What Information Do We Collect About You?
When you sign-up for an account:
- Profile Information: Your email address, a password, first name, and last name.
- The time zone setting of your browser at the time of sign-up.
- Information about your use of this website including your IP address.
- Information needed for billing including: The amount of data, in bytes, flowing into and out of our platform, the number of SMS texts, the number of emails, the number of transactions, and the number of data streams.
When you edit your account profile:
- Your password, email address, first name, and last name.
- Optionally, your phone number and your cell phone number.
- Your time zone.
Billing information:You will need to optionally enter credit card information if you are paying for a GroveStreams subscription and wish to use a credit card.
- Information required to process your monthly invoice with a credit card including: Your card number, expiration date, card code, the address used for the card, and a phone number.
- The shipping address is not required.
Organization Information:You have the option of creating an Organization after your user profile is created. An organization can be a home, business, or other similar entity.
- The organization name.
- The organization address (optional).
Device information and stream data:Organizations can contain devices along with stream data for each device.
- Device information, configured by a user of our platform: Unique device identifiers such as MAC address, IP address, the outward facing gateway IP address, and settings of the device you use to access the Services.
- The time that the device last communicated with our platform.
- Device stream information, configured by a user of our platform: data uploaded into our platform from the device. All stream data is saved with a time stamp passed into our platform or the time stamp can be optionally set by our platform.
- Device event notification data, configured by users of our platform, including: Phone numbers for SMS, and email addresses
How we use that information
Your profile information:
- Email Address: We use your email address as your unique identifier within our platform. We also use it for sending important notifications about the usage of of our service such as billing notifications and other issues. You may configure device events to send notifications to your email address.
- Phone Number: We do not use your phone number. It is optional and can be used, by you, for device SMS notifications.
- Credit Card information: We do not store your credit card information or use it directly. We use a 3rd party credit card processor. More information below.
- Email: We use your email address if you choose to create a GroveStreams Forum profile. More information below.
Device and Stream Data:
- We do not use or process this data for our own use except for the gathering of metrics for billing purposes, and to optimize it for storage (security and compaction).
Audit Trails and Diagnostics:
- Some information may reside in logs that record usage of our Service (such as web server logs). This information is used for regulatory record keeping and troubleshooting.
- To register you or your devices for our Service
- To provide a Service or feature you request
- To provide customized content and provide personalized services based on your past activities on our Services
- To understand the way people use our Services so that we can improve them and develop new products and services
- To provide maintenance services for your account
- Otherwise with your consent
To Whom do we Disclose Your Information?Grove Streams uses several 3rd party data processors.
- Authorize.net: GroveStreams uses one of the largest providers of credit card-based processing services, Authorize.Net, to manage and store sensitive billing information. When you register a credit card with our service, we will direct you to an Authorize.net secured web page where you will interact directly with their website and your sensitive data will be directly stored in their system. After your information is entered into their system, we will receive a user identifier (a number). We only store that identifier in our system and use it to process your invoice along with a secret Authorize.net API key. We use the Authorize.net HTTP SSL API for communication from our servers to their servers. Your information stored at Authorize.Net will be removed when you delete your GroveStream user profile. Authorize.net Privacy Statement
- Twillio: We use Twillio for sending your device SMS event notifications to your phone. We do this by passing the notification information, which only includes the phone number and the body of the SMS you configured. Communication with Twillio is done over the Internet using Twillio's API, between our servers and their servers, using HTTPS and SSL. Twillio Privacy Statement
- Amazon SES: We use Amazon Simple Email Services to send emails from our service. Emails can be from us or from your optionally configured device email event notification. When sending an email we pass the email addresses and the body of the email, using their Java library, which communicates from our servers to Amazon's servers via HTTPS SSL. Amazon AWS Privacy Statement
- Bing Maps: We use Microsoft Bing Maps to display your device location. We use their java script API library to display the device location on a map. Only the device GPS location, name, and ID is passed to their API. When a device/component is being designed, by you, within our service, you can optionally enter an address to find the device's GPS location. When you do this, we pass this information to the Microsoft Bing servers to find the GPS location. Microsoft Bing Maps Privacy Statement
- Ninja Post: We use a 3rd party forum website for our user forum. We only pass your your email address and the current website session token when you choose to use the forum. The forum user profile information and any other information you enter into the forum is stored in their system. Ninja Post Privacy Statement
- We will store your email address and password, encrypted, as a persistent browser cookie when you choose the "Remember Me" option while signing in.
- We use non-persistent browser secured cookies for other information such as your current authenticated session identifier, whether you're a "Guest" to an organization, your user name, id, and email address. These cookies only remain for the life of the browser session and are not accessible by other applications.
- By signing up for our service: You agree to receive email notifications from us, via Amazon AWS SES, in regards to your account. You agree to allow information about your use of this website (including your IP address) to be collected by us.
- By configuring device SMS notifications: You agree to receive SMS notifications from us, via Twillio. Do not configure any device SMS notifications if you do not wish to use this service.
- By configuring device email notifications: You agree to receive email notifications from us, via Amazon AWS SES. Do not configure any device email notifications if you do not wish to use this service.
- By choosing a pricing plan that is not free and entering in your credit card information, you agree to us using Authorize.net to process your invoice and make charges to your card. Do not register a credit card if you do not wish to use this service.
- By creating components and displaying their locations, you choose to use Microsoft Bing Maps to display your device location. Do not enter valid GPS coordinates for your device if you choose not to reveal its true location. Device coordinates will default to 0 lat, 0 lon.
- The phone numbers you enter into our system are only used for SMS notifications. Do not enter phone numbers if you do not use the SMS notification services. They are optional.
- If you use our forum, you may receive emails from the forum as posts are made. Users can configure the forum to not receive emails. Don't create a forum profile if you do not want any of your personal data to be stored there or do not want to receive emails from the forum.
What do we do to Keep Your Information Secure?
- We use appropriate security measures to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.
- Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
- All passwords are stored encrypted and are never unencrypted. If a password is lost a new password must be created as Grove Streams does not have an external or internal API to recover a password so as to prevent anyone from knowing another user's password.
- If you provision an API Key, you should keep it secret. You should store your API Key in a secure location. You should only use your API key with HTTPS SSL communications. You should not use a single API key for all devices, widgets, or dashboards in case it becomes compromised.
- Grove Streams employees cannot access your organization and view or edit stream data and dashboards through any user interface. We will request that you add us to the list of organization users in order to assist you with any trouble-shooting.
- We will retain Personal Information for the period necessary to fulfill the purposes outlined in this policy unless a longer retention period is required or permitted by applicable law or regulation.
- By default, stream data is retained for two years. You may configure how long data is retained by configuring the "Delete Profile" associated with every stream.
- Component and Stream data is permanently removed when it is deleted.
- Organization information, including components and streams, are permanently removed when the organization is deleted by you or by our system.
- Your personal data, within your profile, is immediately deleted when you delete your profile.
- Your personal data, residing within our forum, is retained until you delete your forum profile from within the forum.
- Some information will be retained in audit and diagnostic logs per regulations.
Third-Party LinksThis site may contain links to other sites outside our control. GroveStreams.com is not responsible for the privacy practices or the content of such web sites.
Do not Track Signals and Similar MechanismsSome web browsers may transmit “do-not-track” signals to the websites with which the user communicates, although web browsers incorporate and activate this functionality in different ways, and it is not always clear whether users intend for these signals to be transmitted. There currently is disagreement, including among participants in the leading Internet standards-setting organization, concerning what, if anything, websites should do when they receive such signals. Grove Streams currently does not take action in response to these signals, but, if and when a standard is established and accepted, we may reassess how to respond to these signals.
Data OwnershipYour data belongs to you and you are free at any time to access it through our service until you delete your organization and user account. We do not scan your component or stream data for any information for marketing purposes. We do not share your data with anyone with the exception of 3rd party processors noted above.
Grove Streams as a 3rd Party Data ProcessorGrove Streams can also be used as a 3rd party data processor. Some companies use us as a service and can OEM Grove Streams to look like their own service. These companies may use Grove Streams to store other user's data.
These companies will not have access to your credit card information as long as it is being stored in our secure location (you used our service to enter credit card information). These companies can configure Grove Streams organizations so that they have access to some of your profile information once you have been added to an organization via your email address. They can configure the organization so that they have access to all information stored in the organization they Own or have configured to give them rights to do so. If they are storing sensitive information within Organizations, Components, Streams, Dashboards, or Maps, it is their responsibility to ensure it is secured and handled to satisfy regulations in the areas they are operating in.
These types of of Grove Streams users must have their own Privacy page that describes, and satisfies data privacy regulations. They must ensure that their user's personal data is secure and not shared without their knowledge. They must provide links to our Terms and Privacy pages so that their users understand how we are being used and how their personal data is handled.