This Privacy Policy describes how P10Y Software, Corp. (“P10Y,” “we,” “us,” or “our”) collects, uses, stores, and discloses personal information in connection with access to and use of our software platform and related services (the “Services”).This Privacy Policy applies to all users of the Services and is incorporated by reference into P10Y’s Terms of Service. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, you should not use the Services.
P10Y provides a commercial software platform for analyzing software engineering productivity. Depending on the nature of the processing, P10Y may act either as a data processor processing information on behalf of a customer in connection with providing the Services, or as a data controller processing information for its own legitimate business purposes, including account administration, security, compliance, analytics, benchmarking, product improvement, and research. Where required by law, these roles may be further governed by a data processing agreement or similar arrangement.
We collect personal information that users voluntarily provide when registering for the Services, administering accounts, communicating with us, or otherwise interacting with the Services. This information may include names, business contact details such as email addresses, job titles, usernames, authentication information, and the content of communications with us.When users access or use the Services, we automatically collect certain technical and usage information. This may include internet protocol addresses, device and browser characteristics, operating system information, log files, timestamps, feature usage data, and diagnostic or performance information. This information is used to operate, secure, and improve the Services.In the course of providing the Services, P10Y may process customer-submitted materials such as source code repositories, metadata, survey responses, and related information (“Customer Data”). Customer Data may contain personal information to the extent such information is included in the materials provided by or on behalf of a customer.
We process personal information as necessary to provide, operate, maintain, and support the Services, to authenticate users and manage accounts, to ensure security and prevent fraud or misuse, to communicate with customers regarding administrative or service-related matters, to comply with applicable legal obligations, and to enforce our agreements.We also process information to improve and develop our products, models, and analytics, to perform benchmarking and trend analysis, and to conduct internal analytics and reporting. In addition, we process certain information in connection with research activities as described below.
P10Y generates aggregated, anonymized, and transformed data derived from use of the Services (“Derived Data”). Derived Data does not reasonably identify any individual, customer, or codebase. P10Y uses Derived Data for product improvement, benchmarking, analytics, model development, and other internal and commercial business purposes. Derived Data may be retained indefinitely.P10Y also conducts ongoing academic and scientific research related to software engineering productivity, including collaborations with academic institutions such as Stanford University and Carnegie Mellon University. These research activities use only aggregated and anonymized data (“Research Data”) and do not involve the publication or disclosure of identifiable Customer Data.Customers may opt out of the use of their data for research activities at any time by contacting support@p10y.com. Upon receipt of a valid opt-out request, Customer Data will no longer be used for research activities. Aggregated and anonymized data generated prior to the opt-out may continue to be retained. Opting out of research activities does not affect access to the core Services.
Where required under applicable data protection laws, including the GDPR and UK GDPR, P10Y processes personal information based on one or more lawful bases. These include processing necessary to perform a contract, processing based on legitimate interests such as service improvement, analytics, benchmarking, and security, processing required to comply with legal obligations, and processing based on consent where consent is required by law. Where processing is based on consent, individuals may withdraw consent at any time, subject to applicable legal requirements.
The Services provide analytical and decision-support outputs intended to assist human judgment. P10Y does not engage in automated decision-making that produces legal or similarly significant effects within the meaning of applicable data protection laws.
Personal information is retained only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Customer Data is retained in accordance with customer instructions and applicable agreements. Aggregated, anonymized, and Derived Data may be retained indefinitely. Personal information stored in backups may be retained for limited periods until deletion is technically feasible.
P10Y does not sell personal information. We may share personal information with service providers and subprocessors that support our operations, professional advisors such as legal or accounting firms, and authorities or other third parties where required by law or necessary to protect our legal rights. We may also share information in connection with a merger, acquisition, financing, or sale of all or a portion of our business. All service providers are subject to appropriate confidentiality and security obligations.
P10Y is headquartered in the United States, and personal information may be processed in the United States or other jurisdictions where P10Y or its service providers operate. Where required by law, appropriate safeguards are implemented to protect personal information transferred across borders.
P10Y implements reasonable and appropriate technical and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures are designed to align with industry standards and the nature of the Services.P10Y maintains a formal information security program and undergoes independent assessments to support its security controls. P10Y maintains compliance with SOC 2 Type II and ISO/IEC 27001 standards. Additional information regarding P10Y’s security practices, controls, and certifications is available through P10Y’s Trust Center available at https://trust.p10y.com`.Despite these measures, no method of transmission over the Internet or method of electronic storage can be guaranteed to be completely secure. Accordingly, P10Y cannot guarantee absolute security of personal information.
The Services are intended for business use and are not directed to children. P10Y does not knowingly collect personal information from individuals under 18 years of age.
Depending on your location, you may have rights under applicable data protection laws to access, correct, delete, restrict, or object to the processing of your personal information, as well as the right to data portability. Requests to exercise these rights may be submitted by contacting support@p10y.com. We will respond to such requests in accordance with applicable law.
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated through the Services or other appropriate means. Continued use of the Services after an update constitutes acceptance of the revised Privacy Policy.