Effective and Last Modified: July 13, 2023
3.The Information We Collect From You
Information You Provide to Us
Users: Gosadi collects and stores from Users who open accounts with Gosadi the following information: full name, email address, your company name (if any), social media handles, subscription level, zip code, city, state, phone number, website information, and links to where you sell online and connect to Gosadi Users also may provide other information, but it is not required. Users who open accounts acknowledge that some of this information may be personal to you, and by creating an account for use of the Services and providing personal information to us, you allow others, including us, to identify you and therefore may not be anonymous.
While for account subscription payment we ask Users to input payment information (name, credit card number, billing zip code), we do not see, maintain, or store that information. Instead, we serve as payment gateway and payment is made through Stripe or PayPal (your choice). We adhere to their payment policies.
When you open a Gosadi account and create a “Designer Landing Page”, or “DLP”, providing links to the third-party websites on which you sell your designs (such as Ravelry, Etsy, etc.), you will enter and provide us with your account number and seller ID number for any such third-party website. You will then import product information from the third-party website onto our website and app, thus creating the product library on your gosadi account. As part of this importing process, you agree to provide that product information, but we do not collect any personal data you may have stored on that third-party website, nor do we collect any sales or analytic data that may exist or be generated in connection with the products you sell.
You may also provide information to us when you communicate with our help desk, respond to surveys, or post questions in one of our public forums.
Customers: We do not ask Customers to voluntarily provide us with personal information, except when they fill out a “report option,” which is a feature we provide for the reporting of content that a reporting party deems as hate speech in violation of Gosadi’s Terms of Service. https://gosadi.com/terms-conditions. Persons filling out a report option must provide an email address.
Information We Collect Automatically
Users and Customers: Like most online service providers, we collect what is commonly referred to as “log information” automatically provided by web browsers, mobile devices, and servers. This includes the browser you use, your IP address, your language preference, referring site, date and time of access, operating system, and mobile network information.
We also collect “device information,” for example your hardware model, operating system, performance information, IP address, browser type and other identifiers sent along with browser requests.
We also collect “usage information,” meaning information about the parts of our website and app that you use, including how you browse through the gosadi website and app. This information is collected both on an aggregate and an individual basis.
Business Partners and Affiliates: Gosadi works closely with several business partners. These business partners help us to provide the Services in accordance with our Terms of Service. https://gosadi.com/terms-conditions. When doing so, Gosadi or the business partner may need to share information related to providing the Services. Gosadi also has an affiliates program through AWIN, whereby our users can earn commission based income referring others to use our services. These affiliates and other business partners will process your personal information in accordance with their own privacy policies. Please read those privacy policies and you should feel free to ask questions of these other entities before you disclose your personal information to them.
4.When Do We Collect Your Data?
Whenever you interact with Gosadi, either via our website or app, we collect your data. We collect information you provide to us when you visit our site or app, fill out a form, or otherwise communicate with us. Sometimes we request you provide us with data (the “Information You Provide to Us,” described above), sometimes data about you is collected automatically (the “Information We Collect Automatically,” also described above).
As noted above when, as a User, you upload to your Designer Landing page, we also collect information that you have provided related to your designs.
We may collect information when you open an email from us, such as when we send a newsletter. This information is used to improve our customer service.
We may receive data about you from Users providing it directly to us, third parties including advertisers, and from publicly available sources such as social media websites that you choose to connect with Gosadi.
5.How We Use Your Information; Legal Basis
We only use your information for reasons necessary for our legitimate interests and for which we have a legal basis. First and foremost, we use your information when it is necessary to provide the Services that you have requested and (with respect to Users) that we have contractually agreed to provide. Examples of this include using your information to set up and maintain your account, help you to access any of our features, and personalize your experience using the Services. We also may use this information to further develop our Services, such as by adding features that we believe you will find useful.
We also use information to measure interactions with our website and app, to determine and analyze trends. This will help us better understand how Users and Customers use and interact with the Services, so that we can improve them.
We use information about you to monitor and protect the security of our services, and to detect and prevent activities in violation of our Terms and Conditions, and in violation of law.
We also use your information to communicate with you about the Services, respond to your inquiries, and provide information we think will be of interest to you.
6.How, and With Whom, We Share Your Information
Information We May Share
We do not sell, disclose, rent, or otherwise provide our Users’ or Customers’ private personal information to any third parties. We only share information about you in the limited circumstances described below, and only with appropriate safeguards on your privacy:
We may disclose information about you as required by law, such as to respond to a lawful subpoena, court order, or other governmental request.
We may share and disclose information with your consent or at your direction.
We may disclose information about you when we believe in good faith that such disclosure is reasonably necessary to protect property or rights of Gosadi, third parties, or the public at large. Examples of this include if necessary to respond to claims asserted against us, comply with legal process, enforce or administer agreements and terms, and to protect the rights, property, and safety of our users or others.
Information Shared Publicly
Of course, in using our Services, you may choose to make information public. That includes information posted to your Designer Landing Page, and information you may include in our online communities (such as comments or forums).
7.Security of Your Information
Gosadi employs a variety of industry-standard technologies and methods to help protect information about you against unauthorized access, use, alteration, and destruction. These methods include, but are not limited to:
AES Encryption: Encryption is the process of encoding information to make it unreadable to unauthorized individuals. It is commonly used to protect data both at rest (stored data) and in transit (data being transmitted over networks).
Secure Sockets Layer/Transport Layer Security (SSL/TLS): SSL/TLS protocols provide secure communication over the internet by encrypting data transmitted between a user's device and the application's servers. This helps sensitive information to remain confidential and protected from interception.
Firewalls: Firewalls are network security devices that monitor and control incoming and outgoing network traffic. They act as a barrier between internal networks and external networks (e.g., the internet), enforcing security policies and filtering out potentially malicious traffic.
Regular Security Audits and Vulnerability Assessments: Conducting regular security audits and vulnerability assessments helps identify weaknesses or vulnerabilities in the application's infrastructure or code. This allows for proactive mitigation of potential security risks before they can be exploited.
Access Control and User Permissions: Implementing access control mechanisms means that only authorized individuals can access certain resources or perform specific actions within the application. User permissions are assigned based on roles and responsibilities, limiting access to sensitive information to only those who require it.
Secure Development Practices: Employing secure coding practices, such as input validation, output encoding, and proper handling of sensitive data, helps prevent common vulnerabilities like cross-site scripting (XSS), SQL injection, or insecure direct object references.
Regular Software Updates and Patch Management: Keeping software, operating systems, and libraries up to date helps protect against known vulnerabilities and exploits. Regularly applying security patches and updates is crucial to maintaining a secure environment.
Data Backups and Disaster Recovery: Implementing regular data backups and disaster recovery procedures allows critical information to be restored in case of data loss, hardware failures, or other unforeseen events.
Audit Logs and Monitoring: Implementing comprehensive logging mechanisms allows for the recording of various activities within the application. These logs can be analyzed for anomalies or suspicious behavior, aiding in the detection of security breaches or unauthorized access attempts.
Redundancy and High Availability: Employing redundant systems and implementing high availability measures helps the application remain accessible even in the event of hardware failures, network disruptions, or other unexpected incidents. This helps maintain business continuity and minimizes downtime.
Security Training and Awareness: Regular training and awareness programs for employees and users help promote a security-conscious culture. Training can cover topics such as phishing awareness, social engineering, password best practices, and the importance of maintaining security standards.
Please note that Gosadi cannot eliminate all risk and no website, app, or internet transmission is completely secure. We, therefore, do not guarantee or warrant that these methods will prevent unauthorized access to information about you. Therefore, you are urged to take steps to keep your personal information confidential.
8.How Long We Store Your Information
We keep your personal information throughout your relationship with Gosadi, meaning as long as you, as a User, maintain a Gosadi account and 30 days after you cancel your account. If you terminate your account with us, we will continue to store your information for 30 days (during which time you may rescind your cancellation and as a result, information will continue to be stored as before). After 30 days, if the cancellation is not rescinded, we will permanently delete your information.
9.Your Rights as to the Information We Collect; Data Retention Practices
If you are a registered User, we may retain your personal information as long as you have an account with us. You can access information associated with your account by logging into the Services, going to the Setting option under My Account, and then downloading your data.
You also have the right to correct personal information. We try to keep the information that we hold about you accurate and up to date. Should you determine that any of the information we hold about you is incorrect, and you are unable to access it through your account, please contact us at firstname.lastname@example.org and we will correct it as soon as we can.
You have the right to ask us to remove all data and/or personal information we hold about you. You acknowledge that if you do so, we may not be able to provide some or all of the Services to you. In the event of such a request, we will take reasonable steps to remove all information from our systems, including backups, where technically possible, within 30 days of any such request. You can exercise this right by contacting us at email@example.com. We may retain certain specific information, where required by law. There is no fee to make such a request.
Following the closure of your account, we may retain personal information where required by law or where we have an ongoing legitimate business interest to do so. Subject to that caveat, as noted in the preceding section, we will delete all your personal information from our systems within 30 days of the closure of your account.
Registered Users and unregistered Customers and other visitors to our website or app can access and delete cookies, or reject them, through your web browser settings. In doing so, you recognize that some features of Gosadi’s website or app may not function properly.
Though we take great precautions to protect our systems and servers from unauthorized access, and continually review our internal security, as noted above, we cannot eliminate all risk. If we become aware of any potential or actual breach of our systems causing your personal information to be exposed, we will contact you via the email address you have provided to us within 72 hours of such discovery to notify you of the situation.
Opt-outs. You may opt out of receiving emails from us, including promotional messages and newsletters. Just follow the instructions on those messages, and hit the “unsubscribe” button located at the very bottom of the email. Opting out of promotional messages does not mean we will stop sending you other messages, such as information about your Account and any legal notices (or notices of any security breach).
Providing your personal data for survey, marketing, and other profiling purposes is optional. The refusal to provide your personal data for these purposes will not have any impact on the entering into or performing the account contract.
Gosadi does not knowingly collect or ask for personal information from anyone under the age of 16, or knowingly allow such persons to open an account. If we become aware that we have collected personal information from a child under 16 without parental consent, we take steps to delete that information. If you believe that we have collected information about a child under 16, please contact us at firstname.lastname@example.org, and we will delete that information.
11.Do Not Track
At this time, we do not respond to Do Not Track (DNT) signals. If industry standard around this changes, we will revisit this at that time.