Privacy Policy

Effective Date: January 11, 2019

How does this Privacy Policy apply?

This Privacy Policy applies to personal information collected by Assemble, Inc. (“Assemble”, “we” or “us”) from your use of the Assemble website ( (“the Site”), and any other user interfaces, applications or services made available through the Site, and websites, pages, applications, services and all devices that Assemble builds and/or operates or offers that link to this  Policy (the Site and all services are collectively referred to herein as the “Services,” and each as a “Service”).

When you access, browse, or use the Services, information will be collected, transferred, processed, stored, and disclosed in accordance with this Privacy Policy. This Policy governs the information collection, use, and disclosure practices for the Services.

We understand that you may be using our Services, as a user on behalf of an organization that has separately entered into an agreement with us relating to its use of our Services, such as the Master Services Agreement (“Service Agreement”), that may modify this Policy. This Policy applies to personal information about customer end users that you, as a user on behalf of your organization, provide. Assemble’s agreements with certain organizations may contain provisions about the collection, use, storage and disposal of personal information collected through the Services. If a provision of the Services Agreement conflicts or otherwise is inconsistent with a provision of this Privacy Policy, then the provision of the Services Agreements will prevail but solely to the extent of the conflict or inconsistency.

By accessing, browsing, or using the Services, you agree to the collection, transfer, use, processing, and storage of information (including personal information) as described in this Privacy Policy. If you do not agree with this Policy or the information collection, use, and disclosure practices described in this Policy, do not use the Services.

What is Confidential Information?

Confidential Information means Company or Customer information, materials and data which (a) is marked clearly as proprietary or confidential, (b) if oral, is identified as proprietary, confidential, or private on disclosure or (c) any other business information, whether tangible or oral, which upon receipt by the receiving party should reasonably be understood to be confidential. This includes but is not limited to: Company’s software products, internal business applications, marketing materials and technical documents related to Company products and services, and Customer’s business strategy, marketing techniques, and operational processes and systems.

What is Customer Data?

Customer Data is any content, materials, data and information that Customer upload, submit, post, transfer, or otherwise provide to Company. Customer Data may include Personal Information.

What are the Data Protection Laws?

Data Protection Laws, as applicable: (i) Title V of the Gramm-Leach-Bliley Act of 1999 or any successor federal statute to the Gramm-Leach-Bliley Act of 1999, and the rules and regulations thereunder, (ii) the Health Insurance Portability and Accountability Act of 1996, (iii) the Sarbanes-Oxley Act of 2002 (Pub. L. 107-204, 116 Stat. 745), and (iv) any legislation or regulation amending, supplementing or replacing any of the foregoing from time to time.

How do we define Personal Information?

Personal Information is any information relating to an identified or identifiable natural person (“Data Subject”) which is subject to protection under the applicable Data Protection Law in the jurisdiction in which such Data Protection Law applies. Personal Information may include national id number, home address and phone number information as well as salary information, job grade and job ranking information.

What is our Security Compliance?

The Company uses commercially reasonable security technologies in protecting Customer Data. To the extent Customer transfers Personal Information to Company, and further subject to Customer’s compliance with its obligations and restrictions with respect to such Personal Information under this Agreement and to the applicable data subject, Company will comply with applicable Data Protection Laws with respect to the processing of such Personal Information.

How do we handle Customer Data and Licensed Data?

Other than as permitted hereunder, Company will within 90 days after the end of the Service Terms (or as otherwise specified in the SOW), follow current established industry standard practices to destroy or delete Customer Data remaining on Company systems, unless applicable law requires retention. Retained data is subject to the confidentiality provisions of the Agreement.

What information do we collect and process and how do we collect and store it?

Information you provide

We may collect and store any and all information that you enter through the Services or give to us in any other way. This section of the Policy provides examples of the information that you provide to us. You may visit and browse the Site without submitting personal information about yourself, and you can choose not to provide certain information to us, but then you might not be able to access or use all of the Services.

We collect and process personal information that you provide to us. Personal information is information that directly or indirectly identifies users, such as name, email address and home address. We may also collect user demographic and behavioral information including gender, interests, shopping preferences and history, and the like.

For example, when you log into a service, we may collect basic information about you such as your name, username, password, email address, physical address, phone number, date of birth, and other personal and business demographic or contact information. But all of this will be at the request of the Customer who has given us permission to do so.

Information that might be collected upon the Customers request can be collected: We can collect information about the Services that you use and how you use them. We can collect certain usage information automatically, upon the request of the Customer, including your Internet Protocol (IP) address or device identifiers, operating system, browser type, websites visited before or after you visit the Services, and activities on our site. In some instances, Assemble and its service providers use cookies, web beacons and other technologies to automatically collect certain types of information when you use the Services, as well as through emails that we may exchange.

Cookies. A “cookie” is a small text file that is stored on a computer for record-keeping purposes. We and our third-party service providers may use cookies to record information about your activities on the Site and to “remember” you when you return to the Site. Some cookies remain on your computer until you delete them. Others, like session ID cookies, expire when you close your browser. You may set your device settings to attempt to reject cookies, but doing so may affect the functionality of the Services.

Pixels (a/k/a web beacons, web bugs, scripts). “Pixels” are tiny graphics with a unique identifier that are used to track the online movements of web users. Unlike cookies, which are stored on a computer’s hard drive, pixels are small graphics that are about the size of a period that are embedded invisibly on web pages or in HTML-based emails. We and our third-party service providers may place pixels on the Site that track what other websites you visit (both before and after visiting the Site). Our third-party service providers use information obtained from pixels to help us improve our business and the Site.

Third Party Use of Tracking Technologies. We do not control the use of cookies, pixels, or other tracking technologies (collectively, “Tracking Technologies”) by third parties.

We may link together different types of usage information or link usage information to personal information. If linked information directly or indirectly identifies an individual person, Assemble treats the linked information as personal information.

Information licensed for Processing by Companies

We will not commingle, mix or combine customer data licensed to us for processing by companies with other licensed data sources, except during permitted usage and processing as necessary to fulfill contracted services and analysis and will not be retained in a merged or combined state. Companies licensing us to perform processing are required to represent and warrant that they have obtained necessary consent for us to provide processing services. Information collected from other sources: We may also collect information through third parties and, where permitted by law, through publicly available sources, in connection with performing activities that you have requested or instructed for the Services.

Assemble uses several third-party usage analytics tools including Google Analytics. More information about how Google Analytics is used by Assemble can be found here:

You may be able to opt out of Google Analytics tracking by visiting the following link:

When we do collect information and how do we use it?

The collection of data and this information can give the Customer the ability to customize experiences within Customer’s Sites and Services; improve the performance, usability and effectiveness of Customer’s services or products; advertise and market; measure the effectiveness of marketing activities; and generate and analyze statistics about your use.

Do we share or disclose your information?

We may share and disclose your information as described below, and as provided under any applicable Service Agreement.

We may share or disclose your information:

With vendors or agents working for Assemble. For example, we may share your information with companies we have hired (and agreed upon by the Customer) to provide services on our behalf (e.g. providers of management and implementation services). When we share information with these other companies to provide services for us, they are not allowed to use it for any other purpose and must keep it confidential unless you otherwise consent.

With your organization. If you are using the Services on behalf of your organization (for example, you are administering your employer’s Account), your organization may have the ability to access and control the Account and information you provided (including your name, email address, and IP address) upon consent of the Customer.

With others in connection with transfer by us of other business assets approved by the Customer.

As provided in any Service Agreement. We also may share or disclose information, including the content of your communications:

To comply with the law or respond to legal process or lawful requests, including from law enforcement and government agencies;

To conduct investigations of complaints or possible breaches of law, to protect the integrity of the Site, to fulfill your requests, or to cooperate in any legal investigation;

To protect the rights or property of Assemble or our customers, including enforcing the Terms of Use; and

To act on a good faith belief that access, or disclosure is necessary to protect the safety of our associates, customers or the public.

Please note that our Site may include links to third-party websites whose privacy practices may differ from our privacy practices. If you submit information to any of those websites, your information is governed by the privacy policies on those websites. We encourage you to review the privacy policy of any website you visit.

Where is your information stored and processed?

Information collected will be defined in the Service Agreement and consent will need to be agreed upon by the Customer. The servers and databases in which information may be stored will be defined by the Service Agreement and agreed upon by the Customer but could be located outside the country from which you accessed this Site and in a country that does not have the same privacy laws as your country of residence. The personal information you provide us may be transmitted abroad, but we will collect, process and use personal information only in accordance with this Privacy Policy.

What else do you need to know?

How long do we store your information? We retain and store personal information only for as long as we have a legitimate business purpose to do so in accordance with our Service Agreement agreed upon by the Customer.

Assignment. In the event that all or part of our assets are sold or acquired by another party, or in the event of a merger, we will delete personal information in compliance with the Master Service Agreement terms.

How do we safeguard your information?

Assemble has and requires its partners to have security policies and procedures in place to help protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite our efforts, however, security cannot be guaranteed against all threats. We seek to limit access to your personal information to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information. We recommend that you take additional measures to protect yourself and your information, including by installing up to date anti-virus software, closing browsers after use, keeping confidential your log-in credentials and passwords, and making sure that you regularly update software and apps you have downloaded to ensure you have enabled the latest security features on your devices.

Children. Our Services are not intentionally designed for or directed at children under the age of 13. It is our policy never to knowingly collect or maintain information about anyone under the age of 13, except as part of an engagement to provide Services. If you are between 13 and 17 years of age, you may use the Service, but you may not submit any personal information. If we become aware that a Site user is under age 18 and has provided personal information, we will take steps to remove his or her personally identifiable information from our files. If you are a parent or guardian and believe Assemble may have inadvertently collected personally identifiable information from your child, please notify Assemble immediately by sending an email to

What are your California Privacy Rights?

California law permits residents of California to opt-out of our disclosure of personal information to third parties for their direct marketing purposes. You may choose to opt-out of the sharing of your personal information with third parties for marketing purposes at any time by submitting a request in writing to our contact address above or by e-mailing us at Please note that this opt-out does not prohibit disclosure made for non-marketing purposes. California law also permits residents of California to request and obtain from us once per year, free of charge, a list of the third parties (if any) to whom we have disclosed personal information for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an e-mail to: or by writing to our contact address above. Requests via telephone or facsimile will not be accepted. The e-mail subject line or mailing envelope and the content of your request must include the phrase “Your California Privacy Rights,” and include your name, e-mail address (if you wish to receive a response via e-mail) or street address, city, state, zip code (if you wish to receive a response via postal mail).

California Minors. If you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the content or information. Removal of your content or information from the Services does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.

How We Respond to Do-Not-Track Disclosures. We do not support “Do Not Track” browser settings and do not currently participate in any Do Not Track frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your personal information.

Access. You may make a request to update or remove personal information that you submitted and we will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards. To request access to or correction, updating, or removal of your personal information please contact us at:

Changes to this statement. We may modify this Privacy Policy from time to time to reflect our current privacy practices. When we make changes to this statement, we will revise the “updated” date at the top of this page. We encourage you to periodically review this Privacy Policy to be informed about how Assemble is protecting your information.

How can you contact us?

You may contact us using the following information:

Assemble, Inc.
2 Nickerson St, Ste 101
Seattle, Washington 98109
Attention: Data Privacy