Privacy Policy

Last Revised: Sep 10, 2021

Currents Software Inc. (“Currents”, “us” or “we”) respects the privacy of all data subjects whose personal information we process in the context of providing our online services available at https://currents.dev to our customers (the “Customer(s)” and the “Services”, respectively), including the privacy of:

This privacy policy (“Privacy Policy”) is incorporated by reference to our Terms of Service, available at: https://currents.dev/tos or to any other agreement executed between the Customer and Currents with respect to the Services.

We believe that you have a right to know our practices regarding the personal information we may collect and process in the context of our Services, and we are committed to protecting the personal information entrusted with us. Please read the following carefully in order to understand Currents’s views and practices regarding the processing of personal information and how Currents treats it.

2. About this Privacy Policy

This Privacy Policy applies when you use our Services via our online platform, which may be accessed via our website at https://currents.dev/ (the “Site”) and https://app.currents.dev/ (the "Service"). In addition, a dedicated Cookie Policy is also available at: https://currents.dev/cookies-policy.

3. Who we are?

In this policy, references to Currents, or to “we” or “us” are to Currents Software Inc. and its affiliates. Individuals wishing to contact us about data protection issues may do so by writing to us at the above address or by emailing us at support@currents.dev.

4. Your acknowledgment of this policy

This Privacy Policy details how Personal Information collected via the Services is used and processed by Currents.

BY ENTERING, CONNECTING TO, ACCESSING OR USING THE SERVICES, THE CUSTOMERS AND THE PERMITTED USERS ACKNOWLEDGE THAT THEY ARE, OR HAVE HAD, THE OPPORTUNITY TO BECOME AWARE OF AND AGREE (IN JURISDICTION WHERE SUCH CONSENT IS REQUIRED) TO THIS PRIVACY POLICY AND CURRENTS’S PRACTICES DESCRIBED THEREIN, INCLUDING THE PROCESSING (WHICH INCLUDES, INTER ALIA, COLLECTING, USING, DISCLOSING, RETAINING OR DISPOSING) OF THE CUSTOMER CONTENT, AND PERSONAL INFORMATION RELATING TO THE PERMITTED USER, UNDER THE TERMS OF THIS POLICY.

5. Which Personal Information may we collect?

During and as part of the use of our Services, we collect and process: (i) non-identifiable and anonymous information, which consists of technical information and behavioral information that does not pertain to a specific individual (“Non-Personal Information”); and (ii) personal information, which is information relating to an identified or identifiable natural person (“Personal Information”), all with respect to two types of data subjects:

5.1. Personal Information which relates to Permitted Users

Permitted Users are those individuals who have opened an account to use our services and use our Services on behalf of our Customers, such as Customers’ employees or contractors.

5.1.1 Technical and Behavioral Information (Non-Personal) which relates to Permitted Users

Like most websites and online services, we passively collect certain Non-Personal Information from your devices when Permitted Users access and browse, access and use our Services, including: (i) technical information such as the type and version of the Permitted User’s device and its operating system, the type of browser, screen resolution, device browser and keyboard language, Wi-Fi connectivity and the type and name of the device and/or browser, etc.; and (ii) behavioral information which may include the Permitted User’s click-stream, the activities of the Permitted User on the Services and additional information of a similar nature (collectively, “Technical and Behavioral Information”).

We may also use third-party service providers such as Google Analytics to obtain detailed analytics on the device and the Permitted User’s behavior on the Services for purposes of advertising, research, security and fraud prevention.

Please note that we or our third-party service providers will collect such Technical and Behavioral Information by using certain technologies such as Cookies (as further detailed under our Cookie Policy at https://currents.dev/cookies-policy (“Cookie Policy”).

Any Non-personal Information connected or linked to or associated with any Personal Information shall be deemed as Personal Information, as long as such connection, linkage or association exists.

5.1.2 Personal Information which is provided by the Permitted Users.

Opening an Account

Personal Information is collected from the details the Permitted Users provide when opening an account in order to use the Services: business email address and company name. Permitted Users may also, voluntarily, provide a profile picture for their account. Additional information may be requested in the future.

Use of Social Network Accounts

Alternatively, Permitted Users may sign up to the Services via one of their existing social network accounts (e.g. GitHub or Google).

When registering to the Service through such existing third-party accounts, then such third-party accounts provide us with access to certain information, which is detailed and displayed in the notice which appears during the integration process, which may include the Permitted User’s name, email address, profile photo and user-id on such account.

Please read such notices carefully in order to understand what information is made available to us via such third-party accounts. We may collect login information and other relevant information necessary to enable us to access such third-party accounts in order to collect the aforementioned information.

Please remember that the manner in which third-party accounts use, store or disclose your information is governed solely by their policies and we will have no liability or responsibility for the privacy practices or other actions of such third parties. If you do not agree to these practices, please do not use third-party accounts in order to use our Services.

You hereby agree that such information will be stored even after the linkage to your third-party accounts expires, for any reason.

Communications with Currents

We may collect and process any Personal Information Permitted Users may provide to us as part of any communications with us, by any means, including email correspondence and by use of the chatbot available on the Site and the Service.

5.1.3 Personal Information collected via technology

Geolocation data

During your use of the Services, Currents will access, collect, process, monitor and/or remotely store “geolocation data”, including through the collection of IP addresses and other similar information to determine your location for analytics, advertising and security purposes.

Identifiers

During your use of the Services, we will access, collect, process, monitor and/or remotely store online identifiers, such as Internet Protocol (IP) address, AD-ID or other unique identifiers, for the purpose of providing you with targeted advertising and for statistical and metric purposes.

Technical and Behavioral Information

to the extent that the Technical and Behavioral Information detailed above under Section ‎5.1.1 will be linked to or associated with a specific individual then such information will be considered as Personal Information.

Recording of the Services’ User Interface

In order to provide support services to our Customers and their Permitted Users, Currents may record (through a third-party service provider) the Services’ user interface, and as a result thereof the Permitted Users’ interactions with the Services’ user interface, and any Personal Information related thereto, may be captured.

Please note that we only record the browser windows where the Services’ user interface is open and not any other screen on the applicable workstation or device.

5.2. Personal Information included in the Customer Content

In order to use Currents’s Services, Customers and Permitted Users may upload certain Personal Information pertaining to third parties, such as the Customer’s clients, to the Services (the Customer Content). For example, when performing a test via the Services, in a ‘live’ environment, the test may entail the processing of Personal Information included in the Customer Content available in such an environment.

Personal Information included in the Customer Content may be recorded in the outputs produced as a result of the use of the Services, such as in screenshots, HTML files, element locate data, element locate results and runtime console logs.

Please note that the Customer Content (including Personal Information) collected as part of your use of the Services, may be accessed by our IT team, support team, customer success team, R&D team and/or by our account managers, worldwide, solely in order to provide our Services to our Customers and to fulfill our contractual obligations towards our Customers.

6. How do we collect Personal Information?

There are three main methods we use to collect Personal Information:

6.1. We collect information via your entry, connection, access and/or use of the Services

In other words, when you access or use the Services, we are aware of your usage of the Services, and may gather, collect and record the information related to such usage. For example, when you use the Services, we collect your IP address and other online identifiers.

6.2. We collect information which you provide us voluntarily

For example, we collect Personal Information that you provide via the Services, such as the details provided when opening an account to use the Services.

6.3. We collect information provided by you via the Services as part of the Customer Content.

Personal Information may be provided to us as part of any Customer Content uploaded in the context of your use of the Services (e.g., Personal Information included in the testing environment, where a test is being conducted).

7. What are the purposes of the collection and processing of information?

7.1. Non-personal Information is processed in order to:

7.2. Personal Information is processed in order to:

Note to Permitted Users located in the EU 🇪🇺

Please note that all Personal Information included in any Customer Content uploaded to the Services is processed in order to provide our Services to our Customers and to fulfill our contractual obligations towards our Customers.

However, as a ‘data processor’, Currents is not legally obligated to determine the legal basis for processing such data, and it is each Customer’s responsibility, in its capacity as a ‘data controller’, to determine the lawful basis for enabling Currents to process such data.

In order for Currents to process Personal Information relating to Permitted Users, as detailed herein, such processing must be justified by a “basis” for processing, as follows:

Note to non-EU Permitted Users:

BY ENTERING, CONNECTING TO, ACCESSING OR USING THE SERVICES, YOU CONSENT TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION AS SPECIFIED HEREIN.

8. Sharing Personal Information with third parties

8.1. When do we share Personal Information

Currents respects its Customers’ and their Permitted Users’ privacy and will not disclose, share, rent, or sell their Personal Information to any third party, including Customer Content containing Personal Information, other than as permitted under this Privacy Policy.

8.2. Use Cases for Sharing Personal Information

In addition to using the information collected by us for the purposes described under Section ‎7 above, we may also share your Personal Information and the Customer Content in the following cases:

8.3. Non-Personal Information Transfer

For avoidance of doubt, Currents may transfer and disclose Non-Personal Information i.e., non-identifiable and anonymous information which consists of Technical And Behavioral Information that does not pertain to a specific individual, to third parties, at its discretion, including without limitation for statistical, analytical and research purposes and for customization, developing and improvement of our Services.

9. Data subjects’ rights

9.1. Customer Content

The Customer Content may contain Personal Information, as determined by the Customer.

Currents has implemented certain technical and organizational measures in its Services to assist its Customers in independently accessing the Personal Data included in such Customer Content. However, due to technical limitations and the nature of the Services, not all Personal Information contained in the Customer Content may be retrieved, accessed, amended, ported or restricted, as may be required under the data protection laws which are applicable to the Customer.

Notwithstanding, all Personal Data is automatically deleted in regular 30-day intervals (or as otherwise set by the Customer) and may also be deleted at any time by the Customer, at its sole discretion. To the extent that the Customer, in its use of the Services, does not have the ability to exercise its obligations towards data subjects whose Personal Information is included on the Customer Content, please send us an email to: support@currents.dev, and, to the extent that we are technically capable to do so, we will make commercially reasonable efforts to assist.

9.2. Permitted Users

Currents acknowledges that you have the right to access and change the Personal Information we collect and process about you.

You may update the Personal Information that you entered when opening your account to use the Services, by using the designated page on your account. However, if you find that your are unable to do so or if you wish to access or to correct, amend, or delete Personal Information, please send us an email to: support@currents.dev and we will respond within a reasonable timeframe, but in any event no later than permitted by applicable law.

Note to Permitted Users located in the EU 🇪🇺

We hereby inform you of the following rights (by virtue of EU law), in respect of your Personal Information:

To exercise these rights, where applicable, please contact us by sending an email to: support@currents.dev

10. Location of your data

The information collected from you by Currents, including the Customer Content, as detailed in this Privacy Policy, is stored at AWS us-east-1 region servers, but may be transferred to, and stored in, servers which may be located in countries outside of your jurisdiction and in countries that are not considered to offer an adequate level of protection under your local laws. It may also be processed by Currents and its suppliers, service providers or partners’ staff operating outside your country.

Currents is committed to protecting your Personal Information, including the Customer Content, and will take appropriate steps to ensure that your Personal Information and the Customer Content is processed and stored securely and in accordance with applicable privacy laws, as detailed in this Privacy Policy.

Such steps may include, but not limited to, putting in place data transfer agreements and ensuring our third-party service providers comply with Currents’s data transfer protection measures.

Note to Permitted Users located in the EU 🇪🇺

If you are located in the EU, you have a right to request further information regarding the data transfer mechanisms used by us with respect to data transfers to third countries outside the EU.

In order to keep your Personal Information safe, we apply strict safeguards when transferring it outside of the EEA, which may include the following:

BY SUBMITTING YOUR PERSONAL INFORMATION, INCLUDING THE CUSTOMER CONTENT, THROUGH THE SERVICES, YOU ACKNOWLEDGE, AND AGREE, IN JURISDICTION WHERE SUCH CONSENT IS REQUIRED, TO SUCH TRANSFER, STORING AND/OR PROCESSING OF PERSONAL INFORMATION.

11. Minors

The Services are intended solely for Permitted Users over the age of sixteen (16). Therefore, Currents does not intend and does not knowingly directly collect any Personal Information from Permitted Users under the age of sixteen (16) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the Services.

12. Third Party Service Providers and Third Party Software

12.1. Third Party Service Providers and Your Data

During the Services provision period, we may use third-party service providers (such as hosting cloud services), who may collect, store and/or process your Personal Information and the Customer Content.

Such vendors may be located in countries that do not have the same data protection laws as the laws applied in the Customers’ and their Permitted Users’ jurisdiction.

12.2. Subprocessors List

Our third-party Sub-Processors service providers list is available at https://currents.dev/sub-processors.

Please read the third-party service providers’ terms of use and privacy policies to understand their privacy practices.

13. Security

We take appropriate measures to maintain the security and integrity of our Services and prevent unauthorized access to them or use thereof through generally accepted industry standard technologies and internal procedures. Some of the security measures that we employ include, without limitation:

13.2. Inherited Risks

Please note, however, that there are inherent risks in transmission of information over the Internet or by using other methods of electronic storage and we cannot guarantee that unauthorized access or use of such information will never occur.

13.3. Law Compliance

Currents will comply with applicable law in the event of any breach of the security, confidentiality, or integrity of your Personal Information and will inform you of such breach as required by applicable law, as detailed in Section 5 of our Data Processing Agreement.

TO THE EXTENT THAT CURRENTS IMPLEMENTED THE REQUIRED SECURITY MEASURES UNDER APPLICABLE LAW, CURRENTS SHALL NOT BE RESPONSIBLE OR LIABLE FOR AN UNAUTHORIZED ACCESS, HACKING, OR OTHER SECURITY INTRUSIONS OR FAILURE TO STORE OR THE THEFT, DELETION, CORRUPTION, DESTRUCTION, DAMAGE, OR LOSS OF ANY DATA OR INFORMATION INCLUDED IN THE PERSONAL INFORMATION, INCLUDING THE CUSTOMER CONTENT.

14. Data retention

14.1. Permitted User’s Personal Information

Generally, we will keep Permitted User’s Personal Information only for as long as it is relevant and useful for the purpose for which it was originally collected.

14.2. Personal Information contained in Customer Content

14.3. Storage Period

Currents may store personal data for longer periods of time if the personal data is processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes and in such cases, the personal data will be subject to the implementation of appropriate technical and organizational measures to safeguard the rights and freedoms of the data subjects; or if it is under a statutory obligation to do so, and in such case Currents shall notify the data subjects of that legal obligation (unless the Company is prohibited by applicable law from doing so), and will implement appropriate technical and organizational measures to ensure that the personal data retained is used to fulfil that statutory obligation and no other purpose.

Please note that personal data which has been fully anonymized, as well as aggregated data, do not constitute ‘personal data’, and as such may be retained by the Company indefinitely.

15. Changes to the Privacy Policy

Currents reserves the right to change this Privacy Policy at any time, so please re-visit this page frequently to check for any changes. In case of any material change, we will make reasonable efforts to post a clear notice on the Services or we will send you an e-mail, regarding such changes, to the e-mail address that you may have provided us with. Such material changes will take effect seven (14) days after such notice was provided on our Service or sent to you via e-mail, whichever is earlier.

Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” and your continued use of the Services on or after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes. In the event that the TOS should be amended to comply with any legal requirements, the amendments may take effect immediately, or as required by the law and without any prior notice.

16. Representation for data subjects in the EU

Prighter certificate of Art 27 representation

We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact.

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/15737831043

Have any questions?

If you have any questions (or comments) concerning this Privacy Policy, please send us an email to the following address: support@currents.dev and we will make an effort to reply within a reasonable timeframe.