Gem acquires Resource! Read our official announcement here 🎉

Resource Privacy Policy

Last updated May 31, 2019

When you use our services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control. This Privacy Policy is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information.

IDK Labs, Inc. d/b/a Resource (“Resource”, “we”, “us” or “our”) provides recruiting software and candidate management services through resource.io and any subdomains, successors, and browser extensions (collectively, the “Service(s)”).

This updated version of our Privacy Policy takes effect on May 25, 2018. If you have any questions about this Privacy Policy, please contact us.

INFORMATION RESOURCE COLLECTS

Resource operates as a recruiting / candidate management platform, and therefore some of the data we collect and use is not retrieved directly by Resource. Rather, certain data is retrieved from (publicly available) websites or other business partners and sources.

Things you create or provide to us The data we collect includes: (i) data about Resource customers (“User(s)”), i.e. when you create a Resource account, you may provide us with personal information such as name, organization, and contact info; and (ii) data about contacts / candidates that Users add to the Service, i.e. candidate contact info, social profile URL, email address, name and telephone number (“Candidate(s)”). The term “you” and “your” will refer to Users or Candidates, as applicable.

If you aren’t signed in to a Resource account, you might choose to provide us with information — like an email address to receive updates about our Services.

We also collect the content you create, upload, or receive when using the Services. This includes things like campaign messages and information about Candidates you upload to the Service.

Information we collect as you use our service

Your apps, browsers & devices

We collect information about and from the apps, browsers, and devices you use to access the service, which helps us provide features like automatic product updates, scheduled email campaigns, Candidate enrichment in your ATS, and higher quality customer support. Learn more about the information we collect from your apps and how we keep it safe on our Security page.

The information we collect includes, without limitation, unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, and application version number. We also collect information about the interaction of your apps, browsers, and devices with our services, including IP address, crash reports, system activity, and the date, time, and referrer URL of your request.

We collect this information when the Service on your device contacts our servers — for example, when you source a Candidate.

Your activity

We collect information about your activity in our Services, which we use to do things like recommend campaign message templates or provide helpful features. The activity information we collect may include:

  • Purchase activity
  • Sourcing activity
  • Recordings of User app activity
  • People with whom you communicate or share content
  • Third party app data you’ve synced with your Resource Account
Your location information

We collect information about your location when you use our services, which helps us offer features like setting campaigns to send in your time zone. The types of location data we collect depend in part on your device and account settings.

Third Party & Public Information

In some circumstances, Resource may collect information about Candidates from trusted third party or publicly available sources for the purposes described below. We use various technologies to collect and store information, including cookies, pixel tags, local storage, such as browser web storage or application data caches, databases, and server logs.

WHY RESOURCE COLLECTS DATA

We use data to build better services

To provide our services

We use data to deliver the Services, like processing the Candidates from your Applicant Tracking System (“ATS”) in order to help you engage them for future roles.

Maintain & improve our services

We use the data we collect to ensure our Services are working as intended, such as tracking outages or troubleshooting issues reported to us. We also use information to make improvements to the Services — for example, understanding which messaging follow-up frequencies work best for recruiting. Further, we may collect and combine the information we receive from Users, publicly available sources (like Google Search or social networks), or trusted third parties to enhance, optimize and enrich Resource’s Candidate database. For example, we use open web services and APIs to gather information about Candidates and enrich it (e.g. by adding links to Candidates’ verified social network profiles), which allows Users to have access to the most current and up-to-date Candidate information.

Develop new services

We may use the information we collect to help us develop new services. For example, understanding Users’ communication patterns with Candidates over periods of time on Resource helped us design and launch Resource Network.

Provide personalized services

We may use the information we collect to customize the Services for you, including providing recommendations, personalized content, and customized campaign strategies. For example, Resource may collect information about Candidates you contacted so we can help you avoid contacting the same Candidate again too soon.

We don’t share personally identifiable User information with other customers or third parties, such as User names or emails, unless a User grants us permission to do so.

Measure performance

We use data for analytics and measurement to understand how the Services are used. For example, we analyze data about your visits to the Service to optimize product design. And we also use data about your interactions with Candidates to help Users understand the performance of Candidate campaigns.

Communicate with you

We use information we collect, like your email address, to interact with you directly. For example, we may send you a notification if we detect suspicious activity, like an attempt to sign in to your Resource account from an unusual location. Or we may let you know about upcoming changes or improvements to our Services. And if you contact Resource, we’ll keep a record of your request in order to help solve any issues you might be facing.

Protect Resource, our users, and the public

We use information to help improve the safety and reliability of the Service. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm Resource, our Users, Candidates or the public.

We use different technologies to process your information for these purposes, including automated systems to analyze content and provide you with better features. And we analyze your data to help us detect abuse such as spam, malware, and illegal content.

YOUR PRIVACY CONTROLS

You have rights regarding the information we collect and how it's used

We respect your privacy rights and therefore you, whether you’re a User or a Candidate, may contact us at any time and we shall work diligently to respect your choices and requests regarding your Personal Information. The list below provides you information Users and Candidates may need to exercise their rights under applicable privacy and data protection regulations:

Right of Access

You may request to access your Personal Information and obtain a copy of Personal Information which is being processed by Resource, including: purposes of processing; categories of Personal Information processed; recipient(s) of Personal Information; length of time during which the Personal Information will be stored; and information on data transfers.

Right of Rectification

You may request to change, update or complete any missing data we process about you, by contacting legal@resource.io. Please note that we may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.

Right of Erasure

Users or Candidates may at any time withdraw consent to our processing of User or Candidate Personal Information. In this case, if there is no overriding legitimate interest for continuing the processing of such Personal Information (e.g. to comply with our legal obligations, resolve disputes, enforce our agreements, etc.) and the Personal Information is no longer necessary in relation to the purpose for which it was originally collected, we will erase your data. You may withdraw your consent by contacting us at legal@resource.io.

Right of Restriction of Processing

You may request us to restrict processing of your Personal Information if one of the following applies: (i) the accuracy of the Personal Information is contested by you; (ii) the processing is unlawful; or (iii) if we no longer need the Personal Information. Such request will be made by contacting us at legal@resource.io.

Right to Data Portability

You have the right to receive your Personal Information in a structured, commonly used and machine-readable format. Such request may be made by contacting us at legal@resource.io.

Exporting, removing & deleting your information

You can export a copy of content in your Resource account if you want to back it up or use it with a service outside of Resource. You can also request to delete certain content from certain Resource services based on applicable law.

To delete your information, please contact us at legal@resource.io.

We try to ensure that our services protect information from accidental or malicious deletion. Because of this, there may be delays between when you delete something and when copies are deleted from our active and backup systems. Additionally, note that in some cases, we retain data for limited periods when it needs to be kept for legitimate business or legal purposes.

SHARING YOUR INFORMATION

When you share your information

You may use Resource to share information with third parties, whether they are people in your organization or Candidates you reach out to. For example, you may share your reply-to email address with a Candidate so they can respond to your campaign. Further, when you share information publicly, your content may become accessible through search engines, such as Google Search.

When Resource shares your information

We do not share personally identifiable information with companies, organizations, or individuals outside of Resource except in the following cases:

With your consent

We may share personal information outside of Resource when we have your consent. For example, if you use Resource to add a Candidate to a campaign that is connected to your ATS, we’ll share your information with your ATS for the purpose of attributing the Candidate to you and enriching the Candidate profile in your ATS.

With domain administrators

If you work for an organization that uses Resource, your account administrator may have access to your Resource account. We may build out functionality that allows the account administrator to:

  • Access and retain information stored in your account, like your email
  • View statistics regarding your account, like how many apps you install
  • Change your account password
  • Suspend or terminate your account access
  • Receive your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
  • Restrict your ability to delete or edit your information or your privacy settings
For external processing

We may provide personal information to our affiliates and trusted business partners or persons to process it for us, based on our instructions and in compliance with our Privacy Policy, the Google API Services: User Data Policy and any other appropriate confidentiality and security measures. For example, we may use service providers (like Intercom) to help us with customer support. Additionally, we may combine Candidate information from multiple sources to enhance the Candidate profile stored in Resource, then share that enhanced Candidate information with trusted vendors, Users and business partners.

For legal reasons

We may share personal information outside of Resource if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:

  • Meet any applicable law, regulation, legal process, or enforceable governmental request.
  • Enforce our Terms of Service, including investigation of potential violations.
  • Detect, prevent, or otherwise address fraud, security, or technical issues.
  • Protect against harm to the rights, property or safety of Resource, our users, or the public as required or permitted by law.
Non-personally Identifiable information

Subject to the Limits on Restricted Scope Gmail data section below, we may share non-personally identifiable information –– i.e. information that is recorded about users that no longer reflects or references an individually-identifiable user –– publicly and with our customers, advertisers, developers, or other partners. For example, we may share non-personally identifiable information about Candidate trends and the general use of our Services. For clarity, this excludes any data obtained via Gmail API Restricted Scopes.

If Resource is involved in a merger, acquisition, or sale of assets, we’ll continue to ensure the confidentiality of your personal information and give affected Users notice before personal information is transferred or becomes subject to a different privacy policy.

Limits on Restricted Scope Gmail data

In general, we only request access to the minimal, technically feasible scope of access that is necessary to implement existing features or services, and limit access to the minimum amount of data needed.

Notwithstanding anything else in this Privacy Policy, if you provide the Service access to data obtained via the Gmail Restricted Scopes (“Restricted Data”), the Service’s use of the Restricted Data will be subject to these additional restrictions:

  • The Service will only use access to read, write, modify, or control email message bodies (including attachments), metadata, headers, and settings to allow you and other active Service users in your organization who have authorization (“Authorized User(s)”) to compose, send and process email campaigns, and read replies and reply to those campaigns, and will not transfer this Restricted Data to others that don’t have explicit consent unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
  • The Service will not use this Restricted Data for serving advertisements.
  • The Service will not allow humans who are not Authorized Users to read this Restricted Data unless:

    • we have your affirmative agreement for specific email messages,
    • doing so is necessary for security purposes such as investigating abuse or bugs,
    • to comply with applicable law, or
    • for the Service’s internal operations (and even then only when the data have been aggregated and anonymized).

KEEPING YOUR INFORMATION SECURE

We build security into our services to protect your information Resource is built with strong security features that continuously protect your information. The insights we gain from maintaining our Services help us detect and automatically block security threats from ever reaching you. And if we do detect something risky that we think you should know about, we’ll notify you and help guide you through steps to stay better protected.

We work hard to protect you and Resource from unauthorized access, alteration, disclosure, or destruction of information we hold, by:

  • Using encryption to keep your data private while in transit
  • Using encryption to keep your most sensitive data (API keys and access tokens) private at rest
  • Using Google OAuth, a secure authentication system for user login. Learn more about why we use Google OAuth on our Security page
  • Reviewing our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems
  • Restricting access to personal information to Resource employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

DATA RETENTION POLICY

Certain data you can delete whenever you like, some data is deleted automatically, and some data we retain for longer periods of time when necessary. When you delete data, we follow a deletion policy to make sure that your data is safely and completely removed from our servers or retained only in anonymized form.

Personally identifiable User data collected by Resource is retained only as long as is necessary to provide the Services (“Processing Date”), which varies depending on the type of data and how its being used. Please note that we may retain the information we collect for as long as needed to provide the Services and to comply with our legal obligations, resolve disputes and enforce our agreements.

Please note that information about you in Resource may be acquired from public facing web platforms. In some cases, you may encounter your details again after request for removal if they were re-collected over the web or contributed by other partners. Please email legal@resource.io if you find your information has been re-added to Resource.

COMPLIANCE WITH REGULATORS & DATA TRANSFERS

We utilize servers around the world and your information may be processed on servers located outside of the country where you live. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this policy.

When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.

Resource has designated Austin Cooley as its Data Protection Officer (“DPO”). To contact Resource’s DPO, please email austin [at] resource [dot] io and include “Attn: DPO” in the subject line.

ABOUT THIS POLICY

When this policy applies This Privacy Policy applies to all of the Services offered by IDK Labs, Inc., including the services found at app.resource.io and the Resource browser extension. This Privacy Policy doesn’t apply to:

The information practices of other companies and organizations that use or connect with our Services Services offered by other companies or individuals, including products or sites that may be linked from our Services

Changes to this policy

We change this Privacy Policy from time to time. We will not reduce your rights under this Privacy Policy without your consent. If changes are significant, we’ll provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes).

Contact us

If you have questions or concerns regarding this Policy, please contact us by email at legal@resource.io, or:

IDK Labs, Inc. d/b/a Resource

Attn: Data Protection Officers

383 Tehama St

San Francisco, CA 94107