Revision Date: June 13, 2022
Privacy policies relating to personal data collected relating to employment are included in various policies available from the Human Resources department.
Who We Are
Maxio is a holding company with multiplesubsidiaries including, SaaSOptics LLC, Chargify, LLC and Keen, LLC. We have offices in Atlanta, Georgia, San Antonio, Texas, Krakow, Poland, and Dublin, Ireland. These subsidiaries provide online subscription billing and revenue management platforms. Most of our customers are business entities or other organizations. We offer our services to customers worldwide.
How to Contact Us
You may contact Maxio at email@example.com or if prefer to contact SaaS Optics, Chargify, or Keen directly you may contact them at the following address:
- SaaS Optics Email: firstname.lastname@example.org or via mail: 6575 The Corners Pkwy NW, Suite 400 Peachtree Corners, GA 30092
- Chargify Email: email@example.com or via mail: Chargify – 2722 W Bitter Road, San Antonio TX 78248
- Keen Email: firstname.lastname@example.org or via mail: Keen LLC - 2722 W Bitter Road, San Antonio TX 78248
Categories of Individuals Whose Data We Process
We describe our policies below in terms of three categories of individuals:
- customer’s customers – these are individuals who purchase goods and services from our customers; we do not have a direct relationship with these individuals and process their data only as part of providing our services to our customers and as instructed by our customers.
- customer representatives – these are individuals who work for our customers, such as our customers’ accounting and technical staff; we interact with these individuals as part of providing our services and managing the account relationship. For example, we enable these individuals to administer the customers’ accounts on our services platform, we send them invoices and other correspondence, and we provide them with technical assistance.
- visitors – these are individuals who visit our websites or our social media pages, who visit our office or interact with us at a trade show, or who interact with us in some way other than as a customer’s customer or a customer representative.
These words have these meanings in this Policy:
- customer means Maxio’s customer, generally a business or other organization;
- services means Maxio’s online recurring billing services, analytics services, and related services;
- "we", "our" and "us" refers to the Maxio subsidiaries, including SaaS Optics, LLC, Chargify, LLC, and Keen LLC;
- "you" and "your" refer to visitors, customer representatives, and customer’s customers as indicated by the context;
- personal data means information about a natural person, or to the extent applicable privacy law covers a business entity, the covered business entity.
Data Collection Purposes
We have described our purposes for collecting personal data below in the section called Purpose for Collection and Use of Personal Data. We also allow third party advertisers, such as GoogleAds, Facebook, Twitter and LinkedIn to collect personal data on our websites and social media pages for the purpose of selling targeted advertisement services. See Advertising Ecosystem below. We allow some of our service providers, such as Intercom, G2, and Capterra to use information about visitors that they collect on our site for the purpose of improving their services generally.
|Category of Data Collected||Examples of Data Collected||Method of Collection||Category of Individuals|
|IP Address||IP address||collected by our web servers when you visit our websites or our online service platforms; collected by communications features on our site, such as chat;collected by our email service provider||customer’s customerscustomer representativesvisitors|
|Device||information about your device such as the operating system, time zone setting, language setting, browser settings, and browser plug ins||collected by our web servers when you visit our websites or our online service platforms||customer’s customerscustomer representativesvisitors|
|Search Terms||If you use the search feature on our site we will capture your search terms||visitors|
|Online Advertising Profile||We capture the link that you click on in our online advertisements. This link enables us to associate you with the advertising parameters we provided to the advertising service. For example, we may ask an advertising service to target our ad to individuals that the ad service has identified as having a high interest in e-commerce. If you arrive at our site by means of the link in that ad, we will be able to identify you as having a high interest in e-commerce.||Links created by advertising services and provided to us;See the section below captioned Advertising Ecosystem and How to Opt Out of Online Data Collection.||visitors|
|Name and Contact Information of Customer Representatives||We collect your name, job title, job function, the organization you represent, email address, and phone number when you establish an online account on our service platform as a customer representative||service platform||customer representatives|
|Payment Card Information of Customer Representatives||If you use a personal payment card or other financial account to make payment arrangements, then we may collect information relevant to the processing of the payment transaction.||service platform||customer representatives|
|Name and Contact Information of Customer’s customers||Each of our customers or customer’s customers provide information to our services platform (either by manually inputting the information or by means of an integration with another system) that enables them to send you invoices for their subscription product or service. This may include your name, email address, and other contact information such as physical address or phone number||service platform||customer’s customers|
|Customer’s customers’ Purchase Information||Information about the products or services you purchased from our customers, such as the type of product or service, the date purchased, the price, and payment history||service platform||customer’s customers|
|Name and Contact Information of Visitors||We will collect your name and other contact information that you may elect to provide as part of a communication with us, either online such as via a chat, submission of a webform, or in an email, or offline, such as on a phone call, by providing a business card or other information at a trade show||webforms, email, chat, phone call, in-person interaction||visitors|
|Customer representative login (username and password)||Each customer representative is required to establish a unique user name and password to use our services;If the customer wishes to integrate our services with other online services, we will require the customer to provide sufficient credentials to create an authorized connection to those services on the customer’s behalf, which may include a customer representative’s login information||service platform||customer representative|
|Customer’s customer login (username and password)||Each customer’s customer may be required to establish a unique username and password to interact with our customer on our service platform||service platform||customer’s customer|
|Social Media Interactions||If you use the social media features on our website or visit our social media pages we will capture the information that is generally available to users of the social media platform you use. You should review the privacy policies of the social media providers as well since your visit to their platform by means of our social media button may allow them to collect information about your activity on our site.||buttons on our website that allow you to publish information about your site visit to a social media platform or run interactive mini-programs on our site. For example, we may have a “like” or “tweet” or similar button that, when clicked on, will generate a social media posting by you on Facebook, LinkedIn, Twitter or other platform that highlights or points back to the content on our site that you liked, tweeted, etc.||visitors|
|Other Personal Data||We may collect other information that you elect to provide in your communications with us or that our customer elects to provide to the services platform. For example, you may volunteer personal data in a support request or email. We do not solicit more information from you than what we need to fulfill our business purpose described below, but if you volunteer this information it will be stored in our systems with the communication in which it was included||service platform; communications services such as chat and email||customer’s customerscustomer representativesvisitors|
Marketing Partners and Resellers: We have relationships with other companies that help us market, sell and deliver our services. They may collect personal data of the type described above using the methods described above and provide that data to us. For example, we have relationships with companies who refer customers to us and resellers who offer our services under the reseller’s own brand name. We will treat personal information we receive from our marketing partners and resellers the same as the personal information we collect directly.
Combinations of data collected using different methods: We use service providers such as Clearbit and Hubspot to help us associate the personal data we capture about you as part of visitor interactions with personal data we collect about you as a customer representative. We do not associate data about visitors or customer representatives (alone or combined) with personal information we may have about you as a social media user or customer’s customer.
Purpose for Collection and Use of Personal Data
This section describes more specifically how our use of personal data relates to the purposes for which we collected the data.
Visitors: We collect data about visitors:
- to operate our website – web servers, by their nature, must capture your IP address and information about your browser and device to display our site to you;
- to develop our website and help us develop of product offerings – we use the information to help us understand what part of our website and products offerings is of interest to different kinds of visitors so that we can modify and improve our site content and other marketing materials to be more appealing to prospective customers; we may also use the information about your site visits and other visitor interactions to help us measure interest in our services or various features of our services;
- to show you personalized content when you visit our site – we use information about your prior visit to our site to customize your subsequent visits; for example, we may make information about products or services that appear to be of interest to you based on your prior visit more visible to you as part of your navigation of our site;
- to measure the success of our advertising efforts – we use visitor information to verify whether the ad services we purchase from third parties are actually resulting in visits to our site or other visitor interactions;
- to register you for webinars, office visits, or other online or off-line events we may host; and
- to communicate with you as part of our marketing efforts – if you provide us with contact information we may use it to send you communications about our company, our products or services, or related topics that we think you may find of interest.
Customer Representatives: we use data collected about accounts users (alone or as combined with data collected as part of an customer representative’s visits (such as pre-login activity on the Site):
- to provide our online services – we use login credentials to authenticate individuals as authorized users of our services; we use data collected by our servers as necessary to provide the services
- we use contact information to send invoices and other account communications, authenticate individuals who request information or support on the customer’s behalf, and administer your account, such as processing billing information to complete your purchases; we may also use your contact information to communicate with you about service issues, provide support
- to review compliance with usage terms in our services agreements; for example if the customer’s use of our services is limited to a certain number of individuals we may use personal data to help us monitor compliance with the usage restrictions;
- to help us develop our service offerings – we use information about your use of our services to measure interest in various features and plan enhancements or new features, and to improve user experience;
- to communicate with you as part of our marketing efforts – we use contact information and information about your use of our services to send you communications about our products or services, or related topics that we think you may find of interest; and
- to market our services - if you provide a customer testimonial or other content for marketing purposes we will publish the content with your name or other identifying information that you authorize us to use; if you agree that we may use you as a reference, we may provide your name and contact information to prospective customers for our services so that they may contact you to discuss your experience with our services.
Please note that if you participate in a Webinar or other open forum on our site your communications in that forum will be available to all other participants.
Requests to access, amend, delete or restrict the use of your personal data
Additional Information for California Visitors, Customer Representatives
In addition to our commitments stated above, if our collection of personal information about you for our business purposes is covered by the California Consumer Privacy Act you have the have certain rights under that law.
You may request disclosure of the following specific information:
- the categories of personal information as well as the specific pieces of personal information that we have collected about you for our business purposes over the prior 12 months:
- the categories of sources from which we have collected that personal information,
- our purpose(s) for collecting that personal information,
- the categories of third parties with whom we have shared the personal information, such as our service providers, and
- whether we have sold the personal information to third parties or disclosed the information to third parties for a business purpose, and if so the categories of personal information and third parties.
In addition, you have the right to ask Maxio to delete your personal information. We will comply with your deletion request and require our service providers to do the same, unless we plan to retain the personal information on a legally permitted basis and we give you notice of this fact and the legal basis on which we rely.
You may make a request by calling our toll-free number 1-800-401-2414, submitting the request via our website, or by sending an email or physical mail request to the addresses above.
You may also use an agent to make a request described in this section by giving them a written instruction that clearly states that they have authority to make a request on your behalf under the California privacy law.
Before responding to your request or your agent’s request we may ask you to provide information needed to verify that you are the consumer whose personal information is covered by the request. If you ask us to delete your data, we will ask you to confirm your request after we receive the request. If you are an customer representative we will verity your identity by communicating with you at the email address we have for you in our system.
We may not discriminate against you because you make a request described in this Section by denying you our services or providing a different quality or price for our services, unless the different service or price is reasonably related to the value provided to you by your data.
If you are under 16 years of age, you are not authorized to use our website or our services and we don’t want your personal data.
Additional Rights for European Economic Area (EEA) and Certain Other Territories: Your Rights under the General Data Protection Regulation
If you are from certain territories (such as the EEA), you may have the right to exercise additional rights available to you under applicable laws, including:
- Right of erasure: In certain circumstances, you may have a broader right to erasure of personal information that we hold about you. For example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
- Right to object to processing: You may have the right to request that Maxio stop processing your personal information and/or to stop sending you marketing communications.
- Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is inaccurate or unlawfully held).
- Right to data portability: In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information to another data controller without hindrance.
If you would like to exercise such rights, please contact us at the contact details section below. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
You also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. A list of contact details for the EU data protection authorities is available here. https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Lawful Basis for Processing under GDPR
The European Union’s General Data Privacy Regulation or “GDPR” and the equivalent law in the United Kingdom require that processors of personal data meet one of the “lawful basis” or “legal basis” grounds defined in those laws. Our lawful basis for processing under these laws is either consent (for visitors) or the necessity of fulfilling our contractual obligations to our customer (for customer’s customers). In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person. Where we rely on your consent to process the personal information, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
Service Provider Data
We process personal data about our customers’ customers that our customer provides to the service or creates as part of its use of our service, or that the customer’s customers communicate to our customers as part of their use of the our services. For example, our customers may enter the name, email address, payment details, and physical address to establish an invoicing record for each of their customers. The invoices and other billing communications our customers send using our service will describe the products and services that their customers purchased from them. Our customers will use our service to track whether their customers have paid for their products and services and whether the payments are late or on time. Our service includes an email feature to facilitate our customers’ communications with their customers. If our customers or their customers include personal data in those emails then we will transmit that data for our customer as part of our services, using our third party email services provider.
Our service includes a feature that allows customer’s customers to enter full payment details in a frame we host. We do not process or store full payment details other than to pass it, in encrypted form, to the payment card processor selected by our customer.
Some of our customers are subject to special data privacy laws, such as the General Data Protection Regulation adopted by the European Union in May 2018 (the “GDPR”) and the California Consumer Privacy Act. (the “CCPA”). We make appropriate contractual commitments to our customers in support of their obligations under the GDPR, CCPA or other data privacy and protection laws applicable to them.
Please contact us at the address above if you have questions or concerns regarding our processing of the data described in this Section. We ask, however, that your first contact our customer if you have a request to access, block, erase or take other action with respect to data that we have solely as a data processor for our customer.
We have not sold or leased personal data, and will not sell or lease your personal data unless you give us your consent to do so. The California Consumer Privacy Act includes a definition of “sale” that may include permitting third party advertisers to collect data about our Site visitor for use as part of their advertising services generally. During the prior 12 months we have permitted Google Ads, Facebook, Twitter, and LinkedIn to collect data on our site by means of advertising cookies. See the section below captioned Advertising Ecosystem for information on how you block these cookies.
Unless we ask for and you provide you additional consent in writing, we will not disclose your personal data to third parties except as follows:
This may include exchanging information with government regulatory or law enforcement agencies, or with other companies and organizations for fraud protection and legal compliance.
Sale of Business
As part of a sale of a sales of business assets where the purchaser needs the personal data to use the assets.
We may in the future sell all or part of our assets or be involved in a merger. We may provide the company that is seeking to acquire our business with access to personal data as part of their evaluation of our business, but will require them to maintain the personal data in confidence and use it only to evaluate our business. If we complete a transaction, it is customary to transfer personal data that is related to the purchased business assets to the purchaser.
We use the services of other companies to collect data on our behalf or to help us analyze, store, manage and otherwise process your personal data. Each of these companies commits in its contract with us to use the personal data only according to our contract with them or our other instructions as necessary to support our business. They are not authorized to use your personal data for any other purpose. They are not authorized to disclose your personal data to others except with our permission, and only if they require the others to comply with the same restrictions that apply to them. You may request a list of our subprocessors by contacting us at the address above.
Special Note on Payment Processors: As part of our services to our customers we provide an integration for online data exchange between our services and various payment processors. The payment processors are not our subprocessors, but are our customer’s subprocessors. Our customers are responsible for entering into contracts with the payment processors of their choice and for ensuring that those contracts include appropriate privacy commitments. Our processing of personal data as part of the provision of the integrations involves only transmission between the payment process and our customer’s instance of our service and is completed in accordance with the payment processors’ standards.
Protecting Network and Information Security
We may disclose your personal data as necessary to protect our information and systems from unauthorized actions that compromise their security or availability, such as disclosures as part of industry initiatives to identify and block malicious actors.
We use online advertising services that enable a practice referred to as “online behavioral advertising.” These services aggregate data about an individual’s behavior on many different sites and online services and use that data to sell targeted advertising services. For example, we permit Google’s advertising services to collect data about your behavior on our Sites, as do many other website operators who use Google’s ad services. Google combines the data about an individual that it collects from different sources and uses this aggregate data to sell advertising services that target the display of ads to web users who meet certain behavioral criteria. Google does not disclose this aggregate data to us, but we are able to infer that users who interact with our ad meet the advertising criteria we provided. Google collects this data using cookies, web server logs (its own and its advertising customers), clear gifs and other online data collection techniques. See Online Data Collection Techniques and How to Opt Out of Online Data Collection.
Online Data Collection Techniques
A cookie is a unique alphanumeric identifier that is placed by a web server on the web visitor’s browser. Cookies are used to analyse visitors’ use of the website. For example, a website operator can use the cookie to identify the number of unique visitors to the site, whether or not those visitors are repeat visitors, and information about the visitor’s activity on the site, device and device settings. A tracking pixel, also known as a web bug or web beacon, is a small graphic (usually 1 pixel x 1 pixel) invisible to the eye, that is embedded in web content or email. When content that has an embedded web beacon is viewed, the browser will request content from a web server, which in turn will set a cookie. We use these tracking pixels to determine whether an email has been opened and acted upon.
How To Opt Out Of Online Data Collection
You can manage your cookie preferences at any time.
You can also manage browser cookies through your browser settings. The 'Help' feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, how to disable cookies, and when cookies will expire. If you disable all cookies on your browser, neither we nor third parties will transfer cookies to your browser. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some features and services may not work.
Our servers do not recognize or respond to any “do not track” setting you may have in your browser.
The third parties who we permit to collect data on our site have features that allow you to block their data collection via cookies. See their privacy policies and cookie policies.
If you do not wish to receive our email or other communications, please send your request to email@example.com Please note that it may take up to ten days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request.
Children are not permitted to use our site or services. We do not knowingly collect personal information from anyone under 16. If you are under 16, do not use or provide any information on our Sites unless you have involved your parent or guardian. If we discover that we have information about a child we will delete that information. If you are the parent or guardian of a child and you believe we have personal data about the child without your consent, please contact us at the address appearing at the top of this page and we will delete that information.
We protect personal data from unauthorized use, disclosure, corruption and destruction using appropriate technical and organizational measures.
We will retain your personal data only for as long as reasonably necessary to fulfill the purpose for which it was collected, and to comply with our legal obligations, and will use secure means to destroy the data after that time. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
We will comply with laws applicable to the transfer of personal data across international borders. We provide appropriate contractual commitments to our customers in the European Union and countries in the European Economic Area that are not part of the European Union, as well as the United Kingdom and other jurisdictions that require protections around transfer of personal data to the United States.
Maxio has appointed a representative in the European Union and the United Kingdom under Article 27 of the European Union’s General Data Privacy Regulation and the UK equivalent as follows:
United Kingdom Art 27 Data Protection Representative
VeraSafe has been appointed as Maxio’s representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation as amended by Schedules 1 and 2 to the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419). If you are located within the United Kingdom, VeraSafe can be contacted only on matters relating to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 20 4532 2003.
Alternatively, VeraSafe can be contacted at: VeraSafe United Kingdom Ltd., 37 Albert Embankment, London, SE1 7TL, United Kingdom.
European Union Art 27 Data Protection Representative
VeraSafe has been appointed as Maxio’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are located within the European Economic Area, VeraSafe can be contacted only on matters relating to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031
Alternatively, VeraSafe can be contacted at: VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork, T23AT2P Ireland.
EU-U.S. Privacy Shield Framework
Each of SaaS Optics and Chargify has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.Each of SaaS Optics and Chargify is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Each of SaaS Optics and Chargify remains responsible in cases of its onward transfer to third parties of data covered by its Privacy Shield certification and is liable to you for non-compliance by the third parties.