Data Product Privacy Policy

Effective Date: December 1, 2024

Above Data, Inc. (“Above Data,” “we,” “us,” or “our”) is committed to addressing privacy issues and ensuring transparency regarding how we process data. This DAta Product Privacy Policy (“Policy”) describes our practices in connection with the data we receive and process in relation to our enterprise products and services (“Products”). This Policy is intended to inform consumers and our enterprise customers about how we process data and explains any rights consumers may have.

Our Products only process de-identified data—data that cannot reasonably be used to identify an individual. As part of our commitment to privacy, we do not attempt to reidentify any de-identified data that we receive or process.

1. De-Identified Data and Reidentification Practices 

For the purposes of this Policy, “de-identified data” refers to data that has been stripped of all identifying elements, such as names, addresses, or other personal information, and that cannot reasonably be linked to an individual without additional information. 

We are committed to maintaining the de-identified status of the data we process. We will not attempt to reidentify any de-identified data, and we have implemented both technical measures (such as hashing and encryption) and organizational policies to prevent the reidentification of any data in our systems.

Our privacy practices are designed to comply with applicable privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and other state laws that recognize exemptions for de-identified data.

2. Data We Process

We may process the following types of de-identified data in connection with our Products:

  • Consumer Data: De-identified data about consumer transactions, content consumption preferences and other attributes.
  • Electronic Information: De-identified IP addresses, cookie IDs, device identifiers, and browser information.
  • Aggregated Demographic Information: Generalized or aggregated data about consumer demographics, behaviors, or interests that cannot be used to identify any specific individual.

Clarification on Sensitive Data:  We do not process sensitive categories of information, such as racial or ethnic origin, political opinions, health data, or biometric data, related to individuals. If such information is inadvertently provided to us, it is de-identified and deleted promptly in accordance with our privacy practices.

3. Data Sources

We receive de-identified data from third-party sources, including:

  • Publicly available sources
  • Data aggregators or third-party data providers
  • Enterprise customers

All data received by us is de-identified and cannot reasonably be used to identify an individual.

4. Your Privacy Rights

Under various state laws, consumers may have certain rights concerning their personal information, such as the right to access, correct, or delete their personal information. However, because we only process de-identified data, these rights are not applicable in our case.

Since the data we process cannot be linked back to an identifiable individual, we are unable to fulfill requests for access, correction, or deletion. Attempting to do so would require reidentifying data, which is contrary to our privacy practices and commitments.

5. Opt-Out of Data Sales or Sharing

Our Products process only de-identified data, which is exempt from the definition of personal information under privacy laws like the California Consumer Privacy Act (CCPA/CPRA) and similar state laws. Therefore, we are not required to provide an opt-out link for the sale or sharing of personal information, as we do not sell or share personal data that can be linked to an individual.

6. Use of Cookies and Other Tracking Technologies

Our Products do not use cookies or tracking technologies that can identify or track individual users. Any data processed by our Products is de-identified and aggregated for analytical purposes only.

For any cookie-related activities or browser tracking on our Website, please refer to our Website Privacy Policy 

7. Data Retention

We retain de-identified data for as long as it is necessary to fulfill the business purposes for which it was collected. Since the data is de-identified, it cannot be used to track or identify individuals over time.

8. Children’s Data

We do not knowingly collect personal information relating to children and we take steps to avoid receiving any data that might pertain to children under 13. Our products are not directed to or intended for minors under the age of 18. 

9. Security

We implement appropriate physical, technical, and organizational measures to protect the data we process. These measures are designed to prevent unauthorized access, disclosure, alteration, or destruction of data. However, no data transmission or storage system can be guaranteed to be 100% secure.

If you believe that there has been any issue with data security or privacy, please contact us immediately at [Insert Contact Information].

10. Cross-Border Data Transfers

Although we only process de-identified data, we may transfer this data to affiliates or service providers located in countries outside your country of residence, including the United States. Where data is transferred internationally, we will ensure that appropriate safeguards are in place to protect the de-identified status of the data.

11. Updates to This Policy

We may update this Policy from time to time to reflect changes in our practices or legal requirements. If we make any material changes to this Policy, we will notify you through an appropriate means. The most current version of this Policy will always be available on this page.

12. Contact Us

If you have any questions or concerns about this Policy or our data processing practices, please contact us at info@abovedata.io.