Last Updated April 1 2022
Your privacy is critically important to us. We have a few fundamental principles: We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services. We store personal information for only as long as we have a reason to keep it. We aim to make it as simple as possible for you to control what information is shared and permanently deleted. We strive for full transparency on how we gather, use, and share your personal information.
1. Who We Are and What This Policy Covers
Estii Co Pty Ltd (“Estii”, “we”, “our” and “us”) is a commercial estimation and proposal product and service. This policy sets out our privacy practices and explains how we handle the information we collect when you visit and use our sites, services, mobile applications, products, and content (“Services”).
2. What We May Collect
We only collect information about you if we have a reason to do so — for example, to provide our Services, communicate with you, or make our Services better. We collect this information from three sources: if and when you or others (e.g., your employer if you use an enterprise account) provide information to us, automatically through operating our Services, and from outside sources. Let’s go over the information that we collect.
Information You Provide to Us
It’s probably no surprise that we collect information that you provide to us directly. Here are some examples:
- Basic account information: We ask for basic information from you to set up your account. For example, we require individuals who sign up for an Estii.com account to provide an email address along with a username or name — and that’s it. You may provide us with more information — like your address and other information you want to share — but we don’t require that information to create an Estii.com account.
- Estii does not store any user passwords. We use secure, password-less authentication via one-time email tokens.
- Credentials: Depending on the Services you use, you may provide us with credentials to integrate with third-party services
- Communications with us (hi there!): You may also provide us with information when you respond to surveys, communicate with our support team, post feedback in our public forums, or sign up for a newsletter. When you communicate with us via form, email, phone, comment, or otherwise, we store a copy of our communications (including any call recordings as permitted by applicable law).
- Third-Party Integrations. When you initiate a connection with a third-party integration through the Services, we may share information about you required to enable your use of the third-party integration through the Services.
Information We Collect Automatically
We also collect some information automatically:
- Log information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, including the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. We collect log information when you use our Services - for example when you create or make changes to your Space.
- Usage information: We collect information about your usage of our Services. For example, we collect information about the actions that space administrators and users perform on a site using our Services — in other words, who did what and when (e.g., [username] deleted “[title of feature]” at [time/date]). We use this information to, for example, provide our Services to you, get insights on how people use our Services so we can make our Services better, and understand and make predictions about user retention.
- Location information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions.
Information We Collect from Other Sources
We may also get information about you from other sources. For example:
- Third-Party Login: If you create or log in to your Estii.com account through another service (like Google) we’ll receive associated login information (e.g. a connection token, your username, your email address)
- Financial Account Info: If you are a paid customer, we’ll receive information relating to your Stripe account, such as your email address, billing address and billing history
The information we receive depends on which services you use or authorise and what options are available.
3. How and Why We Use Information
Purposes for Using Information
We use information about you for the purposes listed below:
- To provide our Services. For example, to set up and maintain your account, host your Space, backup and restore your Space, provide customer service, process payments and orders, and verify user information.
- To ensure quality, maintain safety, and improve our Services. For example, by providing automatic upgrades and new versions of our Services. Or, for example, by monitoring and analysing how users interact with our Services so we can create new features that we think our users will enjoy and that will help them use our services more efficiently or make our Services easier to use.
- To protect our Services, our users, and the public. For example, by detecting security incidents; detecting and protecting against malicious, deceptive, fraudulent, or illegal activity; fighting spam; complying with our legal obligations; and protecting the rights and property of Estii and others, which may result in us, for example, declining a transaction or terminating Services.
- To fix problems with our Services. For example, by monitoring, debugging, repairing, and preventing issues.
- To customise the user experience. For example, to personalise your experience by serving you relevant notifications for our Services.
- To communicate with you. Sometimes we’ll send administrative emails about account or service changes or new policies. You can’t opt-out of them. You can always opt-out of non-administrative emails such as product updates.
Legal Bases for Collecting and Using Information
4. Sharing information
As a rule, we don’t share your personal information outside the company. We won’t sell your personal information.
How we Share information
We may share your personal information with third parties in limited circumstances, including: (1) with your consent; (2) to a vendor or partner who meets our data protection standards; or (3) when we have a good faith belief it is required by law, such as pursuant to a subpoena or other legal process.
- Third-party vendors: We may share information about you with third-party vendors who need the information to provide their services to us or to provide their services to you or your site. See the list of third party services below:
- Legal and regulatory requirements: If we’re going to share your information in response to a legal process, we’ll give you advance notice so you can challenge it (for example, by seeking court intervention) unless we’re prohibited from doing so by law or court order. We will object to requests for information about users of our site that we believe to be improper.
- Aggregated or de-identified information: We may share information that has been aggregated or de-identified so that it can no longer reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services or share a hashed version of your email address to facilitate customised ad campaigns on other platforms.
- With your consent: We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties when you authorise us to do so, like published case studies.
- Published support requests: If you send us a request for assistance (for example, via a support email or one of our other feedback mechanisms), we reserve the right to publish that request to clarify or respond to your request or help us support other users.
Estii uses third-party vendors and hosting partners for hardware, software, networking, storage, and related technology we need to run the Services.
- Cloud and data centres The application is stored and executed in a collection of systems operated by Cloudflare. Privacy policies: Cloudflare
- Content delivery and traffic optimisation: We use Vercel to deliver content. Vercel ensures that your Estii Space can be quickly accessed from all over the world. Privacy policies: Vercel
- Logging: We use Logflare to aggregate application logs to monitor usage and performance. Privacy policies: Logflare
- Payment processing. Credit card billing information is directly stored with our credit card payment processor, Stripe. We do not store your credit card information on our servers. Your credit card information is never transmitted via our website. Privacy policies: Stripe
- Registration and authentication. Some users may sign in via a third-party SSO login system. No passwords are ever stored by Estii, removing the risk of a password breach or leak. Privacy policies: [TBC]
- Usage statistics, tracking & marketing. We use Google Analytics and Heap Analytics to discover which parts of our website and software need improvement. We might use Google AdWords or re-marketing from Google, Twitter, Facebook or LinkedIn to promote our Services and our content. Privacy policies: Google, Heap
- Transactional emails. To send system emails, we use the mail services provided by Sendgrid. Privacy policies: Sendgrid
- Integrations. Estii allows Space admins to link their Estii Space with other applications and services, such as Zapier. We may share limited personal data required for the integration with these platforms. Privacy policies: Zapier
5. How Long We Keep Information
We generally discard information about you when it’s no longer needed for the purposes for which we collect and use it — described in the section above on How and Why We Use Information — and we’re not legally required to keep it. To protect information from accidental or malicious destruction, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
We use encryption (HTTPS/TLS) to protect data transmitted to and from our site. While no online service is 100% secure, we work very hard to protect information about you against unauthorised access, use, alteration, or destruction and take reasonable measures to do so. You use the Services at your own risk, and you’re responsible for taking reasonable measures to secure your account.
We also enforce a passwordless login system which means no passwords are stored by Estii, removing the risk of a password breach or leak.
7. Your Choices
You have several choices available when it comes to information about you:
- Limit the information that you provide: If you have an Estii account, you can access and modify your personal information.
- Opt-out of marketing communications: You may opt-out of receiving promotional communications from us. Just follow the instructions in those communications or let us know. If you opt-out of promotional communications, we may still send you other communications, like those about your account and legal notices.
- Set your browser to reject cookies: At this time, Estii does not respond to “do not track” signals across all of our Services. However, you can set your browser to remove or reject browser cookies before using Estii’s websites, with the drawback that certain features of the Services may not function properly without the aid of cookies.
- Close your account: , While we’d be very sad to see you go, you can close your account if you no longer want to use our Services. If you delete your account, your account and content may be unrecoverable. Please keep in mind that we may continue to retain your information after closing your account, as described in How Long We Keep Information above — for example, when that information is reasonably needed to comply with (or demonstrate our compliance with) legal obligations such as law enforcement requests, or reasonably needed for our legitimate business interests.
8. Your Rights
If you are located in certain parts of the world, including California and countries that fall under the scope of the European General Data Protection Regulation (aka the “GDPR”), you may have certain rights regarding your personal information, like the right to request access to or deletion of your data.
European General Data Protection Regulation (GDPR)
If you are located in a country that falls under the scope of the GDPR, data protection laws give you certain rights with respect to your personal data, subject to any exemptions provided by the law, including the rights to:
- Request access to your personal data;
- Request correction or deletion of your personal data;
- Object to our use and processing of your personal data;
- Request that we limit our use and processing of your personal data; and
- Request portability of your personal data.
You also have the right to make a complaint to a government supervisory authority.
California Consumer Privacy Act (CCPA)
California law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined by applicable California law) with third parties for their direct marketing purposes. However, Estii does not share your personal information with third parties for their own direct marketing purposes.
The CCPA also requires us to provide a list of the “categories” of personal information we collect, as that term is defined in the law, so here it is. We may have collected the following categories of personal information from California residents, depending on the Services used:
- Identifiers (like your profile details);
- Commercial information (your billing information and purchase history, for example);
- Internet or other electronic network activity information (such as your usage of our Services, like the actions you take as a member of an Estii.com Space);
- Professional related information (for example, your company size and industry)
- Geolocation data (such as your location based on your IP address);
- Inferences we make (such as the likelihood of retention or attrition).
Contacting Us About These Rights
You can usually access, correct, or delete your personal data using your account settings and tools that we offer, but if you aren’t able to or you’d like to contact us about one of the other rights, scroll down to How to Reach Us, to, well, find out how to reach us.
You may exercise these rights by sending us an email request to [email protected]. We will process your requests within 30 days. When you contact us about one of your rights under this section, we’ll need to verify that you are the right person before disclosing or deleting anything. For example, we may require a photocopy of proof of identity or authority to accompany your request.
9. Other Things You Should Know (Keep Reading!)
We could differentiate between processing and storage? We operate services that process data around the world. We give you a choice of where to store data related to your workspace. Authentication and user data is stored centrally in Australia.
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from your country’s laws (and, in some cases, may not be as protective).
Specifically, we, and our third-party service providers and partners operate services that process data around the world. This means that when we collect your personal information, we may process it in any of these countries.. We also give you a choice of where to store data related to your Space. Authentication and user data is stored centrally in the US.
Our Services are intended for general audiences and not for children under the age of 16. If we become aware that we have collected personal information (as defined by the Children’s Online Privacy Protection Act) from children under the age of 16, we will take reasonable steps to delete it as soon as practicable.
12. How to Reach Us
Estii Co Pty Ltd