Privacy Policy
Last updated: July 10, 2023
This Privacy Policy explains how CAKE.com Inc. and its subsidiaries and affiliates (“CAKE.com,” “we,” or “us”) collects, uses, and discloses information about you when you use our Clockify, Pumble, Plaky or the Marketplace websites, mobile applications, and add-ons, tools and other online products and services that link to this Privacy Policy (collectively, our “Services”), engage with us on social media, or otherwise interact with us.
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy and, in some cases, we may provide you with additional notice (such as adding a statement to our website or sending you a notification). We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.
COLLECTION OF INFORMATION
The information we collect from you varies depending on our relationship with you, which Services you use, and the way in which you use them. When you simply browse our public website as a consumer ("Consumer") to explore our Services or to learn more about us, we do not request that you provide us your information. If you use our Services and become a CAKE.com business user who has licensed and/or purchased one of our products or Services or contact us to learn more about using our Services in connection with your business ("Business User"), we collect information from you as describe below. Our Services, even if free, are offered to Business Users and are only intended for commercial, not personal, use. Our Business Users may also collect and provide us information about their authorized users to whom they provide access to the Clockify, Pumble, or Plaky Services through their Business User account (“Authorized User”) or their clients or customers (“Business Clients”). Below, we describe the ways in which we may collect information in these different situations.
Information You Provide to Us
We collect information you provide directly to us.
Business Users
If you are a Business User, we collect certain personal information about you in order to facilitate our business relationship with you and provide you with our products and services.
The Business User personal information we collect from you includes:
- Account information: name, account username and password, communications you provide, and any other information you choose to provide.
- Professional information: work contact details, title, employer and job title.
- Commercial information: purchase or subscription history and type, invoices, payment details where applicable
We may also collect information a Business User chooses to provide relating to its Business Clients. Business Users must provide their Business Clients any required notices and collect any necessary consents before providing or disclosing any such information to us. CAKE.com does not directly collect or control Business Client personal information, but rather the Business Users determine what Business Client personal information they collect, and to the extent CAKE.com receives that information, we do so on behalf of our Business Users.
Authorized Users
We collect information from Authorized Users of our Business Users. As an Authorized User, you share information directly with us when you create an account, use our Services, submit or post content through our Services, sign up for our newsletter, fill out a form, communicate with us via third-party platforms, request customer support, or otherwise communicate with us. However, while we may directly collect your personal information, we do so on behalf of your company, the Business User who provided you access to our Services, and not for our own purposes. CAKE.com does not directly control the processing of Authorized User personal information, but rather Business Users are responsible for providing their Authorized Users any required notices and collecting any necessary consents before requesting that we collect or disclose the personal information of their Authorized Users.
The types of Authorized User personal information that we collect for Business Users depends on the Services selected, and directions and permissions given to us by the Business User, but could generally include:
- Account information: your name, account username, user identification, and password, email, language, time zone, phone number, photograph, birthday, anniversary, personal API key, role on our Services, Skype number, chat correspondence on our Services, any communications you provide, and any other information you choose to provide.
- Professional information: work contact details, title, employer, job title.
- Clockify entries: event and project calendars, time entries, hourly rates, clients and projects, tasks and work assignments, expenses, time off requests, custom fields, screenshots, audit log, and any other information you wish to input.
- Pumble entries: messages, files, user status.
- Plaky entries: project groups and teams, tasks and their designated team members, comments, invitees, and files.
- Auto Tracker tool information (Clockify only): the applications, programs, and websites you access, and the time (both active and idle) that you spent on each. All data collected from the Auto Tracker will be stored on the Authorized User’s device for a limited time unless the such data is converted to a Clockify time entry. (See more information about the Auto Tracker tool here).
- Integration Tracker tool information (Clockify only): when downloaded into a particular application, program or website, select content from such applicable application, program, or website and the time (both active and idle) that you spent on each. (See more information about the Integration Tracker tool here).
- Desktop Screenshot tool information (Clockify only): Authorized User desktop appshots taken in timed intervals and linked to a Clockify time entry. Authorized Users will receive a notification when screenshot capturing is enabled. (See more information about the Desktop Screenshot tool here).
- Location Tracker tool information (Clockify only): in accordance with your device permissions, we may collect information about the precise location of your device. This feature enables the Business User to track who is currently working on-site and its Authorized User’s location history throughout the day while the timer is running. Location is recorded every time the timer is started and stopped in the mobile application. Locations are collected even if the mobile application works in the background. You may stop the collection of precise location information at any time (see the Your Choices section below for details). (See more information about the Location Tracker tool here).
- Add-on interactions: Interactions you have while searching for, installing, disabling and uninstalling the marketplace add-on.
Not providing certain personal information may prevent CAKE.com from providing Services to you (e.g., without your email, we may not be able to create an account for you).
Information We Collect Automatically When You Interact with Us
When you access or use our Services or otherwise transact business with us, we automatically collect certain information, including:
- Device and usage information: We collect information about how you access our Services, including data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, device time zone, and app version. We also collect information about your activity on our Services, such as access times, pages viewed, links clicked, and the page you visited before navigating to our Services.
- General location information: In accordance with your device permissions, we may collect information about the general location of your device. You may stop the collection of general location information at any time (see the Your Choices section below for details).
- Information collected by cookies and similar tracking technologies: We (and our service providers) use tracking technologies, such as cookies and web beacons, to collect information about you. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons (also known as “pixel tags” or “clear GIFs”) are electronic images that we use on our Services and in our emails to help deliver cookies, count visits, and understand usage and campaign effectiveness. For more information about cookies and how to disable them, see our Cookies Policy, and sections 4. and 5..
Information We Collect from Other Sources
We obtain information from third-party sources. For example, we may collect information about you from your connected calendars (e.g., Outlook, Google Calendar), when you interact with us through our Social Media pages, through third-party advertisers, or third-party sources, and publicly available sources. Additionally, if you create or log into your CAKE.com account through a third-party platform (such as Apple, Google, Azure, or Okta), we will have access to certain information from that platform in accordance with the authorization procedures determined by such platform.
CAKE.com's use and transfer to any other app of information received from Google APIs will adhere to https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes, including the Limited Use requirements.
Information We Derive
We may derive information or draw inferences about you based on the information we collect.
USE OF INFORMATION
We use the information we collect to provide, maintain, and improve our products and services.
Business Users
If you are a Business User, we collect certain personal information about you in order to:
- Provide you Services and facilitate our business relationship with you;
- Process and facilitate transactions and send you related information, including confirmations; receipts, invoices, and customer experience surveys;
- Send you technical notices, security alerts, and support and administrative messages;
- Respond to your comments and questions and provide customer service;
- Communicate with you about products, services, and events offered by CAKE.com and others and provide news and information that we think will interest you (see the Your Choices section below for information about how to opt out of these communications at any time);
- Personalize the advertisements you see on third-party platforms and websites (for more information, see the Advertising and Analytics section below);
- Personalize and improve your experience on our Services;
- Monitor and analyze trends, usage, and activities in connection with our Services;
- Detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity and protect the rights and property of CAKE.com and others;
- Debug to identify and repair errors in our Services;
- Comply with our legal and financial obligations; and
- Carry out any other purpose described to you at the time the information was collected.
Authorized Users
If you are an Authorized User, we only process your personal information in accordance with the instructions, and on behalf, of your company to provide our Services. Generally, to the extent we have the permission of your company, our processing may include:
- Providing our Services to you on behalf of the Business User;
- Responding to your comments and questions and provide customer service;
- Personalizing and improving your experience on our Services;
- Monitoring and analyzing trends, usage, and activities in connection with our Services;
- Detecting, investigating, and preventing security incidents and other malicious, deceptive, fraudulent, or illegal activity and protecting the rights and property of CAKE.com and others;
- Debugging to identify and repair errors in our Services;
- Complying with our legal and financial obligations; and
- Carrying out any other purpose described to you at the time the information was collected.
These purposes are subject to change, depending on the instructions we receive from your company.
SHARING OF INFORMATION
Business Users
We share Business User’s personal information in the following circumstances or as otherwise described in this policy:
- We share personal information at your direction with other third parties with whom you have directed us to share certain information.
- We share personal information with vendors, service providers, and consultants that need access to personal information in order to perform services for us, such as companies that assist us with web hosting, payment processing, CMR tools, fraud prevention, customer service, and marketing and advertising.
- We may disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.
- We may share personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of CAKE.com, our users, the public, or others.
- We share personal information with our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
- We may share personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
- Personal information is shared between and among CAKE.com and our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership.
- We share personal information with your consent or at your direction.
Authorized Users
If you are an Authorized User, we only share your personal information in accordance with the instructions, and on behalf of the Business User to provide our Services. Because we are a service provider to the Business User, the Business User controls and determines the processing of all personal information we collect on their behalf. Nevertheless, to the extent we have the permission of the Business User, generally:
- We share personal information at your or your company’s direction with other third parties with whom you or your company has directed us to share certain information (e.g., those Business Users who have invited you to join our Services, Google Calendar or Outlook, Human Resource management software).
- We share personal information with service providers (i.e., subprocessors) that need access to personal information in order to perform services for us, such as companies that assist us with web hosting, fraud prevention, and customer service.
- We may disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.
- We may share personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
- Personal information is shared between and among CAKE.com and our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership.
ADVERTISING AND ANALYTICS
We allow others to provide analytics services and serve advertisements on our behalf across the web and in mobile apps. These entities may use cookies, web beacons, device identifiers, and other technologies to collect information about your use of our Services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, and conversion information. This information may be used by CAKE.com and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites, and better understand your online activity. For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices.
YOUR CHOICES
Account Information
You may update and correct certain account information at any time by logging into your account or emailing us at [email protected], [email protected], [email protected], [email protected] or [email protected]. If you wish to delete your account (via a user settings page, by email or otherwise), please note that we may retain certain information as required by law or for our legitimate business purposes. Your information may also remain in any applicable workspace as a part of your business’ license to use the Services.
If you are a Business User that manages particular workspaces, you can delete whole workspaces and other user’s information in such workspaces that you manage. To delete your personal account, you may be required to remove any users within your workspace or transfer your administration rights to another Business User before deleting your personal account.
Location Information
When you first launch any of our mobile apps that collect precise location information, you will be asked to consent to the app’s collection of this information. If you initially consent to our collection of such location information, you can subsequently stop the collection of this information at any time by changing the preferences on your mobile device. You may also stop our collection of this location information by following the standard uninstall process to remove all of our mobile apps from your device.
Cookies
Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of our Services. See also our Cookies Policy.
ADDITIONAL DISCLOSURES FOR INDIVIDUALS IN EUROPE
If you are located in the European Economic Area (“EEA”), the United Kingdom, or Switzerland, and you are a Business User whose personal information we control, you have certain rights and protections under the law regarding the processing of your personal information, and this section applies to you.
Legal Basis for Processing
When we process personal information, to the extent required by applicable law, we will do so in reliance on the following lawful bases:
- To perform our responsibilities under our contract with you (e.g., processing payments for and providing the products and services you requested).
- When we have a legitimate interest in processing your personal information to operate our business or protect our interests (e.g., to provide, maintain, and improve our products and services, conduct data analytics, and communicate with you).
- To comply with our legal obligations (e.g., to maintain a record of your consents and track those who have opted out of marketing communications).
- When we have your consent to do so (e.g., when you opt in to receive marketing communications from us). When consent is the legal basis for our processing your personal information, you may withdraw such consent at any time.
Data Retention
We store your personal information for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.
For Authorized Users, we retain your personal information for the duration of our agreement with your company, or until your company requests its deletion, whichever comes first, unless it is required to meet our legal, regulatory, or other compliance obligations. Additionally, some information, including but not limited to screenshots, GPS location, auto-tracking, and audit-log information are automatically and routinely deleted after a designated time as part of our data retention policies.
Data Subject Requests
To the extent required under applicable law, you have the right of:
- Information. You have the right to be informed about how we collect and use your personal information.
- Access. You have the right to request a copy of the personal information we are processing about you, which we will provide to you in electronic form.
- Rectification. You have the right to require that any incomplete or inaccurate personal information that we process about you is amended.
- Deletion. You have the right to request that we delete personal information that we process about you, unless, for example, we are required to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- Restriction. You have the right to request that we restrict our processing of your personal information where: (i) you believe such data to be inaccurate; (ii) our processing is unlawful; or (iii) we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.
- Portability. You have the right to request that we transmit the personal information we hold with respect to you to another data controller.
- Objection. Where the legal justification for our processing of your personal information is our legitimate interest, you have the right to object to such processing on grounds relating to your situation (e.g., direct marketing). We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defense of a legal claim.
- Withdrawing Consent. If you have consented to our processing of your personal information, you have the right to withdraw your consent at any time, free of charge. Please note that if you withdraw your consent, this will not affect the lawfulness of our use and processing of your information on the basis of your consent before the point in time when you withdraw your consent.
Some rights may be limited, and we may need to retain certain personal information, as required or permitted by applicable law. If you would like to further inquire about, or exercise any of these rights, please contact us using the information below.
If you are an Authorized User, please contact the Business User for whom you are an Authorized User with your request to exercise your rights as we may be limited in our ability to respond to your request directly.
International data transfer
We take steps to ensure that we handle your personal information subject to appropriate safeguards. As a US company, most of our operations are conducted in the United States and in order to provide the Services, personal information will be processed in the United States, where laws regarding processing of personal information may be less stringent than the laws in your country. We provide appropriate protections for cross-border transfers as required by applicable law for international data transfers. With respect to transfers originating from the European Economic Area, Switzerland or the UK, where applicable, the standard contractual clauses and the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers, approved by the European Commission and the UK Information Commissioner, respectively, are implemented. Where required by such laws, you may request a copy of the suitable mechanisms we have in place by contacting us as detailed below.
In some cases, we may provide you with the option to choose the location, including locations in the EEA, in which we store and process your data. To the extent we provide that option to you, we will only process and store your data in the designated location and not transfer your data outside that jurisdiction, except in accordance with applicable law.
LIST OF SUB-PROCESSORS
CAKE.com uses the third party entities ("sub-processors") below to process personal data on behalf of CAKE.com customers:
Processor/Sub-Processor | Role | Seat |
---|---|---|
Aircall.io, Inc | Business phone system | USA |
Amazon Web Services, Inc. | Cloud Infrastructure (IaaS) | USA |
COING DOO | Software Development | Serbia |
Databricks, Inc. | Analytics | USA |
Eversign GmbH | Electronic Signature | Austria |
Google, Inc. | Analytics | USA |
Hetzner Online GmbH. | Cloud Infrastructure | Germany |
Igil Webs SRL | Affiliate Platform | Romania |
Lempire SAS | Email automation tool | France |
Microsoft, Inc. | Cloud Computing Services | USA |
Pipedrive OÜ | CRM | Estonia |
Stripe, Inc. | Payment Provider | USA |
Tableau Software, LLC. | Analytics | USA |
Wistia, Inc. | Video Hosting | USA |
Zendesk, Inc. | Email & Chat Support | USA |
ZenLeads Inc. | Sales enrichment tool | USA |
Questions or Complaints
If you have a concern about our processing of personal information that we are not able to resolve, you have the right to lodge a complaint with the Data Protection Authority where you reside. Contact details for your Data Protection Authority can be found using the links below:
For individuals in Switzerland
CONTACT US
If you have any questions about this Privacy Policy, please contact us at [email protected]
CAKE.com Inc.
2100 Geng Road
Suite 210
Palo Alto, CA
94303, USA
For our users in the EEA, the United Kingdom, or Switzerland, you may also contact our Data Protection Officer at [email protected]