Privacy Policy

ONE DUCK THEORY

PRIVACY NOTICE

Last Modified on September 7, 2021

Please read this privacy notice carefully, as it contains important information on who we are, how and why we collect, store, use, and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities if you have a complaint.

1. Who we are

One Duck Theory LLC (“One Duck Theory,” “We,” or “Us”) collects, uses, and is responsible for certain personal information about you, in providing you with the mobile software application, including the website located at oneducktheory.com (collectively, the “Service”).

For those in the European Union, we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as a controller of that personal information for the purposes of those laws.

2. The Personal Information we collect and use

Information collected by us: In providing the Service, we collect the following personal information either automatically or when you voluntarily provide it to us:

Type of data collected

Examples of the data collected

How we use the data

Our legal basis for collecting the data

Contact Information

Your name, email address, and any device specific information required to provide support

For customer and technical support, marketing and promotional emails, surveys, and for the operation of contests and sweepstakes

Based on your explicit consent, under GDPR Art. 6 (1) (a).

Technical Information

Your IP address, device information, and system configuration information

Operation of the Service, and for analytics and Service improvements

To fulfill a contract with you, under GDPR Art. 6 (1) (b).

Advertising Information

Unique device identifiers for advertising (Google Advertiser ID or IDFA, for example), device information, usage data, demographic information, location, cookie data, IP and/or MAC address

To personalize advertisements to your interests

Based on our legitimate interest, under GDPR Art. 6 (1) (f).

Analytic Information

Device and user information, including:

  • Number of users and sessions
  • Session duration
  • Operating systems
  • Device models
  • Geography
  • First launches
  • App opens
  • App updates
  • In-app purchases
  • In-app events

Analyzing user behavior and to operate and improve the service

Based on our legitimate interest, under GDPR Art. 6 (1) (f).

Information shared with us: In operating the Service, certain third parties may share personal information with us. These are:

Third party sharing the information with us Examples of the data shared How we use the data
Facebook or other social networks If you connect your Facebook or other social network account to the Service, it may share your name, email address, and profile information with us To provide you with the Service or to contact you for Service-related issues, such as customer service or marketing and promotional communications
Google and Apple Analytic information and information about your purchases on the Service To improve and operate the Service, to ensure that you are credited with any purchases you make through the Google Play Store and Apple App Store, and for customer service purposes

Who we share your Personal Information with: We share your personal information with certain third parties in operating the Service. This enables us to provide you with the Service in the optimal way.

Some of those third-party recipients may be based outside the European Economic Area — for further information, including how we safeguard your personal data when this occurs, see their individual privacy policies linked to above and the section entitled “Transfer of your Information out of the EEA,” below.

We share your Personal Information with the following third parties:

Reason for sharing

What information is being shared?

Who is it being shared with?

The third party’s privacy policy

Service operation and traffic optimization; Backups

Technical Information, Contact Information

Cloudflare and Amazon Web Services

Cloudflare: https://www.cloudflare.com/privacypolicy/

Amazon: https://aws.amazon.com/compliance/data-privacy-faq/

Newsletters and other marketing communications

Contact Information

Mailchimp

https://mailchimp.com/legal/privacy/

Surveys

Contact Information

TapResearch

Note: Any information you enter into a questionnaire or survey hosted by TapResearch on the Service is provided to TapResearch directly and is subject to their privacy policy.

https://www.tapresearch.com/legal/privacy-policy-en

Advertisements

Advertising Information

Advertising Partners

A list of our advertising partners and their privacy policies is available at: https://oneducktheory.com/privacy/partners

Fraud Prevention

Technical Information

Google’s Recaptcha

https://policies.google.com/privacy?hl=en-GB

Analytics

Analytic Information

Google Analytics

https://policies.google.com/privacy?hl=en-GB

In addition to the above, we will also share your personal information if we have a good faith belief that (i) access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process, such as a court order or subpoena, or a request by law enforcement or governmental authorities, (ii) the action is necessary to detect, prevent, or otherwise address fraud, security or technical issues associated with the Service, or (iii) the action is appropriate to protect One Duck Theory’s or its employees’, clients’, or users’ rights, property, or safety.

We will not share your personal information with any other third party.

How long your Personal Information will be kept: We will keep your Personal Information for the length of time required to provide you with the Service, unless a longer retention period is required or permitted by law. Afterwards, we delete all aforementioned data in our possession within a reasonable timeframe. We do not verify the correctness of personal data that we collect or you provide.

Please note that some data may be retained, if necessary to resolve disputes, enforce our user agreements, and comply with technical and legal requirements and constraints related to the security, integrity, and operation of the Service.

Children’s Privacy: We do not knowingly collect any personal information from children under the age of 13, nor do we allow them to create accounts, sign up for newsletters, make purchases, or use the Service. In addition, we may limit how we collect, use, and store some of the information of EU users between 13 and 16.

“Do Not Track” Signals: Because there’s not yet a consensus on how companies should respond to web browser-based or other “do not track” mechanisms yet, we do not respond to web browser-based do not track signals.

Cookies: Any use of Cookies or similar tracking tools by the Service, or by third-party services used by the Service, is for the purpose of providing the Service as required by you, in addition to any other purposes described in this privacy notice and in our Cookie Policy, if any.

Mobile Advertising Opt-Out: If you would like more information about online advertising and your choices about not having personal information used to personalize ads for you, please see the following links:

3. Transfer of your Information out of the EEA

One Duck Theory is based in the United States. No matter where you are located, you consent to the processing, transfer and storage of your information in and to the United States, in accordance with the privacy policies of third parties with whom we share your personal information. The laws of these countries governing data collection and use may not be as comprehensive or protective as the laws of the country where you live.

If you would like further information, please contact us (see “How to contact us” below).

4. EU Residents – Your Rights

Under the laws of the General Data Protection Regulation in the EEA, you have a number of important rights with regard to your personal data.

  • By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.
  • If we are processing your personal data for reasons of consent or to fulfill a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.
  • If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.
  • You have the right to ask us to stop using your information for a period of time, if you believe we are not doing so lawfully.
  • Finally, in some circumstances, you can ask us not to reach decisions affecting you using automated processing or profiling.

If you would like to exercise any of those rights, please email us at [email protected]. We may ask for additional verification information, such as your username and other information required to be sure that you are the owner of that data.

5. California Residents – Your Rights

If you are a California resident, beginning on January 1, 2020, the California Consumer Privacy Act (CCPA) gives you the following rights:

Right to Know: You can ask us what personal data we hold about you and request a copy of the information. This information includes:

  • The categories of personal information we have collected about you.
  • The categories of sources from which we collect the personal information.
  • The business or commercial purpose for collecting your personal information.
  • The categories of third parties with whom we share that information.
  • The specific pieces of personal information we have collected about you.

Right to Delete: You can request that your personal information be erased. However, there are some exceptions to this right, in situations where we:

  • Need to complete the transaction for which the personal information was collected, provide a good or service that you requested, or that is reasonably anticipated within our ongoing business relationship with the consumer, or to otherwise perform a contract between us.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
  • Debug to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law.
  • Need to comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
  • Enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with us.
  • Need to comply with a legal obligation.
  • Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Right to Opt Out: One Duck Theory does not sell any of your personal information for any purposes.

Other Rights: In addition to the rights above, you also have the right to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the calendar year preceding your request. This request is free and may be made only once a year.

You also have the right not to be discriminated against for exercising any of the rights of California residents listed in this section.

If you would like to exercise any of the rights listed above, please contact us at the addresses below in the section entitled “How to contact us.”

6. Brazil Residents

If you are a resident of Brazil, you have several important rights free of charge under the Lei Geral de Proteção de Dados (“LGPD”). These rights apply to any data collected or processed in Brazil, as well as any data processed for the purpose of providing goods or services in Brazil.

These rights include the right to:

  • Know when we use your information
  • Access your personal information
  • Correct any errors with your personal information
  • Anonymize, block, or delete data that we do not need or are not processing in compliance with the LGPD
  • Request we transfer your data to another provider
  • Delete personal data
  • Be informed about who we share your data with
  • Be informed about your ability to deny consent and any consequences of such a denial
  • To revoke your consent

If you would like to exercise any of those rights, please email us at [email protected]. We may ask for additional verification information, such as your username and other information required to be sure that you are the owner of that data.

7. Keeping your Personal Information secure

One Duck Theory LLC takes privacy and security very seriously. We do not want to just pay lip service to customers for such important topics, so we have a wide variety of security controls in place and are always looking to improve our security posture.

  • All connections to the Service must use a modern encryption algorithm/cipher. Auto negotiation is performed to ensure compliance.
  • The One Duck Theory email server automatically tries to negotiate the highest encryption algorithm available from any other mail server for sending/receiving emails.
  • Our network is highly segmented and isolated, with every VLAN only allowing the minimum necessary ports/traffic for inter-VLAN traffic as well as traffic from the WAN.
  • Additionally, our network is protected by IDS/IPS, Geo-IP blocking, reputation based blocking, and various other perimeter defenses.
  • Our infrastructure was built from the ground up with the principle to limit access to personal information as much as possible at every step.
  • Company data on the company’s servers is encrypted at rest and in motion. The servers themselves use encrypted storage.
  • Frequent encrypted backup images are taken and stored both locally and in a secure off-site data center.
  • Multi-factor authentication (MFA) is utilized wherever possible, including for password management used by any of our employees as well as for management of the off-site data center.
  • All company systems are regularly patched/updated, and anti-spam and anti-virus systems are in place where applicable.
  • IP access controls, permissions, brute-force lockouts, and other mechanisms help prevent anyone besides company personnel from administering company systems.
  • Also, since there’s no such thing as perfect security, various custom monitors also watch for suspicious activity on company systems at several layers with daily reports.
  • Finally, 3rd party vendors and partners are also vetted through research to help ensure they also follow general cybersecurity best practices.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

8. Resolving Disputes

We hope that we can resolve any questions or concern you raise about our use of your Personal Information. Please contact us via the methods listed below in the section entitled “How to contact us” to let us know about any of your questions or concerns, and we will get back to you to resolve the issue.

If you are an EU citizen, the General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.

9. Changes to this Privacy Notice

This privacy notice was last updated on September 7, 2021.

We may update this privacy policy from time to time. When we do, we will inform you via email to the email address you have provided us, or by posting a message about the change on the Service.

10. How to contact us

Please contact us if you have any questions about this privacy policy or the information we hold about you.

If you wish to contact us, you can do so by email to [email protected], or by physical mail to the address below.

One Duck Theory LLC
6 Liberty Sq #94945
Boston, MA 02109