Our Privacy Principles
If you read nothing else, please read this:
- The most fundamental privacy principle we follow is that by default, anything you post to Exigo is private to your team. That is, viewing the messages and files shared within a specific team requires authentication as a member of that team.
- Exigo is the custodian of data on behalf of the teams that use Exigo. We don’t own team communication data. Teams own their data. They like it that way and so do we.
- At Exigo we believe that more transparency is better than less. We try to make our product easy to use, with settings and options that are easy to find and understand. This is good for privacy, good for the product, and good for Exigo customers and users.
- We think that having more information be easily accessible and searchable wherever you go, whatever device you have, is better than having less. So this is how we built Exigo.
- Privacy goes hand in glove with security and confidentiality. We see these things being the three legs that keep the stool balanced and upright. Each is as important as the other and if one is missing the stool won’t stand. They are all very important to us and we take them very seriously.
This policy describes how Exigo treats your information, not how other organizations treat your information. If you are using Exigo in a workplace or on a device or account issued to you by your employer or another organization, that company or organization likely has its own policies regarding storage, access, modification, deletion, and retention of communications and content which may apply to your use of Exigo. Content that would otherwise be considered private to you or to a limited group of people may, in some cases, be accessible by your Team Owner or administrator. Please check with your employer, Team Owner or administrator about the policies it has in place regarding your communications and related content on Exigo. More on this below.
In this policy we talk about various roles within a Exigo team and the privileges that come with each. It’s helpful to understand these roles and the relationships between them. Here’s the breakdown: Admin > User. Admins have the most control over their team’s settings on Exigo. They can create tags, delete tags and administer users.
Information we collect and receive
We collect different kinds of information. Some of it is personally identifiable and some is non-identifying or aggregated. Here are the types of information we collect or receive:
- Team information. When you create a team on Exigo, we collect your email address (as the Admin), your team name, Exigo domain (ex: your-team-name.exigo.io), your user name that appears in your Exigo team, and password. Optionally, you can provide your phone number and job title.
- Account and profile information. The only information we require to create your Exigo account is an email address, password and your name. Optional information you can enter into your profile includes information such as your job title, your picture and your phone number. Any information you add to your profile is visible to other people on your team as described on your profile management page.
- Log data. When you use Exigo, our servers automatically record information, including information that your browser sends whenever you visit a website or your mobile app sends when you’re using it. This log data may include your Internet Protocol address, the address of the web page you visited before coming to Exigo, your browser type and settings, the date and time of your request, information about your browser configuration and plug-ins, language preferences, and cookie data. Log data does not contain message content and is not routinely deleted.
- Device information. In addition to log data, we may also collect information about the device you’re using Exigo on, including what type of device it is, what operating system you’re using, device settings, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on what type of device you’re using and its settings.
- Geo-location information. Precise GPS from mobile devices is collected only with your permission. WiFi and IP addresses received from your browser or device may be used to determine approximate location.
- Exigo usage information. This is information about which teams, tags, people, features, content, and links you interact with within Exigo and what integrations with related services you use.
- Service integrations. If you integrate with another application on Exigo we will connect that service to ours.
- Integrations can only be added by Admins.
- We do not receive or store your passwords for any of these services.
- If you add an integration, the third party provider of the integration may share certain information about your account with Exigo. Exigo is not responsible for how teams may use and collect data through integrations.
- An integration can be removed at any time. Removing an integration unbinds that integration on a go-forward basis. That does not, however, delete the content that was received from the integration and indexed within Exigo. That content must be deleted manually.
- Communication content that you send and receive within Exigo. This includes:
- The message content itself. This content can include messages, pictures, files and video among other types of files.
- When messages or files were sent and by whom, when or if they were seen by you, and where you received them (in a post or direct message, for example).
- Information from partners or other 3rd parties. Exigo may receive information from partners or others that we could use to make our own information better or more useful. This might be aggregate level information about which IP addresses go with which zip codes or it might be more specific information about how well an online marketing or email campaign performed.
Cookies are small text files sent by us to your computer and from your computer to us, each time you visit our website. They are unique to your Exigo account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.
Some cookies are associated with your Exigo account and personal information in order to remember that you are logged in and which teams you are logged into. Other cookies are not tied to your Exigo account but are unique and allow us to do site analytics and customization, among other similar things. If you access Exigo through your browser, you can manage your cookie settings there but if you disable all cookies you may not be able to use Exigo.
Exigo sets and accesses our own cookies on our company-owned domains. In addition, we use 3rd parties like Google Analytics for website analytics. You may opt-out of third party cookies from Google Analytics on its respective website. We do not currently recognize or respond to browser-initiated Do Not Track signals as there is no consistent industry standard for compliance.
How we use your information
We use your information for the following:
- Providing the Exigo service. We use information you provide to authenticate you and deliver message content to you and from you
- Understanding and improving our products. To make the product better we have to understand how users are using it. We have a fair bit of data about usage and we intend to use it many different ways to improve our products, including research. This policy is not intended to place any limits on what we do with usage data that is aggregated or de-identified so it is no longer tied to a Exigo user.
- Investigating and preventing bad stuff from happening. We work hard to keep Exigo secure and to prevent abuse and fraud.
- Communicating with you
- Solving your problems and responding to your requests. If you contact us with a problem or question, we will use your information to respond to that request and address your problems or concerns.
- In-product communications. We may use the information you provide to contact you through in-product messaging tools. For example, if, after, a few weeks of using Exigo we notice that your notification setting is set to notify you of all messages, we may send you a message that suggests you change this in case you are getting too many notifications. This is just one example of how we use information about your usage of the product to make suggestions to you.
- Email messages. We may send you service and administrative emails, such as when we notice that you are nearing a storage or user limit. We may also contact you to inform you about changes in our services, our service offerings and important service related notices, such as changes to this policy or security and fraud notices. These messages are considered part of the service and you may not opt-out of them. In addition, we sometimes send emails to Exigo users about new product features or other news about Exigo. You can opt-out of these at any time.
Sharing and Disclosure
There are times when communications and related content and other user information may be shared by Exigo. This section discusses only how Exigo may share user information. Organizations that use Exigo may have their own policies for sharing and disclosure of information they can access through Exigo. Exigo may share information:
- With consent, to comply with legal process, or to protect Exigo and our users. When we have your consent or if we believe that disclosure is reasonably necessary to comply with a law, regulation or legal request; to protect the safety, rights, or property of the public, any person, or Exigo; or to detect, prevent, or otherwise address fraud, security or technical issues. If we receive a law enforcement or other third party request for information we will provide prior notice to the subject of the request where we are legally permitted to do so. For more information on Exigo’s policies for responding to requests for user data.
- Integrations. If you add an integration, Exigo may share information about you or your team with the provider of the integration. Exigo is not responsible for how the provider of the integration may collect and use your data.
- About you with your organization or Team Administrator(s).
- We may share your email address and team name with your organization. If the email address under which you’ve registered your account belongs to or is controlled by an organization (to be clear, we’re not talking about free web-based email providers like Gmail, Hotmail or Yahoo! Mail) we may disclose that email address and associated team names to that organization in order to help it understand who associated with that organization uses Exigo, and to assist the organization with its enterprise accounts. Please do not use a work email address for our services unless you are authorized to do so, and are therefore comfortable with this kind of sharing.
- In addition, there may be times when you contact Exigo to help resolve an issue specific to a team you are a member of. In order to help resolve the issue, we may need to share your concern with your administrator. When possible, we will try to mask or remove any identifying information before sharing these communications.
- For Business and Research Purposes.
- We may also share aggregated or de-identified information with our partners or others for business or research purposes. For example, we may tell a prospective Exigo customer the average number of messages sent within an Exigo team in a day or may partner with research firm or academics to explore interesting questions about workplace communications. Again, this policy is not intended to prohibit the disclosure and use of aggregated or de-identified data.
Exigo takes reasonable steps to protect information you provide to us as part of your use of the Exigo service from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store and the current state of technology. When you enter sensitive information (such as sign-in credentials) we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once we receive it. However, no electronic or email transmission or digital storage mechanism is ever fully secure or error free.
To learn more about current practices and policies regarding security and confidentiality, please see our Security Practices; we keep that document updated as these practices evolve over time.
Exigo is not directed to children under 13. If you learn that a minor child has provided us with personal information without your consent, please contact us.
We may change this policy from time to time, and if we do we’ll post any changes on this page. If you continue to use Exigo after those changes are in effect, you agree to the revised policy. If the changes are material, we may provide more prominent notice or seek your consent to the new policy.
708 S. Lamar Blvd. Suite C.