Party Popper
NEW: EX Content Library with 125+ comms templates for personalized journeys
Books
Get started
Get a Demo
Get a Demo
Legal and Policy

Platform Privacy Notice

Revised on: December 2, 2024

To find an older version of these terms, go here.

SCOPE AND APPLICABILITY

This Platform Privacy Notice (“Privacy Notice”) applies to your access to and use of Firstup’s and its affiliates’ (Including Dynamic Signal, Inc.’s) digital employee communication and engagement platform(s), websites, mobile applications and other online services (collectively, the “Services”) made available to you by your employer (the “Customer”). Customer controls its instance of the Services (its “Firstup Instance”) and any information submitted by you or Customer through the Services (the “Customer Data”).

The Services are provided by Firstup, Inc. and/or its affiliates, including Dynamic Signal, Inc. (collectively, “Firstup”, “we”, or “our”) on behalf of Customer pursuant to a written agreement between Firstup and Customer (the “Contract”).

This Privacy Notice explains how Firstup collects, uses, and discloses information about you (a “User”) and does not cover the data practices of Customer. Please review Customer’s privacy policy to learn about Customer’s data practices with respect to the Customer Data and Interaction Data (as defined below). This Privacy Notice does not discuss data that is provided by you directly to Firstup, for example, when you fill out a web form to access a webinar or white paper. That data is treated in accordance with and subject to Firstup’s Privacy Notice that is located on its website.

UPDATES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time-to-time. If we make any material changes, we will notify you by revising the date at the top of this Privacy Notice and, in some cases, may provide you with additional notice (such as adding a statement to the Service’s homepage or sending you a notification). We encourage you to review this Privacy Notice whenever you access the Services or otherwise interact with us to stay informed about Firstup’s and Customer’s privacy practices and the choices available to you. If you disagree with the changes to this Privacy Notice, you should deactivate your Services account by contacting Customer.

COLLECTION OF PERSONAL INFORMATION

Information Firstup Receives and Collects

Firstup and Customer will collect and receive Customer Data and data about your interactions with the Services (the “Interaction Data”), which includes, such as:

Account information: To create or update a Services account, you and Customer supply Firstup with certain identifying information such as your name and email address.

Information About Your Use of the Services:
(a) Customer Data. Customers and Users routinely submit Customer Data (such as messages, files or other content submitted through the Firstup Instance) to Firstup when using the Services.
(b) Interaction Data. When you access or use the Services through the Firstup Instance, Firstup automatically collects certain Interaction Data, including:

Log Data Information collected by Firstup’s servers when you access the
Services, including IP addresses, referral URLs, date and time, and
crash data
Device Data Information about your device, including type of device, operating
system, application IDs, and unique device identifiers
Browser Data Information about your browser type and settings, language
preferences, and Cookie data (as further described below)
Analytics Data Approximate location based on your IP address (e.g., geolocation),
information about your time of access, session and duration, and
your interactions with the Services

USES OF INFORMATION

Firstup uses the information it collects to provide, maintain, and improve the Services, such as to deliver and customize the Services and Firstup Instance, administer Customer’s account, and communicate with customers about Firstup’s Services and other products or services that may be of interest.

Customer Data will be used by Firstup in accordance with Customer’s instructions (including to provide the Services) and any applicable terms in the Contract. Firstup uses Interaction Data to operate the Services and business and to improve the Services, including to improve your experience with the Services. More specifically, Firstup uses Customer Data and Interaction Data for the following purposes:

Customer Data Customer’s use of the Firstup Instance and Services, and as required by applicable law. Firstup is a processor of Customer Data and Customer is the controller. Customer may, for example, use the Services to grant and remove access to the Firstup Instance, configure settings, access, modify, export, share, and remove Customer Data, and otherwise apply its policies to the Firstup Instance.
Compliance With Legal Obligations Customer Data and Interaction Data may be used to comply with a
legal obligation including, for example, to access, preserve or disclose certain information if there is a valid legal request from a regulator, law enforcement or others. For example, a search warrant or production order from public authorities, law enforcement to provide information in relation to an investigation, such as your profile picture or IP address.
Legitimate Interest

Firstup and Customer may rely on legitimate interests or the
legitimate interests of a third-party where they are not outweighed by your interests or fundamental rights and freedoms (“legitimate interests”).

Firstup uses Customer Data and Interaction Data for the following legitimate interests:

  • To provide, update, maintain and protect Firstup’s Services,
    and business. This includes the use of Interaction Data to support delivery of the Services under a Contract, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities, or at a User’s request.
    • It is in Firstup’s, Customer’s and your interests to provide, update, maintain and protect Firstup’s Services, and business.
  • To develop and provide search, learning and productivity tools and additional features. Firstup tries to make the Services as useful as possible for its customers and Users. For example, Firstup may:
      • improve search functionality by using Interaction Data to help determine and rank the relevance of content, channels or expertise to a User;
      • identify organizational trends and insights;
      • customize a Services experience; or
      • create new productivity features and products.
    • Certain Customer Data and Interaction Data may be used by Firstup to improve your experience with the Services. For example, based on your title or date of hire, Customer can create groups of Users with whom they want to share certain messages. Customer may also use data regarding how you have interacted with the Services in the past to determine how best to deliver messaging to you (i.e. by using a certain channel and/or by delivering the message at a particular time of day). Also, artificial intelligence and other functionality may make suggestions to you about information that may be useful to you or assist you in creating a post or message by suggesting text. You will be aware of when you are using this functionality.
    • It is in Firstup’s interest and in the interest of Customers and Users to continuously improve and develop the customer support Firstup provides.
  • To investigate and help prevent security issues and abuse.
    Firstup may use a variety of tools such as device fingerprinting to prevent issues and abuse. Firstup may process, including in an automated fashion, Interaction Data to better understand how the Services are used or to prevent spam or abuse.
    • It is in Firstup’s interest to keep the Service secure and to detect, prevent, and address abuse (such as spam) and to investigate and take action in respect of suspicious activity on the Services.
  • To aggregate or de-identify information. In some cases, Firstup aggregates and/or de-identifies information Firstup has associated with you and uses the resulting information, for example, to improve the Services.
  • Firstup Instance data, Customer Data and Integration Data are used for the following legitimate interests:
    • To communicate with you by responding to your requests, comments and questions.
      • If you contact us, we may use your Interaction Data to respond.
    • It is in Firstup’s, Customers’ and Users’ interests to facilitate communication (for example to answer questions from Customers and Users).
    • It is in Firstup’s interest to research and improve the Services;
    • It is in the interests of Firstup, Customers and Users to practice data minimization and privacy by design in respect of their information.
  • Share information with others including law enforcement and to respond to legal requests.
    • It is in Firstup’s interest and the interest of the general public to prevent and address fraud, unauthorized use of Firstup, violations of Firstup’s terms or other harmful or illegal activity; to protect Firstup, Users or others, including as part of investigations or regulatory enquiries; or to prevent death or imminent bodily harm.
  • Transfer, store or process your information outside the European Economic Area. As the Services operate globally, with Customers around the world, Firstup must share information it collects outside of the European Economic Area. Firstup carries out necessary transfers outside the European Economic Area, including to the United States, to provide, update, maintain and protect the Services and Firstup’s business. For more information, review the “International Data Transfers” section below.

Information Collected by Cookies and Other Tracking Technologies

The technologies we may use to collect Interaction Data include small data files placed on your computer or device when you use the Services, commonly known as “Cookies,” as well as “Pixels,” “Web Beacons,” and similar technologies. A Cookie file may contain information that can identify you each time you visit the Firstup Instance. The Firstup Instance may use Cookies as a way to measure activity and traffic patterns on the Firstup Instance in order to improve your experience, monitor usage, compile analytics, and for advertising and marketing purposes.

Your browser can be set to warn you before accepting Cookies and you can choose to refuse Cookies by turning them off in your browser. You do not need to have Cookies turned on to visit the Firstup Instance, but you may need them to use certain features of the Firstup Instance.

Do Not Track Signals

Under the California Online Privacy Protection Act (“CalOPPA”), we want to inform you about our “Do Not Track” (“DNT”) request policy. DNT is a feature that some web browsers offer to allow users to send signals to websites so that no information about their browser session will be shared. While
we take reasonable steps to protect your online privacy, we cannot promise that your Firstup Instance will address every browser setting or honor every personal browser preference. In particular, we have not implemented the necessary programming changes to honor “DNT” browser signals. Please return to this Privacy Notice for further updates on this topic. You can learn more about DNT here: https://www.eff.org/issues/do-not-track.

DISCLOSURE OF PERSONAL INFORMATION

Firstup may disclose any category of personal information, Customer Data and Interaction Data to the following categories of recipients for the purposes described below:

Subsidiaries and
Affiliates		 Firstup may disclose personal information, Customer Data and Interaction Data within the Firstup family of companies to operate and improve our business
IT Providers Firstup may disclose personal information, Customer Data and Interaction Data with its IT providers as needed to operate the Firstup Instance and our business, including with software and web hosting. A
list of our subprocessors can be found here
Business Services
Providers		 Firstup may disclose personal information and Interaction Data with its business services providers, including contractors, consultants, marketing services, security vendors, auditors, information services providers, and professional advisors
Customer Firstup may disclose personal information to Customer in accordance
with Customer’s instructions (including to provide the Services), any
applicable terms in the Contract
Firstup customers Firstup discloses aggregated or de-identified information, which cannot reasonably be used to identify you with its other customers
Protect the rights,
property and safety
of Firstup or others;		 Firstup may disclose your personal information to Customer if Firstup
believes your actions are inconsistent with the platform terms of service or policies
Government and
Legal		 Firstup may disclose personal information, Customer Data and
Interaction Data with public authorities and third parties as may be
required by applicable law, regulation, or legal process
Corporate
Transaction		 Firstup may disclose personal information and Interaction Data as part of a corporate transaction e.g., to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some of assets, whether as a going concern or as a part of bankruptcy, liquidation or similar proceeding as permitted by the Contract

THIRD PARTY PRODUCTS INFORMATION

This Privacy Notice does not apply to any third-party applications or software that integrate with the Services (“Third Party Products”), or any other third-party products, services or businesses who will provide their services under their own terms of service and privacy policy. A Customer
can choose to permit or restrict Third Party Products as part of its use of the Services and Firstup can receive personal data from such Third Party Products. Typically, Third Party Products are software that integrate with our Services, and a Customer can permit its Users to enable and disable these integrations. Once enabled, the provider of a Third Party Product may share certain information with Firstup. For example, if a Customer uses a human resource management system that syncs with the Services in order to manage User authorizations, Firstup may receive the name and email address of Users, along with additional information that the Customer makes available to Firstup to facilitate the integration. Similarly, the information flow from Firstup to a Third Party Product based on the nature of the integration and Customer’s use of the Third Party Product. When an integration with a Third Party Product is enabled, Firstup or the Third Party Product (as applicable) is authorized to connect and access information made available to it in accordance with any permission(s) granted by Customer (including, by its Users).

SECURITY

Firstup takes reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. More information about Firstup’s information security practices can be found here.

DATA RETENTION

Firstup stores the information it collects about you for as long as is necessary for the purpose(s) for which we originally collected it. Given the nature of communications and information processing technology, Firstup cannot guarantee that information during transmission through the internet or while stored on its systems or otherwise in its care will be absolutely safe from intrusion by others.

YOUR PRIVACY RIGHTS

To exercise your rights as enumerated below, you must contact Customer to exercise your rights. If you are unable to do so, please contact us at privacy@firstup.io.

Privacy Rights of European Data Subjects

Under the General Data Protection Regulation (“GDPR”), UK Data Protection Act 2018 (“UK GDPR”), and Swiss Federal Act on Data Protection (“FADP”), and their respective amendments, revisions, and implementing regulations (collectively, the “European Data Protection Laws”),

EU/EEA, United Kingdom, and Swiss data subjects (collectively, “European Data Subjects”) have the following rights concerning their Personal Information:

    • Withdrawal of Consent. If processing is on the basis of consent, you may have the right to withdraw consent to our processing at any time.
    • Access and Rectification. You may have the right to access, correct, and update your personal information.
    • Deletion/Erasure. You may have the “right to be forgotten” through the erasure or deletion of your personal information, except that (1) we may retain certain data to comply with our legal obligations; (2) certain data may not be able to be deleted despite our reasonable efforts to do so; and (3) your organization may input your data into our systems after we have complied with your request (e.g., when it syncs its personnel file), which data will then be treated in accordance with our standard practices.
    • Portability. You may have the right to move, copy, and/or transfer certain Personal Information from the Service to another service.
    • Stop Processing. If processing is on the basis of legitimate interests, you may have the right to object to the processing of your personal information and to ask us to restrict the processing of your personal information, subject to certain limitations.
    • Submit a Complaint. You have the right to submit a complaint to a data protection authority about our collection and use of your Personal Information. Contact details for the UK data protection authorities is located here, for the EU/EEA here, and for Switzerland here.

    Lawful Basis

    Firstup processes the personal information of European Data Subjects on the following lawful bases:

      • Legitimate Interests. Where the processing is necessary for the purposes of the legitimate interests pursued by Firstup or by a third party and not overridden by your fundamental rights and freedoms (e.g., product development and security purposes);
      • Performance of a Contract. Where the processing is necessary for the performance under the Contract (e.g., to provide the Service);
      • Consent. Where you have given explicit consent to the processing of your personal information for one or more specific purposes (e.g., new and unexpected processing activities); and
      • Legal Obligation. Where processing is necessary for compliance with a legal obligation to which Firstup is subject (e.g., compliance with laws and regulations).

      Transfer of European Data Subject Personal Information

      Firstup is based in the United States. Your personal information may be transferred to third countries, including the United States. By sharing personal information with us, you consent to the transfer of your personal information to such third countries. Where applicable, we have adopted appropriate transfer mechanisms to safeguard the transfer of your personal information in accordance with applicable laws, including, (i) the clauses annexed to European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en, as may be updated, amended, and superseded from time-to-time; and (ii) and (2) the UK International Data
      Transfer Addendum (“UK IDTA”) to the EU Commission Standard Contractual Clauses, VERSION B1.0, in force 21 March 2022 available at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf, as may updated, amended, and superseded from time-to-time.

      Retention of European Data Subject Personal Information

      Firstup retains personal information for a period commensurate with the purposes for which the personal information was collected or obtained. The criteria used to determine the retention of personal information includes any time necessary for legal and compliance purposes. Personal information may be retained in archival format (e.g., data backups) beyond its retention period.

      Privacy Rights of California Residents

      This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA,” as amended by the California Privacy Rights Act or “CPRA”.

      California law requires that we detail the categories of personal information that we collect and disclose for certain “business purposes,” such as to service providers that assist us with securing our services or marketing our products, and to such other entities as described in earlier sections of this
      Privacy Notice. In addition to the information provided above in the ‘Information Firstup Receives and Collects’ section, we collect the following categories of personal information from you, Customer, data analytics providers, data brokers, and Third Party Products for our business purposes:

        • Identifiers/contact information;
        • Commercial information;
        • Internet or electronic network activity information;
        • Geolocation information;
        • Professional or employment-related information;
        • Audio and visual data;
        • In limited circumstances where allowed by law, information that may be protected under California or United States law; and
        • Inferences drawn from any of the above categories.

        Firstup collects this information for the business and commercial purposes described in the ‘Uses of Information” section above. We share this information as described in the “Disclosure of Personal Information” section above. Firstup does not sell (as such term is defined in the CCPA or otherwise) the personal information we collect (and will not sell it without providing a right to opt out).

        Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use, disclose, or may sell this information), to delete their personal information, to opt out of any “sales”, to know and opt out of sharing of personal information for delivering advertisements on non-Firstup websites, and to not be discriminated against for exercising these rights.

        If you would like to opt-out of sharing activity based on your cookie identifiers, turn on a Global Privacy Control in your web browser or browser extension. Please see the California Privacy Protection Agency’s website at https://oag.ca.gov/privacy/ccpa for more information on valid Global Privacy Controls. If you would like to opt-out of sharing activity based on other identifiers (like email address or phone number), contact us in accordance with the “Contact Information” section, below.

        Under the CPRA, Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, and Utah Consumer Privacy Act, and their respective implementing regulations (collectively, the “U.S. Privacy Laws”), eligible U.S. state residents may be afforded certain privacy rights subject to certain limitations, including:

          • Right to Know. You may have the right to access the specific pieces of personal information collected about you, the sources from which such information was obtained, the categories of information that have been sold or disclosed for a business purpose, and the commercial purpose for which the information was collected or sold, provided to you in a reasonably portable format.
          • Deletion. You may have the right to request that Customer and Firstup delete any of the personal information Firstup has collected or maintains about you, except that (1) we may retain certain data to comply with our legal obligations; (2) certain data may not be able to be deleted despite our reasonable efforts to do so; and (3) your organization may input your data into our systems after we have complied with your request (e.g., when it syncs its personnel file), which data will then be treated in accordance with our standard practices.
          • Correction. You may have the right to correct inaccuracies in your personal information.
          • Opt-out of the “Sale” and “Sharing” of Personal Information, “Targeted Advertising,” and “Profiling”. You may have a right to opt-out of the “sale” and “sharing” of your personal information, and the use of personal information for “targeted advertising” and “profiling.”
          • Sensitive Personal Information. You may have the right to opt-out of or to consent to the use and disclosure of your sensitive personal information.
          • Restrict Profiling. You may have the right to restrict the use of your personal information for the purposes of profiling.
          • Portability. You may have the right to obtain a copy of certain personal information in portable (e.g., machine readable) format.
          • Opt-out of Automated Decision-making. You may have the right to opt-out to certain types of automated decision-making, subject to certain exceptions.
          • Non-Discrimination. You may have the right to not be discriminated against in the event you exercise your other rights listed above. If you exercise these rights, you will not be denied goods or services, charged a higher rate, or provided with lower quality products or services.

          Privacy Rights of Canadian Residents

          Under Canada’s Personal Information Protection and Electronic Documents Act and the Provincial Privacy Acts (together, the “Canadian Privacy Laws”), and their respective amendments and implementing regulations, Canadian residents are afforded certain privacy rights. If you are a Canadian resident, subject to certain limitations, you have the following rights concerning your personal information:

            • Openness and Transparency. You may have the right to know the personal information we collect about you and the purposes for its collection.
            • Access. You may have the right to access personal information we maintain about you, subject to certain exceptions.
            • Correction. You may have the right to correct inaccuracies in personal information we maintain about you.
            • Right to Deletion. You may have the right to request that Firstup and Customer delete personal information Firstup has collected or maintain about you, except that (1) we may retain certain data to comply with our legal obligations; (2) certain data may not be able to be deleted despite our reasonable efforts to do so; and (3) your organization may input your data into our systems after we have complied with your request (e.g., when it syncs its personnel file), which data will then be treated in accordance with our standard practices.
            • Right to De-indexing. You may have the right to request your personal information be “de- indexed” from certain types of distribution.
            • Right to Withdraw Consent. You may have the right to withdraw consent to our use of your personal information, subject to certain exceptions.

            If you are a resident of Quebec, then for purposes of the Act Respecting Access to Documents Held by Public Bodies and the Protection of Personal Information, Firstup’s Person in Charge is its Head of Information Security and Technology who may be contacted at privacy@firstup.io.

            Transfer of Canadian Personal Information

            Your personal information may be transferred to third countries where an adequate level of data protection can be ensured. By sharing personal information with us, you consent to the transfer of your personal information to such third countries.

            Privacy Rights of Australian Residents

            Under the Australia Privacy Act and state and territory laws (together, the “Australia Privacy Acts”), and their respective amendments and implementing regulations, Australian residents are afforded certain privacy rights. If you are an Australian resident, subject to certain limitations, you have the following rights concerning your personal information:

              • Notice. You may have the right to reasonable notice about the personal information we collect, its uses, and our privacy practices and contact information.
              • Access. You may have the right to access personal information we maintain about you, subject to certain exceptions.
              • Correction. You may have the right to correct inaccuracies in personal information we maintain about you.
              • Pseudonymization. You may have right to not identify yourself, or to use a pseudonym, when dealing with us, subject to certain exceptions.

              Transfer of Australian Personal Information

              Your personal Information may be transferred to entities outside of Australia where reasonable steps are taken to ensure the Australian Privacy Principles are applied to your personal information. Otherwise, by sharing Personal Information with us, you expressly consent to the transfer of your Personal Information to entities outside of Australia.

              USE BY MINORS

              Firstup does not knowingly collect personal information from or about minors who are 16 years of age or younger. Minors should not use the Firstup Instance or otherwise provide us their personal information. If we learn that we have collected or received personal information from a minor without verification of parental consent, we will delete that information. If you believe we might have inadvertently collected personal information from or about a minor, please contact us at privacy@firstup.io.

              CONTACT INFORMATION

              If you have any questions about this Privacy Notice, please contact us at:
              In the U.S. and other locations outside of Europe:

              Firstup, Inc.
              1 Montgomery Street, Suite 2150
              San Francisco, CA 94104
              United States
              Email address: privacy@firstup.io
              Phone: 844.975.2533

              In Europe:

              Firstup UK Limited
              New Penderel House, 4th Floor
              283-288 High Holborn,
              London WC1V 7HP
              United Kingdom
              Email address: privacy@firstup.i

              Table of Contents