Privacy policy
Plato helps engineering and product leaders to learn soft skills and build better teams. We do this through our powerful mentoring platform, where new leaders connect with seasoned professionals for 1-1 sessions, AMAs, and a comprehensive knowledge base.
Plato services are developed and marketed by Birdly,inc, a company with a Main Office located at 300 2nd Street, building suite 200, San Francisco, CA 94105 in the United States of America and that has secondary offices at 46-48, avenue de la Grande Armée, Paris, France. Learn more at: www.platohq.com.
Your privacy and your personal data are of paramount importance to us. At Plato we have fundamental principles regarding the confidentiality and protection of personal data.
We only ask or process your personal information if it is essential or if you have given us your consent to do so. We do not share your personal data with anyone except to comply with the law, to assist you or to protect our rights or if you have given us your explicit consent to do so.
You will find below our data use and confidentiality policy which incorporates these principles.
This Privacy Policy (the “Policy”) describes how Birdly, Inc. ("Plato", "we," "us" or "our") collects, uses, and shares information about you and the choices you have regarding this information. This Privacy Policy applies to the information we collect when you access or use our products, services, and technology platforms (including, without limitation, our Plato application and services, our website(s), mobile applications, and other Birdly-controlled properties that link to this Privacy Policy) (collectively, the "Services"). Please note that this Privacy Policy does not apply to your use of third-party sites, services, or applications you may access through our Services. We encourage you to review the privacy policies of those third parties for more information regarding their privacy practices.
Plato's policy respects the confidentiality of information that we may collect in the context of the operation of our websites and applications and the processing of orders that you place with our company. Plato undertakes, within the framework of its activities and in accordance with the current legislation in the United States and in Europe, to ensure the protection, confidentiality and security of the personal data of the users of its services, as well as to respect their privacy.
To make it easier to read, this Policy has been crafted at two levels: the main text flow is legally-binding ("legal text") and "In a nutshell" frames, with text in italics, are non-binding. Our purpose in doing so is to help you have a better understanding of what we mean, how your data is processed, what you can expect from us and what we may expect from you.
In a nutshell : We have written these texts "in a nutshell" so that you can better understand our practices. However, the text to be taken into account, if necessary, is that written outside the "in a nutshell" inserts.
We know that you care about the use and sharing of your personal data, and we appreciate the trust you place in us by providing it to us. Know that we will take the greatest care. By visiting our websites, ordering, using the Services or creating a user account, you are accepting the practices described in this Privacy Policy.
In a nutshell : By continuing to visit the site, by providing data to order, using the application or creating an account, you acknowledge that you have read and accepted this policy.
1 - Data Controller
Plato is responsible for the processing of personal data that it implements on its own behalf, in particular the processing of personal data relating to the management of access to its services, its contractual relations with its customers and its legitimate interests, in particular prevention of fraud, and management of payment incidents, disputes and litigation.
In this context, Plato has completed all the necessary administrative formalities with the competent authorities. We comply with all effective laws and regulations pertaining to the protection of personal data in the countries where it operates, including in particular but not limited to:
- California Consumer Privacy Act (referred to as “CCPA”) of 2018, on privacy rights and consumer protection, effective on January 1, 2020, and later amended and expanded by the California Privacy Rights Act of November 2020
- European Directive No. 95/46 / EC of 24 October 1995 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data;
- from May 25, 2018, European regulation 2016/679 of April 27, 2016 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95 / 46 / EC (General Data Protection Regulation, often referred to as “GDPR”);
- French law n ° 78-17 of January 6, 1978 relating to data processing, files and freedoms and its developments.
In a nutshell : We are responsible for the data you entrust to us for the processing we carry out on our behalf. We give out our contact details so that you can contact us. We have abode by the regulations.
2 - Subcontractor
Likewise, as a subcontractor (a “processor” with regards to GDPR terminology and a “service provider” with regards to CCPA terminology) for our customers using the Plato application via https://www.platohq.com/app, we have completed all the necessary administrative formalities vis-à-vis the competent authorities, in particular the California Consumer Privacy Act (referred to as “CCPA”) of 2018, on privacy rights and consumer protection, effective on January 1, 2020, and later amended and expanded by the California Privacy Rights Act of November 2020 and the European regulation 2016/679 of April 27 2016 on the protection of individuals with regard to the Processing of Personal Data (general data protection regulation, often called GDPR) and on the free movement of such data, and repealing Directive 95/46 / EC.
It should be noted that documents and recordings deposited within the application are encrypted with strong ciphers. The owner of a subscription to Plato can explicitly grant access to some of the data that they have provided and stored in the application, in particular to employees, service providers or partners, various stakeholders, as well as to Plato teams and in particular for technical support purposes.
In any case, it is the client of Plato that decides to store personal data, which are theirs, within Plato and to grant access to their data and that has full control over them, including with regard to the documents and recordings deposited therein, which only the persons to whom they has given access may access for consultation.
Each user of the Plato application, whether a subscriber of a subscription or invited by a subscriber, is responsible for the data he/she provides within the application and as such is responsible for providing data that he/she has collected in accordance with regulations.
In a nutshell : Plato users are responsible for the data they provide and which is processed within the Plato application which performs processing on behalf of Plato customers.
3 - Purpose
3.1 - As Data Controller
Plato processes your personal data under the contractual or pre-contractual relationship you share with Plato, or within the framework of the legitimate interest that Plato has to process your data, or when you have given your consent for us to process your personal data.
A contractual relationship is present when you place an order with Plato for the use of our application, make a request to our after-sales service, or request to get in touch with a professional from our customer service. A pre-contractual relationship exists when you show explicit interest in an offer or a Plato product, particularly when you request information or a quote regarding one or more of our offers or products or when a user account has been created (even without an order).
Plato's processing of personal data aims at such legitimate interests as the following:
- Providing, maintaining, and improving the Services, including the quality of mentoring.
- Delivering the products and services you request, processing transactions, and sending you related information.
- Verifying your identity and, if applicable, authorization for you to use the Services (such as from your employer).
- Responding to your comments, questions, and requests.
- Sending technical notices and other administrative messages.
- Communicating with you about products, services, offers, promotions, rewards, and events offered by us or others, and providing news and information we think will be of interest to you.
- Monitoring and analyzing trends, usage, and activities in connection with the Services.
- Conducting research, analysis, and surveys.
- Personalizing and improving the Services and providing content or features that match user profiles or interests.
- Linking or combining with information we get from others in connection with the Services.
- Carrying out any other purpose for which the information was collected.
Plato also has a legitimate interest in ensuring the commercial success of its offers and services, identifying the people best able to fill vacant positions within our departments.
In a nutshell : We process the data you entrust to us for a specific purpose (creation of your account, mentoring processes, question, etc.). We may also process some of your data to carry out analysis and studies to improve our Services, prospect or retain our customers, and resolve disputes. For all this, we need personal data. Other personal data is processed only if you have consented to it.
3.2 - As a Subcontractor
When you use the Plato application via https://www.platohq.com/app, the relationship between you and Plato is governed by the Terms of Use and, where applicable, the Terms of Services.
The Plato application allows Plato clients and users to perform treatments that pursue at least one of the following objectives:
- Creating and maintaining their user profile
- Creating and maintaining their team
- Bringing together engineer and product leaders and seasoned professionals
- Requesting a 1-1 session or an AMA
- Assigning scheduling slots to a 1-1 session or an AMA
- Conducting a 1-1 session or an AMA
- Creating feedback
Plato may also use its expertise to carry out studies and analysis of the use of the site, particularly for the purposes of establishing indicators, revealing trends, carrying out treatments for predictive purposes, offering new services, and improving its productivity and that of Users.
In a nutshell : When you use the Plato application, you and we have certain obligations and responsibilities which, where applicable, are detailed in the TOS and TOU of the application. The Application aims to render certain services to Plato customers, that retain control over the data they provide or that is provided by users of the Application created by those customers.
4 - Data Protection Officer
The Data Protection Officer is Yves Gattegno, SysStreaming SAS, located at 34, rue de l'Orme sec in L’Haÿ-les-Roses (F94240), France for Plato, 303 2nd Street in San Fransisco, California, United States of America. The service responsible for dealing with requests related to privacy and personal data usage, or the Officer himself, can be contacted at the email address dpo@platohq.com.
5 - Retention Period of Personal Data
The personal data collected by Plato are retained only for the time necessary to achieve the objective pursued during the collection or to meet legal and regulatory provisions.
Specifically, the data retention periods are as follows:
- Data collected when taking out a subscription and during the term of the subscription: during the term of the contractual commitment and up to 12 months after the end of a contract (intermediate archiving according to legal and regulatory obligations and responsibilities, for tax and business-related data only, up to 10 years after the end of the business relationship).
- Data collected during mentoring contacts, 1-1 sessions and AMAs: during the term of the contractual commitment and up to 60 days after its end.
- Connection data collected as part of the use of our website or web application: depending on the solution, based on logs retention that are replaced/overwritten based on the storage space they use. Usually, these data are not kept for more than 2 months.
In a nutshell : We do not retain your data longer than necessary or required by law. For instance, some laws require us to keep invoices for orders for 10 years.
6 - Scope of Data Collected
For the purposes of using the Services, we may need to collect and process the following personal data:
- First name
- Last name
- Email address
- Company name
- Title
- Phone number (optional)
- Years in current position
- Years of management experience
- Team size
- Hierarchy
- Linkedin profile URL
- Profile picture (optional)
- Timezone
- Location (City, Country code)
- Meeting recordings*
We process data that you provide us such as comments, evaluations, challenges, and any data related to your mentorship within Plato as a mentor, a mentee, or an operator (a coach that manages the operations and a team of Plato users).
Information collected by Cookies and Other Tracking Technologies:
We use various technologies to collect information, and this may include sending cookies to your computer or mobile device. Cookies are small data files stored in device memory that help us improve the Services and your experience, see which areas and features of the Services are popular, and count visits. We may also collect information using web beacons (also known as "tracking pixels"). Web beacons are electronic images that may be used in the Services or emails and help deliver cookies, count visits, understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon. See section 12. Trackers and Cookies.
We may also obtain information from other sources and combine that with information we collect through the Services. For example, we may collect information about you from third parties that provide services on our behalf, such as maintaining and monitoring usage of the Services and processing payment transactions or aggregate public information such as your LinkedIn profile and other public information about you. We also may receive information about you from the mentors with whom you interact through the Services.
The Services are designed to allow you to upload documents or to record videos. Said documents or videos may contain personal data about you or about anyone else. Plato has no way to determine what such data may be. You are, of course, solely responsible for the data you store within Plato's app.
Connection data is also collected and processed, in particular the IP address used for the connection: this is necessary to be able to use the application or website, to assist you, for the implementation of our security measures, and to satisfy our legal constraints, in particular concerning the traceability of access and use.
In a nutshell: We need your contact details to process your order, create your user account, contact you and process your applications, and login data to assist you and fulfill our obligations, particularly with regard to traceability.
6.1 - Locations and Categories of Processing
The categories of processing that Plato is likely to carry out on personal data are: collection, access, modification, hosting, storage, transmission, archiving, and deletion.
The processing that Plato is likely to carry out on personal data is carried out in data centers hosted by its service providers. Most of the processing directly under the control of Plato is carried out in the United States of America. Some processing is carried out by Plato's sub-processors, which can take place in various locations.
Plato makes its best to work with service providers, suppliers, sub-processors, and subcontractors that carry out processing in the United States of America or in the European Union or in a country on the list of countries recognized as suitable by having given the necessary guarantees (for example by adopting programs such as Privacy Shield or by setting up Binding Company Rules (BCR), Standard Contractual Clauses, Data Processing Agreements, etc.). If that is not the case, the contractual relationship between Plato and such third parties would require the implementation of appropriate guarantees. Plato works with third parties whose data protection agreements comply with the standard contractual clauses of the European Commission and/or which provide all the necessary guarantees.
In all cases, and particularly if regulations evolve, Plato takes all the necessary measures to regulate cross-border data transfers and establishes, when necessary, data protection agreements (DPAs) to guarantee data transfers in accordance with the legislation in force, particularly under the provisions of the CCPA and Article 46 of the GDPR.
In a nutshell: The data you have entrusted to us are processed in the US or in a country whose law requires respect for the basic principles of loyalty, transparency, and confidentiality or by a service provider that has given all the necessary guarantees for you to be reassured.
6.2 - Recipients of Processed Data
Plato may possibly transmit the personal data that you have provided or that it has collected to its employees, service providers, or affiliated organizations that need to be aware of this information in order to process it on behalf of Plato or to provide services for the purposes mentioned above, and which have agreed not to disclose them to third parties.
These potential recipients may be companies that provide:
- Platform as a Service
- Chat services
- Office automation, communication, and digital resource usage analysis services
- Analysis services for the use of Plato Solutions and Services
- Email sending and management services
- etc.
Plato may also use the services of providers that provide accounting, emailing, marketing agency, companies specializing in research and analysis, as well as satisfaction surveys, which may need to use personal data concerning you to carry out our missions or the missions that you have entrusted to us.
A complete list of Plato's sub-processors may be obtained on demand.
Plato will not rent or sell personal data to third parties. Apart from its employees, contractors, and affiliated organizations, as indicated above, Plato only discloses personal data in the event of a subpoena, court order, or other governmental order or when Plato believes that this disclosure is necessary to protect the property or rights of Plato, a third party, or the general public.
If you are a registered user on a Plato site or have access to the Services and have provided your email address and have consented to receive communications from Plato, Plato may occasionally send you an email to notify you of new features, to ask for your opinion, or keep you informed of news from Plato and its offers. We can also use our various blogs to communicate this type of information, particularly to limit the number of emails.
Plato takes all reasonable and necessary measures to protect your personal data against unauthorized access, use, modification, or destruction of personal (or potentially personal) data.
6.2.1 - External Services
Plato's app and services use some services provided by third parties, especially:
- Calendly (www.calendly.com) to schedule meetings and sessions
- Zoom (www.zoom.us) to provide online video conferencing and recording
- Dropbox (www.dropbox.com) to store the recorded videos
- Typeform (www.typeform.com) to provide online forms management
- Youtube (www.youtube.com) to provide online videos
- Spotify (www.spotify.com), Apple (podcast.apple.com), Buzzsprout (www.buzzsprout.com) to provide embedded online audio (podcasts)
When accessing an external service, whether through Plato's site or application or directly, the user is bound to said service terms. The user may, for instance, have to accept or configure this external service's cookies, accept this service's Terms of Use, Terms of Services, and Privacy Policy, etc., to use the service.
When accessing an external service through Plato's site or application, Plato may transfer some of the user's personal data to the external site, only for the performance of the provided external service.
6.2.2 - Transfer of Processed Data to Third Parties
The data that you provide or that are collected by Plato or on its behalf are not transmitted to third parties, except potentially to the recipients mentioned in Article 6.2.
6.3 - Transfer of Data to a Third Country Outside of the United States or the European Union
Some of the data that you provide or that is collected by Plato or on its behalf may be transmitted to third parties operating outside the European Union. These third parties, mentioned in section 6.2, have all adhered to the Privacy Shield program and/or have given the necessary guarantees for the protection of personal data.
6.4 - Business Development
If you are a registered end user of Plato's application or website and have provided your email address or mobile number and consented to receive our communications, if you are a professional who may be interested in our products, offers, and events, or if you have previously ordered from us, Plato may send you emails or texts to let you take advantage of our offers, our events, announce new features, ask for your opinion, or simply keep you informed of news from Plato and its offers. You always have the possibility to oppose any prospecting of this type by contacting us using the "Contact Us" link on our website, by land mail to the above addresses, or by telephone to the number you provided when establishing your relationship with Plato or by clicking the "update your e-mail preferences" link in the promotional emails we send.
All digital communication for commercial or information purposes from Plato (email, text message, etc.) contains a link or instructions to object to future similar communications.
6.4.1 - Newsletters and Digital Messages
You may receive communications from Birdly, Inc, doing business as Plato, such as e-mails, newsletters, SMS, etc., because your address is on our subscribers' list. When your email address is in this list, it is because of the context of your professional activity (B2B communications related to your professional activities) or as a registered user of Plato or if your email address has been submitted to this list either directly by you, notably on platohq.com website, or based on public information such as your LinkedIn profile and various other public data.
If you want to update your email preferences or unsubscribe from one or several of our mailing lists, please click on the link provided at the end of any of the emails we send for business development reasons.
7 - Exercising Your Right of Access, Correction, and Opposition
As a customer or user of our Services, websites, and web applications, you have the right:
- To request the erasure of the processed data concerning you ("right to be forgotten"). However, data cannot be erased if there is an ongoing order or dispute, or if the data is necessary to fulfill a contract or obligation.
- To object to the collection and processing of non-essential data concerning you.
- To access and retrieve the data collected about you in a standard electronic format.
- To modify your data, particularly through your user account.
- To request a limitation of the processing of your data, such as refusing any use for prospecting purposes.
These rights can be exercised by contacting us at the contact details mentioned above or available on our website.
You also have the right to lodge a complaint with a supervisory authority and to seek judicial remedy if your requests for the exercise of rights have not been processed within one month after they have been received.
In a nutshell: You have control over the data you have entrusted to us. You can request their erasure, object to certain data processing, access and retrieve your data, modify your data, and request limitations on their processing. We strive to respond to your requests promptly.
8 - Data Storage in the Event of Death
You can provide directives regarding the storage, erasure, and communication of your personal data after your death in accordance with applicable laws. These directives can be general or specific.
You can formulate your advance directives by contacting us through our website.
In a nutshell: You have control over the data you have entrusted to us, even after your death. You can provide instructions on how your data should be handled and communicated.
9 - Data Security
Plato takes all reasonable and necessary measures to protect the processed data against unauthorized access, use, modification, or destruction of personal (or potentially personal) data.
In a nutshell: The data you entrust to us is treated with care and protected. We have implemented physical, administrative, and technical measures to safeguard your data from unauthorized access or manipulation. Our security policies cover all aspects of data security and are followed by our employees, service providers, and contractors.
We quickly assess and respond to any incidents or suspicions of unauthorized data manipulation. If we determine that your data has been compromised, we will inform you and the appropriate supervisory authority as soon as possible.
In a nutshell: We prioritize the security of the data you entrust to us. We promptly address any incidents and keep you informed of any unauthorized access or manipulation.
10 - Subcontracting
Plato only uses subcontractors that provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures to ensure that the processing meets the requirements of European/Californian regulations and guarantees the protection of data subject rights.
In a nutshell: When we need subcontractors, such as for hosting your data or processing your orders, we carefully choose subcontractors who provide sufficient guarantees to ensure your reassurance and ours.
11 - Asset Disposal
If Plato, or substantially all of its assets, is sold or in the unlikely event of Plato going out of business or bankruptcy, user information would be one of the assets transferred to a third party or acquired by it. You acknowledge that such transfers may occur and that any purchaser of Plato may continue to use your personal data in accordance with this privacy policy.
In a nutshell: If our company is sold or undergoes a significant change, your data may be transferred to the new entity. However, we assure you that your data will continue to be processed with the same level of care as before.
12 - Trackers and Cookies
We use various technologies, including cookies and web beacons, to collect information and improve our services. Cookies are small data files that are stored on your computer or mobile device and help us enhance your experience, analyze usage patterns, and count visits. Web beacons are electronic images that can be used in our services or emails to deliver cookies, track visits, measure usage and campaign effectiveness, and determine email open rates and actions taken.
Please refer to our "Cookie Policy" document for complete information on cookies and trackers.
13 - Advertising
We do not display advertising on our sites.
14 - Changes to This Privacy Policy
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy. In some cases, we may provide additional notice, such as adding a statement to our homepage or sending you an email notification. We encourage you to review the Privacy Policy whenever you access the Services to stay informed about our information practices and how you can protect your privacy. Your continued use of the Plato site and app after any changes to the privacy policy constitutes your acceptance of those changes.
In a nutshell: We may make changes to how we handle your data, ensuring that the level of security is at least equivalent to what is outlined in this policy. These changes are typically minor, and unless necessary, we won't burden you with accepting the policy again. However, we do encourage you to periodically review the policy that applies. If you have any questions or wish to exercise your rights, please contact us through our website.