Privacy Policy
Introduction
This Privacy Policy describes how Names & Faces collects, uses, and discloses information, and what choices you have with respect to the information.
Who we are
Names & Faces is a directory tool that helps individuals learn and remember the names, faces, and roles of the people around them. Our customers use our service to provide their employees or members with a visual directory of people in their organisation.
The information we collect and receive
We collect and process the following types of information:
Customer Data: Information uploaded by our customers to our platform. This may include names, photographs, titles, departments, office locations, contact details, and other similar information.
Account Information: Information you provide when you create an account or communicate with us, including your name, email address, and password.
Usage Data: We may collect information about how you use our services, including device information, log data, and cookies.
How we use information
We use the information we collect to:
Provide, maintain, and improve our services
Respond to customer inquiries and provide support
Ensure the security and integrity of our services
Send administrative messages and other information
How we share information
We do not sell your information. We may share information with third parties in the following limited circumstances:
With service providers who help us deliver our service (e.g. cloud hosting providers)
As required by law or to comply with legal processes
To protect the rights, property, or safety of Names & Faces, our users, or others
Data retention
We retain personal information for as long as necessary to provide the services and fulfil the purposes described in this policy. We may also retain and use information to comply with our legal obligations, resolve disputes, and enforce our agreements.
Security
We use appropriate technical and organisational measures to protect personal information from loss, misuse, and unauthorised access or disclosure.
Your rights
You may have rights under applicable laws, including to access, correct, or delete your personal information. Please contact us at hello@namesandfaces.com to exercise these rights.
Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you by updating the date at the top of the policy and, where appropriate, through email or other means.
. Contact us
If you have any questions about this Privacy Policy, please contact us at hello@namesandfaces.com.
Customer Terms of Service
Definitions
“Authorized End User” means any individual that Customer grants access to Customer’s Names & Faces Directory and that agrees to the User Terms.
“Customer” means the organization on behalf of which the person who creates an administrator account (“Administrator”) acts in for the creation of a Names & Faces online directory (the “Names & Faces Directory”) and who accesses the Names & Faces Services, as described in section 2. By making use of, or procuring the Services, the Administrator warrants that he/she is authorized to act on behalf of the organization.
“Customer System” means any information technology system, application programming interfaces, or systems owned or operated by Customer from which Customer Information is accessed by Names & Faces to perform the Services.
“Data Protection Legislation” means all applicable legislation in force pertaining to data protection, data privacy, data retention and/or data security (including without limitation for customers located in the European Union, the General Data Protection Regulation (Regulation 2016/679) ("GDPR") and the Privacy and Electronic Communication Directive (Directive 2002/58/EC) and national legislation implementing or supplementing such legislation in any applicable member state of the European Union) and all associated codes of practice and other guidance issued by any applicable data protection authority.
“Effective Date” means the date on which the Customer accepts the Customer Terms of Service by creating a Names & Faces administrator account, or signs an Order Form whichever is applicable.
“Names & Faces Ecosystem” means Names & Faces and its affiliates and their employees, contractors and Subprocessors as listed in Appendix A.
“Order Form” means a document that is entered into between Customer and Names & Faces if Services are not procured via the Services interface, detailing the Services and related services that will be provided by Names & Faces, the applicable Fees associated with the Services, and any other mutually agreed upon transaction-specific terms and conditions. Each Order Form must be mutually agreed upon, will be governed by this Agreement, and is deemed incorporated herein by this reference.
“Profile” means an individual entry within Customer’s Names & Faces Directory. This entry usually contains a photograph and/or information relating to a person, but could contain a photograph and/or information relating to anything Customer wishes to list in their Names & Faces Directory.
“Regulator” means any regulatory body with responsibility for ensuring compliance with Data Protection Legislation.
“User Terms” means the User Terms of Service that each Authorized End User must agree to prior to using the Services.
Names & Faces Services
The “Services” are made up of the mobile app, the web interface, the backend management tools, all outputs of the Names & Faces systems, all Intellectual Property Rights and all features and additional products relating to each of those elements. Subject to the terms and conditions of this Agreement, Names & Faces grants Customer a non-exclusive, non-transferable, worldwide license to access and use the Services to create a Names & Faces Directory.
Administering the Names & Faces Directory
Customer will administer the creation and ongoing management of the Names & Faces Directory. Customer will be responsible for the quality, accuracy and completeness of the Customer Information featured in the Names & Faces Directory and for granting and revoking access to Authorized End Users.
If Customer requests support from Names & Faces to set up the Names & Faces Directory, then Customer agrees Names & Faces may access and use the Customer Systems required for such implementation and set up.
Authorized End Users
Customer may make the Customer Information available to Authorized End Users through their Names & Faces Directory via the Services. For purposes of this Agreement, if Authorized End Users create or save content to the Names & Faces Directory using the Services, then this content will be considered part of the Customer Information. All Authorized End Users will be presented with User Terms of Service which they must agree to before gaining access to or using any of the Services. Customer is responsible for the conduct of each Authorized End User.
Collecting and Processing Customer Information
Personal Data
By providing the Services, Names & Faces will receive and process “Personal Data” that relates to people within Customer’s organization and to Authorized End Users. The type of Personal Data Names & Faces may be required to process to provide the Services includes but is not limited to: names, photographs, contact details, addresses and employment status. Between Names & Faces and Customer, Names & Faces acknowledges that Customer is the Data Controller and Names & Faces is the Data Processor in respect of any Personal Data forming part of the Customer Information.
License
Customer grants to Names & Faces and its affiliates the rights and licenses to receive, process, and otherwise use the Customer Information to provide the Services. Names & Faces will process and use the Customer Information only to the extent, and in such a manner, as is necessary for the purpose of providing the Services.
Permissions
Customer represents and warrants that it has obtained all consents and permissions from Authorized End Users and other people or entities that are necessary to transmit, process and use such Customer Information with the Services.
Industry Standard Protections
Names & Faces will: (a) promptly comply with any Customer request that asks Names & Faces to amend, transfer or delete the Customer Information, both during and after the term, (b) only make copies of Customer Information to the extent reasonably necessary to provide the Services which includes back-up, mirroring and similar availability enhancement techniques, security, disaster recovery and testing of Customer Information, and (c) use all industry-standard, reasonable steps to ensure the Customer Information remains confidential and secure in the Services.
Subprocessors
Names & Faces may engage sub-processors to process Customer Information (each a “Subprocessor”). Names & Faces will enter into a written contract with each Subprocessor that provides sufficient guarantees to implement appropriate technical and organizational measures in compliance with Data Protection Legislation. Names & Faces will remain responsible for the acts or omission of Subprocessors as if the acts or omission of the relevant Subprocessor were the acts or omissions of Names & Faces. A list of Subprocessors are available on the Names & Faces website.
Aggregated and Anonymized Data
Customer agrees to allow Names & Faces to retain and use the Customer Information in aggregate and anonymized form for any purpose in connection with Names & Faces’ current or future products and services; provided that such use is in compliance with Data Protection Legislation and all applicable laws, rules and regulations and does not identify Customer or any Authorized End User. This information is used to improve the understanding and quality of the Names & Faces product and services by the Names & Faces team.
Payment Terms
Customer agrees to pay the fees as per the payment terms. Names & Faces reserves the right to suspend Customer’s use of the Services upon 7 days’ prior notice by email if any Fees are overdue. If Customer’s use of the Services is suspended, neither Customer nor its Authorized End Users will have access to the Names & Faces Directory. The Services will become active again when the applicable Fee is paid in full.
Renewal
Customer will be notified of renewal 30 days prior to the renewal date. If Customer chooses not to renew the subscription, Names & Faces will delete all electronic copies and destroy all hard copies of the Customer Information.
Term and Termination
This Agreement will begin on the Effective Date and will continue in effect until the Services are terminated.
Either party may terminate this Agreement or Order Form, effective immediately, upon written notice to the other party if the other party materially breaches any part of this Agreement or an Order Form and fails to cure the breach within 14 days of receiving written notice of it from the non-breaching party.
Upon termination, Customer and Authorized End Users will no longer have access to the Services. Names & Faces will delete all electronic copies and destroy all hard copies of Customer Information within 30 days of such termination.
If Customer terminates the agreement before the end of the agreed upon Subscription Period as specified in the order form the Customer will pay all fees outstanding for the remainder of the subscription period. In the case of termination, no refunds will be given unless that termination is by Names & Faces for convenience or for breach of contract on Names & Faces’ part, in which case Names & Faces will pay Customer a pro rata amount of the Fees for the remainder of the Subscription Term. Termination does not affect any of the liabilities or obligations laid out in this Agreement.
Intellectual Property Rights
Names & Faces owns and retains ownership in the Services and its Confidential Information and all Intellectual Property Rights therein. Nothing in this Agreement grants Customer any right, title or interest in any of the Services other than as expressly provided herein. All rights not expressly granted are reserved.
Customer owns and retains ownership of the Customer Information and its Confidential Information and all Intellectual Property Rights therein.
Names & Faces is entitled to develop, withdraw, replace, modify and improve all or some of our Services throughout the Subscription Period. Names & Faces will use commercially reasonable effort to provide Customer with prior notice if Names & Faces believes Authorized End Users’ use of the Services may be temporarily interrupted.
Confidentiality
Restrictions on Use and Disclosure. Each party agrees to maintain in confidence and protect the other party’s Confidential Information using at least the same degree of care as it uses for its own information of a similar nature, but in all events at least a reasonable degree of care. Each party agrees to take reasonable precautions to prevent any unauthorized disclosure of the other’s Confidential Information, including, without limitation, disclosing Confidential Information only to its employees, independent contractors, consultants, and legal and financial advisors (collectively, “Representatives”) with a need to know such information and who are parties to appropriate agreements, or otherwise bound by confidentiality obligations, sufficient to comply with this section.
Indemnity
Customer agrees to indemnify Names & Faces and its affiliates and their directors, employees, agents and suppliers against all claims, liabilities, costs, expenses, damages and losses including all interest, penalties and legal costs and all other professional costs and expenses suffered or incurred by us arising out of (a) Customer’s breach of its obligations under this Agreement, and (b) a breach by any Authorized End User of the User Terms (collectively, then “Claims”). Each party acknowledges that Claims include any claim or action brought by a Data Subject, including Authorized End Users, arising from a breach of Customer’s obligations under the relevant Data Protection Legislation.
Names & Faces agrees to indemnify, defend, and hold Customer harmless against all Claims arising out of (a) Names & Faces’ breach of its obligations under this Agreement, including any breach of relevant Data Protection Legislation, and (b) any third-party claims that Customer’s use of the Services violates or infringes any valid patent, copyright, or trademark, or misappropriates a trade secret. Names & Faces may, at its option and expense, procure for Customer the right to continue to use the Services, or repair, modify, or replace the Services so that they are no longer infringing.
Limitation of Liability
In no event will Names & Faces be liable for any consequential, indirect, punitive, exemplary, special, or incidental damages (including for any loss or corruption of data, profits, revenue or goodwill, interruption of business or the cost of procurement of substitute goods and services) arising from or relating to this Agreement, however caused, whether such liability arises from any claim based upon contract, warranty, tort, strict liability or otherwise, even if a party has been advised of the possibility of such damages, and to the maximum extent permitted by applicable law, Names & Faces’ total cumulative liability under this Agreement, from all causes of action and all theories of liability, will be limited to and will not exceed the total amount of fees paid to Names & Faces hereunder in the twelve (12) months preceding the first claim.
Miscellaneous
Privacy Policy. Please see the Names & Faces’ Privacy Policy for more information on how Names & Faces collects and uses data relating to the use and performance of the Services.
Entire Agreement. This Agreement and the documents referred to in these terms contain the whole agreement between the parties relating to the Services and supersede all prior agreements and arrangements between the parties relating to the Services. In the event of a conflict between the terms of this Agreement and the terms of any other Agreement or exhibit hereto, such conflict will be resolved in the following order: (a) this Agreement, exclusive of any exhibits (b) other Agreements; and (c) any exhibits. For Avoidance of doubt, the User Terms will govern all Authorized End Users’ use of the Services and will be deemed a separate agreement to this Agreement.
User Terms of Service
Introduction
This User Terms of Service Agreement (the “User Terms”) describes your rights and responsibilities and governs your access when using our people directory tools & technologies (our “Services”). The mobile software application (“the App”), the web interface (“the Web Client”), all outputs of the system, all future Names & Faces tools, and all intellectual property relating to each of those elements, make up our Services. We own all the intellectual property relating to, and have exclusive rights to our Services.
Definitions: who is the “Customer” and who is the “User”
“The Customer” is the entity, organization and/or person that initiated the creation of a Names & Faces directory. If you are trialing any of our Services by accessing our demos you are a “User”.
If you are being invited to access a Names & Faces directory already created by a “Customer” you are a “User”.
These User Terms govern your access and use of our Services from the instant you first access them.
You must be at least eighteen (18) years of age to accept these User Terms. If you are under 18, your parent or guardian must act as your agent and agree to these terms on your behalf.
By accessing a Customer’s directory through our Services, you agree to these User Terms.
If you are both a “Customer” and a “User”, you are bound to both the Customer Terms and the User Terms.
If there is a conflict between the two, the Customer Terms take precedence.
Who is “Names & Faces” and what is the “Extended Ecosystem”?
“Names & Faces”, “we”, “our”, or “us” refers to the Names & Faces Group of Companies:
Names & Faces, Inc., a Delaware Corporation (EIN: 61-1898625)
Names & Faces Studio (Pty) Ltd, a South African private company (Reg: 2018/530596/07)
The “Names & Faces Extended Ecosystem” includes our employees, corporate subsidiaries, and third-party contractors. We may leverage these entities to perform our obligations under these User Terms.
Why you are using our Services
You have been invited to access a Names & Faces directory created by a Customer. You are considered one of the Customer’s “Authorised End Users”.
If you're accessing a demo, we are the Customer.
4.1 The Relationship Between You, Our Customer, and Us
If you access your employer’s directory, the Customer is your employer.
If you access a directory created by a friend, the Customer is your friend.
The Customer grants you access.
4.2 What This Means for You—and for Us
All information in the directory is provided by the Customer. Any concerns should be addressed to the Customer first. If unresolved, you may contact us at hello@namesandfaces.com.
When you submit notes, groups or other content (“User Data”), you agree that it belongs to the Customer.
The Customer controls access and may modify or delete User Data at their discretion.
Analytics and Communication
We track usage (via cookies and other technologies) to improve our Services and provide insights to Customers. We may contact you for feedback or to assist you in using our Services. You can unsubscribe from communications at any time. We do not share your details outside of the Names & Faces Extended Ecosystem except as outlined in our Privacy Policy.
Termination of Access
6.1 By Customer Request
We may remove your access if the Customer requests it (e.g. if you leave their organisation).
6.2 For Non-Payment
We may suspend access if the Customer has not paid their subscription.
6.3 At Our Discretion
We may also terminate access at our discretion without liability or explanation.
We do not guarantee access to any data or content after termination.
Rights and Warranties
We retain ownership of all Services. You may not:
Claim ownership of any part of the Services
Share, sublicense or transfer rights
Reverse engineer or replicate our Services
We may update or modify our Services and will provide reasonable notice where possible.
You may unsubscribe from our communications at any time.
We will not share your details beyond our Extended Ecosystem.
Acceptable Use Policy
Do:
Prevent unauthorised access
Keep login credentials secure
Monitor your account activity
Report suspicious activity
Do Not:
Use Services for unintended commercial purposes
Share personal info for unauthorised use
Copy content without permission
Share login credentials
Transfer your account to others
Use Services maliciously or unlawfully
Infringe intellectual property rights
Interfere with system performance
Reverse engineer or tamper with code
Infect Services with malware
Circumvent security mechanisms
Build competitive services
Post harmful, offensive, or unlawful content
General Terms
These User Terms override all prior agreements.
We may assign our rights under these terms to others with notice.
These Terms are governed by the laws of California. Legal disputes will be handled in California courts.
If any term is found unlawful, the rest remain valid.
Legally Binding
These terms are binding as soon as you access our Services.
App Store terms may also apply but our Terms will take precedence.
If you’re using a shared or third-party device, you must have permission.
Third-party links in the App are not endorsed by us and are used at your own risk.
Changes to the User Terms
We may update these Terms. We’ll notify you of significant changes.
Continued use indicates your acceptance.
11.1 Changes to the Services
We may release updates or improvements. If you don’t install them, access may be limited.
Indemnity and Limitation of Liability
We are not liable for indirect, incidental, or consequential damages or losses.
You indemnify us from third-party claims resulting from your use.
We are not liable for delays outside our control if we notify you promptly.
Privacy Policy
See our Privacy Policy for details on data use.
Site Owner: Names & Faces, Inc.
Legal Status: Delaware Corporation (EIN: 61-1898625)
Director: Paul Galatis
Business Description: Technology for creating and distributing people directories
Email: hello@namesandfaces.com
Website: www.namesandfaces.com
Registered Address: 8 The Green STE R, Dover, DE 19901, United States
Data Processing Agreement
This Data Processing Agreement and its Annexes (“DPA”) reflects the agreement between the parties regarding the processing of Personal Data by us on your behalf, under the Names & Faces Client Terms of Service (the “Agreement”).
This DPA is supplemental to the Agreement and takes precedence over it in case of any conflict. It follows the term of the Agreement. Terms not defined in this DPA have the meanings in the Agreement.
Structure of this DPA
Definitions
Client Responsibilities
Names & Faces Obligations
Data Subject Requests
Sub-Processors
Data Transfers
Additional Provisions for European Data
Additional Provisions for California Personal Information
General Provisions
Parties to this DPA
Annexes 1–3
1. Definitions
California Personal Information: Personal Data protected under the CCPA
CCPA: California Consumer Privacy Act of 2018
Controller / Processor: As defined under applicable Data Protection Laws
Data Protection Laws: Global privacy legislation incl. GDPR, POPIA, CCPA, etc.
Data Subject: The individual the data is about
Europe / European Data: EU, EEA, UK, Switzerland — and data covered by their laws
Instructions: Controller-issued, documented instructions for processing
Personal Data / Personal Data Breach / Processing: As defined under GDPR
Standard Contractual Clauses (SCCs): EU Commission’s 2021 SCCs
Sub-Processor: A third-party processor assisting Names & Faces
UK Addendum: ICO Addendum to SCCs
2. Client Responsibilities
a. Compliance with Laws
You are responsible for compliance with all applicable Data Protection Laws. This includes the lawfulness of data collection and transfer, transparency obligations, and accuracy of Client Data.
b. Controller Instructions
Your use of the Subscription Service and this DPA together constitute your complete instructions for processing.
c. Security
You must assess if our security standards meet your legal obligations and ensure secure usage of our services.
3. Names & Faces’ Obligations
a. Compliance with Instructions
We will process Personal Data only in accordance with this DPA and your lawful instructions.
b. Conflict of Laws
If local laws prevent compliance with your instructions, we’ll notify you (unless prohibited by law).
c. Security
We maintain appropriate security measures as described in Annex 2. These may change, but not in a way that reduces protection.
d. Confidentiality
Our personnel are bound by confidentiality obligations.
e. Personal Data Breaches
We will notify you without undue delay and assist with regulatory or data subject notifications if required.
f. Deletion or Return of Personal Data
We will delete or return Personal Data upon service termination, except where legally required to retain it.
4. Data Subject Requests
You are responsible for fulfilling Data Subject Requests via the Subscription Service. If you need help, we’ll assist at your request and may charge reasonable costs. If we receive such requests directly, we’ll refer them to you.
5. Sub-Processors
We may engage Sub-Processors for infrastructure, product features, and support. Sub-Processors are bound by protections equivalent to this DPA.
A full list is available at: namesandfaces.com/company/sub-processors
6. Data Transfers
You consent to Personal Data transfers worldwide, including to the U.S. (Names & Faces, Inc.) and other jurisdictions. All transfers will comply with applicable laws.
7. Additional Provisions for European Data
a. Scope
Applies only where data is subject to European Data Protection Laws.
b. Roles
You = Controller. Names & Faces = Processor.
c. Instruction Compliance
If we believe your instructions violate European law, we’ll notify you.
d. New Sub-Processors
You may object within 30 days of being notified. If no resolution is possible, you may suspend or terminate affected services.
e. Sub-Processor Agreements
We’ll share Sub-Processor terms to the extent allowed and reasonable.
f. Data Protection Impact Assessments
We’ll assist where you lack access to needed data for DPAs or regulatory consultations.
g. Transfer Mechanisms
We use the SCCs for EEA, UK, and Swiss data transfers. See full terms in the DPA body. Privacy Shield principles apply where relevant.
h. Demonstration of Compliance
We will make all relevant compliance information available to you and permit audits.
8. Additional Provisions for California Personal Information
a. Scope
Applies only to California Personal Information under the CCPA.
b. Roles
You = Business. Names & Faces = Service Provider.
c. Responsibilities
We will process data strictly for the Subscription Service and as permitted under the CCPA.
9. General Provisions
a. Amendments
We may update this DPA, with notice, in accordance with our general terms.
b. Severability
Invalid terms won’t affect the rest of the DPA.
c. Limitation of Liability
Liabilities are governed by the Agreement and apply to all Affiliates.
d. Governing Law
Governing law is as per the Agreement’s jurisdiction clause, unless otherwise required.
10. Parties to this DPA
a. Permitted Affiliates
This DPA applies to all Permitted Affiliates unless otherwise stated.
b. Authorization
You represent you have authority to bind your Affiliates to this DPA.
c. Remedies
Only the primary contracting Client may enforce the DPA.
d. Consolidated Audits
Where possible, you agree to group audit requests across Affiliates.
Annex 1 – Details of Processing
A. Parties
Data Exporter: You, the Client
Data Importer: Names & Faces, Inc., 8 The Green STE R, Dover, DE 19901, United States
B. Description of Transfer
Subjects: Your users (e.g. employees, contractors, clients)
Data: Contact info and any data you submit
Frequency: Continuous
Purpose: To deliver the Subscription Service
Retention: Duration of the Agreement
Supervisory Authority: As per GDPR
Annex 2 – Security Measures
A. Access Control
Hosted on secure outsourced infrastructure
Strict authentication and authorization protocols
API access via key or OAuth
B. Transmission Control
HTTPS enforced
Data encrypted at rest
C. Input Control
Centralised logging and anomaly detection
Incident response processes in place
D. Availability
≥99% uptime
Backups and replication
Disaster recovery plans
Annex 3 – Sub-Processors
For the latest Sub-Processor list and purposes, visit:
namesandfaces.com/company/sub-processors
Sub Processors
We engage sub processors in three ways: to assist us with hosting and infrastructure; to support product features and integrations; and for service and support.
We enter into a written contract with each sub processor to ensure they provide sufficient guarantees to implement appropriate technical and organisation measures to comply with with Data Protection Legislation.
Company | Role | Data Centers |
|---|---|---|
Amazon Web Services | Cloud infrastructure, data storage and hosting | Europe-Ireland |
Bugsnag | Error reporting | USA |
Customer.io | Send email, push & in-app messages | USA |
Datadog | General system health and performance, and provides alerting and monitoring for our AWS systems | USA |
GSuite | Email and file storage | USA |
Mailchimp | Transactional email | USA |
Outseta | Sales, Marketing and CRM | USA |