Last updated August 21, 2023
Personal Data. When we say, “Personal Data,” we mean any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Data falls within certain categories, for example:
Identifiers (e.g., name, email, telephone number, address, username);
Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies);
Internet or other similar activity (e.g., browsing history; content interactions);
Employment-related information (e.g., current or past employment);
Legally protected information (e.g., race, citizenship, marital status, sex);
Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99);
Sensitive Personal Data (e.g., government identification number; precise geolocation; racial or ethnic origin; religious beliefs; health information; contents of messages when we are not the recipient; in some cases, information about a known child);
Biometrics (e.g., DNA, face/voice prints, health data) and audio, electronic, visual, thermal, or olfactory information; and
Inferences drawn from Personal Data to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, and aptitudes.
Some information is not legally protected as Personal Data, such as publicly available information; aggregated information (meaning data summaries or reports with Personal Data removed); and anonymized information that cannot be linked back to an individual.
1. Age Requirements. GoRails Services are intended for use by adults, not children. You must be at least 16 years of age to use the Services. No individual under the age of 16 should attempt to use the Services or provide any Personal Data to GoRails. If we learn we have collected or received Personal Data from a minor under 16, we will delete that information. If you believe we might have any information from or about a minor under 16, please contact firstname.lastname@example.org.
2.1. Categories and Sources of Personal Data Collected. During the preceding 12 months, GoRails has collected identifiers, commercial history, and internet and similar information from your visits to the Site and use of the Services, as detailed below:
2.1.1. Users. When you register as a User of our Services, GoRails will collect your name, email address, and password to create your account. You have the option to login via your GitHub account, which allows GoRails to receive and sync your account profile with your GitHub profile. Once registered with GoRails, you can select and use the various free or paid Services we offer. If you choose to include optional details in your account profile or post User Content to the Services, you consent to our collection of that information as well. If you contact GoRails by email or otherwise, we will collect any Personal Information you choose to include your message to us. Any payments for fee-based Services are processed using a PCI-DSS payment processor, so we never access, use, or store your payment information.
2.1.2. Site Visitors. When you visit the Site to learn about our company and Services, you have the option to communicate with us via email or electronic form. If you do, we will collect your name, email address and other contact information as needed to provide you with the information you request. We collect this information with your consent, and we use it for the purposes stated at the time of collection, to provide you with our Services, and to send you more information about our Services.
We also reserve the right to use Personal Data to monitor your compliance with our agreements and policies; maintain the security and integrity of the Services; for internal testing, analysis and development; in response to law enforcement and government requests; to bring legal action as necessary to protect GoRails, you, or others; or to evaluate or conduct a business transition involving some or all of our company assets where Personal Data held by GoRails is among the assets transferred.
We will not collect additional categories of Personal Data or use already collected Personal Data for purposes that are materially different, unrelated or not reasonably necessary or compatible with the original purpose without notice and consent to you as required by law.
1. Disclosure of Personal Data to Third Parties. GoRails will only disclose Personal Data to the third parties as described in this section, with your permission, or as required by law. In the preceding 12 months, we have disclosed all types of Personal Data that we collected to third parties for a business purpose. More specifically, we may disclose Personal Data to:
1.1. Service Providers. GoRails uses trusted service providers like data hosting services, email platforms, analytics tools, and payment processors to provide key features of the Services and to operate our business. These service providers may have access to the Personal Data we collect if necessary to perform their contractual obligations to us. We prohibit our service providers from selling or disclosing the Personal Data we provide, and we require all service providers to maintain confidentiality standards and appropriate technical and organizational measures to ensure the security of your Personal Data.
1.2. Law Enforcement, and other governmental agencies, as permitted or required by law.
1.3. Other Recipients, as permitted by applicable law, for example: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate in order to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.
1.4. Aggregated and Deidentified Information. GoRails reserves the right to share aggregated, anonymized, or deidentified information about any individuals with nonaffiliated entities for marketing, advertising, research or other purposes, without restriction.
2. Retaining Personal Data. GoRails only retains Personal Data for the minimum period necessary to provide our Services or achieve our business goals. User account data is retained while your account remains active and we delete it when you cancel your account. Data collected from cookies may be retained for up to 24 months. GoRails reserves the right to retain data as needed to prevent fraud, as required by law or court order, or if doing so is critical to our business. We securely delete data at the conclusion of the applicable retention period.
3. Your Personal Data Controls. We provide you with a variety of methods to directly control how we collect and use your Personal Data:
1.1. Your Account. You have the option to access, update, or delete your Personal Data through your account settings.
1.2. Emails. GoRails may use your contact information to communicate with you about your use of our Services. For example, we may send you service or support communications by email, phone, text, mail, or other means. You understand that you receive these communications as part of your use of the Services. You can opt- out at any time by following the Unsubscribe link at the bottom of our emails, but if you are a User we may still need to contact you with service announcements related to your account.
1.3. Revoke consent. If you wish to revoke a consent already given to us, please contact email@example.com.
1.4. Text/SMS. By providing us with your wireless phone number, you consent to GoRails sending you informational text messages related to the products, Services, or information you have requested from us. The number of texts that we send to you will be based on your circumstances and requests. You can unsubscribe from text messages by replying STOP or UNSUBSCRIBE to any of these text messages. Messaging and data charges may apply to any text message you receive or send. Please contact your wireless carrier if you have questions about messaging or data charges.
1.5. Marketing Communications. We may send you marketing communications by email, mail, or other means in compliance with applicable law. You can opt-out anytime by following the Unsubscribe link in any of our emails or by contacting firstname.lastname@example.org.
1.6. Privacy Requests. If you wish to exercise your rights under the privacy laws that apply to you, or if you want to express concerns, revoke your consent, lodge a complaint, or request information, please contact email@example.com or reach out through our Help Center. GoRails will respond and fulfill your request as required by applicable law.
1.7. Please note that GoRails can only assist with or fulfill a privacy request when we have sufficient information to verify that the requester is the person or an authorized representative of the person about whom we have collected Personal Data, and to properly understand, evaluate, and respond to the request. We do not charge a fee to process or respond to a verifiable request unless we have legal grounds to do so. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We endeavor to respond to privacy requests in accordance with the requirements of the law applicable to your jurisdiction. If we do not fulfill your request within the legally required timeline, you can appeal our response by contacting firstname.lastname@example.org.
4. Notice of Privacy Rights. Depending on where you live or are located, you may have certain rights over your Personal Data that we collect and retain. GoRails will facilitate your exercise of those rights as described in this section.
1.1. United States Consumer Privacy Rights. In the United States, consumer privacy rights are provided under state laws and federal laws provide protections relative to certain industries or data uses. This section provides informational notices for under privacy laws for states like California, Colorado, Connecticut, Nevada, Utah, Virginia, and other states that require companies to inform consumers about their privacy rights and provide a method to exercise those rights. Residents of states offering privacy protections (each a “Consumer”) may be entitled to some or all of the privacy rights listed below:
1.1.1. Right to Correct. You have the right to request that we correct inaccurate Personal Data about you on our systems. If you become aware that the Personal Data that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.
1.1.2. Right to Deletion. You have the right to request that we delete your Personal Data that we collected and retained, with certain exceptions. GoRails may permanently delete, deidentify, or aggregate the Personal Data in response to a request for deletion.
1.1.3. Right to Access. You have the right to request confirmation that we have collected Personal Data about you and that we provide you with access to that Personal Data. If you submit an access request, we will provide you with copies of the requested pieces of Personal Data in a portable and readily usable format. Please note that GoRails may be prohibited by law from disclosing certain pieces of Personal Data, and we may be limited in the number or frequency of requests we must fulfill.
1.1.4. Right to Disclosure. You may request that we disclose information to you about our collection and use of your Personal Data, such as: (a) the categories of Personal Data we have collected about you; (b) the categories of sources for the Personal Data we have collected about you; (c) our business purpose for collecting, using, processing, sharing or selling that Personal Data, as applicable; (d) the categories of third parties with whom we share that Personal Data; and (e) if we sold or shared your Personal Data under the CCPA, two separate lists stating: (i) sales or sharing, identifying the Personal Data categories that each category of recipient purchased; and (ii) disclosures for a business purpose, identifying the Personal Data categories that each category of recipient obtained. Certain laws may limit the number or frequency of requests we must fulfill.
1.1.8. Right to Nondiscrimination. We will not discriminate against you for exercising your privacy rights. For example, unless permitted by law we will not: (a) deny you goods or services; (b) charge you different prices or rates for goods or services; (c) provide you a different level or quality of goods or services; (d) retaliate against you as an employee, applicant for employment, or independent contractor for exercising your privacy rights; or (e) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised a right under applicable privacy laws.
1.1.9. Right to Disclosure of Marketing Information. California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California residents to request certain disclosures regarding Personal Data sharing with affiliates and/or third parties for marketing purposes.
2. Privacy Rights for the European Economic Area and United Kingdom. This section provides the disclosures and notices required under the General Data Protection Regulation (“GDPR”) and its counterpart regulation applicable to residents of the United Kingdom. This section applies solely to residents of the European Economic Area (“EEA”) and the United Kingdom (“Data Subjects”). When serving our Customers, GoRails collects and processes Personal Data of Data Subjects as a controller. Data Subjects have the following rights over their Personal Data, subject to applicable limitations:
2.2. Right to access your Personal Data. Upon request, we will provide you with a copy of your Personal Data and details about the types of Personal Data we process, why we process it, and any third parties we work with to collect Personal Data on our behalf. We may have one or more legally valid reasons to refuse your request in whole or in part, for example, to protect the rights of other individuals.
2.3. Right to restrict processing of your Personal Data. You can request that we restrict the processing of your Personal Data if: (a) the data is inaccurate; (b) the processing is unlawful; (c) we no longer need the Personal Data; or (d) you exercise your right to object.
2.4. Right to rectify your Personal Data. If you become aware that the Personal Data that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.
2.5. Right to data portability. In some circumstances, we are required to provide your Personal Data to another organization at your request and in a structured, commonly used and machine-readable format.
2.6. Right to erasure (a.k.a. the “right to be forgotten”). Upon your request, we must delete your Personal Data in certain circumstances and where required by law. This right is not absolute, and we may be entitled to retain and process your Personal Data despite your request. If you make this request, we balance certain legal, contractual, and business interests against your right to request the deletion of your Personal Data.
2.7. Right to object to certain processing of your Personal Data. Upon your request, we will limit our processing of your Personal Data as you request in certain circumstances and where we are required to do so by law.
2.8. Right not to be subject to automated decision-making. GoRails does not use automated decision-making to provide the Services. If this changes in the future, we will update this posting to describe our use of automated decision-making and your options to exercise your privacy rights related to your Personal Data processed using automated decision-making.
2.9. Right to lodge a complaint with a supervisory authority. Data Subjects can submit requests, questions, or complaints to GoRails using the methods described under Privacy Requests. If, after contacting us, you feel a privacy issue has not been resolved, you have the right to file a complaint with a supervisory authority. We suggest the Data Protection Commissioner of Ireland.
3. Canadian Privacy Rights. This section provides the disclosures and notices required under Canada’s Personal Data Protection and Electronic Documents Act (“PIPEDA”) and solely to residents of Canada where PIPEDA applies (“Canadian Consumers”). PIPEDA gives Canadian Consumers specific rights regarding Personal Data offering details on an identifiable person without the inclusion of name, title, telephone number, and business address of an employee of a business or organization. The rights afforded under PIPEDA are described below.
3.3. Right to accuracy of your Personal Data. We take steps to reasonably ensure that your Personal Data we are using is accurate. If you become aware that the Personal Data that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.
3.4. Right to access your Personal Data. Upon written request and identity authentication, we will provide you with your Personal Data under our control, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed. We will make the information available within 30 days or provide written notice where additional time is required to fulfil the request. We may not be able to provide access to some or all of the Personal Data you request if limited by law or potential infringement of another’s privacy rights. If we must refuse an access request, we will notify you in writing, document the reasons for refusal, and outline further steps that are available to you.
4. Consent to Cross-Border Data Transfers. GoRails is owned and operated in the United States. If you access the Services from outside the U.S., please be aware that your Personal Data may be transferred to, processed, stored, and used in the U.S. When your information is moved from your home country to another country, the laws and rules that protect your Personal Data in the country to which your information is transferred may be different from those of the country where you live. For example, if your information is in the U.S., it may be accessed by government authorities under United States law. GoRails is committed to transferring Personal Data using a lawful data transfer mechanism. For example, we only work with data service providers that adhere to the European Commission’s approved standard contract clauses, and we employ the same level of security measures to secure the data.
Note that GoRails does not warrant that the Services are appropriate or authorized for use in any non-U.S. jurisdiction. You are solely responsible for determining whether your use the Services complies with applicable law. By allowing us to collect Personal Data about you, you consent to the transfer and processing of your Personal Data as described in this section.
5.1. Necessary authentication cookies that are essential for the Services to function. These cookies cannot be disabled and blocking them may prevent you from using the Services.
5.2. Google Analytics cookies to track and analyze use and performance of the Services.
5.3. A YouTube tracking cookie for marketing and advertising purposes. You can prevent this cookie from collecting your Personal Data by changing your YouTube share settings to “Enable privacy-enhanced mode.” Most web browsers automatically accept cookies. If you prefer, you can edit your browser options to block or disable cookies. You can also adjust your browser settings to notify you when you are sent a cookie. Most browsers offer a Help tool that will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. You can also install third-party plugins to control cookie behavior.
6. Security. GoRails has implemented and maintains reasonable security measures to secure your Personal Data from accidental loss and unauthorized access, use, alteration, and disclosure. Our security measures are appropriate to the volume, scope, and nature of the Personal Data processed and designed to meet our duty of care with respect to your Personal Data. For example, all requests are encrypted with SSL, passwords are securely hashed, and data is backed up hourly.
Please remember that transmitting data online is never 100% secure. Please exercise caution when disclosing your Personal Data online. You are solely responsible for the security of your GoRails login credentials and device. We cannot guarantee the security of information you submit via our Services while it is in transit over the Internet, and any such submission is at your own risk. GoRails recommends that you install anti-virus and anti- malware software on your device and keep all software updated.
7. Third-Party Services. The Services may include features that allow you to access third-party services. Please note that GoRails has no control over third-party services, including those developed or operated by our Users. You access these services at your own risk.