PRIVACY NOTICE

  1. Overview. This Privacy Policy tells you Mainline Intelligence, LLC’s (“Mainline”) policies and procedures for the collection, use and disclosure of personal data through the Mainline websites, including getmainline.io and getmainline.io/us (each, a “Site” and, collectively, the “Sites), mobile application (the “App”) and platform (the “Platform,” and together with the Sites and App, the “Services”). This Privacy Policy also includes any information we collect offline in connection with the Services. “Personal Data,” when referenced herein, means information that identifies you as an individual; it does not include non-personally identifying information.
  2. Key Privacy Principles. We take privacy and the protection of your personal data seriously. We abide by several overarching privacy principles, including:
    • We will never sell your personal data to third party companies intending to market their goods or services to you;
    • We will not share your personal data except to provide our Services, protect our rights, or comply with the law; and
    • We will not store your personal data on our servers unless required for the on-going operation of our Services.
  3. Personal Data That We Collect About You. The amount and type of personal data that we gather depends on the nature of your interaction with our Services. You may always refuse to supply personal data, with the caveat that it may prevent you from using certain features, functionalities or parts of the Services. We may collect, use, store and transfer different kinds of personal data, which we have grouped together as follows
    • Identity Data includes first and last name.
    • Account Data includes username, password, your preferences, feedback and any survey responses.
    • Technical Data includes your internet protocol (IP) address, login data, browser type and version, time zone settings and location, browser plug-in types and versions, operating system and platform and other technology on the device you use to access our Services.
    • Usage Data includes information about how you use our Services.
    • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
    • Transaction Data includes bank account or credit card information needed to complete transactions.
    • We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy. We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data).
  4. How We Collect Personal Data. We use different methods to collect data from and about you including through:
    • Direct Interactions. You may give us your Identity, Account and Transaction Data by filling in forms or by corresponding with us through our Services. This includes personal data you provide when you create a Mainline account, request more information, request that marketing materials be sent to you, participate in a survey or offer feedback.
    • Automated Technologies or Interactions. When you interact with our Services, we may automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookies Policy for more details.
    • Third Parties or Publicly Available Sources. We may receive personal data about you from various third parties including: (a) Technical Data from analytics providers such as Google Analytics; (b) Transaction Data from providers of payment services; (c) social media service providers (such as GitHub, Discord, YouTube, Reddit, Twitter, LinkedIn and Facebook); and (d) in providing personal data of any individual (other than yourself) to us, you agree that you have obtained consent from such individual to disclose their personal
  5. How We Use Your Personal Data. Our legal basis for collecting and using your personal data depends on the type of data we collect and the specific context in which we collect it. We may use and process your personal data to:
    • provide our Services to you;
    • keep in touch with you about changes or updates to the Services;
    • gather analysis or other information so that we can improve our Services;
    • monitor usage of our Services;
    • detect, prevent and address technical issues;
    • comply with applicable law;
    • protect and defend our rights in connection with the Services; and
    • fulfill any other purpose for which the personal data was collected.
    We will never sell or rent your personal data to third parties. We may combine your information with information we collect from other companies and use it to improve and personalize our Services, as well as our content and marketing.
  6. When We May Disclosure Your Personal Data. It may be necessary for us to disclose your personal data in the following situations:
    • Business Transaction. If we are involved in a merger, acquisition or asset sale, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.
    • Disclosure to Law Enforcement. Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to a valid request by public authorities such as a court or governmental agency.
    • Legal Requirements. We may disclose your personal data in the good faith belief that such action is reasonably necessary to comply with a legal obligation, protect and defend our rights or property, prevent or investigate possible wrongdoing in connection with our Services, to protect personal safety of other users of the Services or the public, or to protect against legal liability.
  7. Links to Other Sites. Our Services may contain links to other websites that are not operated by us. If you click a third-party link, you will be directed to that third-party’s website. We strongly advise you to review the privacy policy of every website that you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party websites or services, including, without limitation, social media networks.
  8. Minors. Our Services are not intended for minors (meaning any individual under the age of 18 years old). We do not knowingly collect data from any minor without verified parental consent. If we learn that we have collected information, including personal data, for a minor without parental consent, we will delete that information immediately.
  9. Security Measures. We use appropriate technical and organizational security measures to protect your stored personal data against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are continuously being improved in line with technical developments. Please note that any data transmission on the internet (for example, communication by email) is generally not secure and we accept no liability for data transmitted to us via the internet. Unfortunately, absolute protection is not technically possible. This information does not apply to the websites of third parties and the corresponding links given on our websites; we assume no responsibility and liability for these.
  10. International Transfer of Personal Data. Please note that we may transfer personal data we collect about you to countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your personal data to other countries, we take steps designed to ensure that the transfer is in accordance with applicable law.
  11. Data Retention. We retain personal data for the period necessary for the purposes for which it was collected, or for such period as required by applicable law. This may involve retaining personal data for periods following a transaction. We make efforts to delete your personal data once it is no longer required for any of the business purposes described above.
  12. 12. Changes to this Privacy Policy. We may update our Privacy Policy from time to time. We will notify you of modifications to this Privacy Policy by posting a revised version in the App, on our Platform, by email, or by means of a prominent notice on our Sites. We recommend that you periodically check the Sites for any changes.
  13. 13. Contact Us. If you have any questions about this Privacy Policy or wish to inquire with us regarding personal data or privacy, please contact us at support@getmainline.com.
  14. EEA Addendum. The following disclosures apply to, and are intended exclusively for, individuals who reside within the European Economic Area (“EEA”). Please note that we may ask you to verify your identity before responding to such requests.
    • 14.1 Legal Bases for Processing Personal Data
      • To the extent we use personal data to perform contractual obligations or requests made by you in connection with a contract, Article 6(1)(b) of the General Data Protection Regulation (“GDPR”) is the legal basis for our data processing.
      • To the extent we use personal data to comply with a legal obligation under the EU or Member State law, Article 6(1)(c) of the GDPR is the legal basis for our data processing.
      • To the extent we use personal data to protect the vital interests of individuals, Article 6(1)(d) of the GDPR is the legal basis for our data processing.
      • To the extent we use personal data in pursuit of our legitimate business interests, Article 6(1)(f) of the GDPR is the legal basis for our data processing. A list of our legitimate business interests is in the above section titled “How We Use Your Personal Data.”
    • 14.2 European Data Protection Rights. European law provides you with certain rights with respect to your personal data, including:
      • The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your personal data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
      • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
      • The right to object. You have the right to object to our processing of your personal data based on grounds specific to your situation.
      • The right of restriction. You have the right to request that we restrict the processing of your personal information.
      • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
      • The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.
      • The right to complain with a European supervisory authority. You have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
    • 14.3 International Transfers. We may transfer personal data relating to EEA residents to countries that have not been found by the European Commission to provide adequate protection, including the United States. For any such transfers, we implement safeguards designed to ensure that your personal data receives an adequate level of protection. If you are located in the EEA, we will only transfer your personal data if the country to which the personal data will be transferred has been granted a European Commission adequacy decision; the recipient of the personal data is located in the United States and has certified to the US-EU Privacy Shield Framework; we have put in place appropriate safeguards in respect of the transfer, for example by entering into EU Standard Contractual Clauses with the recipient, or; an applicable statutory exception to the GDPR general transfer prohibition applies.
  15. 15 California Addendum. In addition to the rights provided in the Privacy Policy above, the California Consumer Privacy Act of 2018 (“CCPA”) provides consumers (California residents) with specific rights regarding their personal information, sublet to limited exceptions. Under the CCPA, “personal information” (which term is used interchangeably with “personal data” in the Privacy Policy) includes information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The following disclosures apply to, and are intended exclusively for, consumers who reside in the State of California.

    Although some categories of data collected by us may be exempt from the CCPA, the full list of categories of personal information collected can be found in the section above titled “Personal Data That We Collect About You.” Under the CCPA, we are required to disclose whether we sell personal information. As stated in Sections 2 and 5, we do not share, rent or sell your personal data to third parties. This section describes your CCPA rights and explains how to exercise those rights:
  16. Right to Know and Data Portability You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and verify your identity, we will disclose to you:
    • The categories of personal information we collected about you;
    • The purpose for collecting or selling that personal information;
    • The categories of third parties with whom we share that personal information;
    • The specific pieces of personal information we collected about you (also called a data portability request); and
    • The data processing operations.
    Right to delete You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and verify your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
    1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
    2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
    3. Debug products to identify and repair errors that impair existing intended functionality.
    4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
    5. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
    6. Comply with a legal obligation.
    7. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
    Right to opt-out of a sale You may request to opt out of any “sale” of your personal information that may take place. However, as stated in the Privacy Notice, we do not share, rent or sell your personal data to third parties.
    Right against discrimination We will not discriminate against you for exercising any of your CCPA rights.
    • 15.1 Exercising Your Right to Know or Delete. To exercise your rights above, please submit a request to privacy@getmainline.io. Only you, or your authorized agent acting on your behalf, may make a request to know or delete related to your personal information. We are only obligated to respond to a request to know or delete from you, or your authorized agent acting on your behalf, twice within a 12-month period. Your request to know or delete must:
      • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include: your full name, prior communications with Circle. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in the request to verify the requestor's identity or authority to make it.
      • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
      • You do not need to create an account with us to submit a request to know or delete.
    • 15.2 Response Timing and Format. We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact privacy@getmainline.io. We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.