Security & Privacy Policy

1. Our Commitment to Privacy.
This notice describes our Privacy Policy. Our Privacy Policy explains how Sutherland Consulting Group, Inc. d/b/a eratesync.com. (“ErateSync”, “we” or “our”) collects, uses, and protects the personal information obtained through the use of our websiteeratesync.com (“Site”) and the ErateSync services available through the Site (collectively,“Services”). Through the Services we provide a SAAS to assist organizations receiving funding from the FCC’s E-Rate program to manage and remain compliant with all relevant record retention rules. By visiting the Site or using any of our Services, you agree that your personal information will be handled as described in this Privacy Policy. Your use of our Site or Services, and any dispute over privacy, is subject to this Privacy Policy and our Terms of Use, including its applicable limitations on damages and the resolution of disputes. The ErateSync Terms of Use are incorporated by reference into this Privacy Policy

2. What Information is Collected.
We collect information about you directly from you and from third parties, as well as automatically through your use of our Site or Services.
(a) Information We Collect Directly From You. In order to access the Site and use our Services, you must register an account on behalf of your organization. To register you must provide at minimum your organization’s name, address, E-Rate Billing Entity number, billing and payment information, a point of contact, the contact individual’s email address and phone number and any other information required in the Terms of Use (“Personal Information”). Personal Information is information that identifies, relates to, describes or is reasonably capable of being associated with you or your organization.

(b) Login Credentials. We may collect usernames, passwords, password hints and other similar security information used for authentication and account access.(c) Information We Collect Automatically. We may automatically collect information about your use of our Services through cookies, web beacons, and other technologies, including technologies designed for mobile applications. We combine this information with other information we collect about you. Please see the section “Cookies and Other Tracking Mechanisms” below for more information.

Site:
o domain name;
o your browser type and operating system;

o web pages you view; links you click; your IP address;

o the length of time you visit our Site and or use our Services;2o the referring URL, or the webpage that led you to our Site

o Unless you choose to provide it to us or include in your account profile, we do not collect sensitive personal information from users of the Site. This includes your social security number, information regarding race or ethnic origin, political opinions, religious beliefs, health information, criminal background, or trade union memberships. If you elect to submit such information to us, it will be subject to this Privacy Policy

(d) Limits on Use of Your Google User Data ErateSync's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
(e) Google Calendar Integration ErateSync will have access to both your Google Calendar in order to power the useUSAC data, and allow you to associate events with contacts in the your ErateSync account. ErateSync will have the ability to: add and update individual calendar events.

(f) Google Drive Integration As part of connecting your Google Drive, the ErateSync will be able to: see your files, upload and download your files, and store file contents and titles. ErateSync uses these permissions to power our Auto Sync feature, allowing you to automatically bulk import and tag files for the centralization of E-Rate records by funding year.

3. How and When the Information is Used.
(a) Organization Account Information In order to access our Services, you will create an account on behalf of your organization. The information in your account may be visible to our Service Partners or other Site users. Your organizations records and content, but not your billing information, is accessible only by all other individuals listed on your ErateSync account. Any records or content you add to or create in the course of using our Services is viewable and accessible by the other users on that same account. This is the intended purpose of ErateSync – the centralization of an E-Rate organization’s records that can be accessed by account users.

No Personal Information, billing information or account content is viewable or accessible by any other ErateSync users outside of your account.

If you believe that an unauthorized profile has been created about your organization, you can request for it to be removed by contacting us at Support@eratesync.com

(b) We also use your Personal Information for the following reasons:

• Operate and improve our Services;

• To create your account, identify you as a user of the Site, and customize the Services to your account;• To debug or cap the frequency of, underwriting messages;

• To send you promotional information, such as newsletters. Each e-mail news letterwill provide information on how to opt-out of future mailings by unsubscribing;

• To send you administrative communications, such as administrative e-mails, confirmation e-mails, technical notices, updates on policies, or security alerts;

• To respond to your comments or inquiries;

• To provide you with our user support chat interface

;• To track and measure Site performance;

• To protect, investigate, and deter against unauthorized or illegal activity;

• To notify you of new information or services that may be of interest to you; or,

• To send promotional materials. ErateSync will rely on legal grounds to process your Personal Information to the extent permitted by applicable law, which may include, without limitation: to honor contractual commitments, to take steps in anticipation of entering into contract, to fulfill legal obligations, your consent, and ErateSync’s legitimate interests.

(c) Payment Obligations. When you sign up for an account, the method of payment can be credit card, paypal or invoice. Subscribers will be billed or invoiced beginning 30 days after your account is registered. Invoices will be sent from rateSync with net 30-day payment terms. Credit card payments are processed through BrainTree or Paypal at the end of the 30 day trial, and annually after that. Please refer to BrainTree’s (https://www.braintreepayments.com/legal/braintree-privacy-policy) or Paypal’s (https://www.paypal.com/us/webapps/mpp/ua/privacy-full) privacy policy for information regarding their own security protections and use of yourpersonal information. Remember that certain payment processors may belocated in or have facilities that are located in a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the service sof a third-party payment provider, then your information may become subject to the laws of the jurisdiction(s) in which that payment provider or its facilities are located.

4. How We Share Your Information.
We may share your information, including personal information, as follows:
a. Service Partners. We will not sell, trade, or rent your personally identifiable information to others. However, we do provide some of our services through contractual arrangements made with affiliates, partners and other third parties4("Service Partners"). Our Service Partners include Hubspot to send our email marketing campaigns. This list may be amended from time to time in ErateSync’s sole discretion. We and our Service Partners may need to use some personal information in order to perform tasks on our Site or to deliver the Services to you. We may also share information in the following circumstances:

a. Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the other company.

b. In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, orother legal process, such as in response to a court order or a subpoena.

c. To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Privacy Policy, or as evidence in litigation in which we are involved.

d. Aggregate and De-Identified Information. We may share aggregate or deidentified information about users with third parties, for example, business partners, or other third parties with reports that contain aggregated and statistical data about our users.

5. How We Protect Your Information. To protect your personal identifiable information,we take reasonable precautions and follow industry standard SSL/TLS end-to-endencryption of data in transit to make sure it is not inappropriately lost, misused, accessed,disclosed, altered or destroyed. While we use encryption to protect sensitive informationtransmitted online, we also protect your information offline. Only employees who need theinformation to perform a specific job (for example, billing or customer service) are granted access to Personal Information. Furthermore, your E-Rate records are not visible oraccessible to ErateSync staff or 3rd parties under any circumstances.

The computers/servers in which we store personally identifiable information are kept in asecure environment. If you provide us with your financial or any other personalinformation, the information is encrypted using industry standard protections in ourdatabase. Payment information is stored in our database for ongoing payment obligations,as it is processed through integrated third-party software. However, once an account iscanceled, all payment info is deleted from our database. All other Personal Informationwe collect may be stored in perpetuity through our internal database, unless we receive arequest by you to remove such information.

Although we have implemented commercially reasonable precautions to protect theinformation we collect from loss, misuse, and unauthorized access, disclosure, alteration,and destruction, please be aware that despite our best efforts, no data security measures canguarantee 100% security. You should take steps to protect against unauthorized access toyour password, phone, and computer by, among other things, signing off after using ashared computer, choosing a robust password that nobody else knows or can easily guess,and keeping your log-in and password private. We are not responsible for any lost, stolen,or compromised passwords or for any activity on your account via unauthorized passwordactivity.

6. Our Use of Cookies and Other Tracking Mechanisms
ErateSync may use cookies to: store user preferences or record user-specific information onwhat pages users access or visit. This section explains what cookies are, how we use cookiesand similar technologies on our Site and what you can do to manage how cookies are used.

WHAT ARE COOKIES?

A cookie is a small text file which is sent to your computer or mobile device (referred to inthis policy as a “device”) by the web server so that a website can remember some informationabout your browsing activity on the Site. The cookie will collect information relating to youruse of the Site, information about your device such as the device’s IP address and browsertype, demographic data and, if you arrived at our Site via a link from third party site, the URLof the linking page.

In addition to cookies, our Site may use web beacons. Web beacons allow us to count thenumber of users who have visited or accessed the Site and to recognize users by accessing ourcookies. We may employ web beacons to facilitate Site administration and navigation, to trackthe actions of users of the ErateSync, to compile aggregate statistics about ErateSync usageand response rates, and to provide an enhanced online experience for visitors to the ErateSync.We may also include web beacons in HTML-formatted e-mail messages that we send todetermine which e-mail messages were opened. A web beacon is often invisible because it isonly 1 x 1 pixel in size with no color. A web beacon can also be known as a web bug, 1 by 1GIF, invisible GIF and tracker GIF.

WHAT ARE THE DIFFERENT TYPES OF COOKIES AND HOW DO WE USE THEM?

Functional: These cookies are used to remember your preferences on our ErateSync and toprovide enhanced, more personal features. The information collected by these cookies is usually anonymized, so we cannot identify you personally. Functional cookies do not trackyour internet usage or gather information which could be used for selling advertising.

Examples of how we may use functional Cookies include:

• Gathering data about visits to our ErateSync, including numbers of visitors and visits,length of time spent on the site, pages clicked on or where visitors have come from.
• Eliminating the need for returning users to re-enter their login details

Third Party Cookies: You may notice on some pages of Site that cookies have been set thatare not related to us. When you visit a page with content embedded from a third party, thesethird party Service Partners may set their own cookies on your device. We do not control theuse of these third party cookies and cannot access them due to the way that cookies work, ascookies can only be accessed by the party who originally set them. Please check the thirdparty websites for more information about these cookies.

Disabling Cookies: Most web browsers automatically accept cookies, but if you prefer,you can edit your browser options to block them in the future. The Help portion of thetoolbar on most browsers will tell you how to prevent your computer from accepting newcookies, how to have the browser notify you when you receive a new cookie, or how todisable cookies altogether. Visitors to our Site who disable cookies will be able to browsecertain areas of the Site, but some features may not function. To learn more about how toreject cookies, visit www.allaboutcookies.org or go to the help menu within your internetbrowser. If you experience any problems having deleted cookies, you should contact thesupplier of your web browser.

Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a uniqueidentifier, similar in function to cookies. In contrast to cookies, which are stored on yourcomputer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clearGIFs, including Google Analytics, (a.k.a. web beacons, web bugs or pixel tags), inconnection with our Services to, among other things, track the activities of Site visitors,help us manage content, and compile statistics about our Site usage. We and our third-partyService Partners also use clear GIFs in HTML emails to our users, to help us track emailresponse rates, identify when our emails are viewed, and track whether our emails areforwarded.

7. Third Party Analytics
We may use automated devices and applications, such as Google Analytics, to evaluateusage of our Site. We also may use other analytic means to evaluate our Services. Weuse these tools to help us improve our Services, performance and user experiences.These entities may use cookies and other tracking technologies to perform their services.We do not share your personal information with these third parties.

8. Third-Party Links
When you click on links on our Site, they may direct you away from our Site. We arenot responsible for the privacy practices of other websites or mobile applications and encourage you to read their individual privacy policies. If you visit a third-party websiteor mobile application link from our Site, you do so at your own risk.

9. How You Can Access and Control Your Information
You may modify Personal Information that you have submitted by logging into youraccount and updating your organization’s account information. Please note that copiesof information that you have updated, modified or deleted may remain viewable incached and archived pages of the Site for a period of time.

Although we describe much of the following processes throughout this Privacy Policy,please do not hesitate to email us at support@eratesync.com to receive the following information:
• What Personal Information pertaining to you is being processed

• Why this Personal Information is being processed

• Who has access to this Personal Information about you

• How this Personal Information is being used in automated decisions• Have us delete any data we have about you.

• Express any concern you have about our use of your data.

10. CAN SPAM Act and Opting Out of Emails:
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. We collect your email address in order to:

• Send information, respond to inquiries, and/or other requests or question

• We may also send you additional information related to your account or our Services.

• Market to our mailing list or continue to send emails to our users after an account has been created.To be in accordance with CANSPAM we agree to the following:

• NOT use false, or misleading subjects or email addresses

• Identify the message as an advertisement in some reasonable way

• Include the physical address of our business or site headquarters

• Monitor third party email marketing services for compliance.

• Honor opt-out/unsubscribe requests quickly

• Allow users to unsubscribe by using the link at the bottom of each email We may send periodic promotional or informational emails to you. You may opt-out ofs uch communications by following the opt-out instructions contained in the email.8Please note that it may take up to 10 business days for us to process opt-out requests.Even if you opt-out, we may still communicate with you about your account or anyServices you receive from us.

11. Children

Any authorized contact party registering an account on behalf of their organization mustbe at least 18 years of age. ErateSync does not allow individuals under the age of 18 tocreate an account, nor do we knowingly collect or use any personal information from suchchildren. If you are under the age of 18, do not submit any information to our Site. Weencourage parents and legal guardians to monitor their children’s internet usage and to helpenforce our Privacy Policy by instructing their children never to provide Personal Informationon the Site without their permission. If we learn that we collected personal information fromchildren under the age of 18, we will take steps to delete that information as soon aspossible. If a parent, guardian or senior member of the organization believes that ErateSynchas personally identifiable information of a child under the age of 18 in its database, pleasecontact us immediately at support@eratesync.com and we will use our best efforts topromptly remove such information from our records.

12. California Residents:

California Consumer Protection Act (“CCPA”)The California Consumer Privacy Act (CCPA) provides consumers who are residents ofthe State of California with specific rights related to their personal information (whichincludes Personally Information), subject to certain exceptions. It also requires us todisclose the information we collect, the purposes for which we collect it, and what weshare and disclose.

California Civil Code § 1798.83, also known as the "Shine the Light" law, providesCalifornia residents with the right to request, once per year, without charge,information from website operators and owners regarding the Personal Informationthat they collect online and offline, if any, and the third parties, including affiliates,with which they have shared this information during the preceding calendar year, forthe direct marketing purposes of the third party. If such information is collected andshared with third parties for their direct marketing purposes, the website operator orowner is required, upon request, to provide the list of categories of PersonalInformation they collect, if any, and the names and addresses of all third parties withwhich it has shared such information for direct marketing purposes.

A website operator or owner may meet its obligations, and be exempt from suchdisclosures, under the Shine the Light law, if it provides California residents the right toopt-out of, and thereby prohibit, the website operator or owner from sharing suchPersonal Information with third parties including its affiliates, for the direct marketingpurposes of the third party.

In accordance with California Civil Code section 1798.83(c)(2), ErateSync complieswith California 's "Shine the Light" law by providing all of its users, including itsCalifornia users, with a cost-free method to opt-out of the sharing of PersonalInformation with all third parties for the direct marketing of those third parties, by notdisclosing to third parties, for their direct marketing purposes the Personal Informationof any customer if the customer has exercised the option to prevent such disclosure, andby disclosing these policies in its Privacy Policy. Consequently, ErateSync is notobligated under Shine the Light to provide California users, who have requested suchinformation, a list of the categories of the Personal Information disclosed by ErateSyncto third parties for their direct marketing purposes or the names and addresses of thethird parties to which ErateSync has shared such Personal Information for their directmarketing purposes during the preceding calendar year.

California residents may have further rights related to the handling of their PersonalInformation under the California Consumer Privacy Act. While ErateSync does not"sell" your Personal Information in the traditional sense, it may share your informationwith third parties. California residents may have certain rights related to thisinformation, including the right to ask that we "Do Not Sell Your Personal Information,"the right to ask that we Delete your Personal Information, or the right torequest Access to the categories or specific pieces of Personal Information we havecollected about you. California residents also have the right to not be treated differentlyby ErateSync in response to your decision to exercise any of these rights.

To learn more about these rights, to opt-out of our sharing of your Personal Information,and to exercise other rights that apply, please contact ErateSync by phone (888) 379-7538 or email us at support@eratesync.com. As part of your request, we may ask forcertain information including your name and account information, or the manner inwhich you have previously interacted with ErateSync. We will use this information onlyto contact you about your request and to verify your request. You may also designatean authorized agent to submit a request on your behalf.

13. Information for Nevada Consumers

Nevada law requires website operators to provide a way for Nevada consumers to opt outof the sale of certain information that the website operator may collect about them. Thisinformation is limited to direct identifiers, such as your name, postal address, and emailaddress. When Nevada consumers opt out of the sale of their information, website operatorsmust ensure that the information is not sold to another business that will further license orsell the information to others.

If you are a Nevada resident and you would like to opt out of any possible sale of thisinformation, please email us atsupport@eratesync.com. For all requests, you must put thestatement “Your Nevada Privacy Rights” in the subject field of your request. You mustalso include your full name, street address, city, state, and zip code. We will not acceptrequests via telephone, postal mail, or facsimile, and we are not responsible for notices thatare not labeled or sent properly, or that do not have complete information.

14. Changes to Privacy Policy.
ErateSync reserves the right to change this Privacy Policy from time to time as it sees fitand your continued use of the Service will signify your acceptance of any adjustment tothis Privacy Policy. If there are any changes to our Privacy Policy, we will announce thatthese changes have been made on our home page and on other key pages on our Site. Ifthere are any changes in how we use our users’ personal information, notification by email will be made to those affected by this change. Any changes to our Privacy Policy willbe posted on our Services 30 days prior to these changes taking place. You are thereforeadvised to re-read this statement on a regular basis.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at (888) 379-7538 or via support@eratesync.com This Policy was last updated on March 3, 2022