Last Modified: 7/6/2018

Introduction

CS DISCO, INC. (“Company” or “We”) respects your privacy and is committed to protecting it through our compliance with this policy.

This policy describes the types of information we may collect from you or that you may provide when you visit the website www.csdisco.com (our “Website“) and our practices for collecting, using, maintaining, protecting, and disclosing that information. Your privacy when using the DISCO software is protected by the terms of your agreement with CS DISCO INC.; this DISCO Privacy Policy does not apply to information collected during product usage.

This policy applies to information we collect:

  • on this Website.
  • in email, text, and other electronic messages between you and this Website.

It does not apply to information collected by:

  • us on the subdomain login.csdisco.com
  • us offline or through any other means, including on any other website operated by Company or any third party; or
  • any third party, including through any application or content (including advertising) that may link to or be accessible from the Website

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this privacy policy. This policy may change from time to time. Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Website, including information:

  • by which you may be personally identified, such as name, postal address, e-mail address, and telephone number (“personal information“);
  • that is about you but individually does not identify you; and/or
  • about your internet connection, the equipment you use to access our Website and usage details.

We collect this information:

  • directly from you when you provide it to us; and/or
  • automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies.

Information You Provide to Us. The information we collect on or through our Website may include:

  • information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, posting material, or requesting further services. We may also ask you for information when you report a problem with our Website; and/or
  • records and copies of your correspondence (including email addresses), if you contact us.

You also may provide information to be published or displayed (hereinafter, “posted“) on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, “User Contributions“). Your User Contributions are posted and transmitted to others at your own risk. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Information We Collect Through Automatic Data Collection Technologies. As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website; and/or
  • information about your computer and internet connection, including your IP address, operating system, and browser type.

The information we collect automatically may include personal information, and we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:

  • estimate our audience size and usage patterns;
  • store information about your preferences, allowing us to customize our Website according to your individual interests;
  • speed up your searches; and/or
  • recognize you when you return to our Website.

The technologies we use for this automatic data collection may include:

  • cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website; and/or
  • web beacons. Pages of our the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information:

  • to present our Website and its contents to you;
  • to provide you with information, products, or services that you request from us;
  • to fulfill any other purpose for which you provide it;
  • to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
  • to notify you about changes to our Website or any products or services we offer or provide though it;
  • in any other way we may describe when you provide the information; and/or
  • for any other purpose with your consent.

Disclosure of Your Information

We may disclose aggregated information about our users without restriction.

We may disclose personal information that we collect or you provide as described in this privacy policy:

  • to our subsidiaries and affiliates;
  • to contractors, service providers, and other third parties we use to support our business;
  • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information about our Website users is among the assets transferred;
  • to fulfill the purpose for which you provide it;
  • for any other purpose disclosed by us when you provide the information; and/or
  • with your consent.

We may also disclose your personal information:

  • to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  • to enforce or apply our terms of use and other agreements, including for billing and collection purposes; and/or
  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of CS DISCO INC, our customers, or others.

Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

  • Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.
  • Promotional Offers from the Company. If you do not wish to have your email address/contact information used by the Company to promote our products or services, you can opt-out by by sending us an email stating your request to webmaster@csdisco.com If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided to the Company as a result of a product purchase.

We do not control third parties’ collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI“) on the NAI’s website.

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at:

webmaster@csdisco.com4400 Post Oak ParkwaySuite 2700Houston, Texas 77027

CS Disco, Inc. Privacy Shield Policy

1. What this policy covers.

CS Disco, Inc. (“DISCO”, the “Company,” “we,” or “us”) is committed to safeguarding the private information entrusted to it by its customers. DISCO complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework (“Privacy Shield”) as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. DISCO has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability (“Principles”). If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

This Privacy Shield Policy (“Policy”) extends to DISCO’s secure collection, use and storage of Personal Data transferred from European Union (“EU”) member countries and Switzerland to the United States (“Personal Data”) and supplements the terms set forth in our Privacy Policy (located at www.csdisco.com/privacy-policy/). Unless specifically defined in this Policy, the terms in this Policy have the same meaning as our Privacy Policy with respect to such Personal Data.

2. Information we receive from our customers

We collect and store Personal Data provided to us by individuals, law firms, business organizations, and government entities (collectively, our “Customers”) who sign agreements with us to use our software. Personal Data we receive from Customers are names, addresses, email addresses, email content, file-shares and other Personal Data identifiable to an individual. Any Personal Data received from our Customers is used strictly for the business purposes defined in the software agreement between the Customer and DISCO. It is not shared with third parties unless otherwise agreed between DISCO and the Customer, and in such a case, solely to third parties who are parties or counsel involved in litigation or other forms of dispute resolution, but strictly to provide the software and services to the Customer in accordance with the software agreement. We also collect and store names, addresses, email addresses, and email content received from Customer representatives using our software and accessing our support services site at www.support.csdisco.com.

You have the rights with respect to the Personal Data we receive from our Customers including the right to access, delete, amend, and correct your Personal Data. If you wish to access, correct, amend, or delete your Personal Data provided by a Customer to DISCO, you may contact us as described below. Similarly, if you wish to limit the use or sharing of your Personal Data, you should contact us as described below.

3. Information about visitors to our website

Visitors to our website www.csdisco.com will occasionally provide us with Personal Data on a completely voluntary basis. DISCO will only process and store this data in ways that are compatible with the purpose for which the visitor gave it to DISCO, or for which DISCO stored it, or for purposes the visitor later authorizes. Before we use this data for a purpose that is materially different than the purpose for which we received it or for which it was later authorized, we will provide the visitor with the opportunity to opt out. DISCO maintains reasonable procedures under the circumstances to help ensure that data collected from visitors is reliable for its intended use, accurate, complete, and current.

We also collect and store anonymous general information about the use of our websites and software, such as which software features our Customers use most frequently, and which services our Customers access the most. We use only aggregated data for this purpose, which de-identifies any individual Customer or visitor to our site. This information helps us determine what is most beneficial for our users and how we can continually create a better overall software and services experience. We may use this general and aggregated anonymous information and share it with our business partners so that they too may understand how our site is used.

4. Sensitive Personal Data

Our Customers may provide us data without our knowledge that includes Personal Data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic information, or health or sex-life information (collectively “Sensitive Personal Data”), solely for the purpose of using DISCO’s software and services. DISCO does not otherwise collect or store Sensitive Personal Data as a matter of course in its operations and does not ask its Customers or any visitors to supply it. Any Sensitive Personal Data received from Customers is used strictly for the business purposes defined in the software agreement between the Customer and DISCO. It is not shared with third parties unless otherwise agreed in writing between DISCO and the respective Customer, and in such a case, solely to third parties who are parties or counsel involved in litigation or other forms of dispute resolution, and strictly to provide DISCO’s software and services to the Customer.

You have the rights with respect to the Sensitive Personal Data we receive from our Customers including the right to access, delete, amend, and correct your Sensitive Personal Data. If you wish to access, correct, amend, or delete your Sensitive Personal Data provided by a Customer to DISCO, you may contact us as described below. Similarly, if you wish to limit the use or sharing of your Sensitive Personal Data, you should contact us as described below. Any requests to obtain your opt-in consent where the Privacy Shield requires, including disclosure of your Sensitive Personal Data to third parties, or before your Sensitive Personal Data is used for a different purpose than for which it was provided to DISCO by the Customer or for which you later authorized, should be directed to us as described below.

5. Compliance with law enforcement

DISCO may be required to disclose EU or Swiss Personal Data in response to a lawful request by public authorities, including the need to meet national security or law enforcement requirements.

6. Enforcement

For purposes of enforcing compliance with the Privacy Shield, DISCO is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. To review our representation on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at https://www.privacyshield.gov/list.

7. Data Transfers to Third Parties

We may transfer Personal Data to our third-party agents or service providers who perform functions on our behalf as described in our Website Privacy Policy. Where required by the Privacy Shield, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process Personal Data in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing. Under the EU-US and Swiss-US Privacy Shield Frameworks, we are responsible for the processing of information about you we receive from the EU and Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.

8. Security

DISCO maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield and its Principles.

9. Your Acceptance of These Terms

By using our website, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our website. Your continued use of our website following the posting of changes to this policy will be deemed your acceptance of those changes.

10. Contact Us

In compliance with the Privacy Shield Principles, DISCO commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact DISCO at:

Trevor Jefferies
Associate General Counsel
CS Disco, Inc.
4400 Post Oak Parkway, Suite 2700
Houston, Texas 77027
jefferies@csdisco.com
Direct dial: 346-980-4941

DISCO has further committed to refer unresolved Privacy Shield complaints to JAMS Dispute Resolution Services, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Additionally, DISCO is committed to cooperation with the EU Data Protection Authorities (“DPAs”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) and will comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of an employment relationship.

For information on how to contact your EU jurisdiction’s DPA, visit: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

For information on how to contact your Swiss jurisdiction’s Commissioner, visit: https://www.edoeb.admin.ch/index.html?lang=en

11. Binding Arbitration

You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have already taken the following steps: (1) raised your complaint directly with our Customer and provided them with the opportunity to resolve the issue; (2) raised your complaint directly with DISCO and provided us with the opportunity to resolve the issue; (3) made use of the independent dispute resolution mechanism identified above; and (4) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you.

12. Changes to This Policy

We reserve the right to amend this Policy from time to time as is consistent with the Privacy Shield requirements.

Effective Date: 25 May 2018