Delve Privacy Policy

Effective date: September 21, 2024

This Privacy Policy is designed to help as a website visitor or user of our services understand how Delve Technologies Inc. (“Delve”) collects, uses, and shares your information in order to operate, improve, develop, and protect our services. We encourage you to read this policy thoroughly and reach out to us if you have any questions per the “Contacting Delve” section below.

Table of Contents

  • About Delve
  • About this Policy
  • Data We Collect
  • How We Use Your Data
  • How We Share Your Data
  • Data Protection
  • Notes for EEA and UK End Users
  • Information Retention and Deletion
  • How to Exercise Rights in Your Data
  • Children
  • Contacting Delve
  • Policy Changes

About Delve

Delve is a company that helps businesses align with HIPAA, SOC 2, and other information security compliance frameworks. Our business-to-business SaaS platform guides our customers through the compliance processes and may also include audit management, virtual CISO consulting services, and more.

About this Policy

This policy aims to provide a clear explanation of information Delve collects from and about you as a website visitor and/or user of our services and how we use and share it. Please note that this policy only applies to information that we collect, use, and share. This policy does not apply to any websites, products, or services provided by others, including our customers. If you would like to know more about their practices, we suggest reviewing their privacy policies. This policy does not apply to personal data about current and former Delve employees, job candidates, contractors and agents acting in similar roles.

Data We Collect

Identifiers

As part of customer on-boarding and in order to complete transactions we request the following identifiers during account set up: full name, business legal name, business address, email address, and business phone number.

Service provider authentication data

Delve’s services allow you to establish technical integrations with certain service providers, thereby allowing Delve to access data on your behalf from such service providers. To enable such access, you may be required to provide the authentication data for your accounts such as Github and AWS as required by the applicable service provider. 

Device data 

When you use a device, like your smartphone, tablet, or computer, to view our website or interact with our services (including through a service provider’s app), we may collect the following data about that device:

  • internet protocol (IP) address;
  • timezone setting and location, device location;
  • hardware model and operating system;
  • features within Delve’s services you access;
  • browser data;
  • network data; and
  • other technical data about the device (such as settings and preferences).

User activity

We collect your user activity on the Delve platform, for example, we may collect data on time spent on particular pages and buttons clicked on each respective page.

Data we receive about you from service providers 

When needed for Delve to provide its services, the service providers you use may provide us with identifiers and commercial information about you as part of providing us with information about your use of the service providers and configurations in place. Such information may include your name, email address, phone number, or information about your accounts and transactions.

Information we derive from the data we collect 

We may derive additional information about you from the other categories of data we collect. For example, we may infer your geolocation or your annual income.

Cookies

We may collect and share cookie data from and with third parties when you visit our website, or we may allow third parties to collect this cookie data from our sites. Please see “Cookies and Similar Technologies” under “How We Share Your Data” below for more details.

Social networks

We may collect data when you interact with Delve through other means such as our marketing activities, social media accounts, and joint marketing activities in partnership with other services. Additionally, we may collect information through other individuals at your organization, individuals that have referred Delve to you, or third party services and datasets. For example, we may collect your name, social media handle, or email address.

How We Use Your Data

We do not sell or rent personal information that we collect. We use your information for the following business purposes:

  • Provide Delve’s services;
  • Communicate with you for matters related to our services;
  • Provide support;
  • Help prevent fraud, verify identity, or protect privacy;
  • Provide assistance when serving as a liaison between you and lawyers, accountants, auditors, and other professional advisors;
  • Develop understanding and insights into your user experience;
  • Improve existing services, for example, by adding features and functionality;
  • Develop new services;
  • Respond to your support ticket requests and questionnaire or survey submissions;
  • Maintain business records;
  • Carry out referral requests;
  • Assist in compliance audits;
  • Market Delve’s services;
  • Notify you of new services or products that we believe will be of interest to you;
  • Investigate potential misuse and misconduct of our services;
  • For legal purposes such as establishing and defending claims, to manage or transfer assets or liabilities such as an event of acquisition or merger; and
  • As directed by you or with your advance consent for other notified purposes.

How We Share Your Data

We do not share your data with non-affiliated third parties except as permitted by law (as authorized by 12 C.F.R. § 1016.14 and 1016.15, for example, to administer and enforce a transaction). 

Delve shares your personal data with third parties for the following reasons:

  • Service Provider Authentication Data. Delve will use your service provider authentication data to establish technical integrations with your service providers. Delve will refresh any service provider authentication data in its discretion to maintain access during the period in which Delve is providing the Delve service to you.
  • As Necessary to Provide the Services. Like most companies, Delve uses third-party services (e.g. cloud services) to process and host your data. 
  • To Facilitate Audits, Penetration Tests, and other Services in Relation with Auditors, Consultants, Lawyers, or Other Related Third Parties: Delve, like many businesses, may hire other businesses to perform functions for customers in relation to the services provided.
  • To Prevent Fraud, Abuse, and Security Threats. Delve reserves the right in all cases to share your data with law enforcement, regulatory authorities, and other third parties as necessary to prevent fraud, abuse, or security threats. 
  • Cookies and Similar Technologies. We may collect and share cookie data from and with third parties when you visit our website, or we may allow third parties to collect this cookie data from our sites. Cookies and similar technologies to measure web activity to provide you with a better user experience on our website and during the course of providing our services. A "cookie" is a unique numeric code that we transfer to your device so that we can keep track of your interests and preferences and recognize you as a returning visitor to the website and Service. If you choose not to accept cookies from us, you will still be able to access many of the features on our website and Service, but with certain limitations to access and functionality.
  • To Improve and Create. We share your data with third parties to help us to gain insights from your data to improve our services and develop new services, for example, we utilize large language models and APIs like ChatGPT. 
  • Aggregated or Anonymized Data. We collect, use, and share data that has been aggregated or anonymized in a manner that does not identify you personally for any purpose permitted under applicable law. For example, creating or using aggregated or anonymized data helps Delve to develop new services, to facilitate research, and for analytics purposes to help assess the speed, accuracy, and/or security of our services.

Data Protection

Delve’s security policies and practices are designed to protect the security, confidentiality, and integrity of your data. Delve implements security controls designed to limit access to this data to personnel who have a business reason to know it and prohibits its personnel from unlawfully accessing, using, or disclosing this data. Such practices include encryption of your data in transit and at rest, logging and monitoring access to your data, database backups, and segregated development and production environments. We also take reasonable steps, through contractual or other reasonable means, to ensure that a comparable level of personal information protection is implemented by the third parties who assist us in providing products and services to you.

Notes for EEA and UK End Users

For individuals in the European Economic Area (“EEA”) or the United Kingdom (“UK”), Delve only processes your personal data when we have a valid legal basis to do so. Our legal basis for processing the data we collect will depend on what data we collected and the purpose for processing it. Generally, we will only collect and process your data where:

  • we are bound by any contract or agreement with you (for example, to comply with our end user services agreements).
  • we require your data to comply with our legal obligations under applicable law, to safeguard Delve's legal rights, and prevent and identify criminal activities such as fraud. For these purposes, Delve may find it necessary to share your personal data with entities such as courts and law enforcement agencies;
  • processing is necessary for our legitimate interests to effectively maintain the integrity of our services. This includes engaging in communication with you, and ensuring that Delve upholds the expected standards; or you have given your consent to do so.

To the extent we rely on consent to collect and process your data, you have the right to withdraw your consent at any time per the instructions provided in this policy.

Information Retention and Deletion

We retain your data only as long as it is needed. To determine whether the data is needed, we consider the reason your data was collected and used and any legal requirements to hold onto your data. We review your data periodically to ensure it is still needed to fulfill the purpose for which it was collected or any other legal requirements. 

The exceptions to this may be if: (a) Delve needs your data to continue providing you with a Delve service you requested; (b) Delve is required by law to keep your data; (c) Delve needs your data to help prevent fraud or protect privacy, provide support, or investigate misuse and misconduct; (d) where Delve has anonymized your data such that it cannot be reidentified or (e) we request - and you specifically agree - to allow us to retain your data longer.

Your data will only be processed as required by law or in accordance with this policy.

Please refer to the “How to Exercise Rights in Your Data” section of this policy for options that may be available to you, including how to request deletion of your data. You can also contact us about our data retention practices using the contact information in the “Contacting Delve” section below.

Delve does not transfer data we collect about you across international borders.

How to Exercise Rights in Your Data

You may exercise the following rights related to your personal data, subject to some limitations and exceptions provided by law, and you will not be discriminated against for exercising them:

  • Access data collected about you;
  • Request access to more details about the categories and specific pieces of personal information we may have collected about you in the last 12 months (including personal information disclosed for business purposes);
  • Request, under certain circumstances, that we rectify or update your data that is inaccurate or incomplete;
  • Request, under certain circumstances, that we erase or restrict the processing of your data;
  • Object to our processing of your data under certain conditions provided by law;
  • Where processing of your data is based on consent, withdraw that consent;
  • Request that we provide data collected about you in a structured, commonly used and machine-readable format so that you can transfer it to another company, where technically feasible.
  • Please note that for an official record of your activities and history conducted through a service provider that may or may not be technically integrated with Delve, you should make that request directly to your service provider.

You can contact us as described in the “Contacting Delve” section below to exercise any of your data protection rights. You may be required to provide additional information necessary to confirm your identity before we can respond to your request. We will consider requests and provide our response within a reasonable period of time (and within any time period required by applicable law). Please note, however, that certain data may be exempt from such requests, for example if we need to keep the data to comply with our own legal obligations or to establish, exercise, or defend legal claims. 

Additionally, depending on where you live, you may have the right to make a complaint at any time to your (data protection) supervisory authority. For example, if you are in Canada, you may contact the Office of the Privacy Commissioner of Canada which you can find here. For end users in the EEA, you can find contact information for the European Data Protection Board (EDPB) on the EDPB’s website here. For end users in the UK, you can find contact information for the Information Commissioner’s Office (ICO) on the ICO’s website here. For end users in Switzerland this is the Federal Data Protection and Information Commissioner which you can find here.

Children

Our services are not targeted or directed at children under the age of 16, and we do not intend to or knowingly collect or solicit personal information from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided personal information to us, we encourage the child’s parent or guardian to contact us in accordance with the section Contacting Delve to request that we remove the information from our systems. If we learn that any personal information we collected has been provided by a child under the age of 16, we will promptly delete that personal information.

Contacting Delve 

You may contact Delve to exercise rights in your data, to ask questions about our privacy policies and practices, and to file a complaint.

Contact Delve:

Delve Technologies Inc.

founders@getdelve.com

185 Channel St.

San Francisco, CA 94158

If you believe the privacy laws relating to the protection of your personal information or this policy have not been respected, you may file a complaint with us. We will acknowledge your complaint, investigate it and provide you with a response within a reasonable period of time (and within any time period required by applicable law). If, after an investigation, your complaint is deemed justified, we will take appropriate steps to correct the situation, including, if necessary, amending our policies and practices. You may be required to provide additional information necessary to confirm your identity before we can respond to your request. Please note, however, that certain data may be exempt from such requests, for example if we need to keep the data to comply with our own legal obligations or to establish, exercise, or defend legal claims.

Policy Changes

We may update or change this policy from time to time. If we make any updates or changes, we will post the new policy on this URL and update the effective date at the top of this policy.