Welcome to Robin. We take privacy seriously, especially when it comes to data you provide to us.
This Policy explains how Robin Powered, Inc. (“Robin” or “we”) collects and uses data, including personally identifiable data (“Personal Data”), and other information we collect from visitors to our website and users of the Robin scheduling platform. Our website and our scheduling platform and related services we provide are referred to collectively as the “Service” in this Policy.
Robin will honor requests for the removal of personal data. Where Robin is the data controller, such as for data collected through the use of our website or responses to communications, Robin will remove your personal data from its systems upon request. Where we are the data processor, such as data sent to Robin platform from customers, we will forward your request to the data controller. All such requests can be sent to privacy@robinpowered.com.
If you have any questions about this Policy, please contact us at privacy@robinpowered.com, and we will be happy to help you.
This Policy applies to information we collect through any version of the Service and to information you send to us.
This Policy does not apply to:
- Data collection that happens offline or outside of our Service.
- Any third party, including through any application, content, link or other interaction that may be accessible to you through the Service.
By using the Service, you agree to this Policy and our Terms of Service (including our Acceptable Use Requirements). Some of the data collection and uses described in this Policy are required in order for you to be able to use the Service. Our basis for that collection and use is to be able to provide the Service to you. If you do not agree, you may not use the Service. Some of the data collection and use described in this Policy are optional, and our basis for that collection and use is your consent. Where that is the case, we always give you a choice in advance, and you may use the Service even if you have “opted out” of the particular use.
Data you give us
As you use the Service, we collect and store information that you provide when you answer questions or fill out forms or engage in other interactions on the Service. This includes places like account registration, contact forms, account profile, and "personas".
Data collected as you use the Service
We automatically collect and store information when you interact with the Service ("Usage Data"). By default we limit Usage Data access to Robin and its third party service providers who we use to deliver the Service to you (e.g. hosting). If you approve access by any other third parties, we also share applicable data with them for the purpose approved by you.
We store and access Usage Data using a few technologies downloaded to your device, such as your computer, browser, tablet, mobile phone, or wearable. This happens whenever you interact with our Service. Usage Data associated with your Personal Data provided via the Service becomes Personal Data too.
Usage Data includes things like:
- Details about your activities at a Robin location, limited to what you approved upon arrival.
- Ways to identify your device, such as your IP address, UUID, or other unique identifier ("Device Identifier"). A Device Identifier is a string that Robin automatically assigns to your Device to access the Service.
- Your Device functionality (e.g. browser, operating system, hardware, and mobile network).
- How you found the Service (e.g. referring website)
- Your activity in the Service, so we can do things like remember you and your preferences.
- Your Device's location.
- General information about your Device (e.g. characteristics, time of day, etc.).
Tracking Technology
We or our vendors may use a few methods to store or collect Usage Data ("Tracking Technologies"). Tracking Technologies may set and change settings on your Device.
One of the ways we do this is through "cookies". A cookie is a small file our Service gives your Device when it accesses the Service. We use cookies to enable functionality, improve Service usage analytics, and market the service. For example, a cookie allows us to keep you logged in during a session rather than asking for a password at every action. Another example is as a security measure to prevent fraudulent activity with your accounts. You can disable or delete cookies on your Device, but parts of the Service may not be functional without them.
We and our vendors may also use tools like web beacons ("clear gifs"), scripts, and images to help manage site content and usage.
These technologies help us understand the performance and usefulness of content in the Service. We use these insights to improve the content, products or services offered through the Service.
Tracking Technologies used by our service providers are not covered by this policy. We do not have control over them, but we do screen to make sure they have acceptable policies before integrating.
Tracking Consent
For our Tracking Technologies that are not required in order for us to provide the Service, we get your consent to our storage and collection Tracking Technologies in a few ways:
- Giving you transparent information in this Policy
- Allowing you to choose whether to allow certain third parties to access your data
- Giving you the opportunity to choose to disable cookies.
Some of our Tracking Technologies are required in order for the Service to function. For example, our use of cookies as a way to improve security through fraud prevention. By using the Service, you are asking us to provide the Service to you, including all of the elements of the Service necessary for it to function as it does.
Third Party Tracking
Robin may use other Tracking Technologies (some which may not exist yet) in connection with the Service in the future. If we introduce new Tracking Technologies that change the types of data that we collect and the ways in which we use that data, we will update this Policy.
Third parties (including vendors) may also use Tracking Technologies in connection with our Service. They may collect information about your online activities across third party websites or services. We may not control those Tracking Technologies and we are not responsible for them. You consent to encountering third party Tracking Technologies as you use our Service. You also accept that this Policy does not apply to Tracking Technologies or practices of third parties.
"Do Not Track"
Some third parties have ways (e.g. Browser do-not-track signals) for users to control how online services collect their information. We do not currently take any action based on these signals, however this may change in the future.
Data third parties provide about you
We may combine information collected directly from you on our Service with third party records. This information allows us to give you a better experience by customizing content and opportunities to you. Unless disclosed otherwise, combined information becomes Personal Data under Policy.
Aside from the above, this Policy does not apply to information we receive about you from third parties. This includes if they have used our technology to collect and share information with us. If you have provided data to third parties and have concerns about how they use and share your data, you may wish to contact them to address your concerns.
Interactions with third party services
Parts of the Service may include certain interactions with third-party websites or applications. This functionality may involve the third-party operator giving us certain information, including Personal Data. When you register with the Service for example, you may have an option to link your account to a third party account (e.g. Google) to help the registration, login and transaction process, or otherwise. If we offer and you choose to use this functionality in our Service, the third-party may send your Personal Data to us. We will treat it as Personal Data under this Policy because we collect it as a result of you using our Service.
We may also provide third-party sites' interfaces or links in the Service to help you send communications. For example, a share button for emailing links via the Service. These third parties may keep information used or provided in communications or other activities. These third parties' practices are not subject to this Policy. Robin may not control or have access to your communications through these third parties.
When you use third party services, they are responsible for their practices. We can only vouch for our services and policies, and cannot be responsible for their practices. Be sure to review third-party policies before using their tools on our Service.
How we handle payments
We use third party vendors for credit card transactions and billing when you register to use the Service. All credit card transactions are handled separately by such vendors through their servers. They do not share complete financial account information with Robin. You can find our current payment vendor's privacy policy here: https://stripe.com/us/privacy.
We may use Personal or Usage Data that we collect about you:
- To give you information and services, or to process transactions you request or agree to receive. This includes sending email or promotional materials on behalf of us or approved third parties.
- To enable you to use the Services' features.
- To process your registration to use the Services, including verifying that your information is active and valid.
- To improve the Services or create new service offerings. To customize your experience and content on the Services.
- To further automate your workplace experience we may use your data to help leverage the latest technical advances in AI modeling. Data stored in our EU hosting is not included.
- To contact you about your use of the Services. This includes (at our discretion) changes to any of the Services and/or any of the Services' policies.
- To send marketing emails about third party products and services when you have indicated your consent to receive such emails.
- For internal business purposes.
- For purposes disclosed at the time you provide your information or as otherwise set forth in this Policy.
Inquiries
When you contact us, we will use that information only for reasons connected with your request. Not all information submitted to the Service via a "contact us" form or other similar inquiry method may receive a response.
There are certain situations where we may share information we have collected about you with third parties. For example, when you approve a third party to access your profile. This includes Personal Data as disclosed at the time you provide your information and as described below or otherwise in this Policy. We do not share Personal Data collected through the Service with third parties for their direct marketing purposes. We also may share non-Personal Data, such as depersonalized, aggregated user statistics, with third parties.
We may also disclose your information as follows:
- Requested Third Parties: Our Service may present options to receive certain information or marketing from third parties. You may also have us send (or give access to) certain information to third parties. If you choose to do so, your Personal Data and other information may be disclosed to those third parties. All information you disclose will be subject to the third-party privacy policies and practices.
- Service Providers: We may use third-party vendors to perform certain services on behalf of us or the Service. A few examples include hosting the Service, analytics, security, and other administrative services. We may provide these vendors with access to user information, including Device Identifiers and Personal Data, to carry out the services they are performing for you or for us. Third-party analytics services providers such as Google Analytics and other service providers may set and access their own Tracking Technologies on your Device and they may otherwise collect or have access to information about you, potentially including Personal Data, about you. We are not responsible for those third party technologies or activities arising out of them, nor are we responsible for the effectiveness of or compliance with any third parties' opt-out options. You can read more about Google Analytics at www.google.com/policies/privacy/partners.
- Legal Requirements: To the fullest extent permitted by applicable law, we may also disclose your information if we believe in good faith that doing so is necessary or appropriate to: (i) protect or defend the rights, safety or property of Robin or third parties (including through the enforcement of this Policy, our Terms of Service, and other applicable agreements and policies); or (ii) comply with legal and regulatory obligations (e.g., pursuant to law enforcement inquiries, subpoenas or court orders). To the fullest extent permitted by applicable law, we have complete discretion in electing to make or not make such disclosures, and to contest or not contest requests for such disclosures, without notice to you.
- Business Transfers: We may share your Personal Data with our parent, subsidiaries and affiliates ("Affiliates"). We also reserve the right to disclose and transfer all such information: (i) to a subsequent owner, co-owner or operator of the Service or applicable database; or (ii) in connection with a merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets or other corporate change, including, during the course of any due diligence process.
- Your use: The Service may permit you to submit photographs, user profiles, video, audio recordings, graphics, pictures, data, questions, comments, suggestions or other content, including Personal Data (collectively, "User Content"), particularly as part of your profile. We or others may store, display, reproduce, publish, distribute or otherwise use User Content online or offline in any media or format (currently existing or hereafter developed) and may or may not attribute it to you. Others may have access to this User Content and may have the ability to share it with third parties. Please think carefully before deciding what information to share, including Personal Data, in connection with your User Content, and please keep in mind that you must comply with the Content and Excluded Data portions of our Terms of Service, including our Acceptable Use Policy, in submitting any User Content. Please note that the Company does not control who will have access to the information that you choose to make public, and cannot ensure that parties who have access to such publicly available information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available on the Service or what others do with information you share with them on the Service. We are not responsible for the accuracy, use or misuse of any User Content that you disclose or receive from third parties through the Service.
Third party content and services
The Service may contain content that is supplied by third parties, and those third parties may collect Usage Data and your Device Identifier when pages from the Service are served to you. In addition, when you are on the Service you may be directed to other services that are operated and controlled by third parties that we do not control. We are not responsible for the data collection and privacy practices employed by any of these third parties or their services and they may be tracking you across multiple sites and may be sharing the results of that tracking with us and/or others. For example, if you click on a link, the click may take you off the Service onto a different site. These other sites may associate their Tracking Technologies with you, independently collect data about you, including Personal Data, and may or may not have their own published privacy policies. We encourage you to note when you leave our Service and to review the third-party privacy policies of all third-party websites and exercise caution in connection with them.
Changing information and communication preferences; Retention
You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of registration. The Service may allow you to review, correct or update Personal Data you have provided through the Service's registration forms or otherwise, and you may provide registration updates and changes by contacting us at privacy@robinpowered.com If so, we will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable (but we may retain prior information as business records).
We retain Personal Data for as long as your (or your organization’s) account is active or as needed to provide the Service to you or your organization under our Terms of Service or other agreement between you or your organization and Robin, and for 90 days after the such account is terminated. You may obtain a copy of your Personal Data by written request at any time until the end of such 90 day period. We will have no obligation to keep any of your Personal Data after the end of such 90 day period.
Please note that it is not always possible to completely remove or delete all of your information from our databases and that residual data may remain on backup media until deleted in the ordinary course of our business, or for other reasons. When you edit your Personal Information or change your preferences on the Service, information that you remove may persist internally in backups or for Robin's administrative purposes.
You may cancel or modify our email marketing communications you receive from us by following the instructions contained within our promotional emails or in some cases by logging into your Service account and changing your communication preferences. This will not affect subsequent subscriptions and if your opt-out is limited to certain types of emails the opt-out will be so limited. Please note that we reserve the right to send you certain communications relating to your account or use of our Service, such as administrative and service announcements and these transactional account messages may be unaffected if you choose to opt-out from receiving our marketing communications.
Our Service is operated in the United States. If you are located outside of the United States, please be aware that information we collect, including Personal Data, will be transferred to, and processed, stored and used in the United States. The data protection laws in the United States may differ from those of the country in which you are located, and your Personal Data may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States.
By using the Service or providing us with any information, you acknowledge that the processing, usage, sharing, controlling and storage of your information, including Personal Data, as set forth in this Policy and our Terms of Service will take place in the United States.
Residents of Australia
For users who are residents of Australia, the collection and processing of your personal information is governed by the Australian Privacy Act of 1988 and Spam Act 2003.
- Our service providers assume the same obligations, where relevant, under the Privacy Act as apply to us.
- We will not use or disclose personal information to third parties for the purpose of our direct marketing to you unless you have consented to receive direct marketing. You may opt out of any marketing materials we send to you through the unsubscribe mechanism or by contacting us directly. If you have requested not to receive further direct marketing messages, we may continue to provide you with messages that are not regarded as "direct marketing" under the Privacy Act or Spam Act, including changes to our terms, system alerts, and other information related to your account.
- Our servers are located in the United States. In addition, we or our service providers may use cloud technology to store or process Personal Information, which may result in storage of data outside Australia.
- If you think the personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, we will take reasonable steps, consistent with our obligations under the Privacy Act, to correct that information upon your request. You can contact us as provided below.
- If you are unsatisfied with our response to a privacy matter, then you may file a complaint with the Office of the Australian Information Commissioner (at https://www.oaic.gov.au/privacy/privacy-complaints/).
Canada
For visitors or users of the Website in Canada, we take appropriate steps to comply with applicable Canadian data privacy requirements, including Canada’s Anti-Spam Legislation (CASL) and the Personal Information Protection and Electronic Documents Act (PIPEDA). Note, however, personal information stored or processed outside of Canada, including in the US or another foreign country, may not be subject to the PIPEDA. In addition, personal information stored or processed outside of Canada is subject to the laws of that other country and may be available to the foreign government of the country in which the personal information or the entity controlling it is located pursuant to a lawful order in that jurisdiction. This Privacy Policy is intended to provide the required notices regarding our collection and use of personal information, including transfer to the United States.
You may request access to or correction of your personal information, or withdraw consent to our collection, use or disclosure of your personal information, by contacting privacy@robinpowered.com. These rights are subject to applicable contractual and legal restrictions and reasonable notice. We may take reasonable steps to verify your identity before honoring any such requests.
The General Data Protection Act (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and replaces the 1995 Data Protection Directive. The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.
The GDPR regulates the processing of a data subject’s personal data in the EU including its collection, storage and transfer or use. The GDPR gives data subjects more rights and control over their data by regulating how we should handle and store any personal data they collect.
The EU’s General Data Protection Regulations (GDPR) went into effect May 25, 2018. Here's what you need to know about Robin’s GDPR compliance:
- Robin is a Processor under GDPR. Data Protection and Data Transfer Agreements are available for customers subject to GDPR. Account administrators may request updated agreements via gdpr@robinpowered.com.
- We’ve engaged third party compliance reviews through Sphaerist Advisory and TrustArc's GDPR Priorities Assessment to ensure legal agreements, processes, and data-governance are compliant. These changes are already underway, and will be completed by the time GDPR takes effect.
- As part of this process, we’ve added better explanations for how Robin uses cookies throughout the apps. You can find more information on cookies in our help center.
Rights Under the GDPR
The GDPR grants 7 fundamental rights to data subjects. These are:
- Right to be informed — Entities must be transparent in how they are using personal data and must inform data subjects of this.
- Right of access — Data subjects will have the right to know what personal data is held about them and how it is processed.
- Right of rectification — Where reasonably possible, data subjects will be entitled to have personal data rectified/edited if they feel that it is inaccurate or incomplete.
- Right to erasure — This is also sometimes referred to as ‘the right to be forgotten’, data subjects have the right to have their personal data permanently deleted upon their request and they do not have to provide a reason for the request.
- Right to restrict processing — Data subjects have the right to block processing of their personal data.
- Right to data portability — Where reasonably possible, data subjects have the right to retain and reuse their personal data for their own purpose.
- Right to object — In certain circumstances, data subjects are entitled to object to their personal data being used. This includes, if personal data is used for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest.
Any citizen of the European Union can submit a SAR. At Robin this can be done via email to privacy@robinpowered.com.
We also monitor the guidance around GDPR compliance from privacy-related regulatory bodies and update our product features and contractual commitments accordingly. We’ll provide you with regular updates so that you’re always current.
To communicate with our Data Protection Officer, please email security@robinpowered.com.
This section provides additional details about the personal information Robin collects about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA.”
For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see the What information do we collect? section above. We collect this information for the business and commercial purposes described in the How do we use information we collect? section above. We share this information with the categories of third parties described in the When do we share information with third parties? section above. Robin does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). Robin or our vendors may use methods to store or collect Usage Data as explained in the Tracking Technologies section above.
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at privacy@robinpowered.com. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.
We are a general audience service and do not use the Service to knowingly collect personal information from children under the age of thirteen (13) that requires parental notice and consent under the Children's Online Privacy Protection Act ("COPPA") without such parental consent. In fact, if you are under 18 years of age, you are not permitted to use the Service and should not send any information about yourself to us through the Service.
In the event that we become aware that we have collected personal information from any child, we will dispose of that information in accordance with COPPA and other applicable laws and regulations. If you are a parent or guardian and you believe that your child under the age of 13 has provided us with personal information without COPPA-required consent, please contact us by email at privacy@robinpowered.com.
We make every effort to use commercially reasonable safeguards to help protect and secure your Personal Data. However, no data transmission over the Internet, mobile networks, wireless transmission or electronic storage of information can guarantee to be 100% secure. Please note that we cannot ensure the security of any information you transmit to us, and you use our Service and provide us with your information at your own risk.
Robin currently uses third party Sub processors to provide infrastructure services, and to help us provide customer support and email notifications. Prior to engaging any third party Sub processor, Robin performs diligence to evaluate their privacy, security and confidentiality practices.
Entity name
Sub Processing Activity
Entity Country
Amazon Web Services Inc.
Cloud service provider
United States
Sumo Logic
Centralized logging
United States
Intercom
Live chat support
United States
SendGrid
Email notifications
United States
Looker
Data analytics and visualization
United States
Gainsight
Customer success
United States
Sigma
Analytics
United States
Google LLC*
Cloud Services
United States
Snowflake
Data warehousing
United States
*Robin’s use and transfer of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements
If you have any questions about the Privacy Policy or practices described in it, you should contact us at privacy@robinpowered.com or at our mailing address:
Robin Powered Inc.
11 Farnsworth St, 2nd Floor
Boston, MA 02210
Anyone can bring up privacy complaints directly to us at the contact above and we will respond within 45 days. If both sides fail to resolve the complaint, the individual has a right to engage with JAMS to address the complaint at no cost to them.
We reserve the right to change this Policy at any time. Any changes will be effective immediately upon the posting of the revised Policy, and your use of our Service indicates your consent to the Policy posted at the time of use. However, we will not use your previously collected Personal Data in a manner materially different than represented at the time it was collected without your consent.
We will also keep a log on this page to track changes across revisions. You can find that change log below.
Latest changes
- May 8, 2024: Added Snowflake to Third Parties section and AI & automation reference to information collection section.
- October 26, 2023: Added Google LLC to Third Parties section
- June 22, 2023: Added Sigma to Third Parties section
- May 17, 2023: Added Gainsight to Third Parties section
- November 30, 2022: Added reference on how users outside of CCPA and GDPR can request to have their data deleted.
- March 25, 2021: Added reference to Australia and Canada policy (CASL) (PIPEDA)
- July 20, 2020: Removed reference to Privacy Shield
- March 20, 2020: Added reference to UK under Privacy Shield section
- December 18, 2019: Added more detail around GDPR and section on CCPA
- May 3, 2018: Revised for Privacy Shield renewal/expansion and GDPR
- December 27, 2016: Added dedicated section for Privacy Shield
- August 18, 2016: Added clarifications for Privacy Shield compliance
- August 13, 2014: Initial draft published