Privacy Policy

Charm Privacy Policy

This Privacy Policy describes how Charm Software Inc. (“Charm”, “we”, “our” or “us”) collects, stores, uses, and discloses the following categories of personal data:

  1. Customer Data: personal data (as defined in Section 1) that we collect, process, and manage on behalf of our business customers (each, a “Customer”; collectively, “Customers”) as part of the Charm products and services described on one or more applicable order forms (“Platform”).We process such Customer Data on behalf of and under the instruction of the respective Customer, in accordance with our Data Processing Addendum with them. Accordingly, this Privacy Policy (which describes Charm’s privacy and data processing practices) does not apply to the privacy and data processing practices of our Customers. To learn about the privacy policy and practices of our Customers, please contact them directly.
  2. User Data: personal data concerning individuals acting on behalf of our Customers in respect of their engagement with Charm, and users of the Platform on behalf of such Customers (e.g., the account administrators, billing contacts, and authorized signatories on behalf of the Customer) (collectively, “Users”); as well as the Customer’s business needs and preferences, as identified to us or recognized through our engagement with them.
  3. Prospect Data: data relating to visitors of our website (www.charm.software), participants at our events, and any other prospective customer, user, or partner (collectively, “Prospects”) who visits or otherwise interacts with our website, online ads and content, emails, integrations, or communications under our control (the “Sites,” and collectively with the Platform, the “Services”).

Specifically, this Privacy Policy describes our practices regarding:

  • Data Collection & Processing
  • Data Uses
  • Data Location
  • Data Retention
  • Data Disclosure
  • Cookies and Data Collection Technologies
  • Communications
  • Data Security
  • Data Subject Rights
  • Data Controller/Processor
  • Opt-Out of Sale/Sharing
  • Additional Notice & Contact Details

If you are a Customer, User, or Prospect, please read this Privacy Policy carefully and make sure that you fully understand it. Our Services are designed for businesses and are not intended for personal or household use. Accordingly, we treat all personal data covered by this Privacy Policy, including information about any visitors to our Sites, as pertaining to individuals acting as business representatives rather than in their personal capacity.You are not legally required to provide us with any personal data. If you do not wish to provide us with your personal data, or to have it processed by us or any of our Service Providers (as defined below), please do not provide it to us and avoid any interaction with us or with our Sites or use of our Services.

1. Data Collection & Processing

When we use the terms “personal data” or “personal information” in this Privacy Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated or deidentified information maintained in a form that is not reasonably capable of being associated with or linked to an individual.Sometimes we collect personal data automatically when an individual interacts with our Services or Sites, and sometimes we collect personal data directly from an individual. At times, we may collect personal data about an individual from other sources and third parties (such as our Customers and Service Providers), even before our first direct interaction. Charm does not collect, use, or disclose sensitive personal data, except as described below—and we do not record audio; we only transcribe content provided to us by Users or Customers. We may collect or generate the following types of personal data about individuals through the Services:

  • Usage, login credentials, and device information concerning Users and Prospects (connectivity, technical, and aggregated usage data, such as user agent, IP addresses and approximate location based on IP, device data (like type, OS, device ID, browser version, locale, language settings), activity logs, session recordings, login credentials to the Services, cookies and pixels installed or utilized on their device, and inferred or presumed data generated from their use of the Services).
  • Information concerning our Customers, Users, and Prospects: contact and business details such as name, email, phone number, position, workplace, and related business insights; our communications with such individuals (correspondences, transcriptions of interactions, and analyses thereof); feedback and testimonials received; contractual and billing details; as well as any expressed, presumed, or identified needs, preferences, attributes, and insights relevant to our potential or existing engagement.
  • Personal data contained in Customer Data, which is provided by our Customers or processed on their behalf and under their instruction. This may include any of the types of personal data described above (with respect to Users or other individuals whose data is contained in the Customer Data), in accordance with our Data Processing Addendum with them.

For the purposes of the California Consumer Privacy Act (“CCPA”), in the last 12 months, we may have collected the following categories of Personal Information, as defined in the CCPA: identifiers; customer record information; internet or other electronic network activity information; professional or employment-related information; geolocation data; commercial information; inferences; and electronic information (including transcriptions but no audio recordings).

2. Data Uses

We use personal data as necessary for the performance of our Services (“Performance of Contract”); to comply with our legal and contractual obligations (“Legal Obligation”); and to support our legitimate interests in maintaining and improving our Services (e.g., in understanding how our Services are used and how our campaigns are performing, and gaining insights which help us dedicate our resources and efforts more efficiently; in marketing, advertising and selling our Services; providing customer service and technical support; and protecting and securing our Customers, Users, Prospects, ourselves, and our Services) (“Legitimate Interests”). If you reside or are using the Services in a territory governed by privacy laws under which “consent” is the only or most appropriate legal basis for processing of personal data as described herein (in general or specifically), your acceptance of our Terms and Conditions and this Privacy Policy will be deemed as your consent to the processing of your personal data for all purposes detailed in this Policy, unless applicable law requires a different form of consent. If you wish to revoke such consent, please contact us at team@charm.software. Specifically, we use personal data for the following business and commercial purposes (and in reliance on the legal bases for processing noted next to them, as appropriate):

Customer and User personal data

  • To facilitate, operate, enhance, and provide our Services (Performance of Contract; Legitimate Interests).
  • To provide our Customers and Users with assistance and support, to test and monitor the Services, or diagnose or fix technology problems, and to train our Customers and Customer-facing staff (Performance of Contract; Legitimate Interests).
  • To personalize our Services, including by recognizing an individual and remembering their information when they return to our Services, and to provide localization and personalization capabilities to make our Services easier to use (Performance of Contract; Legitimate Interests).
  • To facilitate and optimize our marketing campaigns, ad management, and sales operations, and to manage and deliver advertisements for our products and services more effectively, including on other websites and applications. This includes contextual, behavioral, and interests-based advertising based on your activity, preferences, or other data available to us or to our business partners (Legitimate Interests; Consent).
  • To facilitate, sponsor, and offer certain events, contests, and promotions (Legitimate Interests).

Customer, User, and Prospect personal data

  • To gain a better understanding of how individuals use and interact with our Services, which content and data they have processed through our Services, and how we could improve their and others’ user experience; to continue improving our products, offerings, and the overall performance of our Services, including through utilization and optimization of Artificial Intelligence and Machine Learning capabilities (Legitimate Interests).
  • To contact our Customers, Users, and Prospects with general or personalized service-related messages, as well as promotional messages that may be of specific interest to them (Performance of Contract; Legitimate Interests; Consent).
  • To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error, or any illegal, criminal, or prohibited activity (Performance of Contract; Legitimate Interests; Legal Obligation).
  • To create aggregated statistical data, inferred non-personal data, or anonymized or pseudonymized data (rendered non-personal and non-identifiable), which we or our business partners may use to provide and improve our respective services or for any other purpose (Legitimate Interests).
  • To enforce our Terms and Conditions, to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties (Legitimate Interests).
  • To comply with our contractual and legal obligations and requirements, and maintain our compliance with applicable laws, regulations, and standards (Performance of Contract; Legitimate Interests; Legal Obligation).
  • For any other lawful purpose or other purpose that you consent to (Legal Obligation; Consent).

3. Data Location

We and our authorized Service Providers (defined below) maintain, store, and process personal data in the United States of America and other locations as reasonably necessary for the proper performance and delivery of our Services, or as may be required by law. Specifically, Charm stores data on Amazon Web Services (AWS) in an encrypted manner.While privacy laws may vary between jurisdictions, Charm is committed to protect personal data in accordance with this Privacy Policy and customary industry standards, and through lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.If data is transferred from the EEA, Switzerland, or the UK to countries not considered to be offering an adequate level of data protection, we and the relevant data exporters and importers have entered into Standard Contractual Clauses as approved by the relevant authorities, to ensure the protection of personal data. You can obtain a copy of these clauses by contacting us at team@charm.software.

4. Data Retention

We retain personal data for as long as we deem it reasonably necessary in order to maintain and expand our relationship and provide you with our Services and offerings; to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (i.e., as required by laws applicable to log-keeping, records, and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), all in accordance with our data retention policy.To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorized use or disclosure; the purposes for which we process such personal data; and applicable legal requirements.If you have any questions about our data retention policy, please contact us by e-mail at team@charm.software.

5. Data Disclosure

We disclose personal data in the following ways:

  1. Service Providers: We engage selected third-party companies and individuals to perform services on our behalf or complementary to our own. Such service providers may include hosting and server co-location services, communications and content delivery networks (CDNs), data security services, billing and payment processing services, fraud detection and prevention services, web and product analytics, email distribution and monitoring services, session or activity recording services, remote access services, transcription services, performance measurement, data optimization and marketing services, social and advertising networks, content and data enrichment providers, event production and hosting services, email, support, enablement, and customer relation management systems, and legal, financial, and compliance advisors (collectively, “Service Providers”). Specifically, Charm may share personal data with Amazon Web Services, Heroku, Deepgram, Sentry, and OpenAI in order to provide, improve, and secure our Services. Our Service Providers may have access to personal information depending on each of their specific roles and purposes in facilitating and enhancing our Services and may only use the data as determined in our agreements with them.
  2. Partnerships: We engage selected business and channel partners, resellers, distributors, and providers of professional services related to our Services, which allow us to explore and pursue growth opportunities. In such instances, we may share relevant contact, business, and usage details with the respective partner. If you directly engage with any of our partners, please note that any aspect of that engagement which is not directly related to the Services and directed by Charm is beyond the scope of this Privacy Policy.
  3. Service Integrations: You may choose to use a third-party service to integrate with our Services (for example, to upload or retrieve personal data to or from the Services). The provider of this integrated third-party service may receive certain relevant data about or from your account on the Services, or share certain relevant data from your account on the third-party provider’s service with our Services, depending on the nature and purpose of such integration.
  4. Event Sponsors: If you attend an event or webinar organized by us, or download or access an asset on our Sites related to an event, webinar, or other activity involving third-party sponsors or presenters, we may share your personal data with them. If required by applicable law, you may consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a sponsor booth.
  5. Business Customers: Our Customers have access to any personal data we process on their behalf in our capacity as a “processor” or a “service provider.”
  6. Legal Compliance: We may disclose or allow government and law enforcement officials access to your personal data in response to a subpoena, search warrant, or court order (or similar requirement), or in compliance with applicable laws and regulations, if we believe in good faith that we are legally compelled to do so or that disclosure is appropriate to protect our legitimate interests or comply with legal obligations.
  7. Protecting Rights and Safety: We may share personal data with others if we believe in good faith that this will help protect the rights, property, or personal safety of Charm, any of our Users or Customers, or any members of the general public.
  8. Charm Subsidiaries and Affiliated Companies: We may share personal data internally within our group for the purposes described in this Privacy Policy. In addition, should Charm or any of its subsidiaries or affiliates undergo any change in control or ownership, including by means of merger, acquisition, or purchase of substantially all or part of its assets, personal data may be shared with or transferred to the parties involved.

For the purposes of the CCPA, in the past 12 months, we may have disclosed the following categories of Personal Information to Service Providers, partnerships, and other integrations for business and commercial purposes: identifiers; customer record information; internet or other electronic network activity information; professional or employment-related information; geolocation data; commercial information; inferences; and electronic information (transcriptions).6. Cookies and Data Collection TechnologiesWe and our Service Providers use cookies, pixels, and other technologies to enable and improve the Services we provide, to track the performance of our Sites, perform analytics, gain insights on the use of our Services, and for personalization purposes.

  • Cookies are packets of information sent to your web browser and returned by the browser each time it accesses the server that sent the cookie. Some cookies are removed when you close your browser session (“Session Cookies”). Some last for longer periods (“Persistent Cookies”).
  • We use “Persistent Cookies” to remember your log-in details and make it easier for you to log in next time. We may also use Session Cookies for additional purposes, such as facilitating the use of our Services’ features.
  • Some cookies are necessary for the Services to function properly and cannot be declined unless you block them through your web browser settings. Other cookies, used for functional, performance, analytics, and marketing purposes, are optional.

We may use web analytics tools (e.g., Google Analytics, Mixpanel) to understand how Users behave on our Services. You can opt out of these analytics services as described in their respective opt-out mechanisms.Your browser may offer a “Do Not Track” option, but due to lack of standardization, we do not respond to such signals. If you get a new device, install a new browser, erase or alter your browser’s cookie file, you may also clear the opt-out cookies installed, so you would need to renew your preferences.7. CommunicationsWe engage in service and promotional communications through email, phone, SMS, and notifications.

  1. Service Communications: We may contact you with important information regarding our Services, such as notifications of changes or updates, billing issues, login attempts, password reset notices, etc. If you are registered as a User, you can typically control your communications and notifications settings from your profile settings. Note that you cannot opt out of receiving certain service communications that are integral to your use of the Services.
  2. Promotional Communications: We may also notify you about new features, additional offerings, events, special opportunities, or other information we believe will be of interest to you. If you do not wish to receive such promotional communications, you may notify Charm at any time by emailing team@charm.software, changing your communications preferences in your profile settings (for registered Users), or by following the unsubscribe or opt-out instructions in the promotional communications you receive.

8. Data Security

We implement systems, applications, and procedures designed to secure your personal data and minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. However, we cannot guarantee that our Sites or Services will be immune from any wrongdoing, malfunction, unlawful interception, or other kinds of abuse or misuse.Data storage is conducted on AWS with encryption measures in place. We maintain security procedures similar to those described in this Policy to protect personal data from unauthorized or illegal access.9. Data Subject RightsIndividuals have rights concerning their personal data. Please contact us by e-mail at: team@charm.software if you wish to exercise your privacy rights under any applicable law, including (where applicable) the EU or UK General Data Protection Regulation (GDPR), the Brazilian Data Protection Act (LGPD), the CCPA, or other relevant data protection laws. Such rights may include—to the extent applicable—the right to know/request access, to request rectification or erasure, to restrict or object to processing, to port personal data, or the right to equal services and prices (e.g., freedom from discrimination). If you are in the EU or UK, you also have the right to lodge a complaint with the relevant supervisory authority.If applicable, you may also designate an authorized agent to submit a request on your behalf by emailing us. We may ask for additional information (including certain credentials) to verify your identity and ensure we do not disclose data about others.If your request relates to personal data that may be processed on our Customer’s behalf, note that our Customer exclusively determines how such data is processed. We advise submitting your request directly to them. We will not fulfill your request unless we can verify you are the individual about whom we collected data, or unless we can forward your request to the appropriate Customer.10. Data Controller/ProcessorCertain data protection laws and regulations (e.g., GDPR, CCPA) typically distinguish between two main roles for parties processing personal data: the “data controller” (or “business” under the CCPA), who determines the purposes and means of processing; and the “data processor” (or “service provider” under the CCPA), who processes the data on behalf of the data controller (or business). Below we explain how these roles apply to our Services, to the extent such laws apply.

  • Charm as Data Controller of Prospect Data: With respect to Prospect Data, we assume the responsibilities of data controller.
  • Charm as Data Processor of Customer Data: Charm processes Customer Data on behalf of its Customer, who is the data controller.
  • Charm as Both Data Controller and Processor of User Data: We process User Data both for our own purposes (as described in Section 2 above) and on behalf of our Customer (to the extent User Data is included in Customer Data processed through the Services).

Our Customers are solely responsible for ensuring that all individuals using the Services on the Customer’s behalf or whose personal data may be included in Customer Data have been provided with adequate notice and given any required consent. Our Customers are also responsible for handling data subject requests under applicable law by their Users or other individuals whose data they process through the Services.11. Opt-Out of Sale/SharingUnder some U.S. data protection laws (e.g., CCPA), our disclosure of certain internet activity and device information with third parties through cookies on our website may be considered a “sale” or “sharing” of personal information. We do so in pursuit of the business and commercial purposes described in Section 2 above.

  • In the last 12 months, we may have “sold” or “shared” internet or other electronic network activity information and related data with our analytics and advertising Service Providers. Charm has not knowingly sold or shared personal information of individuals under the age of 16.

You may opt out of cookies that may result in a “sale” or “sharing” of your personal information by:

  1. Adjusting your cookie preferences on our website (e.g., a “Your Privacy Choices” banner or link) to disable third-party analytics or advertising cookies.
  2. Using a Global Privacy Control (GPC) for each participating browser system. (Instructions on how to download and use GPC are available online.)

12. Additional Notices & Contact Details

  1. Updates and Amendments: We may update and amend this Privacy Policy from time to time by posting an amended version on our Services. The amended version will be effective as of the date it is published. We will provide prior notice if we believe the changes materially alter your rights.
  2. External Links: While our Services may contain links to other websites or services, we are not responsible for their privacy practices. We encourage you to be aware when you leave our Services and to read the privacy policies of each website or service you visit.
  3. Children: Our Services are not designed to attract children under the age of 16. We do not knowingly collect personal data from children. If we learn that a person under the age of 16 is using the Services, we will attempt to prohibit such use and delete any personal data stored. If you believe we might have such data, please contact us at team@charm.software.
  4. Contacting Us:
    • Email: If you have any comments or questions regarding our Privacy Policy or if you have any concerns regarding your personal data, please contact us at team@charm.software.

Last updated: March 2024

Thank you for reading our Privacy Policy. If you have any further questions or concerns, please reach out to team@charm.software. We value your privacy and strive to protect and respect your personal data in compliance with applicable laws and regulations.