• Terms of Service
• Privacy Policy
• User Data Request Policy
• Billing Policy
• Cookie Policy
• Acceptable Use Policy
• Security Practices

Privacy Policy

Effective: January 1, 2018

Our Privacy Policy will help you understand what information we collect at Skrum, how Skrum uses it, and what choices you have.

When we talk about “Skrum,” “we,” “our,” or “us” in this policy, we are referring to Skrum, LLC, the company which provides the Services. When we talk about the “Services” in this policy, we are referring to our online collaboration tools and platform. Our Services are currently available for use via integration with your calendaring application, integration with other collaboration tools or via a web browser, as further described in our FAQ page.

Information We Collect And Receive

1. Customer Data

   Content and information submitted by users to the Services is referred to in this policy as “Customer Data.” As further explained below, Customer Data is controlled by the organization or other third party that created the meeting (the “Customer”). Where Skrum collects or processes Customer Data, it does so on behalf of the Customer.

   If you participate in a Skrum meeting and create a user account, you are a “user,” as further described in the User Terms of Service. If you are using the Services by invitation of a Customer, whether that Customer is your employer, another organization, or an individual, that Customer determines its own policies regarding storage, access, modification, deletion, sharing, and retention of Customer Data which may apply to your use of the Services. Please check with the Customer about the policies and settings it has in place.

2. Other Information

   Skrum may also collect and receive the following information:

   • Account creation information. Users may provide information such as an email address, phone number, and password to create an account.
   • Meeting setup information. When a Customer creates a meeting using the Services, we may collect participant email addresses, participant phone numbers, meeting name, meeting subject, meeting location, user name for the individual organizing the meeting, and password. For more information on meeting set-up, click here.
   • Meeting participation information. When a Customer conducts a meeting using the Services, additional information may be collected including; time participants joined and left conference, audio recording of conference, and text transcript of conference. For more information on meeting participation, click here.
   • Billing and other information. For Customers that purchase a paid version of the Services, our corporate affiliates and our third-party payment processors may collect and store billing address and credit card information on our behalf or we may do this ourselves.
   • Services usage information. This is information about how you are accessing and using the Services, which may include administrative and support communications with us and information about the meetings you interact with, and what third party integrations you use (if any).
   • Contact information. With your permission, any contact information you choose to import is collected (such as an address book from a device) when using the Services.
   • Log data. When you access the Services via web browser, our servers automatically record information, including information that your browser sends whenever you visit a website or your mobile app sends when you are using it. This log data may include your Internet Protocol address, the address of the web page you visited before using the Services, your browser type and settings, the date and time of your use of the Services, information about your browser configuration and plug-ins, language preferences, and cookie data.
   • Device information. We may collect information about the device you are using the Services on, including what type of device it is, what operating system you are using, device settings, application IDs, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings.
   • Geo-location information. Precise GPS location from mobile devices is collected only with your permission. WiFi and IP addresses received from your browser or device may be used to determine approximate location for the purpose of establishing your time zone.
   • Services integrations. If, when using the Services, you integrate with a third- party service, we will connect that service to ours. The third-party provider of the integration may share certain information about your account with Skrum. However, we do not receive or store your passwords for any of these third-party services. For more information on service integrations, click here.
   • Third-party data. Skrum may also receive information from affiliates in our corporate group, our partners, or others that we use to make our own information better or more useful. This might be aggregate level information, such as which IP addresses go with which zip codes, or it might be more specific information, such as about how well an online marketing or email campaign performed.

Our Cookie Policy

Skrum uses cookies and similar technologies to provide and support our websites and Services, as more fully explained in our Cookie Policy.

How We Use Your Information

We use your information to provide and improve the Services.

1. Customer Data

   Skrum may access and use Customer Data as reasonably necessary and in accordance with Customer’s instructions to (a) provide, maintain and improve the Services; (b) to prevent or address service, security, technical issues or at a Customer’s request in connection with customer support matters; (c) as required by law or as permitted by the Data Request Policy and (d) as set forth in our agreement with the Customer or as expressly permitted in writing by the Customer. Additional information about Skrum’s confidentiality and security practices with respect to Customer Data is available at our Security Practices page.

2. Other Information

   We use other kinds of information in providing the Services. Specifically:

   • To understand and improve our Services. We carry out research and analyze trends to better understand how users are using the Services and improve them.
   • To communicate with you by:
     • Responding to your requests. If you contact us with a problem or question, we will use your information to respond.
     • Sending emails and messages. We may send you Service and administrative emails and messages. We may need to contact you for invoicing, account management and similar reasons. We may also contact you to inform you about changes in our Services, our Service offerings, and important Service related notices, such as security and fraud notices. These emails and messages are considered part of the Services and you may not opt-out of them.
   • Billing and account management. We use account data to administer accounts and keep track of billing and payments.
   • Communicating with you and marketing. We may also use your contact information for our own marketing or advertising purposes. You may opt out of these at any time.
   • Investigating and preventing bad stuff from happening. We work hard to keep the Services secure and to prevent abuse and fraud.

   This policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified so it is no longer associated with an identifiable user or Customer of the Services.

Your Choices

1. Customer Data

   Customer provides us with instructions on what to do with Customer Data. A Customer has many choices and control over Customer Data. For example, Customer may provision or de-provision access to the Services, enable or disable third party integrations, manage permissions, share meeting details such as duration, attendees, call recordings and transcripts, etc. Since these choices and instructions may result in the access, use, disclosure, modification or deletion of certain or all Customer Data, please review the FAQ page for more information about these choices and instructions.

2. Other Information

   If you have any questions about your information, our use of this information, or your rights when it comes to any of the foregoing, contact us at feedback@skrum.net.

3. Other Choices

   In addition, the browser you use may provide you with the ability to control cookies or other types of local data storage. Your mobile device may provide you with choices around how and whether location or other data is collected and shared. Skrum does not control these choices, or default settings, which are offered by makers of your browser or mobile device operating system.

Sharing and Disclosure

There are times when information described in this privacy policy may be shared by Skrum. This section discusses only how Skrum may share such information. Customers determine their own policies for the sharing and disclosure of Customer Data. Skrum does not control how Customers or their third parties choose to share or disclose Customer Data.

1. Customer Data

   Skrum may share Customer Data in accordance with our agreement with the Customer and the Customer’s instructions, including:

   1. With third party service providers and agents. We may engage third party companies or individuals to process Customer Data.
   2. With affiliates. We may engage affiliates in our corporate group to process Customer Data.
   3. With third party integrations. Skrum may, acting on our Customer’s behalf, share Customer Data with the provider of an integration added by Customer. Skrum is not responsible for how the provider of an integration may collect, use, and share Customer Data.

2. Other Information

   Skrum may share other information as follows:

   1. About you with the Customer. There may be times when you contact Skrum to help resolve an issue specific to a meeting of which you are a member. In order to help resolve the issue and given our relationship with our Customer, we may share your concern with our Customer.
   2. With third party service providers and agents. We may engage third party companies or individuals, such as third-party payment processors, to process information on our behalf.
   3. With affiliates. We may engage affiliates in our corporate group to process other information.

3. Other Types of Disclosure

   Skrum may share or disclose Customer Data and other information as follows:

   1. During changes to our business structure. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Skrum's assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
   2. To comply with laws. To comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
   3. To enforce our rights, prevent fraud and for safety. To protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.

We may disclose or use aggregate or de-identified information for any purpose. For example, we may share aggregated or de-identified information with our partners or others for business or research purposes such as average meeting frequency and duration or partnering with research firm or academics to explore interesting questions about collaboration.

Security

Skrum takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology. To learn more about current practices and policies regarding security and confidentiality of Customer Data and other information, please see our Security Practices; we keep that document updated as these practices evolve over time.

Children’s Information

Our Services are not directed to children under 16. If you learn that a child under 16 has provided us with personal information without consent, please contact us.

Changes to this Privacy Policy

We may change this policy from time to time, and if we do we will post any changes on this page. If you continue to use the Services after those changes are in effect, you agree to the revised policy.

Terms of Service

Effective: January 1, 2018

These User Terms of Service (the “User Terms”) govern your access and use of the Skrum online collaboration tools and platform (the “Services”). Please read them carefully.

These User Terms are Legally Binding

These User Terms are a legally binding contract between you and us. As part of these User Terms, you agree to comply with the most recent version of our Acceptable Use Policy, which is incorporated by reference into these User Terms. If you access or use the Services, or continue accessing or using the Services after being notified of a change to the User Terms or the Acceptable Use Policy, you confirm that you have read, understand and agree to be bound by the User Terms and the Acceptable Use Policy. “We”, “our” and “us” currently refers to Skrum, LLC.

Customer’s Choices and Instructions

You are an Authorized User on a Meeting Controlled by a “Customer”
An organization or other third party that we refer to in these User Terms as “Customer” has invited you to a Skrum (i.e., a teleconference meeting where a group of users may access the Services, as further described on our FAQ page). If you are joining one of your employer’s Skrum’s, for example, Customer is your employer. If you are joining a Skrum created by a customer using her employer email address to work on her project, she is our Customer and she is authorizing you to join her Skrum.

What This Means for You - and for Us
Customer has separately agreed to our Customer Terms of Service or entered into a written agreement with us (in either case, the “Contract”) that permitted Customer to create and configure a Skrum so that you and others could join (each invitee granted access to the Services, including you, is an “Authorized User”). The Contract contains our commitment to deliver the Services to Customer, who may then invite Authorized Users to join its Skrum(s). When an Authorized User (including, you) submits content or information to the Services, such as email addresses or phone numbers (“Customer Data”), you acknowledge and agree that the Customer Data is owned by Customer and the Contract provides Customer with many choices and control over that Customer Data. For example, Customer may provision or de-provision access to the Services, enable or disable third party integrations, manage permissions, share meeting details such as duration, attendees, call recordings and transcripts, etc., and these choices and instructions may result in the access, use, disclosure, modification or deletion of certain or all Customer Data. Please check out our FAQ page for more detail on our different Service plans and the options available to Customer.

TCPA and CAN-SPAM Opt-in
In addition, you understand and agree that our ability to contact you via telephone call, SMS/MMS messaging, and email is inherently and inextricably bound to our ability to provide you with the Services, and as such you agree to be contacted by Skrum via these methods, until such time that you choose to terminate use of the Services. You understand and agree that, in accordance with the Telephone Consumer Protection Act (TCPA) and Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, by using the Services you are providing express written consent to be contacted by Skrum via these methods using your provided email addresses and telephone numbers.

The Relationship Between You, Customer and Us
AS BETWEEN US AND CUSTOMER, YOU AGREE THAT IT IS SOLELY CUSTOMER’S RESPONSIBILITY TO (A) INFORM YOU AND ANY AUTHORIZED USERS OF ANY RELEVANT CUSTOMER POLICIES AND PRACTICES AND ANY SETTINGS THAT MAY IMPACT THE PROCESSING OF CUSTOMER DATA; (B) OBTAIN ANY RIGHTS, PERMISSIONS OR CONSENTS FROM YOU AND ANY AUTHORIZED USERS THAT ARE NECESSARY FOR THE LAWFUL USE OF CUSTOMER DATA AND THE OPERATION OF THE SERVICES; AND (C) RESPOND TO AND RESOLVE ANY DISPUTE WITH YOU AND ANY AUTHORIZED USER RELATING TO OR BASED ON CUSTOMER DATA, THE SERVICES OR CUSTOMER’S FAILURE TO FULFILL THESE OBLIGATIONS. SKRUM MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, TO YOU RELATING TO THE SERVICES, WHICH ARE PROVIDED TO YOU ON AN “AS IS” AND “ AS AVAILABLE” BASIS.

A Few Ground Rules

You Must be Over the Age of 16

The Services are not intended for and should not be used by anyone under the age of sixteen. You represent that you are over the age of 16 and are the intended recipient of Customer’s invitation to the Services. You may not access or use the Services for any purpose if either of the representations in the preceding sentence is not true. Without limiting the foregoing, you must be of legal working age.

While You Are Here, You Must Follow the Rules

To help ensure a safe and productive work environment, all Authorized Users must comply with our Acceptable Use Policy and remain vigilant in reporting inappropriate behavior or content to Customer and us.

You Are Here At the Pleasure of Customer (and Us)

These User Terms remain effective until Customer’s subscription expires or terminates, or your access to the Services has been terminated by you or by us. Please contact us if you at any time or for any reason wish to terminate your account, including due to a disagreement with any updates to these User Terms or the Acceptable Use Policy.

Limitation of Liability

If we believe that there is a violation of the Contract, User Terms, the Acceptable Use Policy, or any of our other policies that can simply be remedied by Customer’s removal of certain Customer Data or taking other action, we will, in most cases, ask Customer to take action rather than intervene. We may directly step in and take what we determine to be appropriate action (including disabling your account) if Customer does not take appropriate action or we believe there is a credible risk of harm to us, the Services, other Authorized Users, or any third parties. IN NO EVENT WILL YOU OR WE HAVE ANY LIABILITY TO THE OTHER FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER OR PUNITIVE DAMAGES HOWEVER CAUSED, WHETHER IN CONTRACT, TORT OR UNDER ANY OTHER THEORY OF LIABILITY, AND WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. UNLESS YOU ARE ALSO A CUSTOMER (AND WITHOUT LIMITATION TO OUR RIGHTS AND REMEDIES UNDER THE CONTRACT), YOU WILL HAVE NO FINANCIAL LIABILITY TO US FOR A BREACH OF THESE USER TERMS. OUR MAXIMUM AGGREGATE LIABILITY TO YOU FOR ANY BREACH OF THE USER TERMS IS ONE HUNDRED DOLLARS ($100) IN THE AGGREGATE. THE FOREGOING DISCLAIMERS WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW AND DO NOT LIMIT EITHER PARTY’S RIGHT TO SEEK AND OBTAIN EQUITABLE RELIEF.

Application of Consumer Law

Skrum is a workplace tool intended for use by businesses and organizations and not for consumer purposes. To the maximum extent permitted by law, you hereby acknowledge and agree that consumer laws do not apply. If however any consumer laws do apply and cannot otherwise be lawfully excluded, nothing in these User Terms will restrict, exclude or modify any statutory warranties, guarantees, rights or remedies you have, and our liability is limited (at our option) to the replacement, repair or resupply of the Services or the pro-rata refund to Customer of pre-paid fees for your subscription covering the remainder of the term.

Survival

The sections titled “The Relationship Between You, Customer, and Us”, “Limitation of Liability”, and “Survival”, and all of the provisions under the general heading “General Provisions” will survive any termination or expiration of the User Terms.

General Provisions

Email and Skrum Messages

Except as otherwise set forth herein, all notices under the User Terms will be by email, although we may also choose to provide notice to Authorized Users through SMS messaging. Notices to Skrum should be sent to feedback@skrum.com, except for legal notices, which must be sent to legal@skrum.com. A notice will be deemed to have been duly given (a) the day after it is sent, in the case of a notice sent through email; and (b) the same day, in the case of a notice sent through the Services. Notices under the Contract will be delivered solely to Customer in accordance with the terms of that agreement.

Privacy Policy

Please review our Privacy Policy for more information on how we collect and use data relating to the use and performance of our products.

Modifications

As our business evolves, we may change these User Terms or the Acceptable Use Policy. If we make a material change to the User Terms or the Acceptable Use Policy, we will provide you with reasonable notice prior to the change taking effect either by emailing the email address associated with your account or by messaging you through the Services. You can review the most current version of the User Terms at any time by visiting this page, and by visiting the following for the most current versions of the other pages that are referenced in these User Terms: Acceptable Use Policy and Privacy Policy. Any material revisions to these User Terms will become effective on the date set forth in our notice, and all other changes will become effective on the date we publish the change. If you use the Services after the effective date of any changes, that use will constitute your acceptance of the revised terms and conditions.

Waiver

No failure or delay by either party in exercising any right under the User Terms, including the Acceptable Use Policy, will constitute a waiver of that right. No waiver under the User Terms will be effective unless made in writing and signed by an authorized representative of the party being deemed to have granted the waiver.

Severability

The User Terms, including the Acceptable Use Policy, will be enforced to the fullest extent permitted under applicable law. If any provision of the User Terms is held by a court of competent jurisdiction to be contrary to law, the provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of the User Terms will remain in effect.

Assignment

You may not assign any of your rights or delegate your obligations under these User Terms, including the Acceptable Use Policy, whether by operation of law or otherwise, without the prior written consent of us (not to be unreasonably withheld). We may assign these User Terms in their entirety (including all terms and conditions incorporated herein by reference), without your consent, to a corporate affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of our assets.

Governing Law

The Contract, and any disputes arising out of or related hereto, will be governed exclusively by the internal laws of the State of Florida, without regard to its conflicts of laws rules or the United Nations Convention on the International Sale of Goods.

Venue; Waiver of Jury Trial; Fees

The state and federal courts located in Brevard County, Florida will have exclusive jurisdiction to adjudicate any dispute arising out of or relating to these User Terms, including the Acceptable Use Policy, or their formation as a contract between us or their enforcement. Each party hereby consents and submits to the exclusive jurisdiction of such courts. Each party also hereby waives any right to jury trial in connection with any action or litigation in any way arising out of or related to the User Terms. In any action or proceeding to enforce rights under the User Terms, the prevailing party will be entitled to recover its reasonable costs and attorney’s fees.

Entire Agreement

The User Terms, including any terms incorporated by reference into the User Terms, constitute the entire agreement between you and us and supersede all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. To the extent of any conflict or inconsistency between the provisions in these User Terms and any pages referenced in these User Terms, the terms of these User Terms will first prevail; provided, however, that if there is a conflict or inconsistency between the Contract and the User Terms, the terms of the Contract will first prevail, followed by the provisions in these User Terms, and then followed by the pages referenced in these User Terms (e.g., the Privacy Policy). Customer will be responsible for notifying Authorized Users of those conflicts or inconsistencies and until such time the terms set forth herein will be binding.

User Data Request Policy

Effective: January 1, 2018

Skrum receives requests from users and government agencies to disclose data other than in the ordinary operation and provision of the Services. This Data Request Policy outlines Skrum’s policies and procedures for responding to such requests for Customer Data. Any capitalized terms used in this Data Request Policy that are not defined will have the meaning set forth in the Customer Terms of Service. In the event of any inconsistency between the provisions of this Data Request Policy and the Customer Terms of Service or written agreement with Customer, as the case may be, the Customer Terms of Service or written agreement will control.

Requests for Customer Data by Individuals

Third parties seeking access to Customer Data should contact the Customer regarding such requests. The Customer controls the Customer Data and generally gets to decide what to do with all Customer Data.

Requests for Customer Data by Legal Authority

Except as expressly permitted by the Contract or in cases of emergency to avoid death or physical harm to individuals, Skrum will only disclose Customer Data in response to valid and binding compulsory legal process. Skrum requires a search warrant issued by a court of competent jurisdiction (a federal court or a court of general criminal jurisdiction of a State authorized by the law of that State to issue search warrants) to disclose Customer Data.

All requests by courts, government agencies, or parties involved in litigation for Customer Data disclosures should be sent to legal@skrum.net and include the following information: (a) the requesting party, (b) the relevant criminal or civil matter, and (c) a description of the specific Customer Data being requested, including the relevant Customer’s name and/or relevant Authorized User’s name (if applicable), type of data sought, and specific event(s) of interest.

Requests should be prepared and served in accordance with applicable law. All requests should be narrow and focused on the specific Customer Data sought. All requests will be construed narrowly by Skrum, so please do not submit unnecessarily broad requests. If legally permitted, Customer will be responsible for any costs arising from Skrum’s response to such requests.

Skrum is committed to the importance of trust and transparency for the benefit of our Customers and does not voluntarily provide governments with access to any data about users for surveillance purposes.

Customer Notice

Skrum will notify Customer before disclosing any of Customer’s Customer Data so that the Customer may seek protection from such disclosure, unless Skrum is prohibited from doing so or there is a clear indication of illegal conduct or risk of harm to people or property associated with the use of such Customer Data. If Skrum is legally prohibited from notifying Customer prior to disclosure, Skrum will take reasonable steps to notify Customer of the demand after the nondisclosure requirement expires. In addition, if Skrum receives a National Security Letter with an indefinite non-disclosure requirement, Skrum will initiate procedures for judicial review pursuant to 18 U.S.C. § 3511.

Domestication and International Requests

Skrum requires that any individual issuing legal process or legal information requests (e.g., discovery requests, warrants, or subpoenas) to Skrum properly domesticate the process or request and serve Skrum in a jurisdiction where it is resident or has a registered agent to accept service on its behalf. Skrum does not accept legal process or requests directly from law enforcement entities outside the U.S. or Canada. Foreign law enforcement agencies should proceed through a Mutual Legal Assistance Treaty or other diplomatic or legal means to obtain data through a court where Skrum is located.

Billing Policy

Last Updated: January 1, 2018

Service Plans

Paid service plans for Skrum are billed in advance. Services will be automatically charged every month on the day of the month that the account was first established.

When a plan is upgraded, the new plan will be in effect immediately. If a plan is downgraded, the new plan and rate will take effect on the next billing cycle. Skrum will not issue a credit or reimbursement for any remaining part of a plan in the event of plan cancelation or downgrade.

Skrum Coins

Skrum Coins are conference minutes that are available for use when the minutes in your plan have been exhausted. Skrum Coins are purchased in “buckets” of 1000 minutes and are also issued by Skrum as rewards and promotions. If you do not have enough minutes remaining in your plan to cover a call, Skrum will use your Skrum Coins to cover the balance. If you do not have enough Skrum Coins for the call, and if you have a payment method on file, Skrum will purchase a bucket of 1000 Skrum Coins and credit them to your account. If your plan minutes are exhausted, and if you do not have any Skrum Coins, Skrum will not allow you to schedule any more calls.

Cookie Policy

Last Updated: January 1, 2018

At Skrum, we believe in being transparent about how we collect and use data. This policy provides information about how and when we use cookies for these purposes. Capitalized terms used in this policy but not defined have the meaning set forth in our Privacy Policy, which also includes additional details about the collection and use of information at Skrum.

What is a cookie?

Cookies are small text files sent by us to your computer or mobile device. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.

Does Skrum use cookies?

Yes. Skrum uses cookies and similar technologies like single-pixel gifs and web beacons. We use both session-based and persistent cookies. Skrum sets and accesses our own cookies on the domains operated by Skrum and its corporate affiliates (collectively, the “Sites”). In addition, we use third party cookies, like Google Analytics.

How is Skrum using cookies?

Some cookies are associated with your account and personal information in order to remember that you are logged in and which workspaces you are logged into. Other cookies are not tied to your account but are unique and allow us to carry out analytics and customization, among other similar things.

Cookies can be used to recognize you when you visit a Site or use our Services, remember your preferences, and give you a personalized experience that’s consistent with your settings. Cookies also make your interactions faster and more secure.

How are cookies used for advertising purposes?

Cookies and other ad technology such as beacons, pixels, and tags help us market more effectively to users that we and our partners believe may be interested in Skrum. They also help provide us with aggregated auditing, research, and reporting, and know when content has been shown to you.

What can you do if you don't want cookies to be set or want them to be removed, or if you want to opt out of interest-based targeting?

Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. In some browsers you can set up rules to manage cookies on a site-by-site basis, giving you more fine-grained control over your privacy. What this means is that you can disallow cookies from all sites except those that you trust.

Browser manufacturers provide help pages relating to cookie management in their products. Please see below for more information.

• Google Chrome
• Internet Explorer
• Mozilla Firefox
• Safari (Desktop)
• Safari (Mobile)
• Android Browser
• Opera
• Opera Mobile

For other browsers, please consult the documentation that your browser manufacturer provides.

You may opt-out of third party cookies from Google Analytics on its website.

You can opt out of interest-based targeting provided by participating ad servers through the Digital Advertising Alliance (http://youradchoices.com). In addition, on your iPhone, iPad or Android, you can change your device settings to control whether you see online interest-based ads.

If you limit the ability of websites and applications to set cookies, you may worsen your overall user experience and/or lose the ability to access the services, since it will no longer be personalized to you. It may also stop you from saving customized settings, like login information.

Does Skrum respond to Do Not Track Signals?

Our Sites and Services do not collect personal information about your online activities over time and across third-party websites or online services. Therefore, “do not track” signals transmitted from web browsers do not apply to our Sites or Services, and we do not alter any of our data collection and use practices upon receipt of such a signal.

Acceptable Use Policy

Last Updated: January 1, 2018

This Acceptable Use Policy sets out a list of acceptable and unacceptable conduct for our Services. If we believe a violation of the policy is deliberate, repeated or presents a credible risk of harm to other users, our customers, the Services or any third parties, we may suspend or terminate your access. This policy may change as Skrum grows and evolves, so please check back regularly for updates and changes. Capitalized terms used below but not defined in this policy have the meaning set forth in the User Terms of Service.

Do:

• comply with all User Terms of Service, including the terms of this Acceptable Use Policy;
• comply with all applicable laws and governmental regulations, including, but not limited to, all intellectual property, data, privacy, and export control laws, and regulations promulgated by any government agencies, including, but not limited to, the U.S. Securities and Exchange Commission, and any rules of any national and other securities exchanges;
• disseminate only Customer Data to which Customer owns all required rights under law and under contractual and fiduciary relationships (such as proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements) and do so only consistent with applicable law;
• use commercially reasonable efforts to prevent unauthorized access to or use of the Services;
• keep passwords and all other login information confidential;
• monitor and control all activity conducted through your account in connection with the Services;
• promptly notify us if you become aware of or reasonably suspect any illegal or unauthorized activity or a security breach involving your accounts or teams, including any loss, theft, or unauthorized disclosure or use of a username, password, or account; and
• comply in all respects with all applicable terms of the third party applications, including any that Customer elects to integrate with the Services that you access or subscribe to in connection with the Services.

Do Not:

• permit any third party that is not an Authorized User to access or use a username or password for the Services;
• share, transfer or otherwise provide access to an account designated for you to another person;
• use the Services to store or transmit any Customer Data that may infringe upon or misappropriate someone else's trademark, copyright, or other intellectual property, or that may be tortious or unlawful;
• attempt to reverse engineer, decompile, hack, disable, interfere with, disassemble, modify, copy, translate, or disrupt the features, functionality, integrity, or performance of the Services (including any mechanism used to restrict or control the functionality of the Services), any third party use of the Services, or any third party data contained therein (except to the extent such restrictions are prohibited by applicable law);
• attempt to gain unauthorized access to the Services or related systems or networks or to defeat, avoid, bypass, remove, deactivate, or otherwise circumvent any software protection or monitoring mechanisms of the Services;
• access the Services in order to build a similar or competitive product or service or copy any ideas, features, functions, or graphics of the Services;
• use the Services in any manner that may harm minors or that interacts with or targets people under the age of thirteen;
• impersonate any person or entity, including, but not limited to, an employee of ours, an “Administrator”, an “Owner”, or any other Authorized User, or falsely state or otherwise misrepresent your affiliation with a person, organization or entity;
• use the Services to provide material support or resources (or to conceal or disguise the nature, location, source, or ownership of material support or resources) to any organization(s) designated by the United States government as a foreign terrorist organization pursuant to section 219 of the Immigration and Nationality Act or other laws and regulations concerning national security, defense or terrorism;
• access, search, or create accounts for the Services by any means other than our publicly supported interfaces (for example, "scraping" or creating accounts in bulk);
• send unsolicited communications, promotions or advertisements, or spam;
• place any advertisements within a Skrum client;
• send altered, deceptive or false source-identifying information, including "spoofing" or "phishing";
• abuse referrals or promotions to get more credits than deserved;
• sublicense, resell, time share or similarly exploit the Services;
• use the Services for consumer purposes, as Skrum is intended for use by businesses and organizations;
• use contact or other user information obtained from the Services (including email addresses) to contact Authorized Users outside of the Services without their express permission or authority or to create or distribute mailing lists or other collections of contact or user profile information for Authorized Users for use outside of the Services; or
• authorize, permit, enable, induce or encourage any third party to do any of the above.

Security Practices

Effective: January 1, 2018

We take the security of your data very seriously at Skrum. As transparency is one of the principles on which our company is built, we aim to be as clear and open as we can about the way we handle security. If you have additional questions regarding security, we are happy to answer them. Please write to feedback@skrum.net and we will respond as quickly as we can.

Confidentiality

We place strict controls over our employees’ access to the data you and your users make available via the Skrum services, as more specifically defined in your agreement with Skrum covering the use of the Skrum services ("Customer Data"), and are committed to ensuring that Customer Data is not seen by anyone who should not have access to it. The operation of the Skrum services requires that some employees have access to the systems which store and process Customer Data. For example, in order to diagnose a problem you are having with the Skrum services, we may need to access your Customer Data. These employees are prohibited from using these permissions to view Customer Data unless it is necessary to do so. We have technical controls and audit policies in place to ensure that any access to Customer Data is logged. All of our employees and contract personnel are bound to our policies regarding Customer Data and we treat these issues as matters of the highest importance within our company.

Personnel Practices

Skrum conducts background checks on all employees before employment, and employees receive privacy and security training during onboarding as well as on an ongoing basis. All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the Skrum services.

Compliance

The following security-related audits and certifications are applicable to the Skrum services:

• PCI: Skrum is not currently a PCI-certified Service Provider. We are a PCI Level 4 Merchant and have completed the Payment Card Industry Data Security Standard’s SAQ-A, allowing us to use a third party to process your credit card information securely.

The environment that hosts the Skrum services maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports.

Security Features for Team Members & Administrators

In addition to the work we do at the infrastructure level, we provide Team Administrators of paid versions of the Skrum services with additional tools to enable their own users to protect their Customer Data.

Single Sign On
Administrators of paid teams can integrate their Skrum services instance with a variety of single-sign-on providers.

Data Retention
Owners of paid Skrum teams can configure data retention on a team-wide and per-user basis. Setting a custom duration for retention means that data older than the duration you set will be deleted on a nightly basis.

Deletion of Customer Data
Skrum provides the option for Team Owners to delete Customer Data at any time during a subscription term. Within 24 hours of Team Owner initiated deletion, Skrum removes all information from currently-running production systems, excluding User information as Users may still participate in meetings that are organized by other Customers. Skrum services backups are destroyed within 14 days.

Data Encryption In Transit and At Rest

The Skrum services support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. Customer Data is encrypted at rest.

We monitor the changing cryptographic landscape closely and work promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, we do this while also balancing the need for compatibility for older clients.

Availability

We understand that you rely on the Skrum services to work. We're committed to making Skrum a highly-available service that you can count on. Our infrastructure runs on systems that are triple redundant for fault tolerance of individual servers or even entire data centers. Our operations team tests business continuity measures regularly and staffs an around-the-clock on-call team to quickly resolve unexpected incidents.

Disaster Recovery

Customer Data is stored redundantly at multiple locations in our hosting provider’s data centers to ensure availability. We have well-tested backup and restoration procedures, which allow recovery from a major disaster. Customer Data and our source code are automatically backed up nightly. The Operations team is alerted in case of a failure with this system. Backups are fully tested at least every 90 days to confirm that our processes and tools work as expected.

Host Management

We perform automated vulnerability scans on our production hosts and remediate any findings that present a risk to our environment. We enforce screens lockouts and the usage of full disk encryption for company laptops.

Logging

Skrum maintains an extensive, centralized logging environment in its production environment which contains information pertaining to security, monitoring, availability, access, and other metrics about the Skrum services. These logs are analyzed for security events via automated monitoring software, overseen by the security team.

Incident Management & Response

In the event of a security breach, Skrum will promptly notify you of any unauthorized access to your Customer Data. Skrum has incident management policies and procedures in place to handle such an event.

External Security Audits

We contract with respected external security firms who perform regular audits of the Skrum services to verify that our security practices are sound and to monitor the Skrum services for new vulnerabilities discovered by the security research community. In addition to periodic and targeted audits of the Skrum services and features, we also employ the use of continuous hybrid automated scanning of our web platform.

Product Security Practices

New features, functionality, and design changes go through a security review process facilitated by the security team. In addition, our code is audited with automated static analysis software, tested, and manually peer-reviewed prior to being deployed to production. The security team works closely with development teams to resolve any additional security concerns that may arise during development.