Terms & privacy

Terms of service

1. Terms

By accessing the website at https://leftbrain.io, you are agreeing to be bound by these terms of service, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this website are protected by applicable copyright and trademark law.

2. Use License

1. Permission is granted to temporarily download one copy of the materials (information or software) on LeftBrain’s website for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license you may not:

  1. modify or copy the materials;
  2. use the materials for any commercial purpose, or for any public display (commercial or non-commercial);
  3. attempt to decompile or reverse engineer any software contained on LeftBrain’s website;
  4. remove any copyright or other proprietary notations from the materials; or
  5. transfer the materials to another person or “mirror” the materials on any other server.

2. This license shall automatically terminate if you violate any of these restrictions and may be terminated by LeftBrain at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.

3. Disclaimer

  1. The materials on LeftBrain’s website are provided on an ‘as is’ basis. LeftBrain makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights.
  2. Further, LeftBrain does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its website or otherwise relating to such materials or on any sites linked to this site.

4. Limitations

In no event shall LeftBrain or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on LeftBrain’s website, even if LeftBrain or a LeftBrain authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.

5. Accuracy of materials

The materials appearing on LeftBrain’s website could include technical, typographical, or photographic errors. LeftBrain does not warrant that any of the materials on its website are accurate, complete or current. LeftBrain may make changes to the materials contained on its website at any time without notice. However LeftBrain does not make any commitment to update the materials.

6. Links

LeftBrain has not reviewed all of the sites linked to its website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by LeftBrain of the site. Use of any such linked website is at the user’s own risk.

7. Modifications

LeftBrain may revise these terms of service for its website at any time without notice. By using this website you are agreeing to be bound by the then current version of these terms of service.

8. Governing Law

These terms and conditions are governed by and construed in accordance with the laws of UK and you irrevocably submit to the exclusive jurisdiction of the courts in that State or location.

Privacy policy

Your privacy is important to us. It is LeftBrain’s policy to respect your privacy regarding any information we may collect from you across our website, https://leftbrain.io, and other sites we own and operate.

We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used.

We only retain collected information for as long as necessary to provide you with your requested service. What data we store, we’ll protect within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.

We don’t share any personally identifying information publicly or with third-parties, except when required to by law.

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.

You are free to refuse our request for your personal information, with the understanding that we may be unable to provide you with some of your desired services.

Your continued use of our website will be regarded as acceptance of our practices around privacy and personal information. If you have any questions about how we handle user data and personal information, feel free to contact us.

Data protection policy

LeftBrain provides technology services to businesses. Although we don’t have a commercial relationship directly with individuals, we do hold what could be considered “personally identifiable information” about the employees of our clients, and that data is within the scope of the GDPR. This article details the data we hold, who has access, the measures we take to protect it, and how we get rid of it when it’s no longer of use.

Who do we keep data on?

For clients on our ongoing support plans we hold data about each named employee on the account, in addition to any other people involved in the provision of the service (for example, an account management contact who works in a remote office and is not covered under the support plan).

For all the other services we provide (including SaaS subscriptions, Enterprise services, projects, event support) we only hold data for the people involved in the service provision.

We also hold data on people who’ve contacted our new business team with an interest in our services.

The people we hold data on are the “Data Subjects”, using the terminology of the GDPR. In our relationship with our clients we act as “Data Processors” and the client is the “Data Controller”.

What data we hold and why

At a minimum, we hold the following data about a person (we call this “Default Information”):

  • Full name
  • Company email address
  • Company

These data are necessary for effectively providing our service: we can’t provide support to a person if we don’t know their name, if we can’t get in touch with them and we don’t know which company they’re from.

In addition, we may store the following data, if a person or their company choose to share it with us (we call this “Additional Information”:

  • Job title and department: helps us provide our service effectively, for example, being able to find all the users in the design department, and message them about an update to a particular piece of design software
  • Gender: aids in addressing our messages accurately and respectfully when the person’s gender isn’t clear from their name
  • Photo: this helps in picking out a particular person in an office when one of our team may not have visited before
  • Personal phone number: may be provided to us in cases where a person does not have a company issued phone, or if they do not have access to it (for example, when travelling)
  • Personal email address: may be provided in cases where a company email address is not working.
  • Personal physical address: may be provided in the event a visit to their home is necessary (for example, in troubleshooting a home office setup).

At any time, a particular person can log on to our Dashboard and view all the data we hold about them, and permanently remove any Additional Data they don’t feel comfortable with us holding.

Lawful Basis For Processing

Using terminology from the GDPR, we use “Legitimate Interests” as our lawful basis for processing the information we store.

Data Categories

We group the people about whom we hold data by their company, and by their job function (specifically we categorise people as “Tech Contacts” and/or “Operational Contacts” and/or “Accounts Contacts” and/or “New Business Contacts”). As detailed above, for each person we mark data “Default” (name and email) and “Additional” and handle each differently.

Who Has Access

By default, our Operations, Infrastructure and Senior Management teams have access to the information about all people across clients.

Individual members of our support, enterprise and projects teams (which may include freelancers and contractors) have access granted to each client (and by extension all their employees) when they are onboarded on to that client’s support team, or when they start a project for them.

Our Accounts team has access to all people categorised as “Accounts Contacts”.

Our New Business and marketing teams only have access to “New Business” Contacts.

Data Deletion

In the event a client cancels their service with us, we offer to provide a copy of the data we hold to them, in a format of their choice (typically as a JSON file, or PDF). This data is provided using a secure link, and upon confirmation that the data has been received, it is deleted permanently from our systems. In doing so all centrally held personal data is removed.

In the event a person leaves a client of ours, any “Additional Information” we hold on that person is permanently deleted within 24 hours of their last day (this process happens automatically).

We retain the “Basic Information” we hold on a previous employee for up to 7 years after their last day (this process happens automatically), since having records of previous employees can be necessary in continuing to provide our service effectively. Some examples include:

  • A request by a current employee to “Forward John’s emails to me”. To do this we must know John’s email address (and confirm that John is indeed a previous employee). (Obviously whether or not we would fulfil this request would be down to the company’s IT policy, and outside the scope of this document).
  • Updating a company IT policy that references “John Smith” as a contact – it’d help to know John’s job title and department in order to find the person who has taken over John’s role.
  • When wiping an old computer for disposal, and we may find a user profile for John Smith. Knowing he is a previous employee and what department he was in can help in determining what should be done with that data.

In both of these cases, despite our best efforts to remove everything, the nature of certain systems make it unfeasible or impossible to remove every trace of personal data. As such there may be personal data that remains on our systems which may include:

  • Email/support ticket correspondence between a person and our support team will show a person’s name and company email. We do not send personal data over email, however people may include personal information when contacting us (for example, including their personal phone number in an email signature).
  • Historic invoices and billing statements may display the name of the person they were sent to. These are immutable and must be retained for tax purposes.
  • Internal chat logs may reference a person’s name. There is no way to redact names from these logs.
  • Copies of deleted data may exist on backups. Backups are maintained of our entire system: encrypted and stored as single files. Removing one person’s data is not possible.

Right To Access

The data we hold as “Data Processors” is made available to each person via our Dashboard, so that a live copy of their data can be accessed (and revoked) at any time. This data is also made available to nominated people at our client allowing them to fulfil data access requests for their current and past employees. We do not fulfil access requests from previous employees of clients (or previous clients) directly, since we have no means of verifying whether John Smith is indeed John Smith from Example Company. Regardless, we make the address data@leftbrain.it available for anyone to ask questions about their data, and processes in place to handle each type of request.

Data Security

We take a number of steps to ensure personal data is kept secure.

  • All systems we use use data encryption at rest and in transit.
  • All endpoints used by our team are encrypted, require complex passwords, auto lock, have firewall and other malware protection enabled
  • All critical business systems are protected by a central single sign on solution, with multi factor authentication enabled
  • Our production database utilises strict access controls to ensure users (and LeftBrain staff) are only able to access the data they’re authorised to access
  • Intrusion detection systems active on all production servers We maintain a permanent audit trail showing who has been granted access to each client, when the access was granted, and by whom. In addition, we keep logs when “Additional Data” about people is accessed, and by whom.

Breach Notification

Our incident management procedure includes notifying the tech and operational contacts at our clients within 72 hours of a breach, and its potential impact.