Privacy Policy

Last Modified: January 22, 2025

Personal Data Collection

We collect the following personal data from users of our employee engagement platform:

  • Name

  • Email address

  • Residential address (if provided)

  • Birthday (if provided)

  • Employee hire date (if provided)

This data is collected to ensure a personalized and efficient user experience.

Purpose of Data Collection

The primary purpose of collecting user data is to:

  • Set up an account for users to redeem their awards, points, or use the InTheLoop360 Employee Engagement Platform.

  • Ensure awards are shipped to the correct address once redeemed.

  • Send email reminders about unredeemed awards.

Additionally, some data may be used from our distributor network for email marketing purposes.

Data Sharing and Disclosure

We share data with our API supplier partners exclusively for the purpose of fulfilling award redemptions. When an employee redeems their award, their contact and shipping information is passed to the suppliers to ensure the product/award is shipped to their home or business.

Data may also be disclosed to comply with legal obligations, such as responding to lawful requests by public authorities, including meeting national security or law enforcement requirements.

User Rights

Users have the right to correct or delete their data. To exercise these rights, users may contact us by:

  • Emailing: sales@foresthill.app

  • Calling: +1 (800) 718-8852

Data Security

Our platform prioritizes the protection of employee information through robust data security measures, including:

  1. Encryption:

    • Data in Transit: All data transmitted between users and the platform is encrypted using TLS (Transport Layer Security) to prevent interception and ensure secure communication.

    • Data at Rest: Sensitive data stored in our databases is encrypted to safeguard it from unauthorized access.

  2. Password Security:

    • User passwords are securely hashed and salted using industry-standard hashing algorithms. This ensures that even in the unlikely event of a data breach, passwords cannot be easily decrypted.

  3. Access Controls:

    • We implement role-based access controls (RBAC) to ensure that only authorized personnel have access to sensitive data and administrative functions.

  4. Regular Security Audits:

    • Our systems are subject to regular security audits and vulnerability assessments to identify and mitigate potential risks proactively.

  5. Compliance with Industry Standards:

    • We adhere to CCPA, ensuring compliance with data security and privacy standards.

  6. Backup and Disaster Recovery:

    • Data is regularly backed up and stored securely. Our disaster recovery protocols ensure data integrity and platform availability in case of unexpected incidents.

  7. Secure Hosting Environment:

    • Our platform is hosted in a secure environment with firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to protect against unauthorized access and cyber threats.

Data Retention Policy

Our platform provides flexible and secure data retention policies tailored to meet the specific needs of your organization. Key aspects include:

  1. Customizable Retention Periods:

    • We work with each client to define data retention periods based on their internal policies and compliance requirements.

    • Retention timelines can vary for different types of data (e.g., user activity logs, recognition data, survey responses).

  2. Secure Data Archiving:

    • Data that is no longer actively used can be securely archived to meet historical reporting or compliance needs while minimizing storage costs.

  3. Automated Data Deletion:

    • Once data surpasses the agreed retention period, it is automatically and securely deleted to ensure compliance with data privacy regulations such as CCPA.

  4. Data Portability and Export:

    • Before data is deleted, organizations can request records to be exported in standard formats (e.g., CSV, Excel, PDF) to retain their own copies if needed for audit or reporting purposes.

  5. Audit and Compliance Logs:

    • Our platform maintains detailed logs of data access and deletion activities to support compliance and provide transparency.

Children's Privacy

Our platform is not designed to be used by minors.

International Users

Our platform complies with the California Consumer Privacy Act (CCPA) but does not comply with the General Data Protection Regulation (GDPR).

Policy Updates

Users are encouraged to visit our Policy page for updates. Please note that emails regarding policy updates will not be sent.

Contact Information

Users can contact us via email at sales@foresthill.app or call us at +1 (800) 718-8852 for any privacy concerns or questions.