Gloo was founded to bring the best possible data and technology to churches, charities, and community service organizations that help people grow. We believe this is the right thing to do. And Gloo is committed to earning trust each day by pursuing data privacy and security.
To whom does Gloo offer its services?
Gloo offers services to organizations that support personal growth, including churches, charities, addiction recovery institutions, and community service organizations—which we call “Champions.” We are open to all Champions that want to do good. We do not unlawfully discriminate against any religions, churches, or other organizations, but we reserve the right to refuse to serve any organization that we believe, in our sole discretion, does or could harm people.
What does Gloo do to reduce the risk that bad actors use Gloo’s services for nefarious purposes?
We contractually prohibit Champions (i.e., recipients of our services) from using our services (a) for any illegal purposes, (b) to promote hate speech or incite violence, (c) to create a risk to a person’s health or safety, (d) for the advancement of political parties or election campaigns, (e) for anything malicious, fraudulent, harassing or threatening, or (f) for any covert, misleading or unfair communications, including, without limitation, any advertisements or social media campaigns that fail to identify the organization that controls or pays for the communication.
Furthermore, we contractually prohibit users from unlawfully discriminating against people because of a personal characteristic, including race, ethnicity, color, national origin, citizenship, religion, age, sex, sexual orientation, gender identity, family status, marital status, disability, medical or genetic condition, pregnancy, or veteran status.
We also limit our data collection, processing, and sharing activities as described in Sections 3 - 5 to reduce the risk of harm.
As we explain in our privacy statement, we use personal data about consumers to provide services and do not share personal data in identifiable form, except at the request or direction of (a) the person to whom the data relates (the data subject) or (b) the organization who provided the data to us.
First-Party Data: When an individual person visits our website or signs up for our services, we receive data from the data subjects themselves. This is “first-party data” because we are the “first party” to whom the individual has directly provided their data. We do not share “first-party data” in identifiable form with others, except at the request or direction of the individual, such as when individuals ask us to connect them with churches or other Champions who can help them.
Second-Party Data: When a church or other Champion engages us as a service provider, we process personal data the organization provides to us on the organization’s behalf, such as to create surveys and social media outreach campaigns for the Champion at the explicit instruction of the Champion. This is “second-party data” because we receive the data from our Champion, who in turn typically receives it directly from individuals. As a result, we are one party removed from the collection of the data. We do not share such “second-party data” with others, except as instructed by our customer, the Champion.
Third-Party Data: We also license personal data from data providers. This is “third-party data,” because the Gloo does not have a direct relationship with the data subjects (the “first parties”) or our customers, the Champions (the “second parties”). We use such “third-party data” to provide insights to Champions (e.g., charities may want to focus their efforts on areas of a State or City with relatively high debt levels) and target advertising campaigns to particular populations (e.g., show offers of spiritual support to individuals most in need). To mitigate privacy risks, Gloo does not receive names and contact information of data subjects provided by data providers. If a data provider includes names or contact information, we remove the names and contact information so that the “third-party data” does not identify individuals. If we already have a first- or second-party relationship with a data subject, we may enrich our internal profile with “third-party data” about them. We do not share identifiable “third-party data” with our Champions (with or without names or contact information), but we do share aggregate third-party information in a de-identified format to Champions.
When we receive third party data that does not include names and contact information, we assign datasets a primary key (“Key”). The Key allows us to join various tables without allowing for re-identification. The Key may be used by us to engage service providers to show targeted messages to individuals on social media and other Internet sites. For example, we might provide the Key to a social media company that has a first party relationship with an individual. The social media company might use the Key to identify the individual within their platform and serve them a targeted message. While the social media company would know the identity of the person based upon their first-party relationship with them, we would never receive the name of the individual nor would we attempt to identify the individual.
As described above, by design, we do not have names and contact information of data subjects provided by third-party data providers. Further, we are contractually prohibited from attempting to re-identify the identity of the person by the third-party data provider that maintains an identifier. By internal policy, we also commit not to attempt to re-identify identities. As a consequence, except when we have a first- or second-party relationship to a data subject, we do not know – and cannot legally determine – to which individuals our “third-party data” relates. Because our third-party data is de-identified we cannot search it to find information about a particular person. Even if a data subject asks us to produce information about themselves (e.g., a data subject access request) we cannot identify what third party data might relate to them.
Yes. We license information from data partners about Champion organizations and this information may include contact information about individuals who work for those organizations (e.g., pastors). We use this information for the purposes described in our privacy statement.5. Does Gloo receive marketing lists about Champions?
Yes. Like many other organizations, Gloo receives marketing lists about Champion organizations and this information may include contact information about individuals who work for those organizations (e.g., pastors). We use this information for market research, product development, and marketing in accordance with applicable laws as further described in our privacy statement.6. Is Gloo a data broker?
No. Gloo does not sell personal information.
7. What does Gloo do to mitigate data privacy risks?
Gloo recognizes trust as a condition precedent to personal growth. To that end, Gloo is acutely aware of privacy risks. Based on inaccurate or inappropriately disclosed personal information, individuals can be embarrassed, conned, humiliated, discriminated against, fired from employment, rejected by health insurance companies, and harmed in myriad other ways. Since our Champions are churches and other Champions that want to help individuals grow, we handle sensitive information, including information on faith, religion, family, health, and finance.
Gloo has taken measures to mitigate privacy risks with data security and data privacy protection mechanisms including the following:
We limit data access within our company to those individuals that have a need to access data.
We implement the measures described in our security statement.
We limit the personal information that we share, as described under Section 3.
We take measures to ensure that third-party data that we receive does not include names or contact information, as described under Section 3.
We restrict what our Champions may do with services and personal information, as set forth in our terms of service and acceptable use policy (see our answers to Questions 2 and 3).
8. Is Gloo committed to continuous improvement, including in the area of data privacy?
Yes, we know we are on a learning journey. We work to earn trust and help our Champions do good. In an effort to get better each day we work closely with outside counsel, privacy consultants, and statisticians. We believe no one else has achieved what we are trying to do. Please help us out with a suggestion to firstname.lastname@example.org.
Last updated November 19, 2020.