Privacy Policy

Important: This Privacy Policy constitutes an addendum to the Master Services Agreement (MSA) and outlines current policies related to data privacy. This Privacy Policy is part of and subject to the Master Services Agreement (MSA) between internet4associations and CLIENT and any conflict between these and any provision of the MSA shall resolve in favor of the MSA.

1. Introduction

This Privacy Policy describes how D. W. Rome, Incorporated, doing business as internet4associations and i4a ("i4a," "we," "us," or "our"), collects, uses, shares, and protects personal information when you use our membership management software platform and related services (collectively, the "Services").

This policy applies to information collected through:

• Our website (i4a.com)
• Our membership management software platform
• Member portals and websites hosted by i4a
• Mobile applications
• Email, phone, and other communications with us

By using our Services, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when you:

• Create an Account: Name, email address, organization name, phone number, billing information
• Use Our Services: Member data, event registrations, payment information, email communications
• Contact Us: Support inquiries, feedback, demo requests
• Subscribe to Communications: Email address for newsletters, updates, and marketing

2.2 Customer Data

When you use i4a to manage your organization's membership, you may upload or input data about your members ("Customer Data"). This may include:

• Member names, contact information, and demographic data
• Membership history, dues payments, and engagement data
• Event registration information
• Continuing education records and certifications
• Communication preferences and interaction history

Important: You (the Customer) are the data controller for Customer Data. i4a acts as a data processor. You are responsible for obtaining all necessary consents and permissions from your members to collect and process their data through our Services.

2.3 Automatically Collected Information

We automatically collect certain information when you use our Services:

• Usage Data: Pages visited, features used, time spent, clicks, and navigation patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, error logs, referral URLs
• Cookies and Similar Technologies: See Section 3 for details

2.4 Payment Information

Payment processing is handled by third-party payment processors. We do not store complete credit card numbers. We may retain limited payment information (e.g., last four digits, card type, expiration date) for billing and support purposes.

2.5 Information from Third Parties

We DO NOT receive or provide information from third-party sources, including:

• Marketing partners and lead generation services
• Social media platforms (if you interact with us through social media)
• Business partners and referral sources
• Publicly available sources

3. Cookies and Tracking Technologies

3.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our Services. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until deleted).

3.2 Types of Cookies We Use

• Essential Cookies: Required for the Services to function properly (e.g., authentication, security)
• Analytics Cookies: Help us understand how users interact with our Services (e.g., Google Analytics)
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track effectiveness of outgoing email campaigns

3.3 Managing Cookies

Most browsers allow you to control cookies through their settings. However, disabling cookies may limit your ability to use certain features of our Services. You can also opt out of interest-based advertising through industry opt-out platforms.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Providing and Improving Services

• Delivering and maintaining the Services
• Processing transactions and payments
• Providing customer support
• Developing new features and functionality
• Analyzing usage patterns to improve user experience
• Troubleshooting and fixing technical issues

4.2 Communications

• Sending service-related notifications and updates
• Responding to your inquiries and support requests
• Sending newsletters and marketing communications (with your consent)
• Conducting surveys and gathering feedback

4.3 Security and Compliance

• Detecting and preventing fraud and security threats
• Enforcing our Terms of Service
• Complying with legal obligations
• Protecting our rights and property

4.4 Business Operations

• Managing accounts and billing
• Maintaining business records

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Payment processors
• Analytics providers (e.g., Google Analytics)

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Subpoenas, court orders, or legal process
• Requests from law enforcement or government agencies
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activity

5.3 With Your Consent

We may share your information with third parties when you provide explicit consent, such as when you authorize integration with third-party services.

6. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption: Data is encrypted in transit (using TLS/SSL) and at rest
• Access Controls: Strict access controls and authentication requirements
• Regular Security Audits: Periodic security assessments and vulnerability testing
• Employee Training: Staff training on data protection and security best practices
• Secure Infrastructure: Use of secure, reliable servers, switches and firewalls
• Monitoring: Continuous monitoring for security threats and anomalies

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use our Services at your own risk.

7. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained while your account is active and for a reasonable period after closure (typically 90 days) to allow for account recovery
• Customer Data: Retained according to your subscription and data retention settings. Upon account termination, we typically provide a 30-day export period before deletion
• Transaction Records: Retained for accounting, tax, and legal compliance purposes (typically 7 years)
• Backups: Data may persist in backups for up to 90 days after deletion

8. Your Privacy Rights

8.1 General Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing of your information for certain purposes
• Restriction: Request restriction of processing in certain circumstances
• Withdrawal of Consent: Withdraw consent where processing is based on consent

8.2 GDPR Rights (European Union)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to lodge a complaint with a supervisory authority
• Right to data portability
• Right to object to automated decision-making
• Right to be informed of data breaches affecting your personal data

Legal Basis for Processing (GDPR): We process your personal data based on:

• Contract Performance: To provide Services you've requested
• Legitimate Interests: To improve Services, prevent fraud, and operate our business
• Consent: Where you've provided explicit consent (e.g., marketing communications)
• Legal Obligation: To comply with applicable laws and regulations

8.3 CCPA Rights (California)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of personal information collected, used, disclosed, or sold
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (Note: i4a does not sell personal information)
• Right to Limit: Limit use and disclosure of sensitive personal information
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising privacy rights

Categories of Personal Information We Collect (CCPA):

• Identifiers (name, email, IP address)
• Commercial information (purchase history, billing information)
• Internet activity (browsing history, usage data)
• Professional information (organization name, job title)
• Inferences (preferences, characteristics)

8.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@i4a.com or use the contact information at the end of this policy. We will respond to your request within the timeframe required by applicable law (typically 30-45 days).

We may need to verify your identity before processing your request. You may designate an authorized agent to make requests on your behalf.

9. International Data Transfers

i4a is based in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

These countries may have data protection laws that differ from your home country. When we transfer data internationally, we implement appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with service providers
• Compliance with EU-U.S. Data Privacy Framework principles (if applicable)

10. Children's Privacy

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

If you are under 18, you may only use our Services with the involvement of a parent or guardian.

11. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

When you integrate third-party services with i4a (e.g., payment processors, email marketing tools), your use of those services is governed by their respective privacy policies.

12. Marketing Communications

With your consent, we may send you marketing emails about our Services, features, promotions, and news. You can opt out of marketing communications at any time by:

• Replying to the email with "Unsubscribe" in the subject line

Please note that even if you opt out of marketing communications, we may still send you transactional or service-related messages (e.g., account notifications, billing information, security alerts).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or through a notice on our Services
• Obtain your consent if required by applicable law

Your continued use of our Services after changes take effect constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

14. Data Protection Officer

For questions about data protection or to exercise your privacy rights, you may contact our Data Protection Officer:

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: