Privacy

We are Jam, Inc. and its affiliates (“We are Jam,” “Jam”, “we,” “us,” or “our”) have prepared this Privacy Policy to explain what Personal Data (defined below) we collect, how we use and share that data, and your choices concerning our data practices. Through our software, (the “App”), we allow individuals (“Users” or “you”) to control your tools in a simple, fast and delightful way. The App, the chrome extension and https://jam.dev (the “Site”) are referred to collectively in this Privacy Policy as the “Service”.

If you are a business user, please refer to the Data Processing Agreement part of our Terms of Service.

This Privacy Policy is incorporated into and forms part of our Terms of Service.

Before using the Service or submitting any Personal Data to Jam, please review this Privacy Policy carefully and contact us if you have any questions. By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not access the Site or otherwise use the Service.

1. Personal data we collect

We collect the following categories of information that alone or in combination with other information in our possession could be used to identify you (“Personal Data”):

Account Data: If you create an account, we will collect the information needed to authenticate your access to the Service, including your email address.

Financial Data: To the extent any features of the Service are available for a fee, we may collect the financial information necessary to process your payments, such as your payment card number and authentication details.

Screen recordings: When using our Service, we will be processing the screen recording that, depending on your specific activity at that time, may contain personal data.

Communication Data: We may collect information when you contact us with questions or concerns and when you voluntarily respond to questionnaires, surveys or requests for market research seeking your opinion and feedback. Providing this information is optional to you.

Social Media Data: We have pages on social media sites like Facebook, Twitter, and LinkedIn (“Social Media Pages”). When you interact with our Social Media Pages, we will collect Personal Data that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.

2. How we use personal data

Under data protection law, we can only use personal data if we have a proper reason for doing so, for example:

to comply with our legal and regulatory obligations;
for the performance of our Terms of Service with you;
for our legitimate interests or those of a third party; or
where you have given consent.

A legitimate interest is when we have a business or commercial reason to use personal data, so long as this is not overridden by your own rights and interests.

We use Personal Data for the following purposes:

To process payments. Reason: For the performance of our Terms of Service with you
To respond to your inquiries, comments, feedback, or questions. Reason: For the performance of our Terms of Service with you
To send administrative information to you, for example, information regarding the Service and changes to our terms, conditions, and policies. Reason: For the performance of our Terms of Service with you. Reason: For the performance of our Terms of Service with you
To provide the service, we require access to the recordings (Jam sessions). Reason: For the performance of our Terms of Service with you
To analyze how you interact with our Service. Reason: For our legitimate interests or those of a third party, ie to be as efficient as we can in our delivery of the Service to you
To maintain and improve the content and functionality of the Service. Reason: For our legitimate interests or those of a third party, ie to enable us to improve our delivery of the Service to you
To develop new products and services. Reason: For our legitimate interests or those of a third party, i.e. to enable us to improve our delivery of the Service to you
To prevent fraud, criminal activity, or misuses of our Service, and to ensure the security of our IT systems, architecture, and networks. Reason: For our legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for us and for you to comply with our legal and regulatory obligations
To comply with legal obligations and legal processes. Reason: To comply with our legal and regulatory obligations
To protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties. Reason: For our legitimate interests or those of a third party, i.e. to protect our commercial interests and assets
To tell you about products or services we believe may be of interest to you. Reason: For our legitimate interests or those of a third party, i.e. to promote our business to you

Aggregated Information. We may aggregate Personal Data and use the aggregated information to analyze the effectiveness of our Service, to improve and add features to our Service, and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Services and share aggregated information like general user statistics with prospective business partners. We may collect aggregated information through the Service, through cookies, and through other means described in this Privacy Policy.

Marketing. We may use your Personal Data to contact you to tell you about products or services we believe may be of interest to you. For instance, if you elect to provide your email or telephone number, we may use that information to send you special offers. We have a legitimate interest in processing your personal data for promotional purposes (see table above). This means we do not usually need your consent to send you promotional communications. However, where consent is needed (for example because you are based in the United Kingdom or European Union), we will ask for this consent separately and clearly. We will always treat your personal data with the utmost respect and never sell it with other organizations outside the Jam’s group companies for marketing purposes. You may opt out of receiving emails by following the instructions contained in each promotional email we send you. To the extent you create an account you can also control the marketing emails and/or text messages you receive by updating your settings through your account. In addition, if at any time you do not wish to receive future marketing communications, you may contact us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we will continue to contact you regarding management of your account, as applicable, other administrative matters, and to respond to your requests.

In certain circumstances we may share your Personal Data with third parties without further notice to you, unless required by the law, as set forth below:

Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share Personal Data with vendors and service providers, including providers of hosting services, cloud services, and other information technology services providers, email communication software and email newsletter services, advertising and marketing services, payment processors, customer relationship management and customer support services, and web analytics services. Pursuant to our instructions, these parties will access, process, or store Personal Data in the course of performing their duties to us.
Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your Personal Data and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Services, or the public, or (v) protect against legal liability.

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers relating to ensure they can only use your personal data to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymized but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

4. Data retention policy

We will not retain your personal data for longer than necessary for the purposes set out in this policy. Generally, we store data until it is no longer necessary to provide our services or until your account is deleted – whichever comes first.

When it is no longer necessary to retain your personal data, we will delete or anonymize it. Even if we delete some or all of your personal information, we may continue to retain and use information that has been aggregated or anonymized so that it can no longer be used for personal identification.

5. Update your information

If you have created an account, you can log in to your account or contact us if you need to change or correct your Personal Data.

6. Children

Our Service is not directed to children who are under the age of 16. Jam does not knowingly collect Personal Data from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided Personal Data to Jam through the Service please contact us and we will endeavor to delete that information from our databases.

7. Links to other websites

The Service may contain links to other websites not operated or controlled by Jam, including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.

8. Security

You use the Service at your own risk. We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or e-mail. Please keep this in mind when disclosing any Personal Data to Jam via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites.

9. Your choices

In certain circumstances providing Personal Data is optional. However, if you choose not to provide Personal Data that is needed to use some features of our Service, you may be unable to use those features. If you have created an account, you can contact us to ask us to update or correct your Personal Data.

10. How to access, change and erase your personal information

You can change some of your personal data through the account settings. In addition, if you want to access, correct or delete your personal information you can submit a request by email with the subject line “Personal data request” to this email address: hello@jam.dev. Please see the JURISDICTION SPECIFIC NOTICES for additional information about your rights

11. Changes to privacy policy

The Service and our business may change from time to time. As a result we may change this Privacy Policy at any time. When we do we will post an updated version on this page, unless another type of notice is required by the applicable law. By continuing to use our Service or providing us with Personal Data after we have posted an updated Privacy Policy, or notified you by other means if applicable, you consent to the revised Privacy Policy and practices described in it.

12. Contact us

If you have any questions about our Privacy Policy or information practices, please feel free to contact us at our designated request address: hello@jam.dev.

JURISDICTION SPECIFIC NOTICES

ADDITIONAL NOTICE TO EU RESIDENTS

If you are an EU resident under the General Data Protection Regulation, you are granted certain fundamental rights when data about you is processed. We will ensure that we reach out without undue delay (no more than one month) when you submit a request related to exercising your data subject rights. Although uncommon, when applicable for official or legal reasons, we may be unable to address the specific request you make regarding your rights, or we may delay our response by up to two additional weeks months.

Additionally, if a request is clearly unreasonable or overly burdensome, we may either:

impose a reasonable fee that reflects the administrative costs of fulfilling the request; or
decline to process the request.

In this scenario, will we inform you of the reasons we believe your request is the manifestly unfounded or excessive character of the request.

As a data subject, you have the right to:

Request confirmation of whether we process Personal Data relating to you, and if so, to request a copy of that Personal Data;
Request that we rectify or update your Personal Data that is inaccurate, incomplete, or outdated;
Request that we erase your Personal Data in certain circumstances provided by law;
Request that we restrict the use of your Personal Data in certain circumstances, such as while we consider another request that you have submitted (including a request that we make an update to your Personal Data);
Request that we export your Personal Data that you have provided us to another company, where technically feasible;
Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time; and/or:
- In some cases, you may also have the right to object to the processing of your Personal Data.
- The right to non-discrimination is based upon your exercise of these rights.

If you believe that you have not received a satisfactory response from us, you may have the right under applicable laws to consult with the data protection authority in your area country. To ensure your protection, we might need to confirm your identity prior to addressing your request. This could involve verifying that the email address from which you submit the request aligns with the one we have on record. Additionally, we may require further information for identity verification, such as a government-issued ID. You have the option to exercise these rights yourself or designate a legal representative to submit requests on your behalf.

ADDITIONAL NOTICE TO CALIFORNIA RESIDENTS

This section applies only to California residents. Pursuant to the CCPA, please see the CCPA Privacy Notice which discloses the categories of personal information collected, purpose of processing, source, categories of recipients with whom the personal information is shared for a business purpose, whether the personal information is sole or shared, the retention period, and how to exercise your rights as a California resident.

ADDITIONAL NOTICE TO COLORADO RESIDENTS

Under the Colorado Privacy Act (“CPA”) if you are a resident of Colorado, acting only as an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context), your rights with respect to your personal data are described below.

“Personal Data” as defined in the CPA means: “information that is linked or reasonably linkable to an identified or identifiable individual” and does not include any of the following: publicly available information, de-identified or aggregated consumer, and information excluded from the CPA scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.

Sensitive Data includes (i) racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; (ii) Genetic or biometric data that can be processed to uniquely identify an individual; or (iii) child data. We do not process or collect any sensitive data.

Your Rights Under CPA:

Herein below, we will detail how consumers can exercise their rights, and appeal such decision, or if we sell the personal data, or sell the personal data for advertising and how to opt-out. We do not sell your Personal Data.

Right to Access/ Right to Know – you have the right to confirm whether and know the Personal Data we collected on you. You can exercise your right by reviewing this Privacy Policy, in case you would like to receive the Personal Data please contact us to receive a copy of your data.

Right to Correction – you have the right to correct inaccuracies in your Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of your Personal Data. You can exercise this right directly through your account or by contacting us.

Right to Deletion – you have the right to delete the Personal Data, this right is not absolute and in certain circumstances we may deny such request. We may deny your deletion request, in full or in part, if retaining the information is necessary for us or our service provider(s) for any of the following reasons: (1) Complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you; (2) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (3) Debug products to identify and repair errors that impair existing intended functionality; (4) Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; (5) Comply with the law or legal obligation; (6) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; (7) Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; (8) Make other internal and lawful uses of that information that are compatible with the context in which you provided it. We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our processors to take similar action. If you would like to delete your Personal Data please contact Butterfly.

Right to Portability – you have the right to obtain the Personal Data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. If you would like to receive the Personal Data please contact us. To receive a copy of your data we will select a format to provide your Personal Data that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

Right to Opt-Out from Selling Personal Data – you have the right to opt out of the sale of your Personal Data for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer. You may authorize another person acting on your behalf to opt out, . We do not sell your Personal Data, so we do not offer an opt out.

Right to Opt-Out from Targeted Advertising – you have the right to opt out of the sale of your Personal Data for the purposes of targeted advertising, sale to a third party for monetary gain, or for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or any other consumer. We do not profile you, thus we do not need to provide an opt-out.

Right to Appeal – if we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. If we deny the appeal, you may contact the Colorado Attorney General using this link: https://coag.gov/office-sections/consumer-protection/ or (720) 508-6000. Not more than 60 days after receipt of an appeal we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decisions. Duty not to violate the existing laws against discrimination or non-discrimination – such discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices. We do not discriminate our Users.

How to Submit a Request Under CPA?

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Data. If request is submitted by someone other than the consumer about whom information is being requested, proof of authorization (such as power of attorney or probate documents) will be required.

We will respond to your request within 45 days after receipt of a verifiable Consumer Request and for no more than twice in a twelve-month period. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at: hello@jam.dev and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

ADDITIONAL NOTICE TO VIRGINIA RESIDENTS

Under the Virginia Consumer Data Protection Act, as amended (“VCDPA”) if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your Personal Data.

"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information. Personal Data does not include de-identified data or publicly available data, and information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver's Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

The categories of personal data processed, purpose of processing, categories of personal data shared with third parties, categories of third parties with whom data is shared, your Rights are detailed above in the sections of this Policy.

How to Submit a Request Under VCDPA?

We shall respond to your request within 45 days of receipt. We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at: hello@jam.devand specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request we will not be able to grant your request.

ADDITIONAL NOTICE TO CONNECTICUT RESIDENTS

Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (the “CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your personal data are described below.

"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable individual. It does not include de-identified data or publicly available information. If further does not include information excluded from the scope such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver's Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

How to Submit a request under CDPA?

We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 days response period, together with the reason for the extension.

If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.

ADDITIONAL NOTICE TO UTAH RESIDENTS

Under the Utah Consumer Privacy Act (the “UCPA”) if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights with respect to your Personal Data are described below. “Personal Data" refers that is linked or reasonably linkable to an identifiable individual, and does not include de-identified data and publicly available data.

NOTICE TO NEVADA RESIDENTS

Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to hello@jam.dev.