PricingContact usBlog
Log in
Sign up
Book a demo

PRIVACY POLICY

Last Updated: 1 October, 2025
Welcome to the Privacy Policy!
ASPEEN INC. ("Provider" "we," "our" or "us") operates website getsally.io (“Website”), provides itsCustomers with the Services and functions, as specified in the Terms of Services (the "Services").

Provider is committed to transparency in the processing of information. This is where we describe how wehandle your personal data. “Personal data” is any information that is directly linked or can be linked toyou and has a meaning in the DPA. Capitalized terms not otherwise defined in this Privacy Policy will havethe meaning outlined in the Provider Terms of Services and Data Processing Addendum (DPA).

WHEN THE PRIVACY POLICY APPLIES

This Privacy Policy explains how we handle Personal Data when we act as a controller (e.g., our Website,account/billing, Customer communications, recruiting, and Operational Telemetry for Service integrity).Where we handle Customer Personal Data as a processor/service provider under your instructions withinthe Service, that processing is governed exclusively by the Data Processing Agreement (DPA) and theTerms of Service (ToS), not by this Privacy Policy. Please see the DPA for roles, subprocessors, retention,and international transfers.

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLEYOUR PERSONAL DATA. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DONOT USE OUR WEBSITE OR THE SERVICES.

PERSONAL DATA WE COLLECT

Personal Data You Provide to Us
We collect Personal Data you give us directly, for example when you:
  • create an Account to use the Services or contact support/sales;
  • register for a demo, webinar, conference, or other events;
  • apply for a job.
The data may include your name, surname, business email, telephone, username, company and roleinformation, billing details, and (for applicants) career/education information such as past and currentpositions, degrees, and qualifications. Not all fields are required.

Payment information is processed by our payment processor; we do not receive or store full payment cardnumbers.

You may optionally provide a short bio, homepage URL, social handles (e.g., GitHub, X/Twitter), and aprofile image. If you choose to publish a public profile in the Services, these fields may be visible to others.Please do not include sensitive information in public fields.

Please do not submit special categories of personal data (e.g., health, biometric, government IDs, children’sdata) in controller contexts unless specifically requested or required by law.

Personal Data We Collect through Automated Means

When you visit our Website or use the Services, we collect limited technical and usage informationautomatically to operate, secure, and improve the Services. This may include: IP address, general locationinferred from IP, device and browser type/version, operating system, language, referring/exit URLs,timestamps, session identifiers, and in-service interaction events (e.g., API calls, error codes, latency,throughput). We also generate Operational Telemetry (logs/metrics) necessary for availability, security,anti-abuse, and billing. In processor contexts, telemetry handling follows the DPA.

We do not build behavioral profiles for cross-context advertising.

Cookies

We use cookies and similar technologies to run the site, remember preferences, measure audience andperformance, and secure the Services.
  • Categories. (i) strictly necessary; (ii) functional; (iii) analytics/performance; and, where applicable,(iv) advertising/retargeting.
  • Control. Except for strictly necessary cookies, you can manage consent via our cookie banner oryour browser settings. Where applicable, we honor Global Privacy Control (GPC) signals.
  • Personal data. Cookies and similar IDs may be linked to Account Data or device identifiers.
  • Details. See our Cookie Policy (https://crona.ai/cookie) for a current list of cookies, purposes,providers, and retention periods.

HOW WE USE YOUR PERSONAL DATA

At Provider, it is extremely important to us to process personal data securely, fairly, and transparently. Wedo so in accordance with applicable privacy laws, including the European Union's and the UnitedKingdom's General Data Protection Regulation (“GDPR”).

We process your personal data for various purposes:
  • Provide Services: Authenticate you and provide you with access to and administer our Services
  • Provide paid Services: We use secure third-party payment service providers to manage paymentprocessing, which is collected through a secure payment process.
  • Create your publicly visible Provider profile but only populated with personal data and additionalinformation that you choose to provide
  • Provide customer support: Respond to your requests for information and provide you with moreeffective and efficient customer support.
  • Send marketing communications: Contact you by email, postal mail, or phone with news, updates,information, promotions, surveys, or contests relating to the Services or other services that may beof interest to you, in accordance with applicable legal requirements related to such communications
  • Customize and optimize the content you see on our Website
  • Improve the Services: Assessing trends and usage across the Website and Service to help usdetermine what new features or integrations our Users may be interested in
  • Conduct customer research: Engage in analysis and research regarding the use of the Services, andimprove our Services
  • Secure our Services and resolve technical issues being reported
  • Meet legal requirements: Comply with any procedures, laws, and regulations that apply to us whereit is necessary for our legitimate interests or the legitimate interests of others
  • Establish, exercise, or defend our legal rights where it is needed for our legitimate interests or thelegitimate interests of others
  • Recruiting: Evaluation and selection of applicants; including, for example, setting up andconducting interviews and tests, evaluating and assessing the results thereto, and as is otherwiseneeded in the recruitment processes, including the final recruitment. Additionally, we may processyour personal data to include you in our talent pool and contact you should a suitable position beavailable if you have consented to this; such processing is legally permissible under Art. 6 (1)(a)of the GDPR.

HOW WE DISCLOSE YOUR PERSONAL DATA

We process Personal Data as a controller for the purposes below (Website, account/billing, support,marketing, recruiting, and Operational Telemetry needed to run the Services). Where Personal Data ishandled as a processor/service provider under your instructions in the Services, the DPA governs.

Purposes (controller scope):
  • Access and authentication. Create and manage your Account, Authorized Users, and administer theServices.
  • Paid Services. Process payments via secure third-party payment processors; we do not store fullcard numbers
  • Public profile (optional). If you choose to enable a public profile, display the fields you provide;you can edit or remove them at any time.
  • Support. Respond to requests, troubleshoot, and operate help channels.
  • Service security and integrity. Operate, secure, and monitor the Services, including fraud/abuseprevention and incident response, using necessary Operational Telemetry and logs.
  • Improve and customize. Analyze aggregate usage to maintain, protect, and improve features and totailor content on the Website.
  • Communications. Send service messages and, where permitted, marketing about the Services orrelated offerings; you can opt out of marketing at any time.
  • Legal and compliance. Comply with laws, enforce terms, protect rights, and manage disputes.
  • Recruiting. Evaluate applicants, schedule interviews/tests, and maintain a talent pool where youconsent.
Legal bases. Depending on context: performance of a contract (providing the Services), legitimate interests(security, service improvement, fraud prevention), consent where required (certain marketing or talentpool), and legal obligations (tax/accounting, compliance).

HOW WE RETAIN AND DISPOSE YOUR PERSONAL DATA

We retain Personal Data no longer than necessary for the purposes described here or as required by law.Controller-scope defaults:
  • Account & billing records: contract term + up to 7 years (tax/accounting).
  • Operational Telemetry (logs/metrics): up to 180 days by default.
  • Security/debug artifacts: shortest practical period, typically within 180 days unless needed topreserve evidence.
  • Marketing/preferences: until you opt out or after reasonable inactivity.
  • Recruiting: up to 12 months (or longer with your consent, where permitted).
Retention and deletion for processor-scope Customer Personal Data are governed exclusively by the DPA(including execution artifacts, backups, and subprocessors).

We delete or irreversibly anonymize data when it is no longer needed. Legal holds may temporarily overridethe above.

YOUR RIGHTS AND YOUR CHOICES

Access, Correction, Deletion

Upon request and identity verification, you may access the Personal Data we hold as a controller, andrequest correction or deletion. Submit requests via rk@getsally.io or through your Account settings on theWebsite. We aim to respond within thirty (30) calendar days or earlier if required by law. If we decline arequest as permitted by law, we will inform you of the reason and your available options. If a correctiondispute remains unresolved, we will note that a correction was requested but not made.

Requests relating to processor-scope Customer Personal Data should be directed to the relevant controller(our customer). We will support the controller’s response as required by the DPA.

Marketing Preferences

You can opt out of marketing emails at any time by using the unsubscribe link. Transactional or serviceemails (e.g., security, billing, legal updates) are not marketing and will continue as necessary to provide theServices. For postal marketing, contact rk@getsally.io; allow up to ten (10) calendar days for changes totake effect.

U.S. State Privacy (including California)

Where applicable, you may have rights to access, correct, delete, or obtain a copy of certain PersonalInformation, and to opt out of “Sale” or “Sharing” as defined by state law. We do not Sell or Share PersonalInformation for cross-context behavioral advertising. We honor valid Global Privacy Control (GPC)signals. Submit requests via rk@getsally.io. We will verify and respond within the statutory period.

EEA/UK

Where GDPR applies, you may have rights to access, rectification, erasure, restriction, portability, and toobject, and the right to lodge a complaint with a supervisory authority. Legal bases are described in “HowWe Use Your Personal Data.”

THIRD-PARTY LINKS AND FEATURES

The Website and the Services may include links and third-party features (e.g., share/“like” buttons,embedded widgets). These features may collect your IP address, page URL, device/browser details, andmay set cookies to function. They are provided by third parties and are governed by those parties’ privacypolicies and terms, not this Privacy Policy. We are not responsible for third-party sites or features andprovide links for convenience only.

INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA

We and our service providers may process controller-scope Personal Data in the United States, the EuropeanUnion, and other countries. Where required, we rely on appropriate safeguards, including the EU StandardContractual Clauses (SCCs), the UK Addendum, and the Swiss addendum, with supplementary measures(e.g., encryption and access controls). Transfers for processor-scope Customer Personal Data are governedby the DPA (see its transfer section/Schedule). By using the Services, you acknowledge such transfers aspermitted by applicable law.

HOW WE PROTECT YOUR PERSONAL DATA

We implement administrative, technical, and organizational safeguards appropriate to the nature of the data,including encryption in transit/at rest where applicable, access controls, logging, and layered defenses.Access to Personal Data is limited to personnel and service providers with a need to know and who arebound by confidentiality obligations. For processor-scope measures, see the DPA (Technical andOrganizational Measures).

If you become aware of or suspect unauthorized use of your Account, contact us promptly at rk@getsally.io or through the channels in Contact Us below.

CHILDREN AND PRIVACY

The Website and the Services are not directed to children. We do not knowingly collect Personal Data fromchildren under 16 in the EEA/UK or under 13 in the U.S. (COPPA). If we learn that a child has providedPersonal Data without the required consent, we will promptly delete it. If you believe this has occurred,contact us at rk@getsally.io.

AGGREGATE DATA

We may create and use aggregated or de-identified information derived from use of the Website and theServices (e.g., visit frequency, pages viewed, feature adoption, browser/OS mix). This information does notidentify an individual and we do not attempt to re-identify it. We use such information to operate, analyze,improve, and secure the Services and the Website, to report business metrics, and for other legitimatebusiness purposes. We may share aggregated or de-identified information with third parties. Whereapplicable law treats certain de-identified data as Personal Data, we will handle it accordingly.

TERRITORY-SPECIFIC TERMS

EEA AND THE UK

Legal bases. We rely on: (i) performance of a contract (providing the Services); (ii) legitimate interests(e.g., security, service improvement, fraud prevention) where not overridden by your interests; (iii)compliance with legal obligations; and (iv) consent where required (e.g., certain marketing or talent pool).

Your rights. Where GDPR applies, you may have the right to: access, portability (for data you provided,processed by automated means, based on consent/contract), rectification, objection (including to directmarketing), restriction, erasure, and to lodge a complaint with a supervisory authority. If processing relieson consent, you may withdraw it at any time; prior processing remains lawful.

Automated decisions. We do not conduct automated decision-making producing legal or similarlysignificant effects (GDPR Art. 22). If this changes, we will provide required information and safeguards,including human review.

How to exercise. Submit requests via rk@getsally.io or through your Account on the Website. We willverify your identity and respond within the statutory period. Requests concerning processor-scopeCustomer Personal Data should be sent to the relevant controller; we will assist as required by the DPA.

UNITED STATES (State Privacy Laws)

Scope. This section applies to residents of California, Colorado, Connecticut, Utah, Virginia, and other U.S.states with similar privacy laws.

Your rights. Subject to exemptions, you may have the right to access, correct, delete, and obtain a portablecopy of certain Personal Information; to opt out of “Sale” or “Sharing” (as defined by state law) and oftargeted advertising and certain profiling; and to appeal our response to your request.

How to exercise. Submit requests at rk@getsally.io. We will verify your identity (and, for authorized agents,require proof of authority). We will respond within the statutory period and provide an appeals path if youdisagree with our decision.

Opt-out signals. We honor Global Privacy Control (GPC) and other recognized opt-out preference signalswhere required (e.g., California, Colorado).

No Sale/No Sharing. We do not Sell or Share Personal Information for cross-context behavioral advertising.If this changes, we will provide a “Do Not Sell or Share” link and update this notice.

Sensitive Personal Information (California). We do not use or disclose Sensitive Personal Information forpurposes that require a Right to Limit; no separate “Limit Use” control is needed.

Non-discrimination. We will not discriminate against you for exercising your privacy rights.

Nevada. We do not sell “covered information” as defined under Nevada law. Requests may be sent tork@getsally.io

Shine the Light (California). You may request information about certain disclosures of Personal Informationto third parties for their direct marketing by contacting rk@getsally.io with “Shine the Light” in the subjectline.

International Transfers of Personal Data

We and our service providers may process controller-scope Personal Data in the United States, theEEA/UK, and other countries. Where required, we use appropriate safeguards, including the EU StandardContractual Clauses (SCCs), the UK Addendum, and (as applicable) the Swiss addendum, together withsupplementary measures (e.g., encryption and access controls). Some destinations are covered by anadequacy decision, in which case no further safeguards are needed.

Transfers for processor-scope Customer Personal Data are governed exclusively by the DPA (see its transfersection/Schedule).

You may contact us (see Contact Us) to request more information about transfer mechanisms or, whereavailable, a copy of relevant SCCs/Addendum.

CHANGES TO OUR PRIVACY POLICY

We may update this Privacy Policy from time to time. We will post updates on this page and, where required,provide notice (e.g., on the Website or by email). The “Last updated” date at the top will indicate the currentversion. Your continued use of the Website and the Services after the effective date of an update constitutesacceptance of the updated Policy.

CONTACT US

For privacy inquiries or requests, contact: rk@getsally.io

ASPEEN INC., a Delaware corporation
1111B S Governors Ave, STE 26133, Dover, DE 19904, USA

If you report a suspected security issue involving your Account, please state “Security” in the subject line.