DevGrid Privacy Statement

DevGrid, Inc. (“DevGrid”, “we”, “us”, or “our”) is a business-to-business software-as-a-service company. We provide our platform to organizations and their authorized users under written commercial agreements.

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Statement describes DevGrid’s policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Statement as we undertake new personal data practices or adopt new privacy policies.

This Privacy Statement applies to personal data that DevGrid processes as a controller — for example, personal data about visitors to our website, prospective customers, customer points of contact, job applicants, and our own personnel. Where DevGrid processes personal data on behalf of its business customers in connection with the DevGrid services, DevGrid acts as a processor and the relevant customer is the controller. The processing of such customer-provided personal data is governed by the data processing terms in DevGrid’s agreement with the customer.

DevGrid is incorporated in the State of Delaware and based in the United States. DevGrid has designated a privacy contact for you to reach if you have any questions or concerns about DevGrid’s personal data policies or practices, or if you would like to exercise your privacy rights.

DevGrid collects personal information about its website visitors, prospective customers, customer points of contact, and authorized users of the DevGrid services. With limited exceptions, this information is generally limited to:

• name
• job title
• employer name
• work address
• work email
• work phone number
• account credentials and identifiers used to access the DevGrid services
• communications you send to us, including support requests and feedback

We use this information to provide prospects and customers with information about our products and services; to deliver, support, and improve the DevGrid services; to manage our customer and prospect relationships; to communicate with you; and to comply with our legal, regulatory, and contractual obligations.

We do not sell personal information to anyone, and we only share it with third parties who are facilitating the delivery of our services or as otherwise described in this Privacy Statement.

From time to time, DevGrid receives personal information about individuals from third parties. Typically, information collected from third parties will include further details on your employer or industry. We may also collect your personal data from a third-party website (e.g., LinkedIn) where you have made that information publicly available or have authorized it to be shared.

As is true of most other websites, DevGrid’s website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system, and other usage information about the use of DevGrid’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.

DevGrid has a legitimate interest in understanding how customers, prospective customers, and other visitors use its website. This assists DevGrid with providing more relevant products and services, communicating value to its customers, and providing appropriate staffing to meet customer needs.

DevGrid makes available a Cookie Notice that describes the cookies and tracking technologies used on the DevGrid website and provides information on how users can accept or reject them.

The personal information DevGrid collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage, processing, and retrieval on DevGrid’s behalf. On occasion, DevGrid engages third parties to send information to you, including information about our products, services, and events.

We do not otherwise reveal your personal data to non-DevGrid persons or businesses for their independent use unless: (1) you request or authorize it; (2) the information is provided to comply with the law (for example, in response to a search warrant, subpoena, or court order), to enforce an agreement we have with you, or to protect our rights, property, or safety, or the rights, property, or safety of our employees or others; (3) the information is provided to our agents, vendors, or service providers who perform functions on our behalf under written contracts that require equivalent protection of the information; (4) to address emergencies or acts of God; or (5) to address disputes, claims, or in response to persons demonstrating legal authority to act on your behalf. We may also gather aggregated data about our services and website visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, and/or other third parties for marketing or promotional purposes.

The DevGrid website may connect with third-party services such as LinkedIn, X (formerly Twitter), and others. If you choose to share information from the DevGrid website through these services, you should review the privacy policy of that service. If you are a member of a third-party service, the aforementioned connections may allow that service to connect your visit to our site to your personal data.

DevGrid is based in the United States. Information we collect about you will be processed in the United States. By using DevGrid’s services, you acknowledge that your personal information will be processed in the United States.

EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Framework. DevGrid complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. DevGrid has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. DevGrid has further certified that it adheres to the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Scope and onward transfers. Our DPF certification covers personal data received from the European Economic Area, the United Kingdom, and Switzerland, including human resources data transferred from these regions in the context of the employment relationship. DevGrid is responsible for the processing of personal data it receives under each Data Privacy Framework and subsequently transfers to a third party acting as an agent on its behalf. DevGrid complies with the DPF Principles for all onward transfers of personal data from the EEA, the UK, and Switzerland, including the onward transfer liability provisions.

Regulatory oversight. With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, DevGrid is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, DevGrid may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Independent recourse mechanism. In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, DevGrid commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the DPF should first contact DevGrid at privacy@devgrid.io.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, DevGrid commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in the context of the employment relationship.

Binding arbitration. You may, under certain conditions, invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. For more information, see Annex I of the EU-U.S. DPF Principles at https://www.dataprivacyframework.gov/.

Standard Contractual Clauses as fallback.Where a transfer of personal data from the EEA, the UK, or Switzerland cannot rely on the Data Privacy Framework, DevGrid provides appropriate safeguards pursuant to Article 46 of the GDPR (and the equivalent provisions of UK and Swiss law) by entering into the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or the Swiss Federal Data Protection and Information Commissioner-approved transfer mechanism, as applicable. DevGrid also enters into data processing agreements with its vendors whenever feasible and appropriate.

Depending on the circumstance, DevGrid also collects and transfers to the U.S. personal data with consent; to perform a contract with you; or to fulfill a compelling legitimate interest of DevGrid in a manner that does not outweigh your rights and freedoms.

For more information or if you have any questions, please contact us at privacy@devgrid.io.

The European Union’s General Data Protection Regulation (GDPR), the UK GDPR, and other applicable privacy laws provide certain rights for data subjects. Data Subject rights under the GDPR include the following:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right of data portability
• Right to object
• Rights related to automated decision-making, including profiling

This Privacy Statement is intended to provide you with information about what personal data DevGrid collects about you and how it is used.

If you wish to confirm that DevGrid is processing your personal data, or to have access to the personal data DevGrid may have about you, please contact us at privacy@devgrid.io.

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside DevGrid might have received the data from DevGrid; what the source of the information was (if you didn’t provide it directly to DevGrid); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by DevGrid if it is inaccurate. You may request that DevGrid erase that data or cease processing it, subject to certain exceptions. You may also request that DevGrid cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how DevGrid processes your personal data. Where technically feasible, DevGrid will — at your request — provide your personal data to you in a portable format.

Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, DevGrid will provide you with a date when the information will be provided. If for some reason access is denied, DevGrid will provide an explanation as to why access has been denied.

For questions or complaints concerning the processing of your personal data, you can email us at privacy@devgrid.io. Alternatively, if you are located in the European Union, you may also have recourse to your national data protection authority.

DevGrid maintains a documented information security program that includes administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, disclosure, alteration, or destruction. These safeguards include access controls, encryption in transit and at rest where appropriate, logging and monitoring, employee training, and vendor due diligence. No system is perfectly secure, and DevGrid cannot guarantee absolute security of information transmitted to or stored by DevGrid.

Your personal data is stored by DevGrid on the servers of the cloud-based infrastructure providers DevGrid engages, located in the United States. DevGrid retains customer service data for the duration of the customer’s business relationship with DevGrid and for a period of time thereafter, in order to analyze the data for DevGrid’s own operations and for historical and archival purposes associated with DevGrid’s services. DevGrid retains prospect data until such time as it no longer has business value and is purged from DevGrid’s systems. All personal data that DevGrid controls may be deleted upon verified request from data subjects or their authorized agents, subject to legal, regulatory, and contractual retention requirements. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at privacy@devgrid.io.

The DevGrid services are intended for use by businesses and their authorized personnel. We do not direct our services to children, and we do not knowingly attempt to solicit or receive information from children.

If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at: