Listen to the High-Impact Growth podcast : Candid conversations about technology for humanity

X

Privacy Policy | Dimagi

Privacy Policy

Posted: June 24, 2024

Effective Date: June 24, 2024

You can see our previous privacy policy here.

This notice describes the Privacy Policy of Dimagi, Inc. and its affiliate entities, Dimagi Software Innovations Pvt. Ltd., Dimagi South Africa (PTY) LTD, (“Dimagi,” “we”, “us”, or “our”). Here we describe how we collect, use and handle your information when you use our websites, software and services (“Services”).

  • If you’re using our Services for an organization, you’re agreeing to this Privacy Policy on behalf of that organization.
  • If you’re using our Services to provide services, software and content for some else, you’re agreeing to this Privacy Policy on their behalf.

What and why we collect

We collection and use of the following information to provide, improve and protect our Services:

Account Data: When registering to use our Services, Dimagi requires you to provide your personal contact information, such as name, company name, address, phone number, and email address (“Contact Information”). When purchasing our Services, Dimagi may require you to provide financial qualification and billing information, such as billing name and address, credit card number, and the number of employees that will be using the product or services (“Billing Information”). Dimagi may also ask you to provide additional information, such as company annual revenues, number of employees, or industry (“Optional Information”). Contact Information, Billing Information, and Optional Information about customers are referred to collectively as “Account Data” We use Account Data to perform the Services requested. We do not store your credit card data.

Your Content: When you use our Services, you provide us with things like your data, reports, messages, contacts, images and so on (“Your Content”). Our Services are designed to make it simple for you to collect and manage Your Content, share with others, and work across multiple devices. To make that possible, we store, process, and transmit Your Content, as well as information related to it. This related information can be things like your Contact Information that makes it easier to collaborate and share Your Content with others.

Usage: We collect information related to how you use the Services, including actions you take in your account. This is used to conduct research and development for the further development of our Services in order to provide you a more intuitive experience, and also to provide you support.

Device Information: We also collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services. This helps us improve our Services and provide you support.

Cookies and other technologies: We use technologies like cookies and web beacons to provide, improve, and protect our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services.

Aggregate Data Sets: Dimagi may also use Your Content to create aggregate, anonymized data sets (“Data Sets”). Data Sets are not associated with any individual or user account, and are thus anonymous information. Dimagi may use these Aggregate Data Sets to improve our Services and for research purposes. If you do not consent to the use of Your Data to create Data Sets by Dimagi, please “opt-out” by contacting us at support@dimagi.com and your data will not be included as of the date of notification. If you have already provided us your ‘opt-out’, we will continue to honor that.

With whom do we share

We may share information as discussed below, but we will never sell it to advertisers or other third parties. 

Others working for Dimagi: Dimagi uses certain trusted third parties (for example, providers of IT services) to help us provide, improve, protect, and promote our Services. These third parties will access your information only to perform tasks on our behalf in compliance with this Privacy Policy. We use Salesforce as our system for customer relationship management. We use Stripe and Flywire to process credit cards, both being our PCI-DSS compliant payment processing partners.

Analytics: We use analytics partners, including Google Analytics, Kissmetrics, and Hubspot to analyse some of the Usage information we collect. 

You can choose to opt-out of data sharing of some analytics data by reaching out to us directly. If you do not consent to our analytics partners having access to your information, please let us know at privacy@dimagi.com.

Some analytics data sharing can be opted-out explicitly by in-product configuration. To elect to disable this data sharing, please see the documentation for the specific product.

Other applications: You can also give third parties access to your information – for example, via our APIs or by connecting integrations or SMS Gateways. Just remember that their use of your information will be governed by their privacy policies and terms.

Legal Compliance and Protection: We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of Dimagi or our users; (d) protect Dimagi’s property rights.

How do we protect your information

Dimagi acknowledges your trust and is committed to protecting the information you provide to us. To prevent unauthorized access, maintain accuracy, and ensure proper use of information, we have employed physical, technical, and administrative processes to safeguard and secure the information we collect.

We have also employed physical, technical, and administrative processes to detect and investigate information breaches. In the unfortunate event of a breach, we will inform all affected accounts as soon as practicable upon discovery of such a breach, consistent with any applicable legal obligations and the needs of law enforcement.

No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Personal Information, we cannot guarantee its absolute security or confidentiality. If you have any questions about security, you can contact us at privacy@dimagi.com.

Please be aware that certain Personal Information and other information provided by you in connection with your use of the Services may be stored on your device (even if we do not collect that information). You are solely responsible for maintaining the security of your device from unauthorized access.

Where is the information stored, processed and transmitted

To provide you with the Services, we may store, process and transmit information in the United States and locations around the world – including those outside your country. Information may also be stored locally on the devices you use to access the Services.

Dimagi complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF (UK-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Dimagi has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Dimagi has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In the context of an onward transfer to third parties, Dimagi has responsibility for the processing of your information it receives. Dimagi shall remain liable under the EU-U.S. DPF, the UK-U.S. DPF, and Swiss-U.S. DPF if a third party processes your information in a manner inconsistent with the EU-U.S. DPF, the UK-U.S. DPF, and the Swiss-U.S. DPF, unless proven that Dimagi is not responsible for any processing inconsistent with EU-U.S. DPF, the UK-U.S. DPF, and the Swiss-U.S. DPF. . Dimagi’s liability extends only to trusted third parties and analytics partners that Dimagi relies on to deliver our Services. Dimagi shall not be liable for third parties that you independently select or use in conjunction with Dimagi’s Services.

Your Right to Control and Access to your personal information

You have control over your personal information and how it is collected, used, and shared. You have the rights to:

  • Know more about our privacy practices.
  • Object to our privacy practices or provide feedback.
  • Rectify your personal information.
  • Ask us to rectify your personal information.
  • Ask for your personal information — free of charge.
  • Ask us to erase your personal information.

Please send your request at privacy@dimagi.com. We will respond within 30 days of receipt of your request.

Your Choices Regarding the Use of Your Content

Dimagi provides various methods for You to opt out of how Your Content is used. These options are either described in our Privacy Policy and highlighted within our products.

  1. Opting Out by Contacting Us: You can choose not to share certain categories of Your Content by contacting our team as outlined in this Privacy Policy.
  2. Opting Out Within our Services: For some categories of your content, you can opt out directly within our Services by adjusting settings. If such options are available, they will be detailed in the official documentation for each specific category of data. 
  3. Opting Out of Third-Party Data Sharing: Some categories of Your Content are shared based on active choices you make to enable data sharing with other third parties through our Service features (such as integrations). To opt out of such data sharing, simply refrain from using these features.

Apart from this, Dimagi collects certain data necessary to provide our Services as per this Privacy Policy. The only way to opt out of this data collection is to stop using our Services.

Express Consent for Sensitive Information

If You are using our Services to collect personal information relating to other individuals, You represent that you have the authority to do so, and where required it is your obligation to obtain affirmative express consent from the individual that the personal information may be used in accordance with this Privacy Policy

Digital and Parental Consent

Any Personal Information You collect, including Personal Information of Your Delegates (as defined in the Terms of Service), must comply with the requirements of digital consent as per applicable law, including obtaining parental consent where legally required. If we learn that we have inadvertently collected Personal Information without verifiable parental consent (where legally required), we will take the appropriate steps to delete such information. To make such a request, or if there are any questions or concerns about the Privacy Policy for the Service or its implementation, please contact us at privacy@dimagi.com.

California Online Privacy Protection Act Notice

On September 27, 2013, California enacted A.B. 370, amending the California Online Privacy Protection Act to require website operators like us to disclose how we respond to “Do Not Track Signals”; and whether third parties collect personally identifiable information about users when they visit us.

(1) We do not respond to “do not track” signals.

(2) We do not collect personally identifiable information for third party use through advertising technologies.

California Civil Code Section 1798.83 also permits our customers who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@dimagi.com. Please note that we are only required to respond to one request per customer each year.

Change Management

If we are involved in a reorganization, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your account) of any such deal and outline your choices in that event.

We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights and/or requires your explicit acceptance, we will notify you via email or via in-product user experience.

Contact

In compliance with the EU-U.S. Data Privacy Framework (hereinafter “EU-U.S DPF”) Principles, Dimagi commits to resolve complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF, policy should first contact Dimagi at privacy@dimagi.com

In compliance with the EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF, Dimagi has further committed to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive acknowledgement of your DPF Principles-related complaint from us within 45 days, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

The EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF, also provides the option for EU, UK and Swiss individuals to invoke binding arbitration to determine whether Dimagi has violated its obligations under the EU-U.S. DPF Principles and whether any such violation remains fully or partially unremedied (“residual claims”). As a self-certified organization in the EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF, Dimagi is required to arbitrate claims pursuant to EU-U.S. DPF, the UK-U.S. DPF and the Swiss-U.S. DPF,’s Recourse, Enforcement and Liability Principle.

Dimagi is subject to oversight by the U.S. Department of Commerce including but not limited to U.S. Federal Trade Commission.