Data Product Privacy Policy
Effective Date: December 1, 2024
Above Data, Inc. (“Above Data,” “we,” “us,” or “our”) is committed to addressing privacy issues and ensuring transparency regarding how we process data. This DAta Product Privacy Policy (“Policy”) describes our practices in connection with the data we receive and process in relation to our enterprise products and services (“Products”). This Policy is intended to inform consumers and our enterprise customers about how we process data and explains any rights consumers may have.
Our Products only process de-identified data—data that cannot reasonably be used to identify an individual. As part of our commitment to privacy, we do not attempt to reidentify any de-identified data that we receive or process.
1. De-Identified Data and Reidentification Practices
For the purposes of this Policy, “de-identified data” refers to data that has been stripped of all identifying elements, such as names, addresses, or other personal information, and that cannot reasonably be linked to an individual without additional information.
We are committed to maintaining the de-identified status of the data we process. We will not attempt to reidentify any de-identified data, and we have implemented both technical measures (such as hashing and encryption) and organizational policies to prevent the reidentification of any data in our systems.
Our privacy practices are designed to comply with applicable privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and other state laws that recognize exemptions for de-identified data.
2. Data We Process
We may process the following types of de-identified data in connection with our Products:
- Consumer Data: De-identified data about consumer transactions, content consumption preferences and other attributes.
- Electronic Information: De-identified IP addresses, cookie IDs, device identifiers, and browser information.
- Aggregated Demographic Information: Generalized or aggregated data about consumer demographics, behaviors, or interests that cannot be used to identify any specific individual.
Clarification on Sensitive Data: We do not process sensitive categories of information, such as racial or ethnic origin, political opinions, health data, or biometric data, related to individuals. If such information is inadvertently provided to us, it is de-identified and deleted promptly in accordance with our privacy practices.
3. Data Sources
We receive de-identified data from third-party sources, including:
- Publicly available sources
- Data aggregators or third-party data providers
- Enterprise customers
All data received by us is de-identified and cannot reasonably be used to identify an individual.
4. Your Privacy Rights
Under various state laws, consumers may have certain rights concerning their personal information, such as the right to access, correct, or delete their personal information. However, because we only process de-identified data, these rights are not applicable in our case.
Since the data we process cannot be linked back to an identifiable individual, we are unable to fulfill requests for access, correction, or deletion. Attempting to do so would require reidentifying data, which is contrary to our privacy practices and commitments.
5. Opt-Out of Data Sales or Sharing
Our Products process only de-identified data, which is exempt from the definition of personal information under privacy laws like the California Consumer Privacy Act (CCPA/CPRA) and similar state laws. Therefore, we are not required to provide an opt-out link for the sale or sharing of personal information, as we do not sell or share personal data that can be linked to an individual.
6. Use of Cookies and Other Tracking Technologies
Our Products do not use cookies or tracking technologies that can identify or track individual users. Any data processed by our Products is de-identified and aggregated for analytical purposes only.
For any cookie-related activities or browser tracking on our Website, please refer to our Website Privacy Policy
7. Data Retention
We retain de-identified data for as long as it is necessary to fulfill the business purposes for which it was collected. Since the data is de-identified, it cannot be used to track or identify individuals over time.
8. Children’s Data
We do not knowingly collect personal information relating to children and we take steps to avoid receiving any data that might pertain to children under 13. Our products are not directed to or intended for minors under the age of 18.
9. Security
We implement appropriate physical, technical, and organizational measures to protect the data we process. These measures are designed to prevent unauthorized access, disclosure, alteration, or destruction of data. However, no data transmission or storage system can be guaranteed to be 100% secure.
If you believe that there has been any issue with data security or privacy, please contact us immediately at [Insert Contact Information].
10. Cross-Border Data Transfers
Although we only process de-identified data, we may transfer this data to affiliates or service providers located in countries outside your country of residence, including the United States. Where data is transferred internationally, we will ensure that appropriate safeguards are in place to protect the de-identified status of the data.
11. Updates to This Policy
We may update this Policy from time to time to reflect changes in our practices or legal requirements. If we make any material changes to this Policy, we will notify you through an appropriate means. The most current version of this Policy will always be available on this page.
12. Contact Us
If you have any questions or concerns about this Policy or our data processing practices, please contact us at info@abovedata.io.