Knock helps its customers send and manage notifications to their users. Knock cares about the security and privacy of the personal data that is entrusted to us.

Knock Labs, Inc. (“Knock”, “we”, “our” or “us”) provides a managed API and dashboard for sending in-app and out-of-app product notifications (collectively with this website, our “Services”).

This Privacy Policy describes Knock’s privacy practices with respect to the personal information of individuals who represent businesses to which we market and provide our Services, including the information we collect on this website, from third parties, from individuals who are our customers’ authorized users, and from other sources. Personal information here means any information that we process about you that relates to you or that can be used to identify you directly or indirectly, for example your name, email address, payment details or communication details.

Knock is the Controller of the personal information processed under this Privacy Policy (this simply means we are responsible for your personal information). However, please note that where we receive your personal information from any of our customers as part of the notification Services we provide to customers' end users (i.e. where you are a customer of a Knock customer), we will be the Processor of your personal information for that customer pursuant to our agreement with them. This means that we will only process such personal information on the instructions of that customer, for the customer’s purposes, and that the customer will be responsible for your personal information. This Privacy Policy does not apply to the handling of the personal information of our customer’s end users and you should refer to that customer’s privacy policy to contact them or exercise your rights.

Personal Information We Collect

Information you provide to us:

  • Contact details, such as your company name, first and last name, email address, state, and phone number.

  • Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise.

  • Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them.

  • Financial Information, which our payment processor(s) will collect the financial information necessary to process your payments, such as your payment card number and authentication details. Please note, however, that we store only a tokenized version of such information and do not maintain payment card information on our servers.

  • Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:

  • Third parties, such as data providers, service providers, and others.
  • Public sources, such as social media platforms.

Automatic data collection. We, our service providers, and our advertising partners may automatically log information about you, your computer or mobile device, and your interaction over time with our website and the Services (in your capacity as our customer’s authorized user), our communications and other online services, such as:

  • Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.

  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

  • Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.

  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.

  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

How We Use Personal Information

We have set out below details of our purposes for using your personal information. Please note that under the laws of certain countries, including the United Kingdom (UK) and countries in the European Economic Area (“EEA”), we can only use your personal information where we have a lawful reason or justification (also called a “lawful basis”) and this can be either “your consent”; “a legitimate interest of ours” (this means that we have commercial interests in using your personal information that is not unfair to you); or “where we have a legal obligation”. We have included each lawful basis as a subheading below for information if you are located in the UK or EEA. Please disregard these subheadings if you are not located in the EEA or UK as they will not affect how we use your personal information.

We use your personal information for the following purposes:

Marketing and advertising

Where we have your consent, we collect and use your personal information for marketing and advertising purposes, including:

  • Direct marketing. We may send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers and events via postal mail, email, telephone, text message, and other means. You may opt out of our marketing communications as described in the “Opt out of marketing communications” section below.
  • Interest-based advertising. We engage our advertising partners, including third party advertising companies and social media companies, to advertise our and our customers’ and partners’ Services. We and our advertising partners may use cookies and similar technologies to collect information about your interaction (including the data described in the “Automatic data collection” section above) over time across the web, our communications and other online services, and use that information to serve online ads. You can learn more about your choices for limiting interest-based advertising in the “Online tracking opt out” section below.

Non-essential cookies

We use cookies that are not strictly necessary to:

  • carry out web analytics on our website (e.g. to monitor the number of your visits and the actions you take for analytical purposes).
  • enhance the operation of our website, improve our marketing and promotional efforts, statistically analyze site use, improve our product and service offerings, and customize our website’s content, layout, and services.

Legitimate Interests

  • Service delivery. Where you are a representative of a customer company, we use your personal information to:
    • provide, operate and improve the Services we provide to your company;
    • communicate with you and your company about the Services, including by sending announcements, updates, security alerts, and support and administrative messages;
    • provide you and your company with support for the Services, and respond to your requests, questions and feedback.
  • Relationship management. Where you are the representative of a supplier/partner with whom we have a business relationship, to contact you and to manage our relationship with you and/or your company.
  • Sales Messaging. To send you sales messaging marketing communications where we are legally allowed to do so. You may opt out of our marketing communications as described in the “Opt out of marketing communications” section below.
  • Research and development. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services, and promote our business.
  • Essential Cookies. We use strictly necessary cookies to ensure you are able to use our website, to ensure security of our website and to record your cookie consent preferences.
  • Protection. Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • Prevention, investigation and deterrence. Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
  • Enforcement. Enforce the terms and conditions that govern our website and Services.
  • Compliance. Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities, and to Audit our internal processes for compliance with legal and contractual requirements and internal policies.

How We Share Personal Information

We may share your personal information with:

Service providers. Companies and individuals that provide services on our behalf or help us operate our Services or our business (such as hosting, information technology, customer support, email delivery, and website analytics services.

Advertising partners. Third party advertising companies, including for the interest-based advertising purposes described above, that may collect information on our website through cookies and other automated technologies.

Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Knock or our affiliates (including, in connection with a bankruptcy or similar proceedings).

International Transfers of Personal Information

Knock is based in the United States (US) and we use service providers in the US, which means personal information you provide to us will be processed and stored in the US. Please note that the US may have data protection laws less stringent than or otherwise different from the laws in effect in your country. If you are located in the United Kingdom (UK) or European Economic Area (EEA), and we share your personal information to parties in the US or any other countries not recognized as adequate for the transfer of your personal information, to the extent a safeguard is required under law for such transfers of your personal information, we have put in place the UK government approved international data transfer agreement/addendum (for UK transfers) and Standard Contractual Clauses approved by the EU Commission (for EEA transfers). Please contact us for further details on the safeguards in place and how to obtain a copy.

Retention of Personal Information

We generally retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. This will generally be for the duration of time you interact with us, however, there may be situations where we retain your personal information for a longer or shorter period. When determining the relevant retention periods for your personal information, we take into account any permissions you give us with regards to your personal information; our contractual obligations and rights in relation to the personal information involved; our legal obligation(s) under relevant laws to retain data for a certain period of time; our legitimate business and commercial interests; whether retention is advisable in light of our legal position (such as with regard to applicable statute of limitations, investigations, litigation, and other potential and actual disputes); and any guidelines issued by relevant data protection authorities.

Your Choices

Opt out of marketing communications. You may opt out of marketing-related communications by following the opt out or unsubscribe instructions contained in the marketing communications we send you.

Online tracking opt-out. There are a number of ways to limit online tracking, which we have summarized below:

  • Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.

  • Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes. Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers. You can also opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.

  • Platform opt outs. The following advertising partners offer opt out features that let you opt out of use of your information for interest-based advertising:

  • Advertising industry opt out tools. You can also use these opt out options to limit use of your information for interest-based advertising by participating companies:

Note that because these opt out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

Rights of UK and EEA Residents

If you are a UK or EEA resident, under data protection laws (in certain circumstances), you have specific rights concerning your personal information and can exercise any of these rights by contacting us. You have the right to object to us processing your personal information where we rely on “legitimate interest” (see the “How We Use Personal Information” section above) as a lawful basis for processing your personal information or where we are processing your personal information for any direct marketing purposes (e.g. to send you marketing communications). You also have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”) and receive a copy of it, along with supplemental transparency information similar to what is provided in this Privacy Policy.
  • Request correction of the personal information that we hold about you if it is incomplete or inaccurate.
  • Request erasure of your personal information where there is no good reason for us continuing to process it or where you have successfully exercised your right to object to our processing of your personal information.
  • Request the restriction of processing of your personal information, for example, if you want us to establish its accuracy or the reason for processing it.
  • Request portability of your personal information. If required to do so, we will provide you or another party with any personal information we have obtained from you, in a structured, machine readable and reusable format.
  • Withdraw consent to the processing of your personal information at any time, where we rely on your consent as a lawful basis for processing your personal information. This won’t affect anything we have used your personal information for before you withdraw your consent.
  • Not be subject to decisions based solely on automated processing (including profiling) which have a legal effect on you or a similarly significant effect on you. This is relevant where we decide to use automated systems to process your personal information with no real human involvement.
  • Lodge a complaint about the way we handle or process your personal information with the UK or relevant EEA data protection regulator (as applicable).

Rights of California State Residents

If you are a California resident, we process your personal information in accordance with the California Consumer Privacy Act ("CCPA"). You have specific rights concerning your personal information and can exercise any of these rights by contacting us. This section provides additional details about the personal information we collect and use for purposes of the CCPA.

How We Collect, Use, and Disclose your Personal Information. The "How We Use Personal Information" section describes the personal information we may have collected about you and the purposes for doing so. We share this information as described in the "How We Share Personal Information" section. Knock uses cookies, including advertising cookies, as described in our Cookie Policy.

As a California resident and subject to certain limitations under the CCPA, you have choices regarding our use and disclosure of your personal information:

  • Exercising the right to know: you may request that we disclose to you the personal information we have collected about you. You also have a right to request purposes for which this personal information was collected or sold; categories of sources of personal information; and categories of third parties with whom we disclosed this personal information.
  • Exercising the right to delete: you may request that we delete the personal information we have collected from you, subject to certain limitations under applicable law.
  • Exercising the right to opt-out from a sale: We do not sell Personal Data as defined by the CCPA and have not done so in the past 12 months.
  • Non-discrimination: The CCPA provides that you may not be discriminated against for exercising these rights.

To submit a request to exercise any of the rights described above, please contact us using the methods described in the "How to Contact Us" section below. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

Further, to provide or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account.

Other Sites and Services

Our Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no security measures are failsafe and we cannot guarantee the security of your personal information.

Children

The Services are not intended for use by children under 18 years of age. If we learn that we have collected personal information through our Services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the website.

How to Contact Us

You can reach us by email at hello@knock.app or at the following mailing address:

Knock Labs Inc. 175 Varick St, #413 New York, NY 10014

You can also submit subject access requests (SARs) via our subject access request form.

Since we are not currently located in Europe, the law requires us to have a data protection representative in place who you can also contact at any time. Please see details of our representative below: