Privacy Notice (October 2023)

This Privacy Notice was developed by Tempo Software Inc. and its related entities (“Tempo”, “we”, “us” or “our”), and applies to Personal Information we collect from visitors, registered users, and licensed users of our “Tempo Services”, including, from our Website (www.tempo.io), Cloud Services (software-as-a-service solutions) and Server/DC Products (Server and data center versions of our products).

This Notice describes how Personal Information is collected, for what purposes it is collected, how we share it, how we handle content you place in Tempo Services, and the steps we take to secure this information.

Contents

  1. Why do we collect Personal Information

  2. How do we collect Personal Information

  3. How we use your Personal Information

  4. With whom do we share your Personal Information

  5. Data retention

  6. Data security

  7. International data transfer

  8. No automated decision-making

  9. California Privacy Rights

  10. Your rights concerning your Personal Information

  11. Complaints

  12. Changes to the Privacy Notice

  13. Contacting us

1. Why do we collect Personal Information

Personal Information is information about you that can be used alone, or combined with other information, to identify you personally. Personal Information is a broad concept and includes a wide range of information such as name, email address, mailing address, IP addresses and cookie identifiers. Personal Information does not include information that has been anonymized such that it does not allow for the identification of a specific individual. We collect Personal Information to operate effectively, and to provide you the best experiences with our Tempo Services.

2. How do we collect Personal Information

We, and our service providers, collect Personal Information in a variety of ways, including, but not limited to when you access our Website, all as described below. When we collect your Personal Information, we will let you know why we are collecting it and how we will use it.

A. Personal Information you provide to us

i. Account and Profile Information

We may collect Personal Information when you register for a company or a user account, modify your account profile, download and install or use our products or services, or apply for a job. Personal Information we collect may include your contact information (name, email address, telephone number, mailing address), information provided for authorization purposes (email address for passwordless login), including through third party services (authentication tokens), information you populate your profile with: name, email address, role, general location information, such as city or town (no precise geographical information) if provided by a user in a field within their profile, etc., the information on your resume/CV and/or cover letter/letter of application (employment history, education, references, etc.), and other information provided during an interview or in a communication with us. You may provide this information directly when you enter it in Tempo Services, or in some cases another user may provide it on your behalf. If you are providing information (including Personal Information) about someone else, you confirm that you have the authority to act for that person, and to agree to this Privacy Notice. We do not request sensitive Personal Information.

ii. User Content

If you create, input, submit, post, upload, transmit, and/or store information (“User Content”) while using the Tempo Services, your Personal information such as name, email address or other contact information will be associated with that User Content. For example, information regarding a problem you are experiencing with a Tempo Service could be submitted to our support team or posted in our public forums. Any information, including Personal Information that you submit to our Website could be visible to the public unless submitted to a secure area within a Website. As another example, if you apply for a job, you will upload your resume to a secure location on a Website.

iii. Payment Information

We may collect and process payment information from you when you subscribe or purchase Tempo Services. Payment information may include masked credit card numbers and other billing information, and is received from third party PCI-compliant service providers.

B. Personal Information we collect from your use of Tempo Services

i. Log files

When you interact with Tempo Services, we may generate log files to help us operate and improve our Tempo Services. Web log files include internet protocol addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your Devices, your mobile carrier, and system configuration information. For our Cloud Services, (i.e., our SaaS solutions), the information we may collect includes the URLs you accessed, usernames as well as elements of content (such as project names, project keys, status names, and JQL filters, page titles and space names) as necessary for the Cloud Services to perform the requested operations. Occasionally, we connect Personal Information to information gathered in our log files as necessary to improve Tempo Services for individual customers.

ii. Information from our desktop apps and browser extensions

  1. If you are using our desktop apps we may also capture usage analytics data, including customer ID, user ID, Operating system, browser version, and users' interactions with the product. Title and name of applications used by the user on their desktop, with timestamps of entry/exit can be captured from applications that a user allows to be tracked by Tempo's desktop app. Such data is also important in understanding where users are encountering issues in the installation and usage process, and to analyze usage patterns to inform development of future capabilities.

  2. If you are using our browser extensions or connectors, we may capture Titles and URLs of visited pages with timestamps of entry/exit. This data is only captured from webpages that a user allows to be tracked by Tempo's browser extensions. It helps us in assisting users with creating time records, automated creation of time records, etc.

iii. Analytics Information from our Website

We collect analytics information using cookies to help us operate and improve our website. For this purpose we may engage our third party service providers, such as our advertising and analytics partners. The analytics information includes elements of content related to the function the user is performing. As such, the analytics information may include Personal Information. To learn more about our analytics collection, please see our .

iv. Usage Data

We may aggregate data about a group or category of services, features or users (“Usage Data”), which typically does not contain Personal Information. If Usage Data contains Personal Information, it is a byproduct of our efforts to understand broader patterns and trends, but it is not an effort by us to examine the content of any particular user.

v. Analytics Information from Cloud Services

We collect analytics information when you use our Cloud Services to help us improve our Tempo Services. For this purpose we may engage our third party service providers, such as our analytics partners. The analytics information consists of the feature and function of the Tempo Service being used, may include the associated license identifier and domain name, the user ID of the individual who is using the feature or function, the sizes and original filenames of attachments, and additional information required to detail the operation of the function and which parts of the Tempo Services are being affected.

vi. Analytics Information from Server/DC Products (including their mobile versions)

We collect analytics information when you use our Server/DC Products to help us improve our Tempo Services. We may collect information about these products on your systems. Some of the information collected is related to your usage of our features and functions, such as, the number of teams, number of accounts, number of workload schemes, and number of holiday schemes. Some of the information collected is related to the operating environment or hosting service, such as the version installed, the name and version of the product, and the customer associated license identifier.

You can disable our collection of analytics information from Server/DC Products via the Administrator settings or by blocking collection at the local network level.

vii. Installer Analytics, Software Updates & License Information

During the installation of our Server/DC Products (including their mobile versions), as well as mobile applications for the Cloud Services, the installer sends analytics information to us to allow us to understand where in the installation process users are experiencing trouble or dropping out. Such products may also communicate with our servers for licensing purposes, as well as to check for updates and patches. Examples of information we collect for these purposes may include the hosting service version installed, the name and version of the product and the server ID, associated license identifier, and IP address of the customer instance.

viii. Cookies and Other Tracking Technologies

We use various technologies to collect information. For more information about our use of cookies, see our . We also collect information using web beacons (also known as “tracking pixels”). Web beacons are electronic images that may be used in our Website, Cloud Services or emails that help us to deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon.

C. Personal Information we collect from other sources

i. Personal Information from third-parties

In order to provide you with certain services, we may obtain Personal Information from our third party service providers to verify and confirm the information you have submitted. For example, if you log into our Tempo Services through a third party service, that service may share your Personal Information with us. Or for example, if you apply for an employment opportunity, we may obtain your Personal information from a recruiter, from a reference or from a background check provider.

3. How we use your personal information

When we use your Personal Information, it will be (a) with your consent, or (b) for one of two basic purposes: (1) to operate our business and provide the Tempo Services (including improving and personalizing), and (2) to send communications, including promotional communications.

A. Operating our Business.

We use your information to provide and improve the Tempo Services we offer and perform essential business operations. This includes operating the products, maintaining and improving the performance of the products, developing new features, conducting research, evaluating your suitability for employment opportunities, and providing customer support. Examples of such uses include the following:

  • Providing the Tempo Services . We use your information to carry out your transactions with us and to provide our Tempo Services to you.

  • Customer support. We use your information to diagnose product problems, and provide other customer care and support services.

  • Continuous Improvement. We use your information to continually improve our Tempo Services, including adding new features or capabilities.

  • If you provide payment information, we use such information solely to collect payment from you. We use a third party service provider to manage credit card processing.

  • Security, Safety and Dispute Resolution. We use your information to protect the security and safety of our Tempo Services and our customers, to detect and prevent fraud, to confirm the validity of software licenses, to resolve disputes and enforce our agreements.

  • Employment Opportunities. We use your information to evaluate your suitability for employment or recruitment opportunities.

  • Business Operations. We use your information to develop aggregate analysis and business intelligence that enables us to operate, protect, make informed decisions, and report on the performance of our business.

  • Legal Obligations. We use your information as required by law.

B. Communications.

We use your information to communicate with you and personalize our communications with you.

C. Consent

If your consent is the basis for our use of your Personal Information, then you have the right to withdraw your consent at any time. If you wish to withdraw consent, please email us in accordance with the “Contacting Us” section.

4. With whom do we share your personal information

A. Our third-party service providers

Some of the services we provide require the involvement of our third party service providers, such as web hosting providers, application development, maintenance, virtual infrastructure (including storage and backup), payment processor providers, communications providers, customer relationship management providers, background check providers; recruitment firms; and software providers. We have carefully selected these third parties and have taken steps to ensure that your Personal Information is adequately protected.

We do not share your Personal Information with third parties for their marketing purposes (including direct marketing).

B. Third-party applications

You may choose to make use of third party Add-Ons in conjunction with Tempo Services. third party Add-Ons are software written by third parties to which you grant access privileges to your content (which may include your Personal Information). This Privacy Notice does not cover the collection or use of your data by third party Add-Ons. You should examine the privacy policies governing each third party Add-Ons.

C. Compliance with Laws and Legal Requests

We may disclose your Personal Information to a third party if we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request.

D. Protection of Tempo Services

We may disclose your Personal Information to a third party, if we believe it is reasonably necessary to (a) enforce our agreements, policies and terms of service; (b) protect the security or integrity of the Tempo Services; (c) to protect Tempo, our customers or the public from harm or illegal activities; or (d) respond to an emergency that we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.

E. Business Transfers

In the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition, any acquirer will obtain your Personal Information subject to our obligations under this Privacy Notice.

F. With Your Consent

We will share your Personal Information with third parties when we have your consent to do so.

5. Data retention

We retain your Personal Information for the length of time required for the specific purpose or purposes for which it was collected. As a part of our effort of not storing unnecessary data too long, after the termination of the Service Agreement Tempo may retain Personal Information for up to three (3) months, except for Tempo Cost Tracker, for which Tempo stores it for one (1) year, which allows you to resume use of the Tempo Services without loss of data. For employment related opportunities, we store your Personal Information for twelve months from the date it was submitted to us. We may be obliged to store some data for a longer time, for example, where a longer time period is required by applicable law. In this case, we will ensure that your Personal Information will continue to be treated in accordance with this Privacy Notice.

When you take part in our early access program (EAP) or similar pre-release testing of our products, we may retain your Personal Information collected during such relations for one (1) year after the end of the EAP, as it is required for the product development, unless we are able to anonymize such data.

6. Data security

We use organizational, technical and administrative measures to protect your Personal Information. Your Personal Information is limited to those who have a proper business need to access it, and those individuals will do so only in an authorized manner and subject to a duty of confidentiality.

Cloud Services are hosted in Amazon Web Services (AWS) data centers. AWS has numerous security certifications and Tempo implements many further security controls to safeguard data. For more information about the security of our Cloud Services, please see our .

Where data is transferred over the Internet as part of our Website or Cloud Services, the data is transmitted using industry standard HTTPS using TLS.

Where Server/DC Products are used, responsibility for securing access to the data you store in the Server/DC Products rests with you and not Tempo. We strongly recommend that administrators of Server/DC Products enable encryption in transit (e.g., HTTPS using TLS) to prevent interception of data transmitted over networks and restrict access to the databases and other storage used to hold data.

Unfortunately, no data transmission or storage system is guaranteed secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by emailing us in accordance with the “Contacting Us” section. Please note that third parties are not responsible for the privacy, security, or integrity of any information collected by us.

7. International data transfers

Tempo Services may be provided using resources and servers located in various countries around the world, including the U.S. and other countries (e.g., our Website is hosted on servers in the U.S.).

Your information may be transferred and processed by third parties outside the country where you use Tempo Services, including to countries outside the European Economic Area (EEA), where the level of data protection may not be deemed adequate by the European Commission (i.e., where you have fewer rights in relation to your information).

Data Controller. If you are a visitor located in the EEA, Tempo Iceland (Tempo ehf.) is the data controller of your Personal Information provided to us through interactions with the Tempo Services. To find out our contact details, please see the “Contacting Us” section below.

We expect that our third party service providers comply with the terms of the EU’s General Data Protection Regulation (GDPR), and that any international data transfers be made under a recognized basis such as the EU Standard Contractual Clauses (SCCs), and/or Binding Corporate Rules (BCR).

8. Tempo Automation

We may use machine learning algorithms or other artificial intelligence technologies to optimize and deliver the products and services we offer to our customers. This may include using the Tempo Automation in our time-tracking services. We will only do so when it is necessary to fulfill our contractual obligations to our customers, and we have appropriate measures in place to protect individuals' rights. Please be assured that we do not make any automated decisions under the GDPR.

9. California Privacy Rights

For California residents We may share your Personal Information with affiliated third parties (such as local, state and regional affiliates and affiliate alliances), but they do not share your name for direct marketing purposes. As this category of affiliated third parties are considered an unaffiliated party under California law, you may opt-out of our disclosure of Personal Information to third parties for their direct marketing purposes. To opt out, please contact us as described in the “Contacting Us” section below.

The California Consumer Privacy Act (CCPA) gives California consumers enhanced rights with respect to their Personal Information that is collected by businesses. First, California consumers may opt out of having their Personal Information sold to other persons or parties. Second, they have a right to know:

  • What specific pieces of information a business, has about them;

  • Categories of Personal Information it has collected about them;

  • Categories of sources from which the Personal Information is collected;

  • Categories of Personal Information that the business sold or disclosed for a business purpose;

  • Categories of third parties to whom the Personal Information was sold or disclosed for a business purpose; and

  • The business or commercial purpose for collecting or selling Personal Information.

In addition, California consumers can request that the Personal Information a business has collected about them be deleted from the business’s systems and records.

Company may be considered a covered business under the CCPA as it collects and processes the Personal Information of California consumers. This Privacy Notice provides the required notices to California consumers. The CCPA also prohibits covered businesses from providing discriminatory treatment to California consumers if they exercise their rights under the Act.

We may share your information with third parties to provide products and services you have requested, when we have your consent, or as described in this Privacy Notice.

To make a “request to know” or request to delete your Personal Information, send us an e-mail at legal@tempo.io with either “Request to Know” or “Request to Delete” in the subject heading. We will use commercially reasonable efforts to honor these requests whether or not you would qualify as a California consumer under the CCPA.

If and to the extent we are considered a covered business under the CCPA, we will confirm receipt of your request within 10 days along with a description of what steps we will take to verify and respond. We must provide the requested information or delete your Personal Information within 45 days of receipt of your request but can use an additional 45 days, but we must let you know the additional time is needed.

When contacting us, we may ask you to provide certain Personal Information, such as your name, email address and/or account login ID and/or password, to verify your request and to match with our records and systems, as well as protect against fraud. We do not retain this Personal Information or use it for any other purpose. Be advised that we search our records and systems only for the preceding 12 months.

Residents of other states may also have similar rights to request information about or delete their Personal Information. To inquire about exercising these rights, please contact us at legal@tempo.io.

Pursuant to California’s “Shine The Light law (California Civil Code § 1798.983), California residents are entitled, once a year and free of charge, to request the disclosure of certain categories of Personal Information to third parties for their own direct marketing purposes in the preceding calendar year if any. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt out of this type of sharing. You may request this information by contacting at legal@tempo.io with “California Shine The Light Request” in the subject line. Please include your mailing address, state of residence and email address with your request.

10. Your rights concerning your personal information

You have the following rights:

  1. To review, change, or delete your Personal Information

  2. To object to direct marketing

  3. To ask about how we are processing your Personal Information

  4. To restrict our processing of your Personal Information

  5. To have a copy of your Personal Information

  6. To transfer your Personal Information from us to another person or business

Should you wish to exercise any of your rights, or if you should have any questions concerning your rights, please contact us using the information in the Contacting Us section. We will respond within one month.

11. Complaints

If you have any complaints about this Privacy Notice or are unsatisfied with any response we provided, you may complain to the supervisory authority in Iceland:

The Icelandic Data Protection Authority Rauðarárstígur 10 105 Reykjavík Iceland Tel. +354-510-9600 e-mail: postur@dpa.is

Additionally, contact details for data protection authorities in the EEA, Switzerland and certain non-European countries are available .

12. Changes to the Privacy Notice

When we update this Privacy Notice, we will revise the update date in the footer below. Any changes to this Privacy Notice will become effective when we post the revised Privacy Notice. Your use of the services following these changes means that you accept the revised Privacy Notice.

13. Contacting us

If you have questions or comments about our privacy practices, please contact us by e-mail at legal@tempo.io or by mail at the following address:

Tempo Software Inc. 10 Mall Road, Suite 301 Burlington, MA 01803, USA

Effective Starting Date: October 18, 2023 ()