodwill, trade secret rights and other intellectual property rights as may now exist or hereafter come into existence, and all applications therefore and registrations, renewals and extensions thereof, under the laws of any state, country, territory or other jurisdiction.
Thinglink takes no responsibility and assumes no liability for any User Content that you or any other User or third party posts, sends, or otherwise makes available over the Service. You shall be solely responsible for your User Content and the consequences of posting, publishing it, sharing it, or otherwise making it available on the Service, and you agree that we are only acting as a passive conduit for your online distribution and publication of your User Content. You understand and agree that you may be exposed to User Content that is inaccurate, objectionable, inappropriate for children, or otherwise unsuited to your purpose, and you agree that Thinglink shall not be liable for any damages you allege to incur as a result of or relating to any User Content.
The Service does not replace the need for you, as applicable, to maintain regular data backups or redundant data archives. WE HAVE NO OBLIGATION OR LIABILITY FOR ANY LOSS, ALTERATION, DESTRUCTION, DAMAGE, CORRUPTION OR RECOVERY OF YOUR USER CONTENT.
- User Content License Grant. By posting or otherwise making available any User Content on or through the Service, you expressly grant, and you represent and warrant that you have all rights necessary to grant, to us a royalty-free, sublicensable, transferable, perpetual, irrevocable, non-exclusive, worldwide license to use, reproduce, modify, publish, list information regarding, edit, translate, distribute, syndicate, publicly perform, publicly display, and make derivative works of all such User Content and any name, voice, and/or likeness as contained in your User Content, in whole or in part, and in any form, media or technology, whether now known or hereafter developed, for use in connection with the Service and Thinglink’s (and its successors’ and affiliates’) business, including without limitation for promoting and redistributing part or all of the Service (and derivative works thereof) in any media formats and through any media channels.
- Mobile Software
- Mobile Software. We may make available software to access the Service via a mobile device (“Mobile Software”). To use the Mobile Software you must have a mobile device that is compatible with the Mobile Software. Thinglink does not warrant that the Mobile Software will be compatible with your mobile device. You may use mobile data in connection with the Mobile Software and may incur additional charges from your wireless provider for these services. You agree that you are solely responsible for any such charges. Thinglink hereby grants you a non-exclusive, non-transferable, revocable license to use a compiled code copy of the Mobile Software for one Thinglink account on any mobile device controlled, owned or leased solely by you.
You may not: (i) modify, disassemble, decompile or reverse engineer the Mobile Software, except to the extent that such restriction is expressly prohibited by law; (ii) rent, lease, loan, resell, sublicense, distribute or otherwise transfer the Mobile Software to any third party or use the Mobile Software to provide time sharing or similar services for any third party; (iii) make any copies of the Mobile Software; (iv) remove, circumvent, disable, damage or otherwise interfere with security-related features of the Mobile Software, features that prevent or restrict use or copying of any content accessible through the Mobile Software, or features that enforce limitations on use of the Mobile Software; or (v) delete the copyright and other proprietary rights notices on the Mobile Software. You acknowledge that Thinglink may from time to time issue upgraded versions of the Mobile Software, and may automatically electronically upgrade the version of the Mobile Software that you are using on your mobile device. You consent to such automatic upgrading on your mobile device, and agree that the terms and conditions of this Agreement will apply to all such upgrades. Any third-party code that may be incorporated in the Mobile Software is covered by the applicable open source or third-party license EULA, if any, authorizing use of such code. The foregoing license grant is not a sale of the Mobile Software or any copy thereof, and Thinglink or its third-party partners or suppliers retain all right, title, and interest in the Mobile Software (and any copy thereof).
Any attempt by you to transfer any of the rights, duties or obligations hereunder, except as expressly provided for in this Agreement, is void. Thinglink reserves all rights not expressly granted under this Agreement. If the Mobile Software is being acquired on behalf of the United States Government, then the following provision applies. The Mobile Software will be deemed to be “commercial computer software” and “commercial computer software documentation,” respectively, pursuant to DFAR Section 227.7202 and FAR Section 12.212, as applicable. Any use, reproduction, release, performance, display or disclosure of the Service and any accompanying documentation by the U.S. Government will be governed solely by these Terms of Service and is prohibited except to the extent expressly permitted by these Terms of Service. The Mobile Software originates in the United States, and is subject to United States export laws and regulations. The Mobile Software may not be exported or re-exported to certain countries or those persons or entities prohibited from receiving exports from the United States. In addition, the Mobile Software may be subject to the import and export laws of other countries. You agree to comply with all United States and foreign laws related to use of the Mobile Software and Thinglink Service.
- Mobile Application Marketplaces. The following applies to any Mobile Software you acquire from the iTunes Store, the Android Market, or any other similar marketplace for mobile applications (“Sourced Mobile Software”): You acknowledge and agree that this Agreement is solely between you and Thinglink, not the proprietor of such marketplace (each a “Proprietor”), and that Proprietor has no responsibility for the Sourced Mobile Software or content thereof. Your use of the Sourced Mobile Software must comply with the applicable terms of service for the marketplace from which you downloaded the Sourced Mobile Software. You acknowledge that Proprietor has no obligation whatsoever to furnish any maintenance and support services with respect to the Sourced Mobile Software. In the event of any failure of the Sourced Mobile Software to conform to any applicable warranty, you may notify Proprietor, and Proprietor will refund the purchase price for the Sourced Mobile Software to you; to the maximum extent permitted by applicable law, Proprietor will have no other warranty obligation whatsoever with respect to the Sourced Mobile Software, and any other claims, losses, liabilities, damages, costs or expenses attributable to any failure to conform to any warranty will be solely governed by this Agreement and any law applicable to Thinglink as provider of the software. You acknowledge that Proprietor is not responsible for addressing any claims of you or any third party relating to the Sourced Mobile Software or your possession and/or use of the Sourced Mobile Software, including, but not limited to: (i) product liability claims; (ii) any claim that the Sourced Mobile Software fails to conform to any applicable legal or regulatory requirement; and (iii) claims arising under consumer protection or similar legislation; and all such claims are governed solely by this Agreement and any law applicable to Thinglink as provider of the software. You acknowledge that, in the event of any third-party claim that the Sourced Mobile Software or your possession and use of that Sourced Mobile Software infringes that third party’s intellectual property rights, Thinglink, not Proprietor, will be solely responsible for the investigation, defense, settlement and discharge of any such intellectual property infringement claim to the extent required by this Agreement. You and Thinglink acknowledge and agree that Proprietor, and Proprietor’s subsidiaries, are third-party beneficiaries of this Agreement as relates to your license of the Sourced Mobile Software, and that, upon your acceptance of the terms and conditions of this Agreement, Proprietor will have the right (and will be deemed to have accepted the right) to enforce this Agreement as relates to your license of the Sourced Mobile Software against you as a third-party beneficiary thereof.
- Our Proprietary Rights
Except for your User Content, the Service and all materials therein or transferred thereby, including, without limitation, software, images, text, graphics, illustrations, logos, patents, trademarks, service marks, copyrights, photographs, audio, videos, music, and User Content belonging to other Users (the “Thinglink Content”), and all Intellectual Property Rights related thereto, are the exclusive property of Thinglink and its licensors (including other Users who post User Content to the Service). Except as explicitly provided herein, nothing in this Agreement shall be deemed to create a license in or under any such Intellectual Property Rights, and you agree not to sell, license, rent, modify, distribute, copy, reproduce, transmit, publicly display, publicly perform, publish, adapt, edit or create derivative works from any Thinglink Content. Use of Thinglink Content for any purpose not expressly permitted by this Agreement is strictly prohibited.
You may choose to or we may invite you to submit comments or ideas about the Service, including without limitation about how to improve the Service or our products (“Ideas”). By submitting any Idea, you agree that your disclosure is gratuitous, unsolicited and without restriction and will not place Thinglink under any fiduciary or other obligation, and that we are free to use the Idea without any additional compensation to you, and/or to disclose the Idea on a non-confidential basis or otherwise to anyone. You further acknowledge that, by acceptance of your submission, Thinglink does not waive any rights to use similar or related ideas previously known to Thinglink, or developed by its employees, or obtained from sources other than you.
Thinglink cares about the integrity and security of your personal information. However, we cannot guarantee that unauthorized third parties will never be able to defeat our security measures or use your personal information for improper purposes. You acknowledge that you provide your personal information at your own risk.
- DMCA Notice
Since we respect artist and content owner rights, it is Thinglink’s policy to respond to alleged infringement notices that comply with the Digital Millennium Copyright Act of 1998 (“DMCA”).
If you believe that your copyrighted work has been copied in a way that constitutes copyright infringement and is accessible via the Service, please notify Thinglink’s copyright agent as set forth in the DMCA. For your complaint to be valid under the DMCA, you must provide the following information in writing:
- An electronic or physical signature of a person authorized to act on behalf of the copyright owner;
- Identification of the copyrighted work that you claim has been infringed;
- Identification of the material that is claimed to be infringing and where it is located on the Service;
- Information reasonably sufficient to permit Thinglink to contact you, such as your address, telephone number, and, email address;
- A statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or law; and
- A statement, made under penalty of perjury, that the above information is accurate, and that you are the copyright owner or are authorized to act on behalf of the owner.
The above information must be submitted to the following DMCA Agent: Attn: DMCA Notice Thinglink, Inc. Address: 444 Ramona Street, Palo Alto, California 94301 United States, Telephone: (415) 318-3464, Fax: (267) 501-3048, abuse@Thinglink.com.
UNDER FEDERAL LAW, IF YOU KNOWINGLY MISREPRESENT THAT ONLINE MATERIAL IS INFRINGING, YOU MAY BE SUBJECT TO CRIMINAL PROSECUTION FOR PERJURY AND CIVIL PENALTIES, INCLUDING MONETARY DAMAGES, COURT COSTS, AND ATTORNEYS’ FEES.
Please note that this procedure is exclusively for notifying Thinglink and its affiliates that your copyrighted material has been infringed. The preceding requirements are intended to comply with Thinglink’s rights and obligations under the DMCA, including 17 U.S.C. §512(c), but do not constitute legal advice. It may be advisable to contact an attorney regarding your rights and obligations under the DMCA and other applicable laws.
In accordance with the DMCA and other applicable law, Thinglink has adopted a policy of terminating, in appropriate circumstances, Users who are deemed to be repeat infringers. Thinglink may also at its sole discretion limit access to the Service and/or terminate the accounts of any Users who infringe any intellectual property rights of others, whether or not there is any repeat infringement.
- Third-Party Links and Information
- Third Party Materials. The Service may contain links to third-party websites, information, products, materials, or services (together, “Third Party Materials”) that are not owned or controlled by Thinglink. Thinglink does not vet, control, endorse or assume any responsibility for any such Third Party Materials,. We have not reviewed, and cannot review, all of the material, including computer software, made available through Third Party Materials, and cannot therefore be responsible for that Third Party Material’s content, use or effects. You are responsible for taking precautions as necessary to protect yourself and your computer systems from viruses, worms, Trojan horses, and other harmful or destructive content. Thinglink disclaims any responsibility for any harm resulting from the use of Third Party Materials by Users of our Service, or from any downloading by those Users of content there posted.
- No Liability for Third Parties. You expressly relieve Thinglink from any and all liability arising from your use of any Third Party Materials, including without limitation User Content submitted by other Users. Additionally, your dealings with or participation in promotions of Users who create advertisements using the Service, including payment and delivery of goods, and any other terms (such as warranties) are solely between you and such User. You agree that Thinglink shall not be responsible for any loss or damage of any sort relating to your dealings with such Users.
- Responsibility for Content. Thinglink has not reviewed, and cannot review, all of the material, including computer software, posted to our Service, and cannot therefore be responsible for that material’s content, use or effects. By operating our Service, Thinglink does not represent or imply that it endorses the material there posted, or that it believes such material to be accurate, useful, or non-harmful. You are responsible for taking precautions as necessary to protect yourself and your computer systems from viruses, worms, Trojan horses, and other harmful or destructive content. Our Service may contain content that is offensive, indecent, or otherwise objectionable, as well as content containing technical inaccuracies, typographical mistakes, and other errors. Our Service may also contain material that violates the privacy or publicity rights, or infringes the intellectual property and other proprietary rights, of third parties, or the downloading, copying or use of which is subject to additional terms and conditions, stated or unstated. Thinglink disclaims any responsibility for any harm resulting from the use by visitors of our Service, or from any downloading by those visitors of content there posted.
- Indemnity. You agree to defend, indemnify and hold harmless Thinglink and its subsidiaries, agents, licensors, managers, and other affiliated companies, and their employees, contractors, agents, officers and directors, from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to attorney’s fees) arising from: (i) your use of and access to the Service, including any data or content transmitted or received by you; (ii) your violation of any term of this Agreement, including without limitation your breach of any of the representations and warranties set forth in this Agreement; (iii) your violation of any third-party right, including without limitation any right of privacy or Intellectual Property Rights; (iv) your violation of any applicable law, rule or regulation; (v) User Content or any content that is submitted via your account including without limitation misleading, false, or inaccurate information; (vi) your willful misconduct; or (vii) any other party’s access and use of the Service with your unique username, password or other appropriate security code.
- Representations and Warranties; Disclaimers.
- Representations and Warranties. You represent and warrant that your use of our Service:
- Will be in strict accordance with this Agreement;
- Will comply with all applicable laws and regulations (including without limitation all applicable laws regarding online conduct and acceptable content, the transmission of technical data exported from the United States or the country in which you reside, privacy, and data protection); and
- Will not infringe or misappropriate the intellectual property rights of any third party.
- Disclaimer of Warranties. EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, AND TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SERVICE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. USE OF THE SERVICE IS AT YOUR OWN RISK. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICE IS PROVIDED WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM THINGLINK OR THROUGH THE SERVICE WILL CREATE ANY WARRANTY NOT EXPRESSLY STATED HEREIN. WITHOUT LIMITING THE FOREGOING, THINGLINK, ITS SUBSIDIARIES, ITS AFFILIATES, AND ITS LICENSORS DO NOT WARRANT THAT THE THINGLINK CONTENT IS ACCURATE, RELIABLE OR CORRECT; THAT THE SERVICE WILL MEET YOUR REQUIREMENTS; THAT THE SERVICE WILL BE AVAILABLE AT ANY PARTICULAR TIME OR LOCATION, UNINTERRUPTED OR SECURE; THAT ANY DEFECTS OR ERRORS WILL BE CORRECTED; OR THAT THE SERVICE IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. ANY CONTENT DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE SERVICE IS DOWNLOADED AT YOUR OWN RISK AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR MOBILE DEVICE OR LOSS OF DATA THAT RESULTS FROM SUCH DOWNLOAD OR YOUR USE OF THE SERVICE.
FEDERAL LAW, SOME STATES, PROVINCES AND OTHER JURISDICTIONS DO NOT ALLOW THE EXCLUSION AND LIMITATIONS OF CERTAIN IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. THIS AGREEMENT GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM STATE TO STATE. THE DISCLAIMERS AND EXCLUSIONS UNDER THIS AGREEMENT WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
- Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THINGLINK, ITS AFFILIATES, AGENTS, DIRECTORS, EMPLOYEES, SUPPLIERS OR LICENSORS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR RELATING TO THE USE OF, OR INABILITY TO USE, THIS SERVICE. UNDER NO CIRCUMSTANCES WILL THINGLINK BE RESPONSIBLE FOR ANY DAMAGE, LOSS OR INJURY RESULTING FROM HACKING, TAMPERING OR OTHER UNAUTHORIZED ACCESS OR USE OF THE SERVICE OR YOUR ACCOUNT OR THE INFORMATION CONTAINED THEREIN.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THINGLINK ASSUMES NO LIABILITY OR RESPONSIBILITY FOR ANY (I) ERRORS, MISTAKES, OR INACCURACIES OF CONTENT; (II) PERSONAL INJURY OR PROPERTY DAMAGE, OF ANY NATURE WHATSOEVER, RESULTING FROM YOUR ACCESS TO OR USE OF OUR SERVICE; (III) ANY UNAUTHORIZED ACCESS TO OR USE OF OUR SECURE SERVERS AND/OR ANY AND ALL PERSONAL INFORMATION STORED THEREIN; (IV) ANY INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE SERVICE; (V) ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE THAT MAY BE TRANSMITTED TO OR THROUGH OUR SERVICE BY ANY THIRD PARTY; (VI) ANY ERRORS OR OMISSIONS IN ANY CONTENT OR FOR ANY LOSS OR DAMAGE INCURRED AS A RESULT OF THE USE OF ANY CONTENT POSTED, EMAILED, TRANSMITTED, OR OTHERWISE MADE AVAILABLE THROUGH THE SERVICE; AND/OR (VII) USER CONTENT OR THE DEFAMATORY, OFFENSIVE, OR ILLEGAL CONDUCT OF ANY THIRD PARTY. IN NO EVENT SHALL THINGLINK, ITS AFFILIATES, AGENTS, DIRECTORS, EMPLOYEES, SUPPLIERS, OR LICENSORS BE LIABLE TO YOU FOR ANY CLAIMS, PROCEEDINGS, LIABILITIES, OBLIGATIONS, DAMAGES, LOSSES OR COSTS IN AN AMOUNT EXCEEDING THE AMOUNT YOU PAID TO THINGLINK FOR THE SIX (6) MONTHS PRIOR TO THE EVENT GIVING RISE HEREUNDER OR ONE HUNDRED EURO ($100.00)., WHICHEVER IS GREATER.
THIS LIMITATION OF LIABILITY SECTION APPLIES WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY, OR ANY OTHER BASIS, EVEN IF THINGLINK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THE FOREGOING LIMITATION OF LIABILITY SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY LAW IN THE APPLICABLE JURISDICTION.SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU. THIS AGREEMENT GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM STATE TO STATE. THE DISCLAIMERS, EXCLUSIONS, AND LIMITATIONS OF LIABILITY UNDER THIS AGREEMENT WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.
- Who You Are Contracting With, Governing Law and Venue; User Disputes
- The information in the table below describes who you are contracting with under this Agreement, who you should direct notices to under this Agreement, what law will apply in any dispute arising out of or in connection with this Agreement, and where and how such disputes will be resolved, depend on where you are domiciled.
If you are domiciled in:
You are contracting with:
Notices to Thinglink should be addressed to:
The governing law is:
Exclusive forum for resolution of disputes is:
The United States of America
Thinglink, Inc. a Delaware corporation
470 Ramona Street, Palo Alto, CA 94301
California and controlling United States federal law
Mandatory, binding arbitration in Santa Clara County, California, U.S.A. as set forth in Section 13(e) below.
Any other country
Thinglink Oy, a corporation formed in Finland
Business ID 2329185-9
VAT ID FI23291859
Lapinlahdenkatu 16, 00180 Helsinki, Finland
Arbitration in Helsinki, Finland, in accordance with the Arbitration Rules of the Finnish Central Chamber of Commerce.
- Manner of Giving Notices to Thinglink. Except as otherwise specified in this Agreement, all notices to Thinglink related to this Agreement will be in writing and will be effective upon (a) personal delivery, (b) the second business day after mailing, (c) confirmed delivery by courier service, or (d), except for notices of termination or an indemnifiable claim, the day of sending by email.
- Agreement to Governing Law and Jurisdiction. Each party agrees to the applicable governing law above without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts above.
- Legal Fees and Costs. The prevailing party in any action arising from or relating to this Agreement shall be entitled to recover its reasonable attorneys’ fees and costs, including, without limitation, arbitration fees and fees of experts.
- Arbitration for Users Domiciled in The United States. READ THIS SECTION CAREFULLY BECAUSE IT REQUIRES THE PARTIES TO ARBITRATE THEIR DISPUTES AND LIMITS THE MANNER IN WHICH YOU CAN SEEK RELIEF FROM THINGLINK. If you are domiciled in a country for which arbitration is designated in Section 13(a) above as the exclusive forum for dispute resolution, then you agree to first contact us at email@example.com and attempt to resolve the dispute with us informally. In the unlikely event that we have not been able to resolve a dispute you have with us after sixty (60) days, we each agree to resolve any claim, dispute, or controversy (excluding any claims for injunctive or other equitable relief as provided below) arising out of or in connection with or relating to this Agreement, or the breach or alleged breach thereof (collectively, “Claims”), by binding arbitration by JAMS, under the Optional Expedited Arbitration Procedures then in effect for JAMS, except as provided herein. JAMS may be contacted at www.jamsadr.com. The arbitration will be conducted in Santa Clara County, California, unless you and Thinglink agree otherwise. If you are using the Service for commercial purposes, each party will be responsible for paying any JAMS filing, administrative and arbitrator fees in accordance with JAMS rules, and the award rendered by the arbitrator shall include costs of arbitration, reasonable attorneys’ fees and reasonable costs for expert and other witnesses. If you are an individual using the Service for non-commercial purposes: (i) JAMS may require you to pay a fee for the initiation of your case, unless you apply for and successfully obtain a fee waiver from JAMS; (ii) the award rendered by the arbitrator may include your costs of arbitration, your reasonable attorney’s fees, and your reasonable costs for expert and other witnesses; and (iii) you may sue in a small claims court of competent jurisdiction without first engaging in arbitration, but this does not absolve you of your commitment to engage in the informal dispute resolution process. Any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction. Nothing in this Section shall be deemed as preventing us from seeking injunctive or other equitable relief from the courts as necessary to prevent the actual or threatened infringement, misappropriation, or violation of our data security, Intellectual Property Rights or other proprietary rights by arbitration.
- Class Action / Jury Trial Waiver. WITH RESPECT TO ALL PERSONS AND ENTITIES, REGARDLESS OF WHETHER THEY HAVE OBTAINED OR USED THE SERVICE FOR PERSONAL, COMMERCIAL OR OTHER PURPOSES, ALL CLAIMS MUST BE BROUGHT IN THE PARTIES’ INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION OR OTHER REPRESENTATIVE PROCEEDING. THIS WAIVER APPLIES TO CLASS ARBITRATION, AND, UNLESS WE AGREE OTHERWISE, THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON’S CLAIMS. YOU AGREE THAT, BY ENTERING INTO THIS AGREEMENT, YOU AND THINGLINK ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION, OR OTHER REPRESENTATIVE PROCEEDING OF ANY KIND.
- Assignment. This Agreement, and any rights and licenses granted hereunder, may not be transferred or assigned by you, but may be assigned by Thinglink without restriction. Any attempted transfer or assignment in violation hereof shall be null and void.
- Entire Agreement / Severability. This Agreement, together with any amendments and any additional agreements you may enter into with Thinglink in connection with the Service, shall constitute the entire agreement between you and Thinglink concerning the Service. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be (1) the applicable Order Form, (2) any additional terms or addenda applicable to specific versions of the Service, and (3) this Agreement. If any provision of this Agreement is deemed invalid by a court of competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of this Agreement, which shall remain in full force and effect.
- No Waiver. No waiver of any term of this Agreement shall be deemed a further or continuing waiver of such term or any other term, and Thinglink’s failure to assert any right or provision under this Agreement shall not constitute a waiver of such right or provision.
- Contact. Please contact us at info@Thinglink.com with any questions regarding this Agreement.
Last Updated May 25, 2018
Welcome to Thinglink.com! Our mission is to create a more enlightened way of creating immersive content by providing an intuitive, unified platform to collaborate with others and unleash your creative energy. Here we describe how we collect, use, and handle your personal information when you use our Service.
- WHAT’S COLLECTED AND WHY?
We collect and use the following information to provide, improve, and protect our Services:
Information You Provide:
- Account Information. You can browse our site without providing personal information, but you must register in order to access most of the features of Service. Depending on how you interact with the Service, we may ask for certain information such as your legal name, email address, a description of your purpose when using the Service (business or education), your industry if your using the Service for business purposes, your role (teacher or student) and your school name and school district, if you’re suing the Service for educational purposes, and password when you create a Thinglink account. Depending on your Settings, some of this personal information may be displayed on your public profile and viewable to others on the Service.
- Optional Profile Information. After you setup your account, Thinglink members may also choose to provide additional information which may be shared with others on the Service or through your public profile, such as your name, email address, nickname or online alias, other Thinglink accounts you choose to follow, Immersive Images (as defined in the Content Information section below), websites, and other information relating to your User Content or your use of the Service. In connection with your use of the Service, we may also collect information created or provided by you, or that we otherwise receive, in connection therewith. For example, if you send or enable your users to send SMS messages through the Service, we will collect and maintain the call data (e.g., receipts, phone numbers, size, time of transmission, confirmations, etc.) and other message transmission and conversion data, which may include personal information.
- Payment and Billing Information. We also collect credit card or payment information for paid subscriptions. This information will be securely stored with a third party specialized in the handling of such information, such as a credit card payment gateway or other payment vendors.
- Content Information. Our Service is designed to make it simple for you to store your User Content, collaborate with others, and work across multiple devices to create unique, engaging visuals (“Immersive Images”). To make that possible, we store, process, and transmit your User Content as well as information related to it. This related information includes your profile information, which makes it easier to collaborate and share your User Content with others, as well as things like the size of the file, the time it was uploaded, collaborators, and usage activity. Our Service provides you with different options for sharing your User Content. You may provide us with information about you in draft and published User Content (such as for your Immersive Images). For example, if you create an Immersive Image that includes biographic information about you or someone else, we will have that information, and so will anyone with access to that Immersive Image if you choose to publish the Immersive Image publicly.
- Messages. If you correspond with us, you may also provide us information when you respond to surveys, communicate with our engineering or support teams about a question regarding the Service, or post a question about your User Content in our public forums.
- Telephone Information. If we telephone you, or you telephone us, to discuss our Service, we may collect personal information from you, including your name, company name, business address, phone number, job title, email address, whether you use the Service, information about your business needs, the number of users of our Service you require, and, if you telephoned us, how you heard about us, and any other information you choose to share with us by telephone.
Information We Collect Automatically:
- Device Information. Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. Your devices (depending on their settings) may also transmit location information to the Services. We collect log information when you use our Service–for example, when you create or make changes to your Immersive Images.
- Usage Information. We collect information related to how you use the Service, including actions you take in your account (like sharing, editing, viewing, and moving files or folders). We use this information to improve our Service, develop new services and features, and protect Thinglink users.
- Location Information. We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Service from certain geographic regions. We may also collect information about your precise location via our mobile apps (when, for example, you post a photograph with location information) if you allow us to do so through your mobile device operating system’s permissions.
- Stored Information: We may access information stored on your mobile device via our mobile app. We access this stored information through your device operating system’s permissions. For example, if you give us permission to access the photographs on your mobile device’s camera roll, our Service may access the photos stored on your device when you upload a photo to the Service to create an Immersive Image.
Information We Collect from Other Sources:
- Information We Receive from Social Networking Sites. We allow Users with certain third-party accounts (currently Users who have Google, Microsoft, Twitter, or Facebook accounts) to authenticate on the Service using those third-party accounts. We also allow Users to share their immersive Images on third party services, such as social networking services provided by others, for example, Facebook. If you create or log into your account on the Service through another third-party service or if you connect your Immersive Image on a social media service (like Twitter), we will receive information from that service (such as your username and other basic profile information) via the authorization procedures used by that service. The information we receive depends on which services you authorize and any options that are available. You should always review, and if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our website or Service.
- Third Party Analytics Services. We may also receive information from third party services to help us better understand you and how you use our Service.
Information Collected by Third Parties
Purposes for Collecting this Information:
We use information about you as mentioned above and for the purposes listed below:
- To provide you the Service, including for example, hosting your Immersive Images and billing you for the Service;
- To maintain, monitor, and improve the Service by adding new features, sharing new use cases, or making the Service easier to use;
- To monitor and analyze trends and better understand how you interact with our Service;
- For our own internal benchmarking, for example, to measure, and gauge the effectiveness of the Service, our advertising of the Service, and to better understand user retention and attrition–for example, we may analyze how many individuals purchased a plan after receiving a marketing message or the features used by those who continue to use our Service after a certain length of time;
- To prevent problems with our Service, protect the security of our Service, detect fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of Thinglink and others, which may result in us declining a transaction or the use of our Service;
- To personalize your experience using our Service, remember your preferences on the Service so that you will not have to re-enter it during your visit or the next time you use the Service, target our marketing messages to groups of our Users (for example, those who have a particular plan with us or have been our user for a certain length of time), to serve relevant advertisements; and
- To communicate with you, for example through an email, about offers and promotions offered by Thinglink and others we think will be of interest to you, solicit your feedback, or keep you up to date on what we’re up to and our products. We give users the option to use some of our Services free of charge. These free Services are made possible by the fact that some users upgrade to one of our paid Services. If you register for our free Services, we will, from time to time, send you information about upgrades when permissible. For further information on your choices regarding your choices with regard to the use of your information for marketing purposes, see "Your Choices Regarding Your Information" below.
- LEGAL BASIS FOR COLLECTING AND USING INFORMATION
We collect and use the personal data described above based on the following grounds:
- Compliance with a legal obligation necessitates the use; or
- The protection of your vital interests or those of another person require the use; or
- We have a legitimate interest in using your information–for example, to provide and update our Service, to improve our Service so that we can offer you an even better user experience, to safeguard our Service, to communicate with you, to measure, gauge, and improve the effectiveness of our advertising, and better understand user retention and attrition, to monitor and prevent any problems with our Service, and to personalize your experience; or
- DISCLOSURE OF INFORMATION TO THIRD PARTIES
We won’t transfer information about you to third parties for the purpose of providing or facilitating third-party advertising to you. We won’t sell information about you either. We may share your personal information in the limited instances described below. For further information on your choices regarding your information, see "Your Choices Regarding Your Information."
- Other Users. Our Services display information like your name, profile picture, and email address to other users in places like your user profile and sharing notifications. You can also share Your Immersive Images with other users if you choose. When you register your Thinglink account with an email address on a domain owned by your employer, educational institution, or organization, we may help collaborators and administrators find you and your team by making some of your basic information—like your name, team name, profile picture, and email address—visible to other users on the same domain. This helps you sync up with teams you can join and helps other users share files and folders with you.
- Account Administrators. If your use of the Service is pursuant to an Agreement entered into by your employer, education institution, or other organization to which you belong, (e.g., Thinglink Business plans or Thinglink Education), your administrator may have the ability to access and control your Thinklink team account. Please refer to your organization’s internal policies if you have questions about this. If you are not a Thinglink group user but interact with a Thinglink group user (by, for example, accessing content shared by that user), members of that organization may be able to view the name, email address, profile picture, and IP address that was associated with your account at the time of that interaction.
- Third Parties at Your Request. Certain features let you make additional information available to the public. You may have the option to share your Thinglink activities with your friends, or through email, SMS text, or various social media sites or on your blog or website. Public information may also be indexed by search engines or used by third parties. Please keep all of this in mind when deciding what you would like to share.
- Other Applications. You can also give third-party providers access to your information and account—for example, via Thinglink APIs. Just remember that their use of your information will be governed by their privacy policies and terms.
- Company Transactions. Other parties in connection with any company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party or in the event of bankruptcy or related or similar proceedings. Your information, including user names and email addresses, User Content, and other user information may be among the items sold or otherwise transferred in these types of transactions; and
- Aggregated and De-Identified Information. We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Service.
- YOUR CHOICES REGARDING YOUR INFORMATION
- Account Data. Thinglink does not verify the accuracy of the personal data you provide. All Thinglink profiles are typically made available to the public, however you may elect to make your content private. If you make all of the content on your profile private, then a your profile will not appear in a directory search of the Service, but a user may still be able to access your profile if they know the uniform resource locator (URL) address for your profile. You can edit and change your profile and account data through the Settings of your account. You have the right to inspect the personal data we have stored about you in the Thinglink User Register either via the Service (if we, in our sole discretion, offer such functionality) or by requesting it in writing from Thinglink. You can also choose not to provide the optional account information, profile information, and transaction and billing information. Please keep in mind that if you do not provide this information, certain features of our Services–for example, paid, premium Services–may not be accessible.
- Limit Access to Information On Your Mobile Device. Your mobile device operating system should provide you with the ability to discontinue our ability to collect stored information or location information via our mobile apps. If you do so, you may not be able to use certain features (like adding a location to a photograph, for example).
- Access to Data Controlled by Our Users. Thinglink has no direct relationship with the end users (usually students or employees) of our Users, whose personal information is contained within the personal data processed by our Services. An individual who seeks access, or who seeks to correct, amend, or delete personal information provided by our Users should direct their request to the specific User. You may also contact us at firstname.lastname@example.org if you have additional questions or concerns.
- Marketing Communications. If you do not wish to receive promotional emails, you can click the "unsubscribe" button on promotional email communications. If you opt out of promotional messages, we may still send you other messages, like those about your account and legal notices. We sometimes contact people who do not have a Thinglink account. For recipients in the EU, we or a third party will obtain consent before contacting you. If you receive an email and no longer wish to be contacted by Thinglink, you can unsubscribe and remove yourself from our contact list via the message itself
- Analytics Services. As noted above, analytics providers may set tracking technologies (like cookies) to collect information about your use of the Service, and potentially your use of other websites and online services. For more information about how to manage and delete cookies, visit aboutcookies.org. For further information on what information is collected by analytics service providers and why, see "What We Collect and Why."
- Set Your Browser to Reject Cookies. At this time, Thinglink does not respond to “do not track” signals across all of our Services. However, you can usually choose to set your browser to remove or reject browser cookies before using the Service, with the drawback that certain features of the Service may not function properly without the aid of cookies.
- Close Your Account. Of course, while it’s hard to say goodbye, we understand that sometimes you just need to move on. You can delete your information from within your account or close your account. To close your account, please contact us, and keep in mind that we may continue to retain your information after closing your account, as described in How Store Your Information below–for example, when that information is reasonably needed to comply with (or demonstrate our compliance with) legal obligations such as law enforcement requests, or reasonably needed for our legitimate business interests. We’ll use all commercially reasonable efforts to delete or anonymize your User Content upon request, but please be aware that due to the social nature of our Service, it may not be possible to completely remove all of your personally identifiable User Content if, for example, that content has been stored, republished, or reposted by another user or a third party.
- Take Your Data. You can download a copy of your content in a machine readable format as through the settings feature of your account. You can also ask us for a copy of personal data you provided to us.
- HOW WE STORE YOUR INFORMATION
- Security. Thinglink cares about the security of your information and uses commercially reasonable physical, administrative, and technological safeguards to preserve the integrity and security of all information we collect and that we share with our service providers. Personal data and backups are stored in protected databases located behind a firewall and with both physical and software-based access controls. However, no security system is impenetrable and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
- Location of Storage. To provide you with the Services, we may store, process, and transmit information in the United States and locations around the world—including those outside your country. Information may also be stored locally on the devices you use to access the Services.
- Retention. When you sign up for an account with us, we’ll retain information you store on our Services for as long as your account is in existence or as long as we need it to provide you the Services. If you delete your account, we will initiate deletion of this information within 30 days of your request. But please note: (1) there might be some latency in deleting this information from our servers and backup storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
- IMPORTANT NOTICE
- COPPA COMPLIANCE
- FERPA COMPLIANCE
The Family Educational Rights and Privacy Act (FERPA) provides parameters for what is permissible when sharing student information. ThingLInk is authorized by schools and districts under the FERPA “school official” exception to receive and use educational data to provide educational services. This data has significant educational value; apart from enabling the creation of accounts with which students access the Service, the data allows teachers to track student activity and assess student performance. This information is used only for academic purposes. We do not collect data for collection’s sake, and access is limited and appropriate. For specific information regarding our data handling practices with regard to student data, please refer to our Education Institution Terms and Conditions.
- CONTROLLERS AND RESPONSIBLE COMPANIES
Thinglink’s Services are worldwide. Different Thinglink companies are the controller (or co-controller) of personal information, which means that they are the company responsible for processing that information, based on the particular service and the location of the individual using our Services.
Depending on the Services you use, more than one company may be the controller of your personal data. Generally, the “controller” is the Thinglink company that entered into the contract with you under the Terms of Service for the the product or service you use. In addition, Thinglink Inc., our US-based company, is the controller for some of the processing activities across all of our Services worldwide.
The chart below explains the controllers for processing your personal information. We use the term “Designated Countries” to refer to Australia, Canada, Japan, Mexico, New Zealand, and all countries located in the European continent.
If you reside outside of the Designated Countries:
Thinglink, Inc. a Delaware corporation, 470 Ramona Street, Palo Alto, CA 94301
If you reside in the Designated Countries:
Thinglink Oy, a corporation formed in Finland, Business ID 2329185-9
VAT ID FI23291859
Lapinlahdenkatu 16, 00180 Helsinki, Finland
Thinglink, Inc. is also the controller for some of the processing activities related to Services provided by Thinglink Oy.
Have questions or concerns about Thinglink, our Services, and privacy? Contact us at email@example.com. If they can’t answer your question, you have the right to contact your local data protection supervisory authority.
- TRANSFERRING YOUR DATA
You can ask us for more information about the steps we take to protect your personal information when transferring it from the EU.
Personal Information we collect from kids under 13.
When a user creates a Thinglink account, we may ask for legal name, email address, a description of your role when using the Service (student, retailer, freelancer, etc.), and password and a birth date. If we determine the child is under 13 (a "kid"), we will ask for a parent's name and email address so that we can notify the parent that the kid has created an account at Thinglink and seek the parent's consent to allow the kid's participation. If the parent provides consent, we may collect additional information from the kid, including a profile avatar, which could include a photograph, or other content uploaded by the kid to the Service. The information we collect from kids may be directly linked to their actions on the Service.
Information collected through cookies and other technology.
How we use and share information collected from kids.
We use this information to operate, maintain and provide the functionality of the Service and to communicate with the kid and the parent about activities on the Service. We may also send Service-related emails (e.g., account verification, changes or updates to features of the Service, technical and security notices). Registered users cannot opt-out of Service related emails. When a kid under 13 creates a Thinglink account, we use the parent's email address to notify the parent of the kid's registration (see "How we notify parents of the data collection" below).
Our Service generally permits users to connect with others on the Service and to share information with others. Members under 13 have restricted sharing capabilities, though a kid under 13 may be permitted to share information in the following manner:
- Kids will share information automatically with a parent and the kid’s teacher(s) if the kid’s account is associated with a teacher or educational institution on the Service.
- Kids under 13 may share information about their use of the Service with third party social networks.
- Kids under 13 are not permitted to share their information publicly on the Service.
In addition, we may share a kid's personal information with:
- Other companies owned by or under common ownership as Thinglink, which includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. These companies will use the personal information in the same way as we can under this Policy;
- Third party vendors, consultants, contractors and other service providers that perform services on our behalf, in order to carry out their work for us, which may include content or service fulfillment, accounting, or providing analytics services;
We may also share information with others in an aggregated and anonymous form that does not reasonably identify any user, including our kid users, directly as an individual.
How we notify parents of the data collection.
We send parents an email when their kid creates an account at Thinglink and ask the parent to register with the Service and provide consent for the kid to use the Service. If the parent refuses to allow the kid's registration, we delete the kid's information from our databases. The kid will not be permitted to engage in the core functionality of the Service unless and until we receive verifiable parental consent to engage in such activity. Where the Service is used by a child for educational purposes, the educational institution may act as an agent of the parent for purposes of providing verifiable consent. At that time, the kid will be able to participate in the Service as permitted by the parent or educational institution acting on behalf of the parent.
How parents can access, change or delete information collected from their kids.
A registered user can modify personal data or delete a Thinglink account at any time by visiting the "Settings" page. may view, modify, and consent to the collection and use of the kid's personal information. A parent or child may contact us at any time by emailing us or by contacting us at the address below to review, change, and/or delete any information we have collected from a kid under 13 as well as to disallow any further collection or use of the child's information. We will take steps to verify the identity of anyone requesting personally identifiable information about a child and to ensure that the person is in fact the child's parent or legal guardian.
Thinglink Privacy Architecture
Last updated Fri May 25 00:00:00 UTC 2018
Thinglink complies with NIST 800-63-3 Authenticator Assurance Level (AAL) 1. However, we do allow users to request that they are “remembered” for a longer period of time (a maximum of 30 days) without the need to log in. Reauthentication is required after 30 days. Session timeout is 30 minutes.
User secrets (passwords and salt) are stored in a database table, using SHA-512 with 100,000+ iterations and a per-user unique salt of 128 bits.
Users may attempt login 30 times within 24 hours before the account is locked for 1 hour. The minimum length of a password is 8 characters and we check any new passwords against the public 100,000 “most used” passwords list, as well as some common, well-known patterns (e.g. “thinglink1”).
Logs and Retention Policy
Thinglink collects three types of operational logs:
- HTTP access logs. These are logged into Logstash and entries are automatically purged after 30 days. We use these logs to detect intrusion and debug issues with our software.
- Application logs. These are logged into Logstash and entries are automatically purged after 90 days. We use these logs to debug customer issues.
- Action logs. These are stored by our system to our main database and are automatically purged after 30 days. We use these logs to audit access to customer account.
Security audit logs are collected to a separate Logstash instance and have a 6-year expiry period. These logs are used to track administrative access to production systems via SSH.
For any other collection containing personal data (e.g. CSV reporting files pulled out of the system for billing purposes, etc) the retention period is 90 days after which lists must be deleted.
All logs are stored in EU.
What is collected
We have three categories of users: viewers, visitors and registered users.
- A viewer is a person who sees an embedded Thinglink on some other site. Their usage of that site is governed by the terms of service of that site, and we are data processors for that use case.
- A visitor is a person who visits thinglink.com but has not logged in.
- A registered user is someone who has signed up to thinglink.com and has agreed to our Terms of Service.
The data collected for each of these users is different.
What personal data is collected?
What other data is collected?
Browser user agent, aggregate statistics (views/hovers/clicks per image)
Behavioral data (to improve our service), user flow through the system. Browser footprint, country, language.
Name, email, organization. Optionally credit card/paypal information and other billing data, postal code, user bio, twitter, facebook, google and microsoft IDs and access tokens, avatar picture, birthday, amazon affiliate id, skimlinks affiliate id, website address, EU VAT id, approver’s email.
Behavioural data to improve our service, user flow through the system. Browser footprint, country, language. Last activity, role (edu/business), business type & size, last login country, organization and creator, tl affiliate id, created content (incl. tags), developed applications and user preferences. Group memberships.
When user logs out, they become a
new visitor again.
This data can be accessed via command level (see below) or via the Thinglink Admin user interface. Access can occur from any country, but most likely USA, Russia and Finland.
Identifiable data is stored within our main database in Ireland (EU). IP addresses and browser footprints are visible to web analytics services (Google Analytics and Mixpanel) located in United States. Any identifiers that we use are pseudonymized before transfer and are unique per external service.
Customer sales data is stored in Hubspot (an U.S. service). No student account data is sent to Hubspot. Customer sales data includes, but is not limited to, name, email, phone number, other contact information, and communication logs with the customer. Deleting an account removes all relevant customer data from Hubspot. Some customer data may also be stored on employee’s computers, Google Docs and/or Dropbox. These are governed by our retention and encryption policies.
Customer support is done with Sirportly (UK service). Sirportly stores user email addresses and email communication.
Outgoing email is handled through Mailgun (US), which does receive your email address whenever we send you an email.
Credit card and payment data are handled through Stripe (US), Quaderno (ES), Churnbuster (US) and Firstofficer (FI); the first of which is the only one which actually receives and stores your Credit Card data. Quaderno manages the VAT calculations and is required to store by EU legislation the required data for correct VAT calculation, including things like your country and IP address. Firstofficer is used to perform data analytics on payments and improve our service. Churnbuster sends you payment reminders. All these services receive your name and email address.
Invoicing is done through Ronin (US) and Netvisor (FI). They receive things like your address and payment information and any other information we require to bill you correctly and fulfil the requirements of accounting law.
Our US-based customers can also use PayPal (US) to pay, but this is not an option for our EU customers.
We also use a number of content hosting services, which do receive your IP address, browser imprint and any cookies. These are Fastly, Facebook, Twitter, Linkedin, Google, Microsoft, Wistia, Amazon and Cloudflare. All of these may store your data in EU or in the US, depending on your locality.
Tags may contain embeds to different sites, and users are notified in advance prior to watching the image/video which sites will receive their IP address, cookies and browser footprints. User consent is requested before their data is sent to those sites by the browser. The data from these embeds may or may not be stored anywhere in the world, as it is not in our control.
Production system command level access
Production system access is strictly via SSH - no passwords are used. Public keys for all administrators are stored in an Ansible configuration file, and that file is updated as people gain or lose access. All production servers use the same configuration file, and any local modifications are overwritten automatically.
We are logging facts of authentication and all commands/application which users ran on our prod servers. Logs are placed on a Elasticsearch server using Logstash. Access to those logs is available only to restricted personnel. Production access logs are stored for 6 years.
Hardware security policies
All personal computers and external hard drives must be encrypted. Use of a VPN is strongly encouraged when connecting to a public network.
Testing and security checking policies
We have two in-house specialist that do tests and checks once in three months, one time per year we hire consultants to do pen testing and security checks. In addition we have open bug bounty program that supports white hackers which help us identify vulnerabilities. Therefore, the complex of organizational and practical steps are being done on a regular basis.
The pen testing/security check reports shall be stored in Google Drive for auditing purposes.
When a Thinglink user deletes their account, we remove all user content and all user data from the database. There is a brief period between deletion and before it becomes unrecoverable, and this period depends on our database maintenance schedule. The maintenance (called compaction) is automatic and depends on system load but typically occurs several times per day.
Aggregate, anonymized user data (such as statistics, e.g. total view counts) will remain.
We track unique users for our own statistics purposes with three main methods:
- If the user has agreed to our primary Terms of Service and is logged in, we track users with their user id as stored in an user cookie.
- If the user is just browsing thinglink.com and has not explicitly enabled Do-Not-Track functionality in their browser, we store a random unique identifier for 30 days on their browser as a cookie.
- In all other cases we store a combination of user’s IP address, their preferred language and the user agent of the browser.
In all cases, the data is pseudonymized using a strong hash function, so our internal database cannot be used to identify any particular user. The unique identifiers are purged after 30 days of non-use.
We use three tracking tools: Google Analytics, Mixpanel and Hubspot.
Google Analytics (GA)
GA is used to track the website traffic and get aggregate data on traffic sources, devices and system load. We do not send any unique identifiers to GA.
Google Analytics data retention period is set to 26 months. Any event older than that is automatically removed.
MP is used to manage our A/B tests, track conversion and all vital statistics for SaaS performance. We do send a pseudonymized identifier to Mixpanel, which is different from any of our other identifiers and cannot be used to identify the user.
We do not use the Mixpanel People product that would track individual users.
When user deletes their account on Thinglink, we clear any Mixpanel cookies and delete any associations between user data and Mixpanel. Only aggregated, anonymous data remains on Mixpanel.
Hubspot is used to track users who have signed up, agreeing to our Terms of Service. It functions as a customer database and contact point. We store user names, emails, company information, etc. to Hubspot.
If the user deletes their account on Thinglink, we remove any HS data as well.
Credit Card Data
We do not store or process CC data. We use Stripe to manage and process all of our CC data, and Quaderno to calculate taxation. In addition to whatever Stripe chooses to store to combat fraud, we also store the following items in Stripe’s database:
- Given name, last name, email, country, language and postal code (for sending receipts)
- Thinglink ID for this user
- VAT ID for corporations
This data is also available to our payment recovery tools and financial analytics tools (Churnbuster and FirstOfficer).
For US-based users, we also do offer Paypal payments, for which we do not collect anything extra. That data is not available to any other tools except Paypal itself.
Invoicing is done through Ronin and Netvisor. They receive things like your address and payment information and any other information we require to bill you correctly and fulfil the requirements of accounting law.
Note that deleting the account does not remove users from these tools fully, because we need to retain some data for accounting purposes.