Privacy Policy
Last updated
GreenCompany Inc., a Delaware corporation, d/b/a Gateway ("Gateway," "we," "us," or "our"), is committed to protecting the privacy and security of personal information. This Privacy Policy describes how Gateway collects, receives, uses, stores, discloses, transfers, and otherwise processes personal information in connection with our public-facing website located at careergateway.io, our web-based application environment, including customer-specific or organization-specific subdomains, and any related products, services, features, content, communications, and support offerings that link to or reference this Privacy Policy (collectively, the "Services").
This Privacy Policy applies to both Gateway’s public-facing marketing website located at careergateway.io and the Gateway application made available through customer-specific subdomains and related platform environments.
Gateway is an artificial-intelligence-enabled learning and development platform that helps organizations build, deliver, manage, and improve onboarding, pre-hire assessment, training, upskilling, enablement, customer education, channel-partner education, coaching, and related learning experiences. Depending on the context in which the Services are used, Gateway may process personal information relating to website visitors, prospective customers, customer personnel, administrators, instructors, employees, contractors, applicants, customers, channel partners, learners, and other authorized users.
This Privacy Policy is intended to provide a public-facing description of Gateway's privacy and data-processing practices. In certain circumstances, Gateway may process personal information on behalf of a business customer, employer, or other organization that makes the Services available to its users (each, a "Customer"). In those circumstances, Gateway may act as a service provider, processor, or similar role under applicable law, and the relevant Customer may determine certain aspects of how personal information is collected, used, disclosed, retained, and otherwise processed through the Services.
By accessing or using the Services, or by otherwise interacting with Gateway in a manner that causes this Privacy Policy to apply, you acknowledge the practices described in this Privacy Policy, subject to any additional notices, consents, or contractual terms that may apply in a particular circumstance.
1. Scope of This Privacy Policy
This Privacy Policy applies to personal information collected or processed by Gateway when you visit our website, request information from us, communicate with us, create or use an account, access the Services through a Customer, upload or submit content, participate in onboarding or support activities, receive communications from us, or otherwise interact with the Services in a manner that references this Privacy Policy.
This Privacy Policy does not apply to third-party websites, products, services, or practices that are not controlled by Gateway, even if those third parties are linked to or integrated with the Services. Where you interact with a third party directly, that third party's own privacy notice, terms, and practices will govern unless otherwise expressly stated.
2. Gateway's Role and Customer-Controlled Data
Gateway may process personal information both for its own business purposes and on behalf of Customers. For example, Gateway may process personal information for its own purposes when operating the public website, managing commercial relationships, communicating with prospective customers, administering accounts, maintaining security, analyzing product usage, and complying with law. Gateway may also process personal information on behalf of a Customer when providing hosted software and related services that enable that Customer to administer learning programs, manage content, assign training, monitor participation, and use AI-enabled functionality within the Customer's environment.
If you use the Services through a Customer, the Customer may control your account, determine which information is uploaded into the Services, define the applicable user roles and permissions, and decide how certain information is used within the Customer's implementation. In such cases, Gateway may process personal information in accordance with its contract with the Customer and the Customer's lawful instructions. If you have questions regarding how a Customer handles your personal information, or if you wish to exercise rights relating to information that is controlled by a Customer, you should direct your request to that Customer in the first instance.
3. Categories of Personal Information We Collect
Gateway may collect personal information that you provide directly. This may include your name, business contact information, title, company name, account credentials, authentication details, profile details, communications with Gateway, information included in demo requests or support inquiries, and any other information you choose to submit to us.
Gateway may collect personal information and business content uploaded or otherwise made available through the Services. Depending on how the Services are configured and used, this may include customer materials, standard operating procedures, manuals, training materials, playbooks, policies, process documents, survey responses, assignments, assessments, prompts, text inputs, files, images, audio, video, and other information submitted by or on behalf of a Customer or user.
Gateway may receive personal information from Customers and third parties. For example, a Customer may provide user-provisioning information, employee or contractor records, learner rosters, administrator details, applicant or candidate information, or other information that the Customer elects to use in connection with the Services. Gateway may also receive information from single sign-on providers, integrations, referral sources, analytics providers, or other third parties where permitted by law and consistent with the settings, permissions, and instructions applicable to the Services.
Gateway and its service providers may collect certain information automatically when you access or use the Services. This may include Internet Protocol address, approximate geolocation inferred from IP address, browser type, device type, operating system, language preference, referring URLs, pages viewed, time spent, interaction data, session activity, log data, diagnostic information, crash data, and other technical or usage information generated in connection with access to and use of the Services.
When the Services are used to create, assign, deliver, or manage learning journeys or related experiences, Gateway may also process information concerning participation, progress, completion status, attendance, certifications, assessments, survey results, coaching interactions, timestamps, content interactions, account settings, administrative actions, and similar records relating to the use and administration of the Services.
4. Sources of Personal Information
Gateway may obtain personal information from a variety of sources, including directly from you, automatically from your browser or device, from Customers, from identity or single sign-on providers, from integrations or third-party services enabled by you or a Customer, from marketing or analytics partners, and from other parties where legally permitted. The specific sources from which we receive information depend on the nature of your relationship with Gateway, the features used, and the manner in which the Services are implemented by the relevant Customer.
5. How We Use Personal Information
Gateway uses personal information as reasonably necessary to operate, provide, maintain, protect, support, and improve the Services and our business operations. This includes using personal information to administer accounts, authenticate users, provision access, host content, provide requested functionality, process transactions and requests, support implementation and onboarding, manage customer relationships, respond to inquiries, provide technical and customer support, and communicate with users and Customers regarding the Services.
Gateway also uses personal information to enable and administer learning, training, enablement, and related platform functions. This may include using personal information and Customer content to organize and deliver courses, journeys, assessments, certifications, reminders, analytics, reporting, coaching support, and other features made available through the Services.
Gateway may use personal information to monitor and analyze performance, troubleshoot issues, maintain reliability, conduct research and development, improve user experience, enhance accessibility and functionality, detect and prevent fraud or abuse, investigate incidents, maintain security, enforce our agreements and policies, protect our rights and interests, comply with legal obligations, and defend against legal claims.
Where permitted by applicable law, Gateway may also use personal information for marketing and business-development purposes, such as responding to requests for information, providing product updates, sending thought-leadership or promotional communications, measuring campaign performance, and improving the relevance of our outreach. You may opt out of marketing communications as described below.
6. Use of Artificial Intelligence and Automated Functionality
Certain features of the Services use artificial intelligence, machine learning, automation, and related computational tools and workflows (collectively, "AI Features") to assist Customers and users in creating, refining, organizing, customizing, and delivering learning content and related materials. Gateway may use AI Features to support, among other things, content generation, content enhancement, summarization, classification, coaching or assistance, multimedia generation, workflow support, search, and context-aware retrieval or response generation.
When AI Features are used, Gateway may process prompts, instructions, questions, uploaded materials, source documents, policies, manuals, standard operating procedures, playbooks, metadata, contextual information, and other Customer content or user inputs in order to generate or facilitate the requested functionality. Gateway may also process content through retrieval, indexing, segmentation, embedding, ranking, contextual assembly, and similar methods so that relevant materials can be identified and used in connection with a response or output at generation time.
Gateway may use third-party service providers to support AI Features and related platform operations. Depending on the feature and workflow at issue, such providers may include providers of large language models, text processing, video or voice generation, observability or orchestration tooling, cloud hosting, content delivery, storage, analytics, communications, queueing, workflow automation, database, and other technical services. These service providers may process personal information and Customer content on Gateway's behalf in order to provide the requested functionality, support system performance, prevent abuse, secure the platform, or otherwise assist Gateway in operating the Services.
Gateway does not use Customer content or personal information submitted through the Services to train public, shared, or general-purpose artificial intelligence models, except where expressly disclosed, authorized by the applicable Customer, or otherwise permitted by law. Gateway may, however, use de-identified information, aggregated information, operational telemetry, product feedback, and similar non-personal or lawfully transformed information to maintain, secure, support, analyze, and improve the Services, consistent with applicable law and contract.
Although Gateway may employ automated tools and AI Features within the Services, Gateway does not make representations in this Privacy Policy regarding the substantive accuracy or suitability of any output generated through those features. Any contractual allocation of responsibility for reviewing and approving AI-generated outputs is addressed separately in applicable terms and agreements.
7. Cookies, Analytics, and Similar Technologies
Gateway and its service providers use cookies, pixels, tags, log files, software development kits, local storage objects, and similar technologies to operate, secure, and improve the Services. The specific technologies used differ between Gateway’s public-facing marketing website and the Gateway application.
On Gateway’s marketing website, including careergateway.io, Gateway uses a consent-gated analytics model. Except for technologies used to record a visitor’s cookie or consent preferences, non-essential analytics, session-recording, and marketing-related technologies are not deployed unless and until the visitor affirmatively accepts them through the applicable cookie banner or consent tool. Where consent is provided, Gateway may use third-party tools such as Google Analytics, Microsoft Clarity, and HubSpot to analyze website traffic, understand user interactions, improve website performance and functionality, and support marketing operations.
Within Gateway’s application environment, including customer-specific subdomains and related platform environments, Gateway uses cookies and similar technologies only as necessary to authenticate users, maintain session integrity, prevent fraudulent or unauthorized activity, complete login and OAuth flows, and identify the organizational portal or context through which a user is accessing the application. These application cookies may include session, security, CSRF, callback, state, and portal-context cookies. Gateway does not use third-party analytics or marketing scripts within the application environment unless this Privacy Policy is updated to reflect such use.
Some cookies and similar technologies are necessary for the operation of the Services, while others may be used for analytics or marketing purposes where permitted by law and, where required, only after appropriate consent has been obtained. Users may be able to control certain cookies or similar technologies through their browser settings or other available tools. However, disabling certain technologies may affect the availability or functionality of portions of the Services.
Where required by applicable law, Gateway will provide legally required notice and obtain consent before deploying non-essential cookies or similar technologies. Gateway may also provide additional disclosures or controls relating to cookies, analytics, or online tracking technologies through a cookie banner, preference center, or supplemental notice incorporated by reference into this Privacy Policy.
8. How We Disclose Personal Information
Gateway may disclose personal information to Customers and their authorized personnel where necessary to provide and administer the Services. For example, personal information may be made available to a Customer's administrators, instructors, managers, or other designated personnel in connection with account administration, content management, assignment of learning journeys, reporting, support, compliance, and similar functions within the Customer's environment.
Gateway may disclose personal information to its vendors, contractors, consultants, subprocessors, and other service providers that perform services on Gateway's behalf. These may include providers of hosting, cloud infrastructure, content delivery, storage, database, analytics, communications, security, customer support, implementation, artificial intelligence processing, monitoring, and related services. Such parties are permitted to access and process personal information only as reasonably necessary to perform services for Gateway or to satisfy legal, security, or operational requirements, subject to contractual and other appropriate safeguards where required.
Gateway may disclose personal information to third parties when you or a Customer direct us to do so, including where an integration, import, export, API connection, or other third-party connection is enabled. In such cases, the third party's own terms and privacy practices may apply to information once it is provided to that third party.
Gateway may also disclose personal information to affiliated entities under common ownership or control, where reasonably necessary for internal administrative purposes, business operations, product support, security, finance, compliance, legal review, strategic planning, or other lawful business purposes consistent with this Privacy Policy.
Gateway may disclose personal information where we determine in good faith that such disclosure is necessary or appropriate to comply with law, regulation, subpoena, court order, governmental request, or other legal process; to protect the rights, property, or safety of Gateway, our Customers, users, or others; to investigate, prevent, or respond to fraud, abuse, security incidents, or unlawful activity; or to enforce contracts, policies, or legal rights.
Gateway may disclose personal information in connection with an actual or proposed merger, acquisition, financing, asset sale, corporate reorganization, bankruptcy, receivership, due-diligence process, or similar transaction. In such circumstances, personal information may be disclosed to counterparties, advisors, financing sources, and other relevant persons subject to customary confidentiality and data-handling safeguards.
Gateway may also disclose personal information with your consent, at a Customer's direction, or as otherwise described to you at the time the information is collected.
9. De-Identified and Aggregated Information
To the extent permitted by applicable law and contract, Gateway may create, use, disclose, and retain aggregated information, de-identified information, or other information that no longer identifies an individual. Gateway may use such information for lawful business purposes, which may include analytics, benchmarking, product improvement, service optimization, security, operational reporting, business planning, and research and development. Where Gateway relies on de-identification, Gateway will not intentionally attempt to re-identify such information except as permitted by law.
10. Legal Bases for Processing
Where applicable law requires Gateway to identify a legal basis for processing personal information, Gateway generally processes personal information where such processing is necessary to perform a contract, to take steps at the request of the data subject prior to entering into a contract, to comply with legal obligations, to pursue Gateway's legitimate interests and the legitimate interests of our Customers and business partners, or on the basis of consent where consent is required or otherwise relied upon. Legitimate interests may include operating and improving the Services, maintaining security, supporting Customers, conducting internal administration, protecting against fraud and abuse, and preserving or defending legal rights.
11. Retention of Personal Information
Gateway retains personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including for the duration of the relevant account or customer relationship, for support and operational continuity, to comply with legal obligations, to resolve disputes, to enforce agreements, to protect Gateway's rights and interests, and to maintain appropriate business and financial records.
Retention periods may vary based on the type of information at issue, the sensitivity of the information, the purposes for which the information was collected, the contractual relationship with the applicable Customer, applicable limitation periods, legal-hold requirements, backup and disaster-recovery cycles, suppression-list needs, and other lawful operational considerations. Where Gateway processes personal information on behalf of a Customer, Gateway may retain and delete such information in accordance with its agreement with the Customer, the Customer's instructions, and applicable law.
Please note that residual copies of information may remain in backup systems, disaster-recovery media, log files, and similar environments for a limited period of time consistent with technical and legal requirements. Gateway may also retain information necessary to document privacy requests, exercise legal rights, prevent fraud, or demonstrate compliance with applicable law.
12. Data Security
Gateway maintains reasonable administrative, technical, and organizational measures designed to protect personal information from unauthorized access, acquisition, use, disclosure, alteration, loss, or destruction. Such measures may include access controls, authentication controls, logging, monitoring, encryption or encryption-in-transit measures, vendor-management practices, and other safeguards appropriate to the nature of the Services and the information processed.
Notwithstanding the foregoing, no method of transmission over the Internet and no method of electronic storage is completely secure. Accordingly, Gateway cannot and does not guarantee absolute security. Users are responsible for maintaining the confidentiality of their login credentials and for promptly notifying Gateway if they become aware of any suspected unauthorized use of an account or other security incident involving the Services.
13. International Transfers
Gateway may store and process personal information in the United States and in other jurisdictions in which Gateway or its service providers operate. Those jurisdictions may have data protection laws that differ from the laws of your state, province, or country of residence. Where required by applicable law, Gateway will implement appropriate safeguards designed to protect personal information transferred across borders, which may include contractual safeguards or other recognized transfer mechanisms.
14. Your Rights and Choices
Depending on your location and Gateway's role in processing the information, you may have rights under applicable law with respect to your personal information, which may include the right to request access, correction, deletion, restriction, objection, portability, withdrawal of consent, or appeal of a rights decision. The availability and scope of these rights depend on the law that applies and on whether Gateway is acting as a controller, business, processor, service provider, or similar role with respect to the information at issue.
If Gateway processes your personal information on behalf of a Customer, Gateway may be required to refer your request to that Customer or to act only on that Customer's instructions. In such cases, you should direct your request to the relevant Customer in the first instance. If you contact Gateway directly regarding Customer-controlled information, Gateway may, where appropriate, forward your request to the Customer or advise you to contact the Customer directly.
When you submit a privacy request to Gateway, Gateway may take reasonable steps to verify your identity and authority before acting on the request. Verification requirements may vary depending on the nature and sensitivity of the request. Gateway may deny or limit a request where permitted by applicable law, including where Gateway is unable to verify identity, where an exception applies, where the request concerns Customer-controlled information for which Gateway is not the decision maker, or where the request is excessive, repetitive, or manifestly unfounded as permitted by law.
15. Marketing Communications
You may opt out of receiving marketing or promotional emails from Gateway by using the unsubscribe mechanism included in the communication or by contacting Gateway using the information provided below. Opting out of marketing communications will not prevent Gateway from sending transactional, account-related, security-related, service-related, or legally required communications.
16. U.S. State Privacy Disclosures
Residents of certain U.S. states may have additional rights or disclosures under applicable privacy laws. Subject to applicable exceptions and Gateway's role in processing the information, such rights may include the right to know, access, correct, delete, or obtain a copy of certain personal information, the right to opt out of certain processing activities, and the right to appeal certain request decisions. Gateway does not discriminate against individuals for exercising rights provided by applicable law.
To the extent required by California law or other applicable law, Gateway will honor applicable rights relating to access, deletion, correction, and other protected privacy requests, subject to verification and lawful exceptions. California residents may also be entitled to request information regarding certain disclosures of personal information for direct-marketing purposes, if applicable. Gateway does not knowingly sell personal information in exchange for monetary consideration in the ordinary operation of the Services as described in this Privacy Policy.
Certain browsers offer a "Do Not Track" setting or similar mechanism. Because there is not yet a universally accepted standard for how to interpret and respond to such signals across all contexts, Gateway may not respond to browser-based Do Not Track signals except to the extent required by applicable law or where a legally compliant mechanism is implemented for that purpose.
17. Third-Party Links and Services
The Services may contain links to, or permit interaction with, third-party websites, applications, plug-ins, integrations, or services that are not controlled by Gateway. Gateway is not responsible for the privacy, security, or information practices of such third parties. We encourage you to review the privacy notices and terms of those third parties before providing information to them or enabling any integration or connection.
18. Children's Privacy
The Services are intended primarily for business and organizational use and are not directed to children under the age of 13. Gateway does not knowingly collect personal information directly from children under 13 in a manner that would require parental notice and consent under applicable law unless such notice and consent have been appropriately obtained. If Gateway becomes aware that personal information has been collected from a child in violation of applicable law, Gateway will take reasonable steps to delete the information or otherwise address the issue in accordance with applicable law.
19. Changes to This Privacy Policy
Gateway may revise this Privacy Policy from time to time to reflect changes in the Services, our business practices, legal obligations, or other operational considerations. When we do so, we will post the updated Privacy Policy and revise the "Last Updated" date set forth above. If required by applicable law, Gateway will provide additional notice regarding material changes through the Services, by email, through a posting on the website, or by other appropriate means. Your continued use of the Services after the effective date of an updated Privacy Policy constitutes acknowledgment of the updated terms to the extent permitted by law.
20. Contact Information
If you have questions about this Privacy Policy or Gateway's privacy practices, or if you wish to submit a privacy-related request, you may contact Gateway at: 7950 Jones Branch Dr., Floor 8, McLean, VA 22102, or email us at [email protected].