Tonkean Privacy Policy

Effective Date: September 18, 2017

Tonkean, Inc. (“Tonkean”, “we”, “our” or “us”) respects the privacy of its users, and is committed to protect their personal information and to use it lawfully. This Privacy Policy (“Policy”) describes how we may collect, use and disclose such personal information, and the rights and choices available to our users regarding such information.

We strongly urge you to read this policy and make sure you fully understand and agree with it, before you access or use any of our services. If you do not read, fully understand and agree to this Privacy Policy, you must refrain from and/or discontinue any use of this website, application or service, and avoid or discontinue all use of any of our services.

1. Your Consent (please read carefully!)

Tonkean provides a next generation business dashboard and management tool, for uncovering our users’ business reality by intelligently surfacing answers based on human input and data. This Privacy Policy (“Privacy Policy“) describes how we may collect and use information pertaining to each of our unregistered visitors, customers and registered users (each, a “User“, or “you“), in connection with their access to and use of Tonkean’s platform, services, website (including and any of its subdomains; collectively, the “Website“) and web applications (collectively, the “Services“).

This Privacy Policy constitutes a binding and enforceable legal contract between Tonkean and you – so please read it carefully.

You may use the Services only if you fully agree to this Privacy Policy – and by accessing and/or using any of the Services, you signify and affirm your informed consent to the collection and processing of your Personal Information as defined and explained below.

Please note: you are not obligated by law to provide us with any information. You hereby acknowledge, warrant and agree that any information you do provide us is provided of your own free will and consent, for the purposes and uses described herein.

2. What Information Do We Collect?

We collect two general types of information regarding our Users:

  1. Un-identified and non-identifiable information pertaining to visitors of our Services or un-identified Users, which may be made available to us or collected automatically via their use of the Services, or which may have been fully anonymized (“Non-personal Information“). Such Non-personal Information does not enable us to identify the person from whom it was collected, and mainly consists of technical and aggregated usage information, such as browsing and ‘click-stream’ activity on the Services, session logging, heatmaps and scrolls, non-identifying information regarding their device, operating system, screen resolution, internet browser, language and keyboard settings, ISP, referring/exit pages, date/time stamps, etc.
  1. Individually identifiable information, namely information that identifies an individual or may with reasonable efforts cause the identification of an individual, or may be of private or sensitive nature (“Personal Information“). Such Personal Information that is collected by us mainly consists of the following types of information (including, for the avoidance of doubt, Non-personal Information that is connected or linked to said Personal Information to the extent such connection or linkage exists (for example, in order to improve the Services we offer)):
  1. Team Member Information: our management tool enables our customers (“Customers“) to uncover their business reality by intelligently surfacing answers based on data and human input, provided by their employees, representatives, service providers and team members who are registered to our Services under such customer’s account (collectively, “Team Members“). When such Team Members visit and register to our Services, and throughout their use thereof, we may collect certain Personal Information relating to them.

Specifically, such information may include, depending on configuration done by or on behalf of the relevant Customer or otherwise at the choice of the Team Member, the Team Member’s name, username, physical address, profile picture, phone number, profile information, organizational and/or private e-mail address and title; their session IP, Geo-location and/or device unique identifier; their interactions and correspondences through the Services (such as their answers, messages and associated content), and additional information pertaining to Team Members as required by the respective Customer, that may contain Personal Information, and any other Personal Information provided to us by either Customers or Team Members. For more regarding Team Member Information and how we treat it, please see Section 6 below.

Please note: our Services allow submission of “anonymous” posts and messages. Please note that we collect and keep the identity of the User who submitted such communications, and may disclose and use such information in accordance with this Privacy Policy.

  1. Customer Information: Information concerning our Customers (including authorized personnel of our Customers who may or may not be Users of our Services), namely their company name and affiliation, physical address, E-mails and login credentials to our Services, payment details, payment preferences and transaction history (to the extent that any such information is personally identifiable to any particular persons, otherwise we will deem it as Non-personal Information).
  1. Job Candidate Information: Information that is provided to us by Tonkean job candidates (“Candidates“), when they apply to any of the open positions published at our Website, by e-mail, via LinkedIn or otherwise, and following their application (as further described in Section 7 below).

3. How Do We Collect Such Information?

There are two main methods that we use:

  1. We collect information through the use of our Services. Namely, when our Users visit or use our Services, we might be aware of it and may gather, collect and record such uses, sessions and related information, including by using third party services as detailed in Section 8 below, and by using “cookies” and other tracking technologies, as further detailed in Section 9 below.
  1. We collect information which is provided to us voluntarily by the User, their Team Members, their organization (our Customer) or other third parties. For example, we collect the Personal Information that our Users provide us when registering to our Services, uploading data, content and documents to our Services, filling out forms and contacting us, etc. In addition, we may collect Personal Information that is provided to us by your organization and Team Members, as well as third parties including our business partners, affiliates, source control applications, support applications, and other services used by you or your organization.

Please note: If you provide us with information of third parties (such as that of your Team Members or co-workers), you hereby represent and warrant that each of them has given their informed consent to the processing and use of their Personal Information in the manners described in this Privacy Policy. You agree to indemnify and hold us harmless from and against all claims, losses, damages and expenses arising out of or in connection with any third party’s information you have provided us.

4. Why Do We Collect Such Information?

We collect such Non-personal and Personal Information for the following purposes:

  1. To facilitate, operate, and provide our Services;
  2. To facilitate communications between Users who belong to a certain organization/Customer;
  3. To verify the identity of our Users;
  4. To collect payments;
  5. To further develop, customize and improve our Services, and to provide you with any such enhanced Services, as we put together and analyze all Information available to us to maximize the relevance and quality of our Services;
  6. To improve your user experience, e.g. by remembering Information so that you will not have to re-enter it during your current or next visit to the Services;
  7. To provide our Users with ongoing customer assistance and technical support, and to diagnose or fix technology problems reported by our Users or engineers;
  8. To monitor and improve the effectiveness of our Services and our marketing efforts;
  9. To analyze and index information from other systems and tools you use, in order to visualize and provide alerts on anomalies;
  10. To be able to contact our visitors and Users with general and personalized service-related notices, surveys and promotional messages (as further detailed in Section 10 below);
  11. To monitor aggregate metrics and create aggregated statistical data and other aggregated and/or inferred Non-personal Information, including anonymized and/or pseudonymized Personal Information, which we, our Users or our business partners may use and disclose at our discretion;
  12. To manage and assess risk, enhance our data security and fraud prevention capabilities, and help protect against error, fraud or any illegal or prohibited activity;
  13. To consider Candidates’ applications for working at Tonkean (as further detailed in Section 7 below);
  14. To act as permitted by, and to comply with, any legal or regulatory requirements; and
  15. To conduct any additional activities that may require the use of your Personal Information, for which we will request your specific consent in advance.

5. Where Do We Store Personal Information?

Information regarding our Users may be maintained, processed and stored by Tonkean and our authorized affiliates and Service Providers (including our secured cloud storage providers, currently Microsoft Azure) in the United States of America, and might be accessed from other jurisdictions as necessary for the proper delivery of our Services and/or as may be required by law (as further explained in Section 8 below).

Information regarding our job Candidates will be maintained, processed and stored by Tonkean and our authorized affiliates and service providers in the United States of America, in Israel, in the applied position’s location(s), and as necessary, in secured cloud storage provided by our Third Party Services.

Tonkean is based in the United States with offices in San Francisco, California and in Israel with offices in Tel Aviv. Israel is considered by the European Commission to be offering an adequate level of protection for the personal information of EU Member State residents.

While the data protection laws in the above jurisdictions may be different than the laws of your residence or location, please know that Tonkean, its affiliates and Service Providers that store or process your Personal Information on Tonkean’s behalf are each committed to keep it protected and secured, in accordance with this Privacy Policy and industry standards, regardless of any lesser legal requirements that may apply in their jurisdiction.

6. Customer’s Team Member Information

Tonkean may collect, store and process certain Non-personal and Personal Information of the Team Members of our Customers, on our Customers’ behalf and at their direction. For example, our Customers are able to upload certain Team Member information to our Services, as well as require their Team Members to upload certain Personal Information during or following their registration and on-boarding to the Services. Such Personal Information is then stored with Tonkean (and its third party service providers), on the customer’s behalf.

For such purposes, Tonkean serves and shall be considered as a “Data Processor” and not as the “Controller” (as both such capitalized terms are defined in the European Data Protection Directive and the upcoming General Data Protection Regulation) of such Team Member Information. The Customers shall be considered as the “Controllers” of their Team Members’ information, and are responsible for complying with all laws and regulations that may apply to the collection and control of such information, including all data protection laws of any relevant jurisdiction.

Our Customers are responsible for the security, integrity and authorized use of their Team Members’ information, and for obtaining any consents and permissions required for the collection, processing, and use of such information.

If you are an employee, representative, service provider or team member of any of our Customers and have had your Personal Information collected on such Customer’s behalf, we recommend that you contact them directly with any privacy or data-related concern you might have. For example, if you wish to access, correct, amend or delete inaccurate information processed by Tonkean on behalf of its customers, please correct the information on the same website where it was originally entered by you, or contact the relevant customer directly (as they are the “Controller” of such data). If requested to remove any Team Member Personal Information, we will respond to such request within thirty (30) days. Unless otherwise instructed by our Customers, we will retain their Team Members’ Personal Information for the period set forth in Section 12 below.

If a Team Member User has entered a direct agreement and relationship with Tonkean, under which such User’s Personal Information is provided by the User to Tonkean or otherwise collected for any services provided by Tonkean directly to such User, Tonkean shall be deemed as the “Controller” of such information, and the User may contact it directly, through the means described in Section 15 below.

7. Job Candidates

Tonkean welcomes all qualified Candidates to apply to any of the open positions posted at or LinkedIn, by sending us their contact details and CV (“Candidates Information“). We understand that privacy and discreetness are crucial to our Candidates, and are committed to keep Candidates Information private and use it solely for our internal recruitment purposes (including for identifying Candidates, evaluating their applications, making hiring and employment decisions, and contacting Candidates by phone or in writing).

Please note that Tonkean may retain Candidates Information submitted to it even after the applied position has been filled or closed. This is done so we could re-consider Candidates for other positions and opportunities at Tonkean; so we could use their Candidates Information as a reference for future applications submitted by them; and in case the Candidate is hired, for additional employment and business purposes related to their work.

If you previously submitted your Candidates Information to Tonkean, and now wish to access it, update it or have it deleted from our systems, please contact us at

8. With Whom Do We Share Personal Information

Tonkean may share your Personal Information with third parties (or otherwise allow them access to it) only in the following manners and instances:

Sharing Personal Information your organization (our Customer): If you are a Team Member, we may share your Personal Information with your organization, and also allow limited access (such as only to your profile picture, username and messages) to other Team Members of your organization and other Users permitted to access such Information. For further information, please see Section 6 above.

In certain cases, your organization will control your account and will be entitled to monitor, process and analyze your information, messages and associated content, including (i) view any content you submit and your interaction with other users, even if submitted anonymously; (ii) view statistics regarding your account; (iii) change your account password; (iv) suspend or terminate your account access; (v) access or retain information stored as part of your account; and (vi) restrict your ability to delete or edit information. Please note that we are not responsible or liable for any disclosure, use or monitoring by your organization.

Third Party Services: Tonkean has partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server co-location services, data and cyber security services, banks, payment processors and correspondents, fraud detection and prevention services, web analytics, e-mail distribution and monitoring services, session recording, remote access services, and our business, legal and financial advisors (collectively, “Third Party Services“). Such Third Party Services may receive or otherwise have access to our Users’ Personal Information, depending on each of their particular roles and purposes in facilitating and enhancing our Services and business, and may only use it for such purposes. Such disclosure or access is normally subject to the recipient’s undertaking of confidentiality obligations, and the prevention of any independent right to use this information by the recipients, except as required to help us provide our Services. Tonkean remains responsible and liable for any Personal Information processing done by Third Party Services on its behalf, except for events outside of its reasonable control.

Governmental/Law Enforcement Agencies and Legal Requests or Duties: We may disclose or otherwise allow access to your Personal Information pursuant to a legal request, such as a subpoena, search warrant or court order, or in compliance with applicable laws, with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, counter terrorist financing verification requirements, fraud, or other wrongdoing.

Protecting Rights and Safety: We may share your Personal Information with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of Tonkean, any of our Users, or any members of the general public.

Tonkean Subsidiaries and Affiliated Companies: We may share Personal Information internally within our family of companies, for the purposes described in this Privacy Policy and in accordance with Section 5 above. In addition, should Tonkean or any of its affiliates undergo any change in control, including by means of a merger, acquisition or purchase of substantially all of its assets, your Personal Information may be shared with the parties involved in such event. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have via e-mail and/or a prominent notice on our Website or Services.

For the avoidance of doubt, Tonkean may share your Personal Information in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so. Additionally, we may transfer, share or otherwise use Non-personal Information in our sole discretion and without the need for further approval.


9. Use of Cookies and Other Tracking Technologies

Tonkean uses certain monitoring and tracking technologies, including ones offered by Third Party Services. These technologies, such as cookies, web beacons, pixels and log files, are used in order to maintain, provide and improve our Services on an ongoing basis, and in order to provide a better experience to our visitors and Users. For example, these technologies enable us to keep track of our Users’ preferences and authenticated sessions, to better secure our Services and detect abnormal behaviors, to identify technical issues, and to monitor and improve the overall performance of our Services.

In order for some of these technologies to work properly, a small data file (“cookie”) must be downloaded and stored on your device, for purposes of session and user authentication, security, keeping the User’s preferences, connection stability, monitoring performance and generally providing and improving our Services.

In order to delete or block any cookies, please refer to the “Help” area on your internet browser for further instructions, or look for optional third party add-ons offering cookie management assistance. For example, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the website you visit. Click “Help” in the toolbar of your browser for instructions, or review the cookie management guide produced by the Interactive Advertising Bureau – Please note however that deleting any of Tonkean’s cookies or disabling future cookies or tracking technologies may prevent you from accessing certain areas or features of our Services, or may otherwise adversely affect your user experience.

Google Analytics, Mixpanel, Crazy Egg, Full Story: Our Services use Google Analytics (by Google, Inc.), Mixpanel (by Mixpanel, Inc.), Hotjar (by Hotjar Ltd.) and Full Story (by FullStory, Inc.), for web analytics, heatmaps and session recording. Non-personal and Personal Information might be transmitted to and stored by such services on their servers. Please visit their respective websites to find out how such services uses such information or how you can opt out of being tracked.

To opt-out of Google Analytics, please visit

To opt-out of Mixpanel, please visit

To opt-out of Crazy Egg, please visit

To opt-out of FullStory, please visit

Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application.

10. Communications From Tonkean

Promotional Messages: In addition to communications that are an inherent part of our Services, occasionally we may also use your contact information to contact and notify you about important changes to the Services, updates, new services and special opportunities we think you will find valuable. We may contact you through e-mail, the Services, or any other contact information (such as your mobile phone number) you have provided us.

By registering to our Services and/or providing Tonkean with your e-mail address or any other contact information, you expressly agree to receive promotional content, messages or calls from Tonkean or our partners (acting on our behalf) through such means. Accordingly, we shall be entitled to call you or send you promotional content or messages by e-mail, SMS, direct text messages, marketing calls and similar forms of communication.

If you wish not to receive such promotional messages or calls, you may notify Tonkean at any time by e-mailing us at or by following the “unsubscribe” or “stop” instructions contained in the promotional communications you receive.

Service Messages: Tonkean may also contact you with important information regarding our Services. For example, we may notify you (through any of the means available to us) of changes or updates to our Services, payment issues, service maintenance, recruitment process updates, etc. You will not be able to opt-out of receiving such service messages.

11. Accessing Your Personal Information

If you wish to exercise your right to access and/or request us to make corrections to your Personal Information that you have stored with us or to delete it, or would like to receive a summary of what Personal Information (if any) of yours we disclosed to third parties for direct marketing purposes, please send us an e-mail to, or mail your request to Tonkean Inc., 25 Taylor St., San Francisco, CA 94102, USA, Attn: Data Protection Officer, and we will respond within a reasonable timeframe and in accordance with applicable laws. Please note that you may also correct, update or remove certain parts of your Personal Information by yourself, or completely deactivate your account, by logging into your account at Tonkean or by going to the same website where you originally provided the Information.

If you are a Team Member of a certain organization, we recommend that you contact such organization directly if you wish to access, correct, amend or delete inaccurate information processed by Tonkean on behalf of such organization (for more information, please see Section 6 above).

12. Data Retention

We may retain your Personal Information for as long as your User account is active or as otherwise needed to provide you with our Services. We may retain such Personal Information even after you deactivate your account or cease to use our Services, as may be requested by your organization, and possibly longer as reasonably necessary to comply with our legal obligations, to resolve disputes regarding any of our Users, prevent fraud and abuse, enforce our agreements and/or protect our legitimate interests.

13. Security

Tonkean has implemented security measures designed to protect the Personal Information of our Users, including physical, procedural and electronic measures. Among other things, we offer HTTPS secure access to our Services; we use industry standard SSL/TLS encrypted connections to protect the transmission of information that we believe in good faith to be of a sensitive nature; we use encryption tools to protect such sensitive information stored with us; we regularly monitor our systems for possible vulnerabilities and attacks, and seek new ways and tools for further enhancing the security of our Services and the integrity of the Personal Information that we hold.

Please note however, that regardless of the measures we take and the efforts we make, we cannot and do not guarantee the absolute protection and security of any Personal Information stored with us and/or with any third parties as described in Section 8 above. Unauthorized entry or use, hardware or software failure, and other factors may compromise information security. You acknowledge and agree to assume this risk when using the Services and when communicating with us, and your use of the Services is at your own risk.

We strongly encourage you to set strong passwords for your User account(s), avoid using the “save password” feature in your browser, and protect your account against unwanted access on your end (for example, do not share your login credentials with others, or allow them free access to your logged-in device).

If you have any questions regarding the security of our Services, please feel free to contact us at

14. General

This Privacy Policy, its interpretation, and any claims and disputes related hereto, shall be governed by and enforced in all respects solely and exclusively in accordance with the internal substantive laws of the State of California, without respect to its conflict of laws principles. Any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by, the U.S. District Court for the Northern District of California or a state court of competent jurisdiction located in San Mateo County.

We may amend this Privacy Policy at any time by posting a revised version on our Website. The revised version will be effective as of the published effective date. If the revised version includes a substantial change, we will provide you with 30 days’ prior notice via any of the communication means described in Section 9 above, or by posting notice of the change on our website. After this 30-day notice period, you will be considered as having expressly consented to all amendments to this Privacy Policy. We encourage you to periodically review this page for the latest information on our privacy practices.

Note that while our Services may contain links to other websites or services, we are not responsible for such websites’ or services’ privacy practices, and encourage you to be aware when you leave our Services and read the privacy statements of each and every website and service you visit. This Privacy Policy does not apply to such linked third-party websites and services.

Our Services are not intended for use by children under the age of 16. To use the Services, you must have attained the age of majority in your state/province/country of residence. If you are under the legal age to form a binding contract in the jurisdiction in which you are located, you may only use the Services under the supervision of a parent or legal guardian who has agreed to any agreement you enter into while using the Services, including the terms of this Privacy Policy. We do not knowingly collect Personal Information from minors under the age of 16 and do not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors are not using the Services. In the event that it comes to our knowledge that a minor is using the Services, we will prohibit and block such User from accessing the Services and will make all efforts to promptly delete any Personal Information stored with us with regard to such User.

This Privacy Policy was written in English, and may be translated into other languages for your convenience. If a translated (non-English) version of this Privacy Policy conflicts in any way with its English version, the provisions of the English version shall prevail.

15. Contacting Us

If you have any questions about this Privacy Policy, please contact us at

You may also contact us by mail at: 20 Kibutz Galuyot, Tel Aviv, Israel; or at 650 California Street, San Francisco, CA 94108, USA.