Privacy Policy

    Updated December 20, 2022

    In our role as a provider of electronic procurement solutions, Ion Wave Technologies, LLC (“IWT”) collects and is provided with a variety of different types of data. This document is intended to detail IWT’s policies and procedures related to this data.

    Information we collect and how it is used

    Marketing Information: We collect a variety of information about our target audience as part of our marketing efforts and during our communication with organizations during the sales process (the “Marketing Information”). This information may include organization names, demographic information, information about an organization’s employees, communication, and information collected as explained in the Activity Data section below.
    Customer Information: Once an organization begins using IWT’s software, they will provide additional information to IWT in order to initially configure the software or as part of their normal usage of the software (“Customer Information”). We consider this Customer Information to be confidential in accordance with our license agreement. Customer Information may include, but is not limited to, the following:
    • Staff information including name, mailing address, email address, and phone number
    • Staff employment and role information with the customer
    • System usernames and encrypted passwords
    Purchasing Data: Customers provide IWT with access to information about their purchasing processes or transactions (“Purchasing Data”) while using our software. We consider this Purchasing Data to be confidential in accordance with our license agreement. Purchasing Data may include, but is not limited to, the following:
    • Customer created/entered content, including libraries, attachments, notes
    • Customer created/entered solicitation or auction events, supplier responses, award decisions
    • Customer created/entered contracts and related information (attachments, reminders, etc.)
    • Customer created/entered catalogs, purchase orders, demand polls
    • Customer specific interactions with suppliers utilizing our software, including bid responses, award decisions, notes, classifications
    Confidentiality requirements do not apply to any information published by a customer to the general public, whether utilizing the functionalities within our software or another method.
    Purchasing Data specifically excludes supplier demographic data provided by suppliers. This demographic information will be utilized by IWT to identify duplicates, provide a unified supplier login experience, providing technical support and notifying suppliers of potential new IWT customers.
    Confidential – Ion Wave Trade Secrets for Customer Internal Use Only
    Deidentified Data: IWT may use deidentified Customer Information or Purchasing Data for product development, capacity planning, research or other internal purposes. Deidentified data will have all direct and indirect identifiers removed. IWT also agrees not to make any attempt to re-identify de-identified data. IWT may share deidentified data with third parties if the deidentified data is provided in an aggregated, anonymized format that cannot be used to identify a customer included.
    Activity Data: IWT automatically collects a variety of usage information when visitors view our websites or utilize our software (the “Activity Data”). We use this information for a variety of purposes, including improving the ongoing operation and maintenance of our systems. IWT utilizes Activity Data for a variety of internal uses including but not limited to marketing, product development, and capacity planning. IWT may utilize third party services or software to gather Activity Data and we may also disclose this data to third parties. Activity Data may include, but is not limited to, the following:
    • Storing and retrieving browser cookies on your computer to uniquely identify your computer or to manage your login session with our systems
    • Logging information provided by your computer or browser, including your IP address, operating system, browser type and version, screen resolution, geographic location, etc.
    • Logging web pages you visit, the load times for pages, the amount of time spent on a page, the links clicked
    • Logging emails we send, including statistics about deliverability, when you open an email, links that are clicked within an email
    • Information provided by third-party analytics tools that we utilize as part of our systems

    Disclosure to third parties

    We do not disclose the information described in this policy to any third party except as provided for in this document and additionally as follows:
    • To provide software and services to our customers as outlined in our license agreement
    • Our use of third-party vendors to provide our software and services to customers (e.g. hosting providers, consultants, legal counsel) who are contractually required to comply with substantially similar confidentiality requirements as us
    • To comply with a court order or other legal process served on us by government agencies
    • To investigate or prevent suspected illegal activities or protect the security and integrity of IWT
    • To take reasonable precautions against liability and to investigate or defend against any third-party claims or allegations
    • To comply with or enforce this policy, our license agreement, or other similar agreements
    In summary, IWT will use commercially reasonable efforts to ensure that only individuals in its employ or the employ of a contracted vendor with legitimate interests (consistent with the agreed upon software and services provided by IWT to the customer) are provided access to Customer Information or Purchasing Data.
    We do not sell any of the information we collect to third parties.

    How we protect your information

    Data Protection: IWT maintains strict administrative, technical, and physical procedures to protect information stored in our servers. Access to information is limited (through unique account credentials) to those employees who require it to perform their job functions. We require industry-standard Transport Layer Security (TLS) encryption technology for all data transmitted to IWT servers. We store and process data in accordance with industry best practices. This includes appropriate administrative, physical, and technical safeguards to secure data from unauthorized access, disclosure, and use. We conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner.
    • IWT uses commercially reasonable efforts to secure the IWT application, including monitoring of the application, implementation of security systems, and hosting of our solutions in secured data centers.
    • The IWT application is hosted in enterprise data centers, located in the United States. These data centers are managed by an IWT contractor and undergo annual security audits (SOC 2 Type II).
    • All IWT data (production and backups) is stored in the United States and encrypted at rest.
    • Backups are performed regularly throughout the day, both within our production data centers and to an independent off-site storage facility. Our business continuity plan provides for multiple recovery options, including restoring from backups located in our primary data center, spinning up our applications in our warm site using backups synchronized to that facility or restoring our systems from our off-site backups.
    Incident Response: In the event of a data breach or unauthorized disclosure of Customer Information, IWT will immediately take actions to limit/mitigate the event. An IWT representative will notify the affected customer as soon as practicable, subject to any limits on disclosure created by law enforcement. IWT and the customer would work together to determine an action plan, including any required notification of affected parties.

    Data Ownership and retention

    Review or Deletion of Records Maintained by IWT: If a customer has fulfilled the terms of their license agreement, the customer may request that IWT remove the Customer Information and Purchasing Data from the IWT production databases. IWT will comply with this request and provide certification to the customer that this data was removed from the production databases. Please note that even when records are deleted from IWT’s active databases, copies may remain in data backups for a period of one year to comply with business continuity and disaster recovery requirements. IWT will not access these archival backups for the specific purpose of accessing any data removed by customer request, unless specifically authorized by customer that owns the removed data.
    Ownership of Data: IWT does not claim ownership of the provided Customer Information or Purchasing Data loaded into our products. This data is owned by and under the control of the customer. The collection, input, use, retention, disposal, and disclosure of this data is controlled by the customer in accordance with the terms of our mutually agreed License Agreement and our policies detailed herein. By providing data to IWT, a customer agrees that IWT has a limited, non-exclusive license to use the data as detailed in our License Agreement and this document.

    End User Responsibility

    All end user access to IWT requires a valid username and password. Customers are fully responsible for the access of their end users to the IWT applications. This includes requiring end users to use commercially reasonable security procedures, including but not limited to using complex passwords, not sharing account information with others, logging out of the system, accessing the system from uncompromised devices, etc.
    Customers are also responsible for managing the end user population that is provided access to the IWT applications, including the creation and termination of user accounts. Customers are responsible for configuring the roles/level of access each user has within the IWT applications to ensure that end users only have access to the appropriate data.
    All communication with the IWT systems from external sources is required to be encrypted. End user browser connections require Transport Layer Security (TLS) and any connections providing data transfer to third party systems must be encrypted.

    Policy Changes

    We reserve the right to update or modify this Privacy Policy to reflect changes in the way IWT maintains, uses, shares, or secures your information.

    How to contact us

    If you have questions about this Privacy Policy, please contact us by email or telephone:
    Email: [email protected]
    Phone: 1-866-277-2645