PRIVACY POLICY

Your Privacy Matters

We are committed to being transparent about the data we collect about you, how it is used and with whom it is shared. Our privacy policy is effective March 30, 2020.

Your Privacy Matters
We are committed to be transparent with you about the data we collect about you and how it is used and shared.By using our Services, you consent to our use of your data under this Privacy Policy.We are a referral network and online platform for professionals as well as companies. People use our services to find and be found for business opportunities and to connect with others and information. Our Privacy Policy applies to any Member or Visitor to the covered Services.Any person who visits one of our websites or online services (e.g drafted.us) is a Visitor.Any person who registers for one of our services is a Member.
Services
This Privacy Policy applies to Drafted.us, sites, apps, communications and services (“Services”).
ConsentIf you use our Services, you consent to the collection, use and sharing of your personal data under this Privacy Policy and agree to the User Agreement. We will ask you for explicit Consent when you are using parts of the product that need access to different data that belongs to you - for example, we will ask you for separate consent to access your Google Contacts versus your LinkedIn connections, if and when you decide to import that data into Drafted.Your consent for this kind of data can be withdrawn at any time by disconnecting the relevant account from your Settings page, or requesting via support lines.
ChangeWe may modify this Privacy Policy, and if we make material changes to it, we will provide notice through our Services, or by other means, to provide you the opportunity to review the changes before they become effective. If you object to any changes, you may close your account and request for all your data to be removed. Your continued use of our Services after we publish or send a notice about our changes to this Privacy Policy means that you are consenting to the updated Privacy Policy.
1.1 Information You Provide To UsYou provide data to create an account with us.
RegistrationTo create an account you provide data including your name, email address and/or mobile number, and a password. If you register for a premium Service, we may ask you for payment (credit card) and billing information. We use respected, certified PCI-DSS compliant third party systems for payment processing and billing including Recurly and Bill.com.
ProfileProfile information is used to verify your identity and provide you with Drafted services, including helping other people in your network to find you and potentially contact you for the purpose of asking about introductions or new opportunities. Your public profile does not include things you would consider private to your company e.g an employee referral you make or things that you’d want confidential as a job seeker e.g a record of interest that you expressed in a new job opening.We do not ask you to add any sensitive information on your profile.Please do not post or add personal data to your Drafted profile that you would not want to be available to others in your network.
Posting and UploadingWe collect personal data from you when you provide, post or upload it to our Services, such as when you fill out a form, apply for or save jobs or send invitations. If you opt-in to import your address book, we receive your contacts (including contact information your service provider(s) or app automatically added to your address book when you communicated with addresses or numbers not already in your list).
LinkedIn ConnectionsIf you import your LinkedIn data, we receive data about your LinkedIn connections and your LinkedIn profile, but the information we store and use is limited to your connections’ basic information such as full name, email, current job title, current company, and public websites. The information contained in your LinkedIn data exports may be changed by LinkedIn from time to time, and that would be reflected in what you share with us.

The purpose of your LinkedIn connections is to make personalized recommendations to you about how to navigate your network when making introductions and getting referrals.If you are an employee at a company that uses Drafted, your LinkedIn contacts information will be accessible to managers and recruiters at your company.

Neither Drafted, nor your employer will be able to access any sensitive LinkedIn information about you or information you would generally consider private such as private messages, your LinkedIn posts, salary information, job applications, etc.

Drafted makes recommendations to your recruiting team about people in your network so that the recruiting team can request introductions to those people from you.

People in your address book are also able to ask you for relevant introductions - for example, a past colleague of yours who is connected with you through LinkedIn may be able to ask you for an introduction to someone on your recruiting team.
1.2 Information From OthersOthers may post or write about you.
ContentYou and others may post content that includes information about you on our Services. Unless you opt-out, we collect public information about you, such as your current job title, links to your various public presences on the internet e.g Twitter, Github, LinkedIn, and make it available as part of our Services (e.g. suggestions for your profile)
Contact  and Profile InformationWe receive personal data about you when others import or sync their address book with our Services, or send messages using our Services (including invites or introduction requests).Customers and partners may provide data to us. For example, your employer may provide us with an email to invite you into the service. PartnersWe sometimes receive personal data about you when you use the services of our partners, such as applicant tracking systems, providing us job application or referral data. The privacy of this data will be governed by the relevant partners’ privacy policy and data processing agreements with you and (when appropriate) your employer.
1.3 Service UseWe log your visits and use of our ServicesWe log usage data when you visit or otherwise use our Services, including our sites, such as when you view or click on content (e.g job postings), perform a search, share job openings, or apply for jobs. We use log-ins, cookies, device information and internet protocol (“IP”) addresses to identify you and log your use.
1.4 Cookies, Web Beacons and Other Similar TechnologiesWe collect data through cookies and similar technologies.We use cookies and similar technologies (e.g., device identifiers) to recognize you and/or your device(s) on, off and across different Services and devices. You can control cookies through your browser settings and other tools.
1.5 Your Device and LocationWe receive data from your devices and networks.We use cookies and similar technologies (e.g., device identifiers) to recognize you and/or your device(s) on, off and across different Services and devices. You can control cookies through your browser settings and other tools.
1.6 MessagesIf you communicate through our Services, we learn about that.We collect information about you when you send, receive, or engage with messages in connection with our Services. For example, if you get a Drafted invite, we track whether you have acted on it and may send you reminders. However, we are NOT able to read your emails (e.g Gmail or Microsoft Outlook) when you use those providers as a way of authentication (e.g Sign In with Google)
1.7 Workplace Provided InformationWhen your employer buys a premium Service for you to use at work, they may give us data about you.

An employer (or other person or entity procuring our Services for your use) may provide us information about their employees or contractors who make use of these Services. For example, we will get contact information for “Company Page” administrators and for authorizing users of our premium Services, such as Drafted for Teams.
1.8 OtherWe are improving our Services, which means we get new data and create new ways to use data.Our Services are dynamic and we often introduce new features, which may require the collection of new information. If we collect materially different personal data or materially change how we use your data, we will notify you and may also modify this Privacy Policy.
2. How We Use Your DataWe use your data to provide, support, personalize and develop our Services.How we use your personal data will depend on which Services you use, how you use those Services and the choices you make in your settings. We use the data that we have about you to provide, support, personalize and make our Services more relevant and useful to you and others.
2.1 ServicesOur Services help you connect with others, find and be found for work and business opportunities, find and be found for referrals and introductions, and participate in employee and external referral programs run by different companies.We use your data to authenticate you and authorize access to our Services.
Get IntroducedOur Services allow you to find, receive, and be found for introductions and referrals by  colleagues, partners, clients, and other professional contacts. If you are connected with someone through your contacts (e.g LinkedIn, address book) you both will be able to see each other’s contact information, and request introductions from each other’s networks.

We will use data about you (such as profiles you have viewed or data provided through address book uploads or partner integrations) to suggest introductions, connections, and referrals for you and others (e.g. Members who share contacts in common with you) and enable you to invite others to become a Member or request an introduction from them, even if they are not a Member. It is your choice whether to invite someone to our Services or send an introduction request. You can choose whether or not to share your own list of connections with your network.

We use your public profile, activity and other data, including your job title, name and picture, to provide recommendations to other Members in your network.For example, if you are connected to both a recruiter and a potential candidate for a job, we may suggest to the recruiter that they reach out to you in order to get an introduction to the potential candidate for that job.

However, a recruiter you do not know would be unable to contact one of your friends directly by virtue of you importing your connections into Drafted. CareerOur Services allow you to explore careers, seek out, and be found for, career opportunities.

Your profile can be found by those people in your second-degree network looking to hire or be hired by you, and may be obtained from public information even if you are not a user of our Services.

We will use your data to recommend job related introductions to you, show you and others who work at a company, in an industry, function or location or have certain job titles and connections.

We may use your profile to recommend jobs to you and you to recruiters at companies that are in your network. ProductivityOur Services allow you to collaborate with colleagues. Our Services allow you to communicate with other professionals. We allow you to store and use tools to improve productivity such as message templating. 2.2 Premium ServicesOur premium Services allow paying users to search for and contact Members through our Services, such as searching for and contacting job candidates, and promote content through social media.We sell premium Services that provide our customers customized-search functionality and tools (including messaging). A premium Services subscriber can store information he/she has about you in our premium Services, such as contact information or work history. The data provided about you by these subscribers is subject to the policies of those subscribers.It is against our policy for customers or users to scrape or permanently take data that does not belong to them off Drafted, except in case of approved Partner integrations (such as an Applicant Tracking System).2.3 CommunicationsWe contact you through multiple channels. We offer settings to control what and how often you receive some types of messages.

We will contact you through email, notices posted on our websites or apps, team chat applications like Slack and Stride, and other ways through our Services.

We will send you messages about the availability of our Services, security, or other service-related issues.We also send messages about how to use the Services, network updates, reminders, referral suggestions and promotional messages from us and our partners.You may change your communication preferences at any time. Please be aware that you cannot opt-out of receiving service messages from us, including security and legal notices.2.4 MarketingWe promote our Services to you and others.We use data and content about Members for invitations and communications promoting membership and network growth, engagement and our Services.2.5 Customer SupportWe use data to help you and fix problems.We use the data (which can include profile, communication activity and activity history in some cases) needed to investigate, respond to and resolve complaints and Service issues (e.g., bugs).

We train our support staff to ask for explicit consent before accessing any of your data which is neither public nor pseudonymized.

We use tools and monitoring like Hubspot, Fullstory, and Drift to help provide you with better support and services. We ensure that these third party tools we use are compliant with our policies.
2.6 Aggregate InsightsWe use data to generate aggregate insights.We use your information to produce aggregate insights that do not identify you. For example we may use your data to generate statistics about our users, their profession or industry, or the demographic distribution of visitors to a site.
2.7 Security and InvestigationsWe use data for security, fraud prevention and investigations.We use your data (including your communications) if we think it’s necessary for security purposes or to investigate possible fraud or other violations of our User Agreement or this Privacy Policy and/or attempts to harm our Members or Visitors.
3. Our ServicesAny information you include on your profile, or publicly available information that is added to your profile automatically by our Services will be seen by others. ProfileYour profile is fully visible to all Members and customers of our Services. As detailed in our Help Center

Your settings, degree of connection with the viewing Member, search types (e.g., by name or by keyword) impact the availability of your profile and certain fields.Your employer can see how you use Services they provided for your work (e.g. as a recruiter) and related information. They will not be able to see any activity you take in Personal Mode, such as job searches or individual introduction requests. 3.1 Service ProvidersWe may use others to help us with our Services.

We use others to help us provide our Services (e.g., maintenance, analysis, audit, payments, fraud detection, marketing and development). They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated to not to disclose or use it for other purposes. 3.2 Legal DisclosuresWe may need to share your data when we believe it’s required by law or to protect your and our rights and security.It is possible that we will need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you, (3) investigate and defend ourselves against any third-party claims or allegations, (4) protect the security or integrity of our Service (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of Drafted, our Members, personnel, or others. We attempt to notify Members about legal demands for their personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand. 4. Your Choices & Obligations4.1 Data RetentionWe keep most of your personal data for as long as your account is open.We retain the personal data you provide while your account is in existence or as needed to provide you Services. Even if you only use our Services when looking for a new job every few years, we will retain your information and keep your profile until you decide to close your account or exercise your right to be forgotten
In some cases we choose to retain certain information in a depersonalized or aggregated form, for example some of the uses outlined in section 2.Unless you opt-out or exercise your right to be forgotten, we will retain publicly available data about you in order to provide services to other Members who are connected with you.4.2 Rights to Access and Control Your Personal DataYou can access or delete your personal data. You have some choices about how your data is collected, used and shared.By default, if there is a Drafted public profile about you - it is accessible to anyone who knows how to find it, including you, but it does not contain any information that is not already available about you, without your consent. Only people in your first or second degree network are able to contact you through Drafted. You can opt-out at any time here.4.3 Account ClosureWe keep some data about you even after you close your account.If you choose to close your Drafted account, your personal data will generally stop being visible to others on our Services within 24 hours.Account information is permanently within 30 days or less of account closure, except as noted below.We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our User Agreement, or fulfill your request to “unsubscribe” from further messages from us. We will retain de-personalized information after your account has been closed.Information you have shared with others e.g referrals you made to your employer remain visible after you closed your account, and we do not control data that other Members copied out of our Services. Your profile picture and name may continue to be displayed in the services of others (e.g to show that you referred someone).
5 Data Access RequestYou may request reasonable access to your data on Drafted. We respond to all Data access requests within 30 days, and you can request a copy of your data here.

For Members and users of non-premium Services, most standard Data Access Requests are free of charge, unless there is an excessive number of requests or undue burden through such requests placed on us.For customers and subscribers of our premium Services, most standard Data Access Requests are included in their subscription, unless there is an excessive number of requests or customized work we need to do in order to serve them.When you request data from us, we are only able to provide data that belongs to you, and may ask to verify your identity to for security reasons. 6. Other Important Information 6.1. SecurityWe monitor for and try to prevent security breaches.We implement security safeguards designed to protect your data, such as HTTPS. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us.There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.If we confirm a breach of security that affects you, we will notify you within 3 days of such breach. You can read more about our security practices here.
6.2. Direct Marketing and Do Not Track SignalsWe currently do not share personal data with third parties for their direct marketing purposes without your permission, and you will be notified if there is a change to this policy.
6.3. Contact InformationYou can contact us or use other options to resolve any complaints.If you have questions or complaints regarding this Policy, please first contact Drafted online, through our Live Chat support line or by emailing privacy@drafted.us.
6.4 Third PartiesDrafted does not sell your data to third parties. Drafted does use several third party services for example, SendGrid for sending emails, and Appcues for onboarding. The relevant parts of your data that are required for these services are shared with them, such as your email address for SendGrid to be able to send you a message on our behalf, and actions you took in the app in order to tailor your onboarding experience through Appcues.

Drafted chooses third party services carefully and does not use services if there is reason to believe that they will sell your personal data to others. Where possible, Drafted requires third party services to be contractually obligated to only use and store data required for the specific purpose of providing services to Drafted or it’s users.

Last Updated: March 30, 2020


Drafted Privacy Policy


Your Privacy Matters

We are committed to be transparent with you about the data we collect about you and how it is used, shared, and transferred.


By using our Services, you acknowledge that our use of your data is subject to this Privacy Policy.


We are a referral network and online platform for professionals as well as companies. People use our services to find and be found for business opportunities and to connect with others and information. Our Privacy Policy applies to any Member or Visitor to the covered Services.


Any person who visits one of our websites or online services (e.g. drafted.us) is a Visitor.

Any person who registers for one of our services is a Member. In this Privacy Policy, any reference to “Users” includes both Members and/or Visitors, as applicable. If you are a resident of the European Union or California, please also see our special sections for residents of those areas, which provide additional information about our privacy practices.


Services

This Privacy Policy applies to Drafted.us sites, apps, communications and services (“Services”).


Consent

We will ask for your consent to use your data in certain cases, and you may withdraw that consent.


This Privacy Policy incorporates by reference our User Agreement; any dispute about our privacy practices will be handled as described in the User Agreement. When relevant, we will ask you for explicit consent when you are using parts of the product that need access to different data that belongs to you - for example, we will ask you for separate consent to access your Google Contacts versus your LinkedIn connections, if and when you decide to import that data into Drafted.


You may withdraw your consent for future data collection through these sources by disconnecting the relevant account from your Settings page, or requesting via support lines.


Change

We may update this Privacy Policy; if we make a major change to our handling of your information, we’ll endeavor to notify you of the change.


We may modify this Privacy Policy, and if we make material changes to it, we will provide notice through our Services, or by other means. If you object to any changes, you may close your account.  If you close your account, we will deactivate you as a user from our system and you will no longer be able to use the Services, but it does not mean that we will delete all of the data that we have about you. Your continued use of our Services after we publish or send a notice about our changes to this Privacy Policy means that you will be subject to the updated Privacy Policy.


1. The Information We Collect About You


We collect information about you directly from you, as well as from other sources, including other services with which we interact or integrate, others who post content or information about you, our customers (e.g., in their capacity as your employer), our partners, public sources, data analytics and tracking tools providers, social networks, and service providers.


1.1 Information You Provide To Us

You provide data to create an account with us and to use our Services.


Registration

To create an account, you provide certain identifiers including your name, email address and/or mobile number, and a password. If you register for a premium Service, we may ask you for payment (credit card) and billing information. We use certified PCI-DSS compliant external systems for payment processing and billing including Stripe and Bill.com.


Sign-In Using Credentials from Other Services

You may sign into our services using credentials from certain other sites, including Google and Microsoft Outlook. When you do so, we will collect your email address and other information that these sites provide to us.


Profile

Profile information is used to verify your identity and provide you with Drafted Services, including helping other people in your network to find you and potentially contact you for the purpose of introductions or new opportunities. An abbreviated version of your profile can be viewed by others when it is shared with them; although it may not be indexed by a search engine.  


Please do not post or add personal or sensitive data to your Drafted profile that you would not want to be available to others in your network.


Posting and Uploading

We collect personal data from you when you provide, post or upload content to our Services, such as when you fill out a form or send invitations. If you opt-in to import your address book from your email provider or external sites, we receive your contacts (including contact information your service provider(s) or app automatically added to your address book when you communicated with addresses or numbers not already in your list).


LinkedIn Connections

If you import your LinkedIn data, we receive data about your LinkedIn connections and your LinkedIn profile, but the information we store and use is limited to your connections’ basic information such as full name, email, current job title, current company, and public websites. The information contained in your LinkedIn data exports may be changed by LinkedIn from time to time, and that would be reflected in what you share with us.


The purpose of importing LinkedIn connections is to make personalized recommendations to you about how to navigate your network when making introductions and getting referrals.


If you are an employee at a company that uses Drafted, your LinkedIn contacts information will be accessible to managers and recruiters at your company.


Neither Drafted, nor your employer will be able to access LinkedIn information about you that you generally consider private such as private messages, your LinkedIn posts, salary information, job applications, etc.


Drafted makes recommendations to your recruiting team about people in your network so that the recruiting team can request introductions to those people from you.


People in your address book are also able to ask you for relevant introductions - for example, a past colleague of yours who is connected with you through LinkedIn may be able to ask you for an introduction to someone on your recruiting team.


1.2 Information From Others

Others may provide information about you to us.


Content

You and others may post content that includes information about you on our Services. Unless you opt out, we collect public information about you, such as your current job title, your education and work history, links to your various public presences on the internet e.g., Twitter, Github, LinkedIn, and make it available as part of our Services (e.g., suggestions for your profile).


Contact, Profile and Other Information

We receive personal data about you when others import or sync their address book with our Services, or send messages using our Services (including invites or introduction requests).


Customers and partners may provide data to us. For example, your employer may provide us with an email to invite you into the service.  In addition, we may receive information about you when other users refer you to us.


We also receive information about you when we use service providers to help us enrich the data that we have about you.


Partners

We sometimes receive personal data about you when you use the services of our partners, such as applicant tracking systems, providing us job applications, or referral data. The privacy of this data will be governed by the relevant partners’ privacy policy and data processing agreements with you and (when appropriate) your employer.


1.3 Service Use

We log your visits and use of our Services.


We log usage data when you visit or otherwise use our Services, including our sites, such as when you view or click on content (e.g., job postings), perform a search, share job openings, or apply for jobs. We use log-ins, cookies, device information and internet protocol (“IP”) addresses and log your use if you are registered user. We do not associate this with any particular person unless you are logged into our Services.


1.4 Cookies, Web Beacons and Other Similar Technologies

We collect data through cookies and similar technologies.


We use cookies and similar technologies (e.g., device identifiers) to recognize you and/or your device(s) on, off and across different Services and devices. You can control cookies through your browser settings and other tools.


We use automated devices and applications, such as Google Analytics, to evaluate usage of our Services. We also may use other analytic means to evaluate our Services. We use these tools to help us improve our Services’ performance and user experiences. The entities that operate these tools may use cookies and other tracking technologies, such as web beacons or local storage objects (LSOs), to perform their services in accordance with their own privacy policies. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy. You can also download the Google Analytics Opt-out Browser Add-on to prevent your data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.


Do Not Track Signals.  Currently our site does not respond to browser do-not-track signals. You may disable certain tracking by disabling cookies.


1.5 Your Device and Location

We receive data from your devices and networks.


We use cookies and similar technologies (e.g., device identifiers) to recognize you and/or your device(s) on, off and across different Services and devices. We do not associate the information that we collect from these technologies with your profile. You can control cookies through your browser settings and other tools.  When you visit or leave our Services, we receive the URL of both the site you came from and sometimes the site you are going to. We also get information about your IP address, proxy server, operating system, web browser, device identifier, and/or ISP or your mobile carrier.


1.6 Messages

We collect usage information about your messages.


We collect information about you when you send, receive, or engage with messages in connection with our Services. For example, if you get a Drafted invite, we track whether you have acted on it and may send you reminders. However, we are NOT able to read your emails (e.g., Gmail or Microsoft Outlook) when you use those providers as a way of authentication (e.g., Sign In with Google).


1.7 Workplace Provided Information

When your employer buys a premium Service for you to use at work, they may give us data about you.


An employer (or other person or entity procuring our Services for your use) may provide us information about their employees or contractors who make use of these Services. For example, we will get contact information for “Company Page” administrators and for authorizing Users of our premium Services, such as Drafted for Teams.


1.8 Other

We are improving our Services, which means we may collect new data from or about you and create new ways to use data.


Our Services are dynamic and we often introduce new features, which may require the collection of new information. If we collect materially different personal data or materially change how we use your data, we will notify you and may also modify this Privacy Policy.


2. How We Use Your Data

How we use your personal data will depend on which Services you use, how you use those Services and the choices you make in your settings. We use the data that we have about you to provide, support, promote, protect, personalize and make our Services more relevant and useful to you and others, as discussed in more detail below.


We use your data for the following purposes:


  • • Providing Support and Services:  Including to authenticate you and authorize access to our Services; to communicate with you about your access to and use of our Services; to respond to your inquiries; to provide troubleshooting, fulfill your orders and requests, process your payments and provide technical support; and for other customer service and support purposes.  
  • • Analyzing and Improving Services and Operations: Including to better understand how users access and use our Services, to evaluate and improve our Services and business operations, and to develop new Services; to conduct surveys and other evaluations (such as customer satisfaction surveys); and for other research and analytical purposes.  
  • • Personalizing Content and Experiences: Including to tailor content we send or display on our websites and other Services; to offer location customization and personalized help and instructions; and to otherwise personalize your experiences.
  • • Marketing and Promotional Purposes: To send you newsletters, offers or other information we think may interest you; to contact you about our Services or information we think may interest you; and to administer promotions and contests.  
  • • Securing and Protecting Our Business: Including to protect and secure our business operations, assets, Services, network and information and technology resources.
  • • Defending our Legal Rights: Including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties.
  • • Auditing, Reporting, Corporate Governance, and Internal Operations: Including relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy or restructuring of all or part of our business.
  • • Complying with Legal Obligations: Including to comply with the law, our legal obligations and legal process, such warrants, subpoenas, court orders, and regulatory or law enforcement requests.


In addition, we use your data for the more specific purposes set forth below.


2.1 Services

Our Services help you connect with others, find and be found for work and business opportunities, find and be found for referrals and introductions, and participate in employee and external referral programs run by different companies.


We use your data to authenticate you and authorize access to our Services.


Get Introduced

Our Services allow you to find, receive, and be found for introductions and referrals by  colleagues, partners, clients, and other professional contacts. If you are connected with someone through your contacts (e.g., LinkedIn, address book) you both will be able to see each other’s contact information, and request introductions from each other’s networks.


We will use data about you (such as profiles you have viewed or data provided through address book uploads or partner integrations) to suggest introductions, connections, and referrals for you and others (e.g., Members who share contacts in common with you) and enable you to invite others to become a Member or request an introduction from them, even if they are not a Member. It is your choice whether to invite someone to our Services or send an introduction request. You can choose whether or not to share your own list of connections with your network.


We use your profile, activity and other data, including your job title, name and picture, to provide recommendations to other Members in your network.


For example, if you are connected to both a recruiter and a potential candidate for a job, we may suggest to the recruiter that they reach out to you in order to get an introduction to the potential candidate for that job.


However, a recruiter you do not know would be unable to contact one of your friends directly by virtue of you importing your connections into Drafted.


Career

Our Services allow you to explore careers, seek out, and be found for, career opportunities.


Your profile can be found by those people in your second-degree network looking to hire or be hired by you, and may be obtained from public information or other Users even if you are not a User of our Services.


We will use your data to recommend job related introductions to you, show you and others who work at a company, in an industry, function or location or have certain job titles and connections.


We may use your profile to recommend jobs to you and you to recruiters at companies that are in your network.


Productivity

Our Services allow you to collaborate with colleagues. Our Services allow you to communicate with other professionals. We allow you to store information and use tools to improve productivity such as message templating.


2.2 Premium Services

Our premium Services allow paying Members to search for and contact others through our Services, such as by searching for and contacting job candidates, and promote content through social media.


We sell premium Services that provide our customers customized-search functionality and tools (including messaging). A premium Services subscriber can store information he/she has about you in our premium Services, such as contact information or work history.


It is against our policy for Users to scrape or permanently take data that does not belong to them off Drafted.  In certain cases, we permit Users to export data to approved Partner integrations (such as an Applicant Tracking System).


2.3 Communications

We contact you through multiple channels. We offer settings to control what and how often you receive some types of messages.


We will contact you through email, notices posted on our websites or apps, team chat applications like Slack, and other ways through our Services.


We will send you messages about the availability of our Services, security, or other service-related issues.


2.4 Marketing

We promote our Services to you and others.


Consistent with your request, or our customer agreements, we send messages about how to use the Services, network updates, reminders, referral suggestions and promotional messages from us and our partners.


You may change your communication preferences at any time by signing into your Drafted accounts and updating your notification preferences, by contacting us at privacy@drafted.us, or clicking the unsubscribe link in an email. Please be aware that you cannot opt-out of receiving service messages from us, including security and legal notices.


2.5 Customer Support

We use data to help you and fix problems.


We use the data (which can include profile, communication activity and activity history in some cases) needed to investigate, respond to and resolve complaints and Service issues (e.g., bugs).


We train our support staff to handle your personal information in compliance with our information security policies, including with respect to access rights.  We use tools and monitoring like Hubspot, Fullstory, and Drift to help provide you with better support and services. We ensure that these external tools we use are compliant with our policies.


2.6 Aggregate Insights

We use data to generate aggregate insights.


We use your information to produce aggregate insights on an anonymized basis. For example we may use your data to generate statistics about our Users, their profession or industry, or the demographic distribution of visitors to a site.


2.7 Security and Investigations

We use data for security, fraud prevention and investigations.


We use your data (including your communications) if we think it’s necessary for security purposes or to investigate possible fraud or other violations of our User Agreement or this Privacy Policy and/or attempts to harm our Members or Visitors.


3 How We Share Your Information

Any information you include on your profile, or publicly available information that is added to your profile automatically by our Services can be seen by others.


Profile

Your Drafted  profile will display information about you depending on who is viewing it (e.g., a Member or non-member).  As detailed in our Help Center, your settings, degree of connection with the viewing Member, and search types (e.g., by name or by keyword) impact the availability of your profile and certain fields.


Your employer can see how you use Services they provided for your work (e.g. as a recruiter) and related information. They will not be able to see any activity you take in Personal Mode, such as job searches or individual introduction requests.


3.1 Service Providers

We may use others to help us with our Services.


We use others to help us provide our Services (e.g., maintenance, analysis, audit, payments, fraud detection, marketing and development). They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated to not to disclose or use it for other purposes.  We also use service providers to help us enrich the data that we have about you.


3.2 Legal Disclosures

We share information when we are legally required to do so or when we believe it appropriate to do so.


We may need to share your data with professional advisors (such as attorneys), legal authorities, or regulatory bodies when we believe it’s required by law or to protect your and our rights and security or the rights and security of other users of our Services.


It is possible that we will need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you, (3) investigate and defend ourselves against any third-party claims or allegations, (4) protect the security or integrity of our Service (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of Drafted, our Members, personnel, or others. We attempt to notify Members about legal demands for their personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.  If we share data with a person under this section, as appropriate, we will take measures designed to safeguard your data.  


3.3 Business Transfers

We share information if we engage in a business transaction.


We may disclose your information to another entity in connection with an acquisition, merger, sale or transfer of a business unit or assets, bankruptcy proceeding, if someone invests in us, or as part of any other similar business transaction, including during negotiations related to such transactions. If we share data with a person under this section, as appropriate, we will take measures designed to safeguard your data.  


4. Your Choices & Obligations


4.1 Legal Basis for Processing Your Data

If you are an EU resident, we have an appropriate legal basis for processing your personal data.


If you are an EU resident, we will process your personal data based on one of the following legal bases: as necessary to fulfill a contract; our legitimate business interests provided we respect your rights; your consent; or if necessary, to comply with a legal or regulatory obligation.


4.2 Data Retention

We keep most of your personal data for as long as your account is open.


We retain the personal data you provide while your account is in existence or as needed to provide you Services. Even if you only use our Services when looking for a new job every few years, we will retain your information and keep your profile until you decide to close your account or exercise your right to be forgotten.


In some cases we choose to retain certain information in a depersonalized or aggregated form, for example some of the uses outlined in section 2.


Unless you opt-out or exercise your right to be forgotten, we will retain publicly available data about you in order to provide services to other Members who are connected with you.


4.3 Rights to Access and Control Your Personal Data

You can access or delete your personal data. You have choices about how your data is collected, used and shared.


By default, if there is a Drafted public profile about you - it is accessible to anyone who knows how to find it, including you, but it does not contain any information that is not already available about you, without your consent. Only people in your first or second degree network are able to contact you through Drafted, unless you opt-in otherwise.


You can access and modify your Drafted profile by clicking on it in your Drafted account.


You can opt out at any time by going to explore.drafted.us/forget


4.4 Account Closure

If you choose to close your Drafted account, your personal data will generally stop being visible to others on our Services within 24 hours.


Account information is permanently deleted within 30 days or less of account closure, except as noted below.


We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our User Agreement, or fulfill your request to “unsubscribe” from further messages from us. We will retain de-personalized information after your account has been closed.


Information you have shared with others e.g., referrals you made to your employer remain visible after you closed your account, and we do not control data that other Members copied out of our Services. Your profile picture and name may continue to be displayed in the services of others (e.g., to show that you referred someone).


For further rights that may be available to you, please see section 5 below.


5. Your Rights

If you are an EU individual, you have certain rights under applicable law with respect to your information that we process.


EU Data Subject Request (Data Access Requests)


You may request reasonable access to your data on Drafted. We respond to all Data access requests within the timeframe required under applicable law, typically within 30 days, unless we need additional time to verify your identity or for other permissible purpose, and you can request a copy of your data here.


For Members, most standard Data Access Requests are free of charge, unless there is an excessive number of requests or undue burden through such requests placed on us.


For customers and subscribers of our premium Services, most standard Data Access Requests are included in their subscription, unless there is an excessive number of requests or customized work we need to do in order to serve them.


When you request data from us, we are only able to provide data that belongs to you, and may ask to verify your identity to for security reasons.


If you are in the EU you may, under certain circumstances, also request that we delete your data here. If you wish to correct your information you can do so by editing your profile or by emailing us at privacy@drafted.us.


In addition, Users may have the right to request that certain personal data be exported to another provider where technically feasible, and, under certain conditions, to object to, or restrict our use of certain personal data. You may also contact us to request that we rectify, delete, or stop processing your personal data, to withdraw, your consent to our processing, and, if you are an EEA resident, to exercise your opt-out rights or place a data portability request.


Requests should be directed to privacy@drafted.us. Please keep in mind that certain services will not be available if you withdraw your consent, or otherwise delete or object to our processing of your personal data. We will respond to your request in accordance with applicable law, and we will inform you if we do not intend to comply with your request. You also have the right to lodge a complaint with a supervisory authority. For additional information see explore.drafted.us/privacy.


6. Other Important Information


6.1. Security

We implement security measures to protect your data.


We implement security safeguards designed to protect your data, such as HTTPS. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us.


There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.


6.2. Contact Information

You can contact us to resolve any complaints.


If you have questions or complaints regarding this Policy, please first contact Drafted online, through our Live Chat support line or by emailing privacy@drafted.us.


6.3 Other Entities

We take measures to protect your data when we engage service providers to help us provide our Services.


Drafted does not sell your data to third parties. Drafted does use several service providers, for example, SendGrid for sending emails. The relevant parts of your data that are required for these services are shared with them, such as your email address for SendGrid to be able to send you a message on our behalf.


Drafted chooses external services carefully and does not use services if there is reason to believe that they will sell your personal data to others. Where possible, Drafted requires external services to be contractually obligated to only use and store data required for the specific purpose of providing services to Drafted or its Users.


6.4 International Transfers of Information

To facilitate our global operations, we transfer information collected globally for the purposes described in this policy.


If your information was collected in the European Union or you are an individual resident in the European Union, we will take steps to ensure that the information receives the same level of protection as if it remained within the European Union - in particular:

  • ● when we share data with other third parties,  we either ensure the importer is Privacy Shield compliant, make use of the standard contractual data protection clauses or put in place other appropriate legal mechanisms to safeguard the transfer.


As an individual resident in the European Union, you have a right to receive details of any safeguards that we have where your data is transferred outside the European Union, (e.g. to request a copy where the safeguard is documented, which may be redacted to ensure confidentiality).


7. California Privacy Rights and the California Consumer Privacy Act (CCPA)

If you are a California resident, you may have available to you under California law the rights described below.


In this section, we provide information for California residents, as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”), which requires that we provide California residents certain specific information about how handle their personal information, whether collected online or offline.  Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. It does not include publicly available data as defined by the CCPA.  This section does not address or apply to our handling of personal information that is subject to an exemption under the CCPA.


Except for the Right to Opt-out and the Right to Non-Discrimination described below, this section does not apply to California residents with whom we transact or communicate solely in the context of providing or receiving a product or service to or from a company that employs such residents or engages such residents as contractors. This section also does not apply to personal information we collect about job applicants, independent contractors, or current or former full-time, part-time and temporary employees and staff, officers, directors or owners of Drafted.  


Categories of Personal Information that We Collect, Disclose, and Sell


In this section, we have set forth the categories of personal information that we collect from you, using terminology set forth in the CCPA. As a practical matter, our collection of data from California residents does not vary from other persons, and this section is not intended to differ from what is set forth above. We have identified whether we disclose that information for a business purpose (e.g., when we disclose to service providers who host our website or assist us with advertising).

Right to Opt-out of Sale of Personal Information

We do not sell your personal information.


Sources and Purposes  

We collect the above categories of personal information from the sources described in Section 1 (The Information We Collect About You) and for the purposes described in Section 2 (How We Use Your Data).


Notice at Collection

You have the right to have information about the categories of personal information that we collect about you and how we use that information. All such information is described in this Privacy Policy.


Verifiable Requests to Delete and Requests to Know

Subject to certain exceptions, California residents have the right to make the following requests, at no charge:


Request to Delete: You may request that we delete your personal information, and we will delete such data upon verifiable request subject to any exemptions.


Request to Know: California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance.  California residents also have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including the:


  • • categories of personal information collected;
  • • categories of sources of personal information;
  • • business and/or commercial purposes for collecting and selling their personal information;
  • • categories of third parties/with whom we have disclosed or shared their personal information;
  • • categories of personal information that we have disclosed or shared with a third party for a business purpose; and
  • • categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.


We have provided this information in the main body of the Privacy Policy, to the extent applicable, and in the table set forth above. We do not sell your information.


California residents may make Requests to Know up to twice every 12 months.


Submitting Requests  

Requests to Know, and Requests to Delete may be submitted by  emailing us at privacy@drafted.us. We will respond to verifiable requests received from California consumers as required by law.  An authorized agent submitting a request on behalf of a California resident must demonstrate that the resident provided written permission, signed by the resident authorizing the agent to act on the resident’s behalf. For requests for information and deletion, we may require that the California resident verify its own identity directly with us and directly confirm that the resident provided the authorized agent permission to submit the request.  


Right to Non-Discrimination

The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA. Discrimination may exist where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices, rates, or penalties on residents who exercise their CCPA rights, unless doing so is reasonably related to the value provided to the business by the residents’ data.    


Financial Incentives

At this time, we do not offer any financial incentives to persons based on whether they choose to provide personal information to us.


For more information about our privacy practices, you may contact us as set forth in the “Contact Information” section above.