Effective date: February 21, 2020
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data is data collected automatically either generated bythe use of the Service or from the Service infrastructure itself (for example,the duration of a page visit).
Cookies are small pieces of data stored on a User’s device.
Data Processor (or Service Providers)
Data Processor (or Service Provider) means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller.
We may use the services of various Service Providers in order to process your data more effectively.
Data Subject is any living individual who is the subject of Personal Data.
The User is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.
Information Collection And Use
We collect several different types of information for various purposesto provide and improve our Service to you.
While visitor our website or using our Service, we may ask you to provide us with certain Personal Data. The Personal Data we may collect includes, but is not limited to:
· Email address
· First name and last name
· Address, State, Province, ZIP/Postal code, City, Country
· Company and job title
· Profile picture
· Cookies and Usage Data
We also automatically collect information how the Service is accessed and used. This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Tracking Cookies Data
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. We and our Service Providers also use beacons and tags in HTML emails to our customers to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
Use of Data
Hugo Corporation uses the collected data for various purposes:
Hugo Corporation will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
Your information, including Personal Data, may be transferred to— and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside United States and choose to provide information to us, please note that we transfer the data, including PersonalData, to United States and process it there.
Disclosure for Law Enforcement
Under certain circumstances, Hugo Corporation may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
We may disclose the information we collect from and about you to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your Personal Data will be subject to this Policy.
Hugo Corporation may disclose your Personal Data in the good faith belief that such action is necessary to:
Aggregate and De-Identified Information
We share aggregate, anonymized, or de-identified information about website visitors and Services users with others for marketing, advertising, research, or similar purposes.
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
We do not support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Hugo Corporation aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data as required by applicable law.
Whenever made possible, you can update your Personal Data directly within your account settings section. If you are unable to change your Personal Data, please contact us to make the required changes.
If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, under applicable law, you may have the right:
You have the right to data portability for the information you provide to Hugo Corporation. You can request to obtain a copy of your Personal Data in a commonly used electronic format so that you can manage and move it. Please note that we may ask you to verify your identity before responding to such requests.
Data Subjects in the EEA have a right to lodge a complaint with their local supervisory authority if they have concerns about how we are processing their Personal Data. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
We may employ third party companies and individuals to perform functions on our behalf, including to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Our Service does not address anyone under the age of 13 ("Children").
We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Effective date: March 22, 2018
Please read these Terms and Conditions ("Terms", "Terms and Conditions") carefully before using the www.hugo.team website and associated web applications (the "Service") operated by Hugo ("us", "we", or "our"). Your access to and use of the Service is conditioned upon your acceptance of and compliance with these Terms. These Terms apply to all visitors, users and others who wish to access or use the Service. By accessing or using the Service you agree to be bound by these Terms. If you disagree with any part of the terms then you do not have permission to access the Service.
By creating an Account on our service, you agree to subscribe to newsletters, marketing or promotional materials and other information we may send. However, you may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
Some parts of the Service are billed on a subscription basis ("Subscription(s)"). You will be billed in advance on a recurring and periodic basis ("Billing Cycle"). Billing cycles are set either on a monthly or annual basis, depending on the type of subscription plan you select when purchasing a Subscription.
At the end of each Billing Cycle, your Subscription will automatically renew under the exact same conditions unless you cancel it or Hugo cancels it. You may cancel your Subscription renewal either through your online account management page or by contacting Hugo customer support team.
A valid payment method, including credit card, is required to process the payment for your Subscription. You shall provide Hugo with accurate and complete billing information including full name, address, state, zip code, telephone number, and a valid payment method information. By submitting such payment information, you automatically authorize Hugo to charge all Subscription fees incurred through your account to any such payment instruments.
Should automatic billing fail to occur for any reason, Hugo will issue an electronic invoice indicating that you must proceed manually, within a certain deadline date, with the full payment corresponding to the billing period as indicated on the invoice.
Hugo may, at its sole discretion, offer a Subscription with a free trial for a limited period of time ("Free Trial"). You may be required to enter your billing information in order to sign up for the Free Trial. If you do enter your billing information when signing up for the Free Trial, you will not be charged by Hugo until the Free Trial has expired. On the last day of the Free Trial period, unless you cancelled your Subscription, you will be automatically charged the applicable Subscription fees for the type of Subscription you have selected. At any time and without notice, Hugo reserves the right to (i) modify the terms and conditions of the Free Trial offer, or (ii) cancel such Free Trial offer.
Hugo, in its sole discretion and at any time, may modify the Subscription fees for the Subscriptions. Any Subscription fee change will become effective at the end of the then-current Billing Cycle.
Hugo will provide you with a reasonable prior notice of any change in Subscription fees to give you an opportunity to terminate your Subscription before such change becomes effective.
Your continued use of the Service after the Subscription fee change comes into effect constitutes your agreement to pay the modified Subscription fee amount.
Except when required by law, paid Subscription fees are non-refundable.
Our Service allows you to post, link, store, share and otherwise make available certain information, text, graphics, videos, or other material ("Content"). You are responsible for the Content that you post on or through the Service, including its legality, reliability, and appropriateness.
By posting Content on or through the Service, You represent and warrant that: (i) the Content is yours (you own it) and/or you have the right to use it and the right to grant us the rights and license as provided in these Terms, and (ii) that the posting of your Content on or through the Service does not violate the privacy rights, publicity rights, copyrights, contract rights or any other rights of any person or entity. We reserve the right to terminate the account of anyone found to be infringing on a copyright.
You retain any and all of your rights to any Content you submit, post or display on or through the Service and you are responsible for protecting those rights. We take no responsibility and assume no liability for Content you or any third party posts on or through the Service. However, by posting Content using the Service you grant us the right and license to use, modify, perform, display, reproduce, and distribute such Content on and through the Service.
Hugo has the right but not the obligation to monitor and edit all Content provided by users.
In addition, Content found on or through this Service are the property of Hugo or used with permission. You may not distribute, modify, transmit, reuse, download, repost, copy, or use said Content, whether in whole or in part, for commercial purposes or for personal gain, without express advance written permission from us.
When you create an account with us, you guarantee that you are above the age of 18, and that the information you provide us is accurate, complete, and current at all times. Inaccurate, incomplete, or obsolete information may result in the immediate termination of your account on the Service.
You are responsible for maintaining the confidentiality of your account and password, including but not limited to the restriction of access to your computer and/or account. You agree to accept responsibility for any and all activities or actions that occur under your account and/or password, whether your password is with our Service or a third-party service. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account.
The Service and its original content (excluding Content provided by users), features and functionality are and will remain the exclusive property of Hugo and its licensors. The Service is protected by copyright, trademark, and other laws of both the United States and foreign countries. Our trademarks and trade dress may not be used in connection with any product or service without the prior written consent of Hugo.
Our Service may contain links to third party web sites or services that are not owned or controlled by Hugo
Hugo has no control over, and assumes no responsibility for the content, privacy policies, or practices of any third party web sites or services. We do not warrant the offerings of any of these entities/individuals or their websites.
You acknowledge and agree that Hugo shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such third party web sites or services.
We strongly advise you to read the terms and conditions and privacy policies of any third party web sites or services that you visit.
We may terminate or suspend your account and bar access to the Service immediately, without prior notice or liability, under our sole discretion, for any reason whatsoever and without limitation, including but not limited to a breach of the Terms.
If you wish to terminate your account, you may simply discontinue using the Service.
All provisions of the Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.
You agree to defend, indemnify and hold harmless Hugo and its licensee and licensors, and their employees, contractors, agents, officers and directors, from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to attorney's fees), resulting from or arising out of a) your use and access of the Service, by you or any person using your account and password; b) a breach of these Terms, or c) Content posted on the Service.
In no event shall Hugo, nor its directors, employees, partners, agents, suppliers, or affiliates, be liable for any indirect, incidental, special, consequential or punitive damages, including without limitation, loss of profits, data, use, goodwill, or other intangible losses, resulting from (i) your access to or use of or inability to access or use the Service; (ii) any conduct or content of any third party on the Service; (iii) any content obtained from the Service; and (iv) unauthorized access, use or alteration of your transmissions or content, whether based on warranty, contract, tort (including negligence) or any other legal theory, whether or not we have been informed of the possibility of such damage, and even if a remedy set forth herein is found to have failed of its essential purpose.
Your use of the Service is at your sole risk. The Service is provided on an "AS IS" and "AS AVAILABLE" basis. The Service is provided without warranties of any kind, whether express or implied, including, but not limited to, implied warranties of merchantability, fitness for a particular purpose, non-infringement or course of performance.
Hugo its subsidiaries, affiliates, and its licensors do not warrant that a) the Service will function uninterrupted, secure or available at any particular time or location; b) any errors or defects will be corrected; c) the Service is free of viruses or other harmful components; or d) the results of using the Service will meet your requirements.
Some jurisdictions do not allow the exclusion of certain warranties or the exclusion or limitation of liability for consequential or incidental damages, so the limitations above may not apply to you.
These Terms shall be governed and construed in accordance with the laws of California, United States, without regard to its conflict of law provisions.
Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Service, and supersede and replace any prior agreements we might have had between us regarding the Service.
We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material we will provide at least 30 days notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.
By continuing to access or use our Service after any revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, you are no longer authorized to use the Service.
If you have any questions about these Terms, please contact us at firstname.lastname@example.org.
Hugo's Google Single Sign-on and Office 365 Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials, it also reduces the risk associated with additional passwords to access Hugo.
We recommend that you enforce Multi-Factor Authentication through Google Suite and Microsoft Office 365 to increase the security of your Google and Microsoft credentials, and in turn the security of the data you store in Hugo.
We enable team member and admin permission levels within the app to be set for your teammates.
Admin permissions ensure only authorized users can remove team members, change billing settings or change other teammates' permission levels.
All Hugo services and data are hosted with Amazon Web Services (AWS) in the United States in the US West region. Amazon employs a robust physical security program with multiple certifications, including an SSAE 16 certification. For more information on Amazon’s physical security processes, please visit aws.amazon.com/security/.
We have the ability to leverage multiple AWS availability zones and we will be able to quickly restore availability should any data center fail.
All of our servers are located within an isolated Virtual Network separated from other internal & external networks that prevent unauthorized access.
All data sent to or from Hugo is encrypted in transit and all data stored by Hugo is encrypted at rest, using 256 bit encryption. Our API and application endpoints are TLS/SSL only.
Hugo has a process for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.
We use AWS backup services to reduce any risk of data loss in the event of a hardware failure, backup to multiple data centers and utilize a number of monitoring services to alert the team in the event of any failures affecting users.
Hugo performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for employees.
All Hugo employees go through employee onboarding that includes security awareness training covering information security topics such as phishing, password management and more.
All Hugo employees are required to sign a confidentiality agreement before they begin.
Hugo uses Fleetsmith to monitor its Mac devices, with enforced policies for full-disk encryption, OS updates and more.
Hugo laptops are equipped with anti-malware software to protect against malicious software.
Hugo continuously updates and patches its systems and monitors for threats and vulnerabilities.
Access to Hugo infrastructure is limited to authorized employees who require it for their role. Changes are automated using access roles with the least required permissions.
Every Hugo page and service is served over https.
We have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies on GitHub, Google, AWS and other critical tools and services to ensure access to cloud services are protected.
Hugo adheres to the principle of least privilege with respect to identity and access management.
Hugo does quarterly access reviews of all employee privileges to sensitive systems.
All Hugo issued laptops utilize 1Password for employee’s to manage passwords and maintain password complexity.
All payments made to Hugo go through our partner, Stripe. Details about their security setup and PCI compliance can be found here.
Hugo undergoes independent third-party assessments to test our security and compliance controls.
Hugo is SOC 2 ready and expects to have a final SOC 2 Type 1 Report in 2020 and a final SOC 2 Type 2 Report in 2021.
Hugo undergoes an independent third-party penetration at least annually to hunt down security vulnerabilities.
Last updated January 15, 2019
Hugo adheres to the EU-U.S. Privacy Shield Framework by adopting and implementing the EU-U.S. Privacy Shield Principles, which include a set of Supplemental Principles. Hugo also commits to adhere to the Swiss-U.S. Privacy Shield Framework by adopting and implementing the Swiss Privacy Shield Principles. We will refer to the EU-U.S. and Swiss Privacy Shield Principles collectively as the “Principles.” Our certification can be found at www.privacyshield.gov/list.
We obtain and process Personal Information in different capacities.
As a data controller, we collect and process EEA and Swiss Personal Information directly from individuals, either via our publicly available websites, including, or in connection with our customer, partner, and vendor relationships.
As a data processor, we process and store EEA and Swiss Personal Information obtained from our customers when providing theHugo application and related services (“Services”). In that context, we only process Personal Information on behalf of and at the instructions of our customers, which are the data controllers.
Hugo commits to subjecting to the Principles all Personal Information received from the EEA and Switzerland in reliance on the Privacy Shield (which includes both types of activities).
When using our Services, customers determine the categories of data they upload into our systems and the purposes for which the data is processed. Accordingly, customers are responsible for providing notice to the individuals from whom they have collected Personal Information.
When we process Personal Information in the context of our Services, we process and retain Personal Information only as necessary to provide our Services, or as required or permitted under applicable law.
In case of disclosure to an agent, we remain responsible for the processing of Personal Information received under the Privacy Shield and subsequently transferred to that agent if it processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the inconsistent processing.
When we process Personal Information in the context of our Services, we disclose Personal Information as necessary to provide the Services and as authorized in our agreements with customers.
We use reasonable and appropriate measures to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Information. You can read more about our security processes and infrastructure by clicking one of the tabs in our Security Center.
Where appropriate, Hugo provides you with access to the Personal Information that we maintain about you and the ability to correct, amend or delete that information when it is inaccurate or has been processed in violation of the Principles by sending a written request as indicated in “Contact Information” below. We will review your request in accordance with the Principles, and may limit or deny access to Personal Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Principles.
If we intend to use your Personal Information for a purpose that is materially different from the purposes listed in this policy or if we intend to disclose it to a third party acting as a controller not previously identified, we will offer you the opportunity to opt-out of such uses and disclosures where it involves non-sensitive information or opt-in where sensitive information is involved.
When we process Personal Information in the context of our Services, we only process and disclose the data as necessary to provide the Services. Our customers control how the information they upload to the Services is disclosed and used, and how it can be modified. Accordingly, if you wish to request access, to limit use, or to limit disclosure of Personal Information uploaded to the Services by our customer, please contact the customer who submitted your data to our Services. If you provide us with the name of our customer that is processing your Personal Information, we will refer your request to that customer, and will support the customer as needed in responding to your request.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection and use of your Personal Information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at the contact information provided below. We have further committed to refer unresolved Privacy Shield complaints to the JAMS Privacy Shield Program, an alternative dispute resolution provider in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to to file a complaint. The services of JAMS are provided at no cost to you. We will cooperate with JAMS pursuant to the JAMS International Mediation Rules, which are accessible on the JAMS website at http://www.jamsadr.com. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles.
Hugo is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
If you have any questions, concerns or complaint regarding our privacy practices, or if you’d like to exercise your choices or rights, contact us via:
● Email Hugo’s Privacy and Data Protection Officer at email@example.com; or
● Mail at Hugo, ATTN: Privacy and Data Protection Officer, 1700 Montgomery St, Suite 108, San Francisco CA 94111
Last updated February 21, 2020
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to improve data protection for all individuals within the European Union (EU).
Hugo is aware of new GDPR requirements and restrictions and works with its customers to address GDPR compliance.
Some of the key actions we’ve taken to ensure compliance include:
Appointment of a Data Protection Officer (DPO) to ensure that our policies and practices remain in compliance going forward and that we embrace a policy of data protection by design and by default.
A complete review of our policies and practices surrounding storage of customer data to ensure that any Personal Data is kept in a way that enables us to comply with the rights of individuals as provided under the GDPR.
We will provide a data processing agreement upon request to our EU customers.
If you have any further questions regarding Hugo's approach to the GDPR, please feel free to contact us at firstname.lastname@example.org.