Swordfish Privacy Policy

Last Updated: May 31, 2021

Please read the privacy policy carefully and use it to make informed decisions. By using our services, you agree to the terms of this privacy policy and your continued use of the services constitutes your ongoing agreement to this privacy policy.

General

This Privacy Policy outlines the practices of Swordfish AI Inc. (“Swordfish”, “we,” “us,” or “our”) with respect to collecting, using and disclosing personal information when providing our online services (collectively, the “Services”) and constitutes an integral part of Swordfish’s Terms of Service (“Terms”, and collectively, the “Agreement”).

For residents of California, U.S.A. subject to this Privacy Policy, see the supplement entitled “Your California Privacy Rights” linked here.

For residents of Nevada, U.S.A. subject to this Privacy Policy, see the supplement entitled “Your Nevada Privacy Rights” linked here.

Our Services are designed to help customers find business profile information of individuals they seek in order to interact with them. Swordfish enables its customers to access business profiles of these contacts for the purpose of supplementing the data customers have about these contacts.

“Users” are Swordfish individual customers or business customer representatives who download, install, or use the Swordfish browser extension (the “Plugin”) or access the Swordfish Website - www.swordfish.ai (the “Site”). Users may be fraud prevention professionals, investigators (e.g., law enforcement and fraud detection teams in businesses), recruiters and other human resources professionals, or vendors (e.g. sales professionals, B2B partners, or sales platforms).

“Contacts” are people whose identities are being confirmed, who are the subject of an investigation, or who are being contacted by Users, for example for recruitment or sales purposes. An example of identity confirmation occurs when a person signs up for an online service and a User working for the service wants to make sure that the person signing up is who he or she claims to be. Law enforcement Users may be investigating certain Contacts or seeking to contact witnesses to events under investigation.

Here is how our Services work. Users use a search page on our Site or our plugin while online by requesting personal information of a specific individual. Users can search for individuals by social media URL, name, phone number, email address, or postal address. In response to a request for personal information about that individual, we respond with the available contact information (name, phone number, email address, location (city and country), company name, and job title) and social media account URLs available to us about the requested individual if the individual is either in a database of one of our third party data providers (a “Third Party Database”) or within the Swordfish database (“Swordfish Database”). The Third Party Databases and Swordfish Database are referred to collectively in this privacy policy as the “Databases.” The Databases contain information comprising “Business Profiles.” A “Business Profile” is a name associated with an email address and/or telephone number. If a User requests personal information about an individual, and if none of the Databases has information about that individual, the Site or plugin will respond by stating that no information about that individual is available. We may also verify email addresses of Contacts with business domains by confirming them with their business’s email servers.

Swordfish operates as a search platform, and therefore most of the information it retrieves is not created or collected directly by Swordfish. Rather, our third party data providers retrieved the information from the web or from the contribution of relevant data from other users and business partners.

Swordfish AI Inc. is a Delaware corporation. In addition, Swordfish is a registered data broker in the States of California and Vermont.

We respect your privacy and are committed to protecting the privacy and security of both our customers’ users and the contacts they are investigating or contacting.

The term “you” shall refer to both Users or Contacts, as applicable.

In this Privacy Policy you will read about:

• The Databases

• What types of personal information we collect

• Cookies

• Swordfish’s Role as a Data Processor

• How we process and use the personal information we collect

• Sharing personal information with third parties

• Links to other websites

• Controlling your personal information

• Retention of personal information

• How do we safeguard and transfer your personal information

• Notice regarding minors

• Marketing

• Corporate transactions

• Changes to this Privacy Policy

• How to contact us

The Databases

Most of the Business Profile information to which we have access comes from Third Party Databases, which our trusted business partner data providers collect from publicly available sources. They also receive personal information from their business partners who own established and legitimate directories or from publicly available sources. In addition, Swordfish also collects Business Profile information itself and stores it in the Swordfish Database. In response to a User query, our algorithms process this information contained in the Databases in order to identify the most up-to-date information related to each Business Profile.

Swordfish Salesforce App – If a User chooses to connect its Salesforce or other customer relationship management (CRM) application account to the Swordfish Salesforce App, Swordfish will not collect information from the Salesforce account. Instead, the effect of the connection is for the Salesforce account to receive updated information about Contacts from Swordfish. In other words, the communication of personal information is one-way from Swordfish to the User’s Salesforce or CRM account.

What Types Of Personal Information We Collect

As explained in detail below, we collect two main types of information. The first type (i.e. “Business Profiles”). Business Profiles consist of available contact information (name, phone number, email address, postal address, company name, and job title) and social media account URLs available to us about the requested individual. Swordfish returns Business Profiles to Users using our Services in response to their requests. The second type of information (i.e. “User’s Data”) is mainly collected to allow Users to open and maintain an account with Swordfish and to use the Services using the Site, our Plugin, or file upload features.

1. Business Profiles

Our third party data providers collect Business Profile personal information from different public sources, namely: (i) third parties who license, sell, or otherwise provide personal information they have collected to our third party data providers; or (ii) information from publicly available sources, such as via the Internet and social networks.

2. User’s Data

We collect two categories of information from our Users:

• i. The first category of information is un-identified and non-identifiable information pertaining to a User(s), which may be made available or gathered via your use of the Services (“Non-personal Information”). We are not aware of the identity of the User from which the Non-personal Information was collected. Such information includes the following:

• (a) We collect technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preference, access time and the domain name from which you linked to the Services; etc.), in order to enhance the functionality of the Services and to provide you with a better user experience.

• (b) We may also collect information about your use of the Services (including by using the plugin or the Site), such as log files, User activity (e.g. pages viewed, the amount of time spent on particular pages, online browsing, clicks, actions, installs, etc.), time stamps, alerts, etc. This information is collected for amongst other things troubleshooting errors and bugs as well as for research and analytics purposes about your use of the Services.

• (c) We may anonymize or de-identify the information collected by the Services or via other means so that the information cannot, on its own, personally identify you, for instance for reporting purposes. Our use and disclosure of such aggregated or de-identified information are not subject to any restrictions under this Privacy Policy, and we may disclose it to others without limitation and for any purpose.

• ii. The second category of information is personal information about you that specifically identifies you or when combined with other information we have, can be used to identify you. Such personal information is collected as part of the following activities and includes the following items:

• (a) In order to download our Plugin, you will be required to register for the Services (e.g. through our Site). As part of the registration process, we will collect your full name, email address, and telephone number. In addition, when you upgrade and purchase our paid version of the Plugin you will be requested to enter your payment information (e.g. your credit or debit card number, PayPal account, etc.). We do not collect such payment information directly, we have no access to it, and the processing of such payment information is made by our “payment gateway” trusted third party service providers.

• (b) When you register or connect the Site or Services with your social network account or email services (each a “Platform”), we may have access to basic personal information about you from such Platform, such as your name, email address, contact list, as well as any other information you made publicly available on such Platform or agreed to share with us. At all times, we will abide by the terms, conditions, and restrictions of such Platforms.

• (c) We collect personal information which you provide us voluntarily. For example, we collect personal information when you communicate with us via email or the Site or share additional information about yourself or about others through your use of the Services, when you respond to communications from us, or when you make a purchase through our Site.

• (d) If you agree to use Swordfish’s referral service to invite friends to use Swordfish, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email with an invitation to visit the Site and install the Plugin. If your friend consents to become a Swordfish customer, we then collect information from your friend when your friend registers to use the Services as described in this policy.

• (e) See Section 3(C) below regarding information collected from Users when they visit the Site.

3. Website Visitor Information

We may collect information from Site visitors (including Users) that submit information to us using the Site, social media messages, including name, email address, phone number, and message content. We may collect information on an aggregate basis when visitors visit our Site, for instance:

• Data about how the visitor was referred to our Site

• Visitors’ Internet protocol (IP) addresses

• Locations of visitors

• Web browser visitors are using

• Information about the visitor’s device

• Operating systems used by users

• Key words or search terms used by visitors to find our website

• How many visitors view the website or specific pages on it

We use a web analytics service, Google Analytics, to evaluate how users view and use our Site. Google Analytics tells us about when and how you use our Site, the website from which you navigated to our Site, information about your system, and your location.

For more information about Google Analytics, please visit:

http://www.google.com/policies/privacy/partners/

You can opt out to prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout.

If you begin a chat session on our Site using an email address, we may receive additional information about you from another of our third party data providers. For instance, we may receive the following information, if available:

• Job title

• Metrics about times you used our Site

• Information on how you used our Site

• Number of Twitter followers

• Additional information about how you were referred to our Site

• Information about your receipt of emails

Finally, our Site uses the Smartlook service operated by Smartlook.com, s.r.o. The Smartlook service records session information showing how visitors use and take action on websites and mobile apps. As with anonymized or aggregated analytics collected about website usage, recordings of uses of the Site information is collected for amongst other things troubleshooting errors and bugs as well as for research and analytics purposes about your use of the Services.

Cookies

A cookie is a small data file that is sent to your device when you first visit a website. Cookies usually include an identification number that is unique to the device you are using. Such identifiers can help us better understand our Users and how they are using the Site and the Services.

Some of our cookies are required for the operation of our Site, for instance to authenticate you as the correct User. Other cookies are functional in that they assist you in using the site. For instance, some cookies enable recognition of a User when they re-visit the Site, keeping their settings and preferences and ability to offer customized features. If you prefer, however, at any time you can reset your browser so it refuses all cookies, or notifies you when a cookie is being sent.

The Site and Services may implement the following types of cookies: (i) cookies implemented by us for the purposes described above (“First Party Cookie”); and (ii) third party cookies which are set by other online services who run content on the page you are viewing, for example by Google Analytics and other third party analytics companies who monitor and analyze our web access.

You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Services may not operate properly and your online experience may be limited.

Swordfish’s Role As A Data Processor

“Controllers” are entities that, alone or jointly with others, determine the purpose and means of processing personal data. “Processors” are entities that process personal data on behalf of a controller.

As described above, Swordfish acts as a data controller of personal information that it collects. Swordfish, however, also acts as a data processor in two ways:

• When customers input personal information into our Services to submit search queries, Swordfish processes that personal information and returns a response with any additional personal information it may have concerning the searched-for individuals. Regarding such search queries, it is the Swordfish customer that is the data controller. The customer is the one determining the purpose and means of processing that personal information.

• When a business customer enrolls users within its organization to use the Swordfish Services, one representative of the business may provide account information (full name, email address, and telephone number) of other users within the organization to Swordfish for Swordfish to provision accounts for these users. The customer is the entity that collected such personal information and provided it Swordfish for purposes of provisioning accounts.

When acting as a processor, Swordfish processes data in accordance with the actions and instructions of the applicable customer. As a data processor, with certain exceptions such as a legal disclosure obligation, Swordfish is required under its agreement with the customer not to disclose or otherwise transfer personal information received as a processor to a third party except to provide the Services or the customer has instructed us to disclose or transfer the information. Except as noted below, Swordfish processes any personal information and other customer information solely for the purpose of delivering Services to the customer.

How Do We Process And Use Personal Information?

We use the information we collect in the ways and for the purposes described above. We may also use such information in the following ways, and for additional purposes, as follows:

1. Business Profiles

We may use Business Profiles of Contacts for the following purposes:

• To maintain and provide the Services; Users submit a query to the Services by providing a name of a Contact to find out the email address or telephone number of that Contact; our Services respond to the User by providing the User that Contact’s email address and telephone number;

• To enrich Swordfish Database with current Business Profiles, which enables our Services to provide accurate and current responses to User queries of our Services;

• To respond to Contacts’ inquiries, support request, feedbacks or questions;

• To detect and prevent fraudulent and illegal activity or any other type of activity that may jeopardize or negatively affect the integrity of the Services;

• To investigate violations and enforce our policies, and as required by law, regulation or other governmental authority.

2. User’s Data

We may use User’s Data for the following purposes:

• To verify User’s registration to the Services and verify User’s email address;

• To respond to User’s inquiries, support requests, feedback or questions.

• To manage User’s account and provide Users with customer support;

• To identify and authenticate User’s access to the Services;

• To detect and prevent fraudulent and illegal activity or any other type of activity that may jeopardize or negatively affect the integrity of the Services;

• To communicate with you and to keep you informed of our latest updates, upgrades, and products;

• To perform a research or to conduct analytics in order to improve and customize our Services to your needs and interests;

• To investigate violations and enforce our policies, and as required by law, regulation or other governmental authority;

Sharing Personal Information With Third Parties

We may share and disclose personal information we collect, if we believe in good faith that such disclosure is necessary or required: (i) to comply with a law, regulation, governmental or securities exchange requirement, court order, judicial proceeding or legal process, such as a subpoena, search warrant, or demand for disclosure under judicial or administrative process; (ii) to address a violation of the law; (iii) to investigate fraud or criminal activity, and to protect our rights or those of our affiliates, vendors and Users, or as part of legal proceedings affecting or may affect us or our affiliates, vendors or Users; and (iv) to allow Swordfish to exercise its legal rights or respond to a legal claim.

We may also share your information in the following ways, and for additional purposes, as follows:

1. Business Profiles

We may share some Business Profiles of Contacts with our third party data providers to check their accuracy and make sure Third Party Databases are current.

At any time, you may decide to opt-out from enabling us to disclose or allow access to your Business Profiles stored on Swordfish Database with our vendors and business partners, by filing in your relevant details here - www.swordfish.ai/Optout.

We may also share Business Profiles stored in our database with the following recipients: (i) our subsidiaries; (ii) subcontractors and other third-party service providers (e.g. hosting services, etc.); (iii) auditors or advisers of our business processes; and (iv) any potential purchasers or investors in Swordfish.

2. User’s Data

We may share User’s personal information with the following recipients: (i) our subsidiaries; (ii) subcontractors and other third-party service providers (e.g. payment processors, hosting services, the Smartlook web usage analysis service, etc.); (iii) auditors or advisers of our business processes; and (iv) any potential purchasers or investors in Swordfish.

Links To Other Websites

This Privacy Policy applies only to our Services and not to websites or applications owned by third parties. We may provide links to other websites (e.g. through advertisements, marketing materials, etc.) which we believe may be of interest to you. We cannot guarantee the privacy standards of such websites to which we link or be responsible for the contents of sites and this Privacy Policy is not intended to be applicable to them.

You are knowingly and voluntarily assuming all risks of using third-party sites. You agree that we shall have no liability whatsoever with respect to such third party sites and your usage of them.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

• If you would like access to the personal information about you we may have in our possession, please contact us at contact@swordfish.ai or the contact information below in the Contact Us section.

• You may also contact us at contact@swordfish.ai or the contact information below to correct or update personal information about you in our possession. Please keep in mind that we may have a legal right or obligation to preserve personal information as it currently exists.

• If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by emailing us at contact@swordfish.ai or using the contact information below.

• Any email communications from us contain instructions on opting out of further email communications, although we will still send you emails relating to the support, administration, and security of our products and services.

If you wish to contact us about controlling your personal information as described in this Section, please submit a request to us using the Contact Us section at the end of this privacy policy.

Retention Of Personal Information

Personal Information will be retained by Swordfish in such a way that you can be identified until the date on which personal information is no longer needed for Swordfish’s processing activities (“Processing Date”). Swordfish will adopt the same retention policy for all Users and Contacts regardless of their place of residence, which will follow the reasonable mandatory retention period, which is 7 years as from the Processing Date. Please note that we may retain the information we collect for as long as needed to provide the Services and to comply with our legal obligations, resolve disputes and enforce our agreements.

If you wish to remove Business Profiles existing in our servers or if you prefer that we not disclose your Business Profiles with our Users, vendors or business partners, you may opt-out by filling in your relevant details here - www.swordfish.ai/Optout. In this case, we shall not continue to use or disclose your Business Profiles, except as required or permitted under applicable law.

Please be notified:

If you opt out of being a Contact, we will make sure that our Services will not return any personal information associated with your email address. Nonetheless, should you change accounts or have multiple accounts, there may be duplicate records. Accordingly, the more information you can provide us when opting out, the more effectively we can block your personal information from being provided to Users.

How Do We Safeguard And Transfer Your Personal Information?

We take great care in implementing and maintaining the security of the Services and your personal information. We employ industry standard procedures and policies to ensure the safety of your personal information and prevent unauthorized use of it. Although we take reasonable steps to safeguard personal information, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure and Swordfish cannot guarantee the security of data outside of its information processing facilities.

Notice regarding minors

The products and services of Swordfish are not targeted to or intended for children under the age of 18. If you are under 18, you may not submit information about yourself to Swordfish. Swordfish reserves the right to modify or remove any information on the Site or Services at its own discretion.

In the event that we become aware that a User is under the age of 18 has shared any personal information with Swordfish, or if we become aware of a Contact under the age of 18, we will discard that minor’s personal information. If you have any reason to believe that a minor has shared any personal information with us or any personal information about a minor is in one or more of our Databases of Contacts, please contact us at  contact@swordfish.ai.

Marketing

We may use Users’ Personal Information, such as names and email addresses, ourselves or by using our third-party subcontractors for the purpose of providing our Users with promotional materials and newsletters concerning our Services, which we believe may interest them.

Out of respect to their right to privacy, at any time, Users may request to unsubscribe and discontinue receiving marketing offers by following the directions in the email or sending us a blank message with the word “remove” to contact@swordfish.ai.

Corporate Transactions

We may share information, including Personal Information, in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale of an asset or transfer in the operation thereof) or bankruptcy or any similar insolvency proceedings of Swordfish or any of its affiliates. In the event of the above, the acquiring company or transferee will assume the rights and obligations as described in this Privacy Policy.

Changes To This Privacy Policy

Swordfish reserves the right to modify this Privacy Policy from time to time, so please review it regularly. If we make changes to this policy, we will notify you here or by means of a notice on the Site’s homepage prior to the changes becoming effective. If the changes are material, we will notify you by email.

Please check back periodically to review the latest version of this Privacy Policy. You hereby declare that your continued use following any changed made to the Services or the Privacy Policy shall constitute your consent to any modified terms.

Contact Us; Exercising Individual Rights; Complaints

Our point of contact is Ben Argeband, who is the officer of our company in charge of data protection.

If you have any questions, comments or concerns about this policy or about our privacy practices, seek to exercise any of your privacy rights under applicable law, or wish to access, change, or update personal information we have about you, you should first contact our data protection officer by email at contact@swordfish.ai. You may also contact us at this email address if you are aware of abuse or misuse of our Services.

If you prefer that we not disclose your Business Profile to our Users, vendors or business partners, you may opt-out by filling in your relevant details at www.swordfish.ai/Optout.

If you have a complaint about our privacy practices, contact our data protection officer by email at contact@swordfish.ai. Our privacy team will investigate any complaints that you make concerning our privacy practices and provide you with a written response. You will need to provide enough information for us to evaluate your complaint, and we may need to ask for additional information in order to assess a complaint. Also, you have a right to submit any complaint to your local data protection authority or government regulator.