Privacy Policy

We believe that the only good policy is one you can understand without a lawyer by your side, we’ve worked hard to explain — clearly and in plain English — what we do, what information we collect, and why, so that you can feel confident about using Cota.

If there’s anything here that isn’t clear, reach out to us and we’ll fix it. We sincerely hope that this update helps you better understand this document, what you’re consenting to, and how we operate. Thanks for joining the Cota community!

Effective as of: October 15, 2020

At Cotasys Inc. (“Cota”), we value your trust and respect your privacy.

Cota exists to support entrepreneurs like you by offering a free and easy way to manage your daily dispatching duties, while respecting your privacy expectations.

A. SCOPE

This privacy policy applies to Cotasystems.com and, its subdomains (the “Site”), and our mobile apps, all of which are owned and operated by Cotasys Inc. It does not apply to any third-party websites, which have their own policies. Throughout this policy, when we say Cota, we mean our company, including the Site and any Cota mobile apps, and when we say Services we mean the various software products and services, and apps we make available to you through our Site and mobile apps, including our asset management, dispatching, messaging, invoicing services, referrals, and other small business–related services and support.

By “Personal Information”, we mean information about an identifiable individual. That’s what this policy is about – our collection, protection, use, retention, disclosure and other processing of Personal Information and your rights relating to these activities. We also compile certain aggregate data about our users.

What is aggregate data? “Smokey Bear buys a sandwich at a truck stop on I-80” is the Personal Information of Smokey Bear, but “20% of Cota users buy sandwiches on Mondays” is aggregate data.

We use Personal Information in order to provide you and your business with the Services. Our Privacy Policy is based on the following 10 fair information principles:

1. Accountability
2. Identifying purposes
3. Consent
4. Limiting collection
5. Limiting use, disclosure, and retention
6. Accuracy
7. Safeguards
8. Openness
9. Individual access

1. Accountability and Challenging Compliance

Cota has named a Privacy Officer who is responsible for all things privacy at Cota. This includes our policies and procedures that are designed to keep your information safe. If you have any questions about our privacy practices or this policy, you can contact me at:

Cotasys Inc.

Privacy Officer

2659 State St, Suite 100

Carlsbad, CA 92008

USA

Email: privacy@cotasystem.com

2. Identifying Purposes

Cota collects, uses, discloses, and otherwise manages Personal Information in a variety of ways related to the Services we provide. We’ve outlined these below. Your use of the Services determines which information we collect and use. For example, invoice factoring is optional, unless you’d like to use Cota quick pay services to get paid faster, at which point we will need to collect additional information in order to provide you with this service. Similarly, when you create an invoice, your customer’s email is optional, but if you’d like us to deliver the invoice by email, this information becomes necessary.

Cota may collect, use, store, or disclose your Personal Information for the purposes described below.

• In order to provide you with the Services, which includes the following:
• We collect information directly from you, but may also collect information from third parties when you connect your Cota account to them. These integrations may pull data into or share data out of Cota. In some cases, we use a service provider to connect you to a third-party service.
• We may also collect your name and email address from third parties when you sign up and login to our Site using single sign-on (SSO).
• When you connect your Cota account with a third-party service, their terms and policies apply.
• To promote or offer you products or services, and to determine your eligibility for new services we may offer from time to time.
• To provide you with educational materials and guides relevant to the Services you use.
• To contact you for the purposes of Service updates and system and account notifications.
• To provide you with support in connection with the Services.
• To comply with any laws, regulation, court orders, warrants, inquiries, subpoenas or other legal processes or investigations, and to protect ourselves, other individuals, or property from harm.
• In connection with a prospective or completed merger or sale (including insolvency or bankruptcy proceedings) involving all or part of Cota or as part of a corporate reorganization or stock sale or other change in corporate control.

We will never sell your Personal Information to other companies.

3. Consent

Cota takes a consent-based approach to the collection, use and disclosure of Personal Information.

"Opting-in" to marketing communications

When you sign up for our software, website, systems, or apps and when you book a meeting or quote loads with us you, will be asked for your contact information including emails and/or phone numbers. By signing up for any of the above you are agreeing to opt-in for marketing and transactional communications including but not limited to newsletters, email campaigns, SMS text campaigns, push notifications, and advertising. You may opt-out at any time by unsubscribing and closing your account or contacting us requesting to opt-out of marketing communications.

Submitting the Personal Information of others

When you submit the Personal Information of your customers, contractors or employees to us, you are responsible for informing such customers, contractors, and employees about Cota, and for obtaining any necessary consent or authority from them.

You may also choose to refer someone to our Site. We will send them a single invitation email to the address you provide. Please ensure that you only submit email addresses of individuals or businesses with whom you have a relationship and who would want to receive the message.

Closing your Cota account

At any time and without penalty, Cota users can withdraw their consent to the continued use or disclosure of their Personal Information by closing their Cota account. Please ensure you complete the account closure process which includes a confirmation email. Otherwise, your account may not be closed.

Email and communications consent

At any time, you can opt-out of commercial email communications from us by clicking on the unsubscribe link in such emails. Certain non-commercial communications may still be sent to you that are required to provide you with our Services. For example, system notifications, major product changes, changes to our Terms of Use, or other news that we believe will materially affect how you interact with Cota.

The only way to completely stop all emails from Cota is to close your account as outlined above.

4. Limiting Collection

Cota only collects the Personal Information necessary to provide the Services to you. The Services you use will determine which information Cota collects. We’ll also provide you the option of sharing additional information to enhance your Cota experience.

Cota may also use third-party services to supplement or enrich our understanding of our customers. This includes cross-referencing information like a name, business name, email address or IP address in third-party databases, and using the information there to improve our understanding of you and your business.

Cota is not intended for children and we do not knowingly or intentionally collect information about individuals under the age of thirteen (13).

Some of the Services allow you to provide access to your Cota account to other authorized users, which we call “guest collaborators”. Guest collaborators have access to information in your Cota account, including Personal Information, and may perform various tasks on your behalf. You take full responsibility for any collection, use or disclosure of your Personal Information by your collaborator(s).

To provide access to your account to a guest collaborator, you must provide the collaborator’s name and email address. We will send them a single email inviting them to the Site. Cota only uses this information to invite your collaborator. Please ensure that you only submit email addresses of individuals or businesses that you have a relationship with and who would want to receive the message. The guest collaborator may contact us at privacy@cotasystem.com to request that we remove their name and email address from our database.

5. Limiting Use, Disclosure and Retention

We will use your Personal Information as described in this policy.

We will share your Personal Information with third parties only as described in this policy.

We will retain your information for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law or regulation. To be clear, that means we’ll retain your Personal Information while you have an active account, and afterward if we need to do so to meet our legal obligations. If you choose to close your Cota account, we will destroy your Personal Information within 60 days unless we are otherwise obliged to keep it longer.

6. Accuracy

Cota relies on you to provide us with information that is accurate and complete. We provide you the mechanisms and rely on you to keep your information up to date. You can request updates or corrections of any inaccuracies in your Personal Information at any time by contacting us at the contact information listed in the policy. We will respond to your request within a reasonable timeframe.

7. Safeguards

Cota uses a combination of reasonable and appropriate safeguards designed to protect your information. These safeguards are administrative controls (things like policies, procedures, and training), technical controls (things like encryption, firewalls, and secure coding frameworks), and physical controls (secured hosting environments).

For additional details, please see our security page.

We ensure that any third party acting on our behalf maintains reasonable and appropriate safeguards in respect of your Personal Information. Additional information about our third parties’ privacy practices is available upon request.

If you have questions about security on our Site, you can contact us at security@cotasystem.com.

You are also responsible for helping to protect the security of your Personal Information. For instance, never give out your email account information or your password for the Services to third parties. Our team will never request your password or PIN, and we ask that you never post account or credit card numbers to our support channels.

8. Openness

This policy outlines our privacy practices. If you have questions about it, please contact our Privacy Officer. This policy is available publicly at https://www.cotasystem.com/privacy.

9. Individual Access

You may access, update and correct inaccuracies in the Personal Information in our custody or control at any time, subject to limited exceptions prescribed by law. You can download or export data you input into the Site at any time, or to correct inaccuracies, simply log in to your account and make the necessary changes.

You can also request access, corrections or updates to all your Personal Information, including information not available through your account, by contacting us as set out in the Challenging Compliance section of this document. We may request certain Personal Information for the purposes of verifying the identity of the individual seeking access to their personal information records.

B. ADDITIONAL DETAILS

1. Public content and Social Media

Cota has public forums and blogs. Any information submitted there may be read and collected by anyone.

You may request removal of Personal Information from forum or blog posts and comments by contacting us at privacy@cotasystem.com.

If you provide us with a testimonial, with your consent we may post it on our Site or in other materials and media, along with your name. If you want your testimonial removed, please contact us at privacy@cotasystem.com.

You may engage with us through social media sites. When you engage with us on these sites, we may have access to certain information about your account (e.g., name, username). These sites may collect your IP address, how you’re engaging with us, and may use cookies to enable the site to function properly. We may use this information to personalize your experience and to provide you with other products or services you may request.

2. Service Providers

We may transfer (or otherwise make available) your personal information to third parties who provide services on our behalf. For example, we may use service providers to host our website and to process payments. Your Personal Information may be maintained and processed by these third parties in other jurisdictions, Canada. When your information is in another jurisdiction, it will be subject to their laws. We only share the information these service providers need to do their job and we don’t authorize them for any other use or disclosure of personal information.

We may also use services provided by third-party platforms (such as social networking sites) to serve targeted ads on such platforms to you or others, and we may provide a hashed version of your email address or other information to the platform provider for such purposes. To opt-out of the sharing of your information with such platforms, please send an email to privacy@cotasystem.com.

3. California Consumer Privacy Act

If you live in California, you are granted additional rights under the California Consumer Privacy Act.

4. Visiting the Site and using the mobile apps

In general, you can visit the Site without telling us who you are or submitting any Personal Information. However, we and/or our service providers (such as Google Analytics) collect IP (Internet protocol) addresses from all visitors to the Site and other related information such as page requests, browser type, operating system and average time spent on our Site. When you use any of our mobile apps, we also collect device type, operating system, unique device identifier, and date and time stamp. This information is used to help us understand the activity on, and to monitor and improve, our Site and mobile apps, and to provide you with better service.

5. Cookies, Tags, and Web Beacons

Technologies such as cookies, web beacons, tags and scripts are used by Cota, our advertising and analytics service providers (such as Google analytics), and affiliates to analyze usage trends, administer the Site, and to gather demographic information about our user base as a whole.

A cookie is a small piece of data that our Site can send to your browser, which may then be stored on your device so we can recognize you when you return. We use cookies for session tracking to make it possible to navigate the secure environment inside our Site. These cookies (1) may let us know who you are, (2) are necessary to access your account, and (3) will give us information that we can use to personalize our Site according to your preferences. You can control the use of cookies in your browser. If you disable cookies, you will not be able to access your account or take advantage of all of the features of the Site and mobile apps.

6. Notification of Privacy Policy Changes

We may update this privacy policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on our website prior to the change becoming effective. We encourage you to periodically review our Privacy Policy for the latest information on our privacy practices.

‍

B. Your California privacy rights (CCPA).

The California Consumer Privacy Act of 2018, (Cal. Civ. Code §1798.100 et seq., as amended, "CCPA") gives California residents rights and control over their personal information. Cotasys Inc. ("Cota", "We", "Our" or "Us") provides this statement to those residents ("You or "Your") in accordance with requirements under the CCPA to make certain disclosures about the collection and processing of their personal information.

Subject to certain limitations, if you are a California resident, the CCPA gives you the following rights over your information:

• For the period covering the 12 months preceding your request, you may request that we disclose to you the categories and specific pieces of information collected about you, the categories of sources from which we collected that information, and the purposes for which your information was collected.
• You may request that we delete information we collected from you.
• You have the right not to be discriminated against for exercising these rights over your information.

We do not sell your personal information

Under the CCPA, a business that sells California residents' personal information to others:

1) must give notice to California residents before selling their personal information to others,

and

2) must provide California residents the right to opt out of the sale of their personal information.

Cota does not sell personal information, including personal information of anyone under 16 years old. Thus, these notification and opt-out requirements do not apply to Cota.

What information do we collect?

As part of providing products and services to you, we may collect information, including personal information, about you or your business when you use our services.

Personal information is data that can be used to identify you individually. The information we may collect includes, but is not limited to:

• Contact information (e.g., name, phone number, address, and email address);
• Social Security number and other government identification numbers (e.g. EIN, driver’s license number);
• Date of birth;
• Financial information (e.g., income, revenue, assets, credits, deductions, expenses, and bank account information);
• Payment data (e.g., checking, debit and credit card account numbers, and payment history);
• Geo-location information;
• Website, mobile application, and email usage data (e.g., interactions with a website, application or advertisement);
• Device information (e.g., internet protocol (IP) address, device type, unique identifier, app version, operating system, network data, and phone state);
• Login information;
• Demographic information;
• Professional or employment-related information.

Who do we share your information with?

The privacy and security of your information is important to us. We do not sell or rent your information (including your Social Security number). We may disclose your information as permitted by law or with your consent to third parties with whom we have a written contract limiting the use and disclosure of your information. We may share your information to support the products and services you request, or provide you with information on products and services that may benefit you.

For example:

• Service providers. We may disclose your personal information to service providers who perform business functions on our behalf, such as hosting our website or processing payments. We may also share your personal information and a record of any transactions you conduct on our websites. Pursuant to our vendor management program, we require all service providers to have written contracts with us that require them to safeguard your information and prohibit them from selling, retaining, using or disclosing your information for any purpose other than for the specific purpose of performing the contract.
• Responses to legal requests. We may disclose your information when we have a good faith belief that such disclosure is required or permitted by law pursuant to a legal request. This may occur in connection with a court order, legal process, or other judicial, administrative or investigative proceeding that produces a request for information from us. In certain situations, we may be required to disclose your information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
• Protection of Cota and others. We may disclose your information when we believe that disclosure is necessary to protect your rights and safety, the rights and safety of others, or our rights and safety. We may disclose your information to proper federal, state, or local officials in order to—and only to the extent necessary—inform the official of activities that may constitute, or may have constituted, a violation of any criminal law, or to assist the official in investigating or prosecuting a violation of criminal law.
• Aggregate data. We may disclose aggregate information compiled using information that does not identify you individually or personally. This may include, for example, the total number of site views from a particular state or the average number of invoices sent per business.

Right to say no to the sale of your personal information

As explained above, the CCPA requires businesses that sell personal information to allow California residents the ability to opt out of the selling of their information.

Again, Cota does not sell personal information, thus these notification and opt-out requirements do not apply to Wave.

Requesting disclosure or deletion of your information

California residents may make a request pursuant to their rights under the CCPA by emailing privacy@cotasystem.com.

When receiving a request, we will verify that the individual making the request is the resident to whom the personal information subject to the request pertains. Government identification may be required.

C. Security policy.

When it comes to keeping your data, we never rest. We’ve built world-class security measures into the system to make sure you can use Cota with confidence.

Data Security

Secure data transmission: When you load a page in your browser, or upload something to Cota, all that information is encrypted while it’s moving over the internet. We lock up your data with up to 256-bit TLS encryption, the strength of protection you get with online banking and shopping. We also support a wide variety of cyphers — another kind of code — for our communications, to ensure the highest level of encryption possible, based on your browser.

Tokenization: Cota doesn’t store credit card numbers, ever. If you ever give us your credit card information, it is sent directly from the app or browser to our payments processor, and Cota receives a secure token back. This token is a code that authorizes Cota to complete the activity securely and efficiently, without storing or exposing your credit card information.

Secure data storage: Your data is stored on servers that have strict physical access protocols, meaning there are rules in place limiting access to only the people who need it to do their jobs. The facilities are controlled with 24/7 monitoring, and the technology is digitally protected.

Security Testing: Cota uses many layers of security testing. We test our systems internally, but that’s not enough in our opinion. We also may bring in third-party security firms to perform vulnerability assessments and penetration tests against our systems. Sounds great? Still not enough for us. Cota may offer a private bug bounty program. This means that we’ve got security researchers from all over the globe testing our app on an ongoing basis. It takes a lot of effort to keep things secure, and we’re happy to go the distance.

Transparency: We’re not asking you to just take our word for it that we keep your data secure. We want you to understand exactly how it’s done. That’s why we’ve written a very clear and understandable privacy policy.

Mobile Security

Passwords are encrypted when they’re collected, when they’re sent to our servers, and we never store them without encrypting them first. In fact, all communications between our apps and our servers are encrypted using Transport Layer Security (TLS) — the replacement for Secure Sockets Layer (SSL) — the highest level of security protocols available. Beyond that, we don't store any sensitive information, such as credit card numbers, on the device ever.

D. GDPR and Cota

A new set of rules came into effect May 25, 2018, in the EU: the General Data Protection Regulation (GDPR). It replaces a 23-year-old set of privacy rules that are out of date for the internet age.

If your business is in the EU, or does business with EU citizens, GDPR applies to you. You can find out the details for your business at the official GDPR information portal: https://www.eugdpr.org/

Effective as of: June 1, 2020

What is GDPR trying to accomplish?

The goal of GDPR, simply put, is to keep data about EU citizens safe, and to that we say, Bravo! The outgoing regulations from 1995 could never have predicted the revolutionary impact that the Internet would have on society, so new rules that address things like data storage and personally identifiable information are a good thing.

Wave and GDPR

GDPR is brand new legislation. Experts watching GDPR say there's still a lot open to interpretation, and clarification. Nonetheless, Cota is committed to meeting or exceeding customer and government expectations. In fact, Cota's internal policies have always been aligned with the objectives of GDPR. For example, under GDPR:

• You have a right to understand the terms of use you're agreeing to.Our famous plain-English Terms of Use and Privacy Policy are extremely easy to understand.
• You have a right to close your account and have personally identifiable information deleted.You can close your Cota account, and when you do, we delete personally identifiable information.
• You have a right to take your data with you.As stated in our Terms, “You own all your data,” and you can export or request rich data files at any time.
• You have a right to turn off direct marketing messages.We respect your email preferences, and make it easy for you to opt out.
• Companies must provide a 'reasonable' level of protection for personal data.As a company that handles business information, Cota is always security-focused, and we operate using data centers in secure facilities that meet the highest standards.

We are working to meet GDPR requirements, and will keep you informed as we implement additional functionality to support your privacy rights.

‍