Privacy Policy

Last Updated: April 14, 2025

At Resalt ("We," "Us," or "Our"), we are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and protect personal information through our software-as-a-service platform (the "Services"), which provides employee performance reviews and OKR systems to businesses and their employees. The Services include our website (getresalt.com), mobile applications, and any related subdomains or online services that link to this Privacy Policy (collectively, the "Resalt Materials").

By using the Services, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use the Services.

1. Definitions

  • Customer: A business, organization, or institution that purchases or uses the Services for its internal needs.
  • User: An individual (e.g., employee, manager) authorized by a Customer to use the Services.
  • Personal Information: Any information that identifies or can be used to identify an individual, such as name, email address, or performance-related data.
  • Controller Personal Data: Personal Information provided by a Customer or User that we process on behalf of the Customer.
  • Services: The employee performance review and OKR system provided by Resalt, including related features like feedback tools, goal tracking, and analytics.

2. Information We Collect

We collect information to provide, improve, and secure the Services. The types of information we collect include:

a. Information You Provide

  • Account Information: When you sign up for the Services, we collect details such as your name, email address, job title, and organization name. For Users, this may include login credentials (unless single sign-on, e.g., Okta or Google SSO, is used).
  • Performance and OKR Data: Customers and Users provide data related to employee performance reviews, feedback, objectives, key results, and other workplace metrics.
  • Customer Support: When you contact us for support, we may collect your contact details, inquiry details, and any attachments you provide.

b. Information We Collect Automatically

  • Usage Data: We collect information about how you interact with the Services, such as pages visited, features used, and time spent. This may include browser type, device type, operating system, IP address, and internet service provider.
  • Cookies and Similar Technologies: We use cookies and similar technologies to enhance your experience, analyze usage, and ensure security.
  • Log Data: Our systems automatically log technical information, such as access times, user actions (e.g., logins, feature usage), and error reports, to maintain security and functionality.

c. Information from Third Parties

  • Integrations: If a Customer integrates the Services with third-party platforms (e.g., HR systems), we may receive data from those platforms as authorized by the Customer.
  • Analytics Providers: We use third-party analytics tools (e.g., Google Analytics) to understand usage trends. These tools may collect anonymized data about your interactions with the Services.

3. How We Use Your Information

We use your information to provide, improve, and secure the Services, including:

  • Delivering the Services: To facilitate performance reviews, OKR tracking, feedback, and related features for Customers and Users.
  • Personalization: To tailor the Services to your preferences and role (e.g., manager dashboards vs. employee views).
  • Analytics and Improvement: To analyze usage patterns, troubleshoot issues, and enhance the Services' functionality and performance.
  • Customer Support: To respond to inquiries, resolve issues, and provide assistance.
  • Security: To detect and prevent unauthorized access, fraud, or misuse of the Services.
  • AI Processing: We use AI services, such as Google's Gemini, to generate insights, summarize feedback, or provide recommendations within the Services. Personal Information processed by AI is handled securely and in accordance with this Privacy Policy.
  • Legal Compliance: To comply with applicable laws, regulations, or legal requests.

4. How We Share Your Information

We do not sell your Personal Information. We may share information in the following circumstances:

  • With Customers: User data (e.g., performance reviews, OKRs) is shared with the Customer (your employer or organization) as part of the Services.
  • Service Providers: We engage trusted third-party providers to support the Services, including:
    • Supabase: Our database provider, which stores Personal Information securely in compliance with industry standards.
    • Google Gemini: Our AI service provider, which processes data to generate insights or recommendations.
    • Other Providers: Hosting, analytics, customer support, and payment processing providers (e.g., Stripe for payments, which does not store credit card data). These providers are contractually obligated to protect your information and only process it as instructed by us.
  • Business Transfers: If we are involved in a merger, acquisition, or sale of assets, Personal Information may be transferred as part of the transaction, subject to confidentiality agreements.
  • Legal Obligations: We may disclose information to comply with laws, court orders, or government requests, or to protect our rights, property, or safety.
  • With Consent: We may share information with other parties if you or your Customer provide explicit consent.

5. Data Storage and Security

a. Where We Store Data

We store Personal Information in secure data centers in the United States, managed by Supabase, which complies with ISO 27001 standards. If you are located outside the U.S., your data may be transferred to and processed in the U.S. We ensure such transfers comply with applicable data protection laws (see Section 7).

b. Security Measures

We implement industry-standard measures to protect your information, including:

  • Encryption of data in transit (using SSL/TLS) and at rest.
  • Access controls, such as strong passwords, multi-factor authentication, and role-based permissions.
  • Regular security audits, vulnerability scans, and penetration testing.
  • Employee training on data privacy and security.
  • Incident response policies aligned with NIST guidelines.

While we strive to protect your information, no system is completely secure. If you suspect unauthorized access, please contact us immediately at privacy@resalt.io.

6. Your Rights and Choices

You have control over your Personal Information. Depending on your location and applicable laws (e.g., GDPR, CCPA), you may have the following rights:

  • Access: Request a copy of your Personal Information.
  • Correction: Request updates to inaccurate or incomplete data.
  • Deletion: Request removal of your Personal Information, subject to legal or contractual obligations.
  • Restriction: Request that we limit the processing of your data.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to certain processing activities, such as marketing.
  • Opt-Out: Opt out of non-essential cookies or marketing communications.

To exercise these rights, contact your Customer's account administrator or email us at privacy@resalt.io. If your Customer cannot resolve your request, we will assist as needed. Note that some rights may be limited by your Customer's policies or legal requirements.

For California residents, under the CCPA, you have the right to know what Personal Information we collect, request deletion, and opt out of sales (we do not sell data). Contact us to exercise these rights.

7. International Data Transfers

If you or your Customer are located in the European Union, United Kingdom, or Switzerland, we ensure that transfers of Personal Information to the U.S. comply with GDPR and other applicable laws. We use Standard Contractual Clauses (SCCs) with Customers and subprocessors, including Supabase and Google Gemini, to safeguard your data. Customers may request our Data Processing Addendum (DPA) at privacy@resalt.io.

8. Children's Privacy

The Services are designed for business use and are not intended for individuals under 16 years old. We do not knowingly collect Personal Information from children under 16. If we learn that such information has been collected, we will take steps to delete it promptly.

9. Cookies and Similar Technologies

We use cookies and similar technologies to improve your experience, analyze usage, and ensure security. Cookies may include:

  • Strictly Necessary Cookies: Essential for the Services to function, such as session management.
  • Analytics Cookies: To understand how Users interact with the Services (e.g., Google Analytics).
  • Functional Cookies: To remember your preferences.

You can manage cookie preferences through your browser settings or our cookie consent tool. Disabling cookies may affect the Services' functionality.

Cookie Policy

Cookies We Use

  • Session Cookies: Temporary cookies that expire when you close your browser, used for secure navigation.
  • Technical Cookies: To track your consent preferences.
  • Third-Party Cookies: From providers like Google Analytics for usage insights or Supabase for authentication.

Managing Cookies

You can block or delete cookies via your browser settings. Note that disabling necessary cookies may impair the Services. For analytics cookies, you can opt out through our consent tool or Google Analytics' opt-out browser add-on.

Third-Party Analytics

We use Google Analytics to track anonymized usage data. It does not collect personally identifiable information unless you register, at which point prior visits may be linked to your profile. We do not allow Google to use this data for its own purposes.

10. Third-Party Links

The Services may include links to third-party websites or applications (e.g., integrations with HR platforms). We are not responsible for the privacy practices of these third parties. Please review their privacy policies before interacting with them.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on our website and, where required, by email or in-app notification. Your continued use of the Services after the update constitutes acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:

Resalt

Email: info@getresalt.com

13. Compliance and Accountability

We conduct regular self-assessments to ensure compliance with this Privacy Policy and applicable laws. Employees who violate this policy may face disciplinary action. We are committed to resolving complaints promptly and fairly.

Back to Home