Last Updated: 12/22/2020
Information You Provide
We may collect your name, physical address, email address, phone number, login credentials for the platform, demographic information (such as your occupation, level, location, or title), role information, compensation information, compensation history, equity or cap table information, industry profile, as well as other information you directly give us on the Platform or through manual uploads, forms, surveys, spreadsheets, emails, PDFs, or cloud storage platforms.
Information From Integrations
We may collect information you provide us through API, webhook, or credentialed access to your Applicant Tracking System (ATS), Human Resource Information System (HRIS), or other platforms, products, services, or systems that you explicitly grant Welcome access to.
Information We Get From Others
We may get information about you from other sources, including your website, news or public sources. We may add this to information you provide us through the Platform.
Information Automatically Collected
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
Visitor and Usage Information
We collect information about you and your devices when visiting or accessing the Platform. This is information we collect from every visitor to the Platform, whether they have an account or not. This information may include personal information, subject to consents when necessary. We may log your device type, unique identifiers, operating system, browser information, pages you viewed or interacted with, interactions on the pages you viewed, actions taken, how long you spent on a page, physical location, IP address, the dates and times you access the Platform, and other information about your use of, interactions with, and actions on the Platform.
Pages of our the Website may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Third party data
Welcome may receive data about you or about companies, organization, industries, visitors, marketing campaigns, and other matters related to our products and services from integrations, partners, or others that we use to make our own information more impactful. This data may be combined with other information we collect and might include aggregate level data.
How we use your information:
-To operate, maintain, and improve the Platform.
-To send communications including account invites, confirmations, technical notices, security alerts, notifications, system updates, upcoming events, and other news about products and services.
-To respond to questions and provide customer or technical support.
-To aggregate or combine user information with other information and data we collect. An example is when we combine the information a company has provided about their industry profile, compensation history, role, and level with the information entered by candidates to improve and personalize the user experience, including providing anonymized, real-time compensation benchmarks and metrics to help make better offers.
-To provide and deliver products and service requests.
-To protect against any fraudulent, unauthorized, or illegal activity on the Platform.
When we share your information
-To comply with applicable laws, regulations, or regulatory requests (if applicable).
-To protect the rights and property of Welcome, our employees, agents, customers, and others.
-To fulfill explicit customers instructions.
-For legal, security, and safety purposes.
-When customers' administrators need access to customer, candidate, and user access information on their account.
-With those who need it to do work for Welcome, such as granting a Welcome employee necessary access in order to do their job.
-We may share aggregated or anonymized data through the product or content. We may disclose or use aggregated or anonymized data for any purpose, including but not limited to, benchmarking, reporting, analytics, real-time compensation data, marketing, content purposes.
-Customers agree to allow Welcome to anonymize the customer's data and provide it to other customers as long as it is aggregated, de-identified, and is not associated with a given individual or company.
-When Customers authorize access to customer data through third parties that Welcome works with or integrates with.
-We will not share personal information with investors of the Company beyond any personal information that such investors are entitled to for customary legitimate business purposes.
-If we engage in or negotiate a merger, acquisition, or bankruptcy transaction or proceeding of some or all of Welcome’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, some or all personal information may be shared or transferred subject to reasonable confidentiality restrictions with respect to personal information.
-We may share other information with third parties when we have consent to do so, or when engaged with third parties as service providers to process information and support the Platform.
Access to customer information
Welcome limits its teams access to customer data and information as follows:
-All data is encrypted at rest for all data stores (databases, cache, etc)
-Welcome requires and enforces user access and authorization through secure logins and passwords
-Customer data access is audited, and limited to Welcome employees on a "least privilege" principle
-Welcome limits access to production environments on the basis of business need
-Welcome provides training to employees who are involved in the processing of Customer data to prevent data being used in an unauthorized manner, and to ensure the data is kept confidential
-Welcome immediately revokes all access to critical and non-critical systems upon employee termination (voluntary or involuntary)
California Privacy Rights
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our App that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org.
California Consumer Privacy Act (CCPA)
You can review our CCPA Notice here.
-All Customer information and data is stored entirely within Amazon Web Services (AWS) infrastructure
-Welcome separates each of our customers' information and data and also maintains measures to prevent information or data from being exposed, accessed, or shared with other customers or partners
-Welcome uses standard SSL/TLS security on all web requests
-Welcome leverages AWS cloud security through Fargate in a designated VPC
-Welcome securely routes and manages traffic using CloudFlare
-Welcome stores all sensitive documents in a private S3 bucket, which requires authentication credentials and permissions to access
-Welcome does not store passwords, API keys, or credentials in plain text
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
-All code is reviewed before being added to the service, including third party tools and integrations
-Welcome has implemented real-time error logging, system monitoring, and security alerts
-Welcome undergoes annual vulnerability and security audits conducted by independent third party experts
Deleting Customer Information
- We delete all of a Customer's identifiable data and information after one year once the relationship has been terminated, or earlier if requested by contacting us at email@example.com.
When creating an account or visiting the Platform or any of our websites, including any subdomains, and providing your email to sign up for a demo or join the waitlist, you are opting into our marketing communications and emails. Our marketing communications give you the option to unsubscribe. If you unsubscribe, we may still send you transactional (non-marketing) communications, if applicable. Transactional communications include emails about your accounts and our business dealings with you that are necessary for fulfilling our obligations to you. This includes, but not limited to, notifications about platform engagement and usage that is critical to your successful usage of the Platform.