Hercules Labs Privacy Notice
Last Updated: 23 August 2023
This Privacy Notice applies to Hercules Labs Inc.’s (“Hercules Labs,” “we,” “us,” or “our”) processing of personal information on our websites available at https://fig.io and https://cicada.build (the “Website” or “Websites”), mobile application (the “App”), and other online or offline offerings (collectively, the “Services”).
An Important Note: This Privacy Notice does not apply to any of the personal information that we process on behalf of our enterprise customers through their use of our Services (“Customer Data”). Our customers’ respective privacy policies govern their collection and use of Customer Data. Our processing of Customer Data is governed by the contracts that we have in place with our customers, not this Privacy Notice. Any questions or requests relating to Customer Data should be directed to our customer.
1. UPDATES TO THIS PRIVACY NOTICE
2. PERSONAL INFORMATION WE COLLECT
3. HOW WE USE PERSONAL INFORMATION
4. HOW WE DISCLOSE PERSONAL INFORMATION
5. YOUR PRIVACY CHOICES AND RIGHTS
6. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
7. RETENTION OF PERSONAL INFORMATION
8. SUPPLEMENTAL NOTICE FOR NEVADA RESIDENTS
9. SUPPLEMENTAL NOTICE FOR EU/UK GDPR
11. THIRD-PARTY WEBSITES/APPLICATIONS
We may update this Privacy Notice from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Privacy Notice on our Websites, and/or we may also send other communications.
We collect personal information that you provide to us, personal information we obtain automatically when you use the Services, and personal information from third-party sources, as described below.
A. Personal Information You Provide to Us Directly
We may collect personal information that you provide to us.
· Account Information. We may collect personal information in connection with the creation or administration of your account, such as your name, email address, profile picture, and any other information that you provide to us or that we otherwise collect.
· Purchases. We may collect personal information and details associated with your purchases, including payment information. Any payments made via our Services are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).
· Your Communications with Us. We may collect personal information, such as your name, email address, role, and company name when you contact us.
· Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.
· Interactive Features. We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., blogs and social media pages). Any information you provide using the public sharing features of the Services will be considered “public.”
· Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.
· Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
· Job Applications. If you apply for a job with us, we will collect any personal information you provide with your application, such as your contact information and CV.
B. Personal Information Collected Automatically
We may collect personal information automatically when you use the Services.
· Automatic Collection of Personal Information. We track basic usage metrics (outlined below) as well as error/crash reports. This enables us to make better product decisions and provide better support.
o CLI Usage. Each time you run a figcli command (like fig update), we send a ping to Fig's servers. The CLI is an important part of the Fig app. If commands like fig updatebreak, up to date versions of Fig can't be downloaded for users, meaning Fig will break. Note: only the subcommand selected (e.g., “update” or “source”) is sent. Any arguments passed to the subcommands are not sent.
o Autocomplete Usage.We send a ping each time you select an autocomplete suggestion. The ping contains the root command you used (e.g., git, cd, aws, etc) and nothing else (i.e., if you select “commit” in “git commit”, all we see is git).
o Fig Dashboard Usage.The “Fig Dashboard” is the interface for managing all other Fig apps (like Dotfiles, Scripts, Credential, etc.). You access it by running fig. It is web-based but rendered using the operating system's native web view, rather than Electron/Chromium. We track interactions like navigation in the sidebar, creating new workflows/dotfiles, or adding a teammate. Any data you input into Fig Dashboard is stored on our servers unless you are an enterprise plan that is self-hosted. Any field labelled as “secret” is encrypted in transit and at rest.
o Terminal Usage.Sometimes developers use the Terminal 100+ times a day. Other times they don't use it at all. If someone uses Fig 50 times one day but 0 times the next day, is it because they turned off Fig or because they didn't use a Terminal? Having a high-level picture of this without being intrusive will help us make better product decisions. Therefore, once a day, Fig sends a single ping with aggregated metrics on how long you used the Terminal, how many times Fig popped up, and how many times you interacted with Fig.
o Errors/Crash Reports. Weuse Sentry as our error tracking tool. We send events to Sentry if the Fig app crashes and is then restarted. We also send any uncaught errors. We make sure these errors do not contain any potentially sensitive data (e.g., breadcrumbs do not contain any logs that could contain terminal keystrokes). We also use telemetry to ensure that integrations such as Input Method and Accessibility APIs are installed correctly. Knowing if an integration is breaking helps us prioritize.
o Basic App Usage. We send a ping for basic app events like login, quit, onboarding completion, updating, and turning autocomplete on/off.
· Disable Telemetry. You can disable all telemetry and crash reports by running fig telemetry disable.
· Cookie Notice (and Other Technologies). We, as well as third parties, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect information through your use of the Services.
o Cookies. Cookies are small text files placed in device browsers that store preferences and facilitate and enhance your experience.
o Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about engagement on the Services. The use of a pixel tag allows us to record, for example, that a user has visited, a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
C. Personal Information Collected from Third-Party Sources
We may collect personal information from other sources, including through third-party services and organizations.
We use personal information to provide the Services, for administrative purposes, and to provide you with marketing materials, as described below.
A. Provide the Services
We use personal information to fulfill our contract with you and provide the Services, such as:
· Managing your information;
· Providing access to certain areas, functionalities, and features of the Services;
· Answering requests for support;
· Communicating with you;
· Processing your financial information and other payment methods for Services purchased;
· Processing applications if you apply for a job we post on our Services; and
· Allowing you to register for events.
B. Administrative Purposes
We use personal information for various administrative purposes, such as:
· Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
· Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
· Carrying out analytics;
· Measuring interest and engagement in the Services;
· Improving, upgrading, or enhancing the Services;
· Developing new products and services;
· Creating de-identified and/or aggregated information.
· Ensuring internal quality control and safety;
· Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Notice;
· Debugging to identify and repair errors with the Services;
· Auditing relating to interactions, transactions, and other compliance activities;
· Sharing personal information with third parties as needed to provide the Services;
· Enforcing our agreements and policies; and
· Carrying out activities that are required to comply with our legal obligations.
C. Marketing
We may use personal information to tailor and provide you with marketing and other content. We may provide you with these materials as permitted by applicable law.
If you have any questions about our marketing practices, you may contact us at any time as set forth in “Contact Us” below.
D. With Your Consent
We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
E. Other Purposes
We also use personal information for other purposes as requested by you or as permitted by applicable law.
We disclose personal information to third parties for a variety of business purposes, including to provide the Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.
A. Disclosures to Provide the Services
The categories of third parties with whom we may share personal information are described below.
· Service Providers. We may disclose personal information to our third-party service providers and vendors that assist us with the provision of the Services. This includes service providers and vendors that provide us with analytics, marketing services, automated messaging and analytics services (such as Customer.io), IT support, hosting, customer service, and related services.
Some of the service providers we may use include:
o Google Analytics. For more information about how Google uses your personal information, please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your personal information, please click here.
· Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.
· Affiliates. We may share your personal information with our corporate affiliates.
· Advertising Partners. We may share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising”.
B. Disclosures to Protect Us or Others
We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction.
Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below.
· Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails. We may also send you certain non-promotional communications regarding us and the Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to this Privacy Notice).
· “Do Not Track.”Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
· Tracking. You can disable all tracking by running fig telemetry disable.
· Cookies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, the Services may not work properly.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from organizations that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative,the Digital Advertising Alliance, and the European Digital Advertising Alliance.
Please note you must separately opt out in each browser and on each device.
Your Privacy Rights. In accordance with applicable law, you may have the right to:
· Confirm Whether We Are Processing Your Personal Information;
· Request Access to and Portability of Personal Informationabout you, including: (i) obtaining access to or a copy of your personal information; and (ii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine-readable format (the “right of data portability”);
· Request Correction of your personal information where it is inaccurate or incomplete;
· Request Deletion of your personal information;
· Request Restriction of or Object to our Processing of your personal information; and
· Withdraw your Consent to our processing of your personal information.
If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.
If your personal information is subject to the applicable data protection laws of the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority if you believe our processing of your personal information violates applicable law.
· EEA Data Protection Authorities (DPAs)
· Swiss Federal Data Protection and Information Commissioner (FDPIC)
· UK Information Commissioner’s Office (ICO)
All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your personal information consistent with the requirements of applicable laws.
If we transfer personal information which originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.
For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.
We store the personal information we collect as described in this Privacy Notice for as long as you use the Services, or as necessary to fulfill the purpose(s) for which it was collected, provide the Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.
This Supplemental Notice for EU/UK GDPR only applies to our processing of personal information that is subject to the EU or UK GDPR.
One or more of the following legal bases may support our processing of personal information:
· Performance of a Contract: We may need to process your personal information to perform our contract with you.
· Legitimate Interest: We may process your personal information to further our legitimate interests, but only where our interests are not overridden by your interests or fundamental rights and freedoms.
· Consent: In some cases, we may also rely on your consent to process your personal information.
· Compliance with our Legal Obligations: We may process your personal information to comply with our legal obligations.
The Services are not directed to children under 16 (or other age as required by local law outside the United States), and we do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has uploaded personal information to our site without your consent, you may contact us as described in “Contact Us” below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child’s account, if applicable.
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
Hercules Labs is the controller of the personal information we process under this Privacy Notice.
If you have any questions about our privacy practices or this Privacy Notice, or to exercise your rights as detailed in this Privacy Notice, please contact us at: hello@fig.io.