Privacy Notice

Blindside Networks Privacy Notice

Blindside Networks Inc. (“Blindside,” “we”, “us”, “our”)

We are committed to protecting and respecting privacy. This Privacy Notice explains how we process Personal Data in connection with our website, our business relationships, and our Services.

For the purposes of this Notice, “Personal Data” means any information relating to an identified or identifiable individual.

1. Our role in relation to Personal Data

Blindside does not always act in the same role for all processing activities. Depending on the context, Blindside may act either as:

A. Data processor

Blindside acts as a data processor when we process Personal Data on behalf of our customers in connection with the provision of the hosted BigBlueButton platform and related support services. In that case, our customer (for example, a school, university, training provider, or employer) is the data controller and determines the purposes of the processing and the essential means.

This will generally apply to Personal Data processed in connection with:

  • user access to customer-hosted sessions;
  • live classroom and meeting functionality;
  • chat, audio, video, shared content, and attendance features;
  • recordings enabled by the customer;
  • support and troubleshooting performed on the customer’s instructions.

B. Data controller

Blindside acts as an independent data controller for certain limited processing activities carried out for our own purposes, including:

  • operating our website;
  • responding to enquiries;
  • managing business relationships with prospective and existing customers;
  • account administration, billing, invoicing, and contract management;
  • service security, abuse prevention, and infrastructure monitoring;
  • Blindside’s own marketing communications;
  • compliance with legal and regulatory obligations.

Where Blindside acts as a processor, individuals should also consult the privacy notice of the relevant customer, as that organisation is responsible for explaining why the service is being used and identifying the applicable legal basis.

If you have any questions about this Privacy Notice, or wish to exercise your rights where Blindside acts as a controller, please contact: privacy@blindsidenetworks.com.

2. Why and how we process Personal Data

Our processing activities differ depending on our relationship with you and whether we act as a controller or processor.

A. Representatives of current or prospective customers

When you act on behalf of an existing or prospective customer or partner, we refer to you as a Representative.

In this context, Blindside generally acts as a controller.

Categories of Personal Data

  • name;
  • business email address;
  • business phone number;
  • employer;
  • job title.
  • account credentials where applicable.
  • correspondence and support communications.
  • marketing preferences.

Why we process this data.

We process this data to:

  • respond to enquiries.
  • provide demonstrations, quotations, onboarding, and commercial information.
  • establish and manage our relationship with the organisation you represent.
  • provide customer support.
  • send service-related communications.
  • send marketing communications were permitted by law or where you have subscribed.

Legal basis

Depending on the circumstances, we rely on:

  • steps taken prior to entering into a contract.
  • performance of a contract.
  • legitimate interests in managing and developing our business relationships.
  • consent where required for marketing communications.
  • compliance with legal obligations.

B. End users of the Services

When you access or use the hosted BigBlueButton platform provided to a customer, we refer to you as an End User.

In this context, Blindside generally acts as a processor on behalf of the relevant customer.

What this means

Blindside processes End User Personal Data only to provide the Services to the customer and on the customer’s documented instructions. The relevant customer determines the purpose of the processing, the lawful basis relied upon, whether recordings are enabled, what reports are generated, and how long data is retained.

Categories of Personal Data processed on behalf of customers.

  • Depending on the customer configuration and enabled features, we may process:
  • account information, such as name, email address, user ID, and profile photo.
  • identification and technical information, such as IP address, browser type, device information, and session logs.
  • session participation information, such as meeting ID, attendance data, content shared in a session, and participation events.
  • audio, video, chat, whiteboard, screen-sharing, and other session content.
  • recordings and transcripts, where recording or transcription features have been enabled by the customer.
  • diagnostic and technical support data required to maintain service availability, integrity, and security.

Purposes of processing

We process this data on behalf of customers in order to:

  • provide access to the hosted service.
  • enable live sessions and related features.
  • support customer-configured attendance, moderation, accessibility, recording, and reporting functions.
  • provide support and troubleshooting.
  • maintain service security and reliability.

Important

Blindside does not determine the customer’s legal basis for this processing and does not use service content for its own independent purposes unless expressly stated otherwise in this Notice and lawfully permitted.

Any questions about the customer’s use of Personal Data, including why a session is recorded or whether attendance analytics are used, should be directed first to the relevant customer.

C. Visitors to our website

When you browse our website without using the hosted service as an end user, we refer to you as a Visitor.

In this context, Blindside generally acts as a controller.

Categories of Personal Data

  • name and email address where you submit an enquiry.
  • technical and usage information, such as date and time of visit, country-level location, language preferences, pages viewed, referring URLs, and cookie-related data.

Why we process this data.

We process this data to:

  • respond to enquiries.
  • operate and secure the website.
  • understand website usage.
  • improve website performance and user experience.
  • manage cookie preferences and consent where required.

Where cookies or similar technologies are used for analytics, personalisation, or marketing, further details are provided in our cookie notice or cookie management tool.

3. Recordings, transcripts, attendance and analytics in the Services

Because these features raise particular transparency concerns, we explain them separately.

Recordings and transcripts

Where recording or transcription features are enabled within the Services, Blindside processes recordings and transcripts as a processor on the customer’s instructions. The relevant customer is responsible for:

  • deciding whether such features are enabled;
  • identifying a lawful basis;
  • giving appropriate notice to participants;
  • obtaining consent where required by law;
  • setting retention periods.

Blindside does not independently decide that a customer session should be recorded.

Attendance and participation reporting

Where attendance, reporting, or session insights features are enabled, Blindside processes the underlying data on behalf of the customer to provide those features. The customer is responsible for determining whether and how those features are used and for informing users accordingly.

Service diagnostics and security.

Blindside may process technical and event data to maintain platform integrity, prevent abuse, troubleshoot issues, and ensure service security. Where such processing is undertaken for Blindside’s own service security and resilience purposes, Blindside may act as a controller for that limited processing. Blindside does not use this as a basis to repurpose meeting content for unrelated commercial use.

4. Children’s Personal Data

The Services may be used by educational institutions and other organisations in contexts involving children.

Where Blindside processes children’s Personal Data through the hosted Services, it does so as a processor on behalf of the relevant customer. The relevant customer is responsible for ensuring that:

  • there is a lawful basis for the processing;
  • notices are given to students, parents, and guardians where required;
  • any required consent is obtained;
  • recordings and monitoring features are used lawfully and proportionately.

Blindside does not directly determine the educational purpose for which children’s Personal Data is processed through the customer’s use of the Services.

5. Who we share Personal Data with

We may share Personal Data with third parties where necessary for the purposes described in this Notice. See table below.

Where Blindside acts as a processor

Where Blindside processes Personal Data on behalf of a customer, we may disclose that data to authorised subprocessors engaged to support the delivery of the Services, such as infrastructure, hosting, support, and security providers, subject to contractual and data protection safeguards.

Where Blindside acts as a controller

Where Blindside acts as a controller, we may share Personal Data with:

  • hosting and cloud infrastructure providers.
  • payment processors.
  • customer support providers.
  • professional advisers, such as lawyers, auditors, and insurers.
  • marketing, communications, and CRM providers.
  • regulators, law enforcement, courts, or public authorities where required by law.
  • other recipients where disclosure is necessary to establish, exercise, or defend legal claims.

We require service providers acting on our behalf to process Personal Data only on our instructions and under appropriate confidentiality and security obligations.

A list of relevant providers may be made available on request or in a separate subprocessor list.

6. Legal bases for processing

A. Where Blindside acts as a controller.

Where Blindside acts as a controller, the legal basis depends on the activity and the applicable law.

EEA / UK

We may rely on:

  • contract or steps taken before entering a contract.
  • legal obligation.
  • legitimate interests, including managing customer relationships, securing our systems, preventing fraud and abuse, and improving the reliability of our services.
  • consent, where required, particularly for certain marketing or cookie-related processing.

Canada

Where Canadian law applies, we process Personal Data in accordance with applicable privacy law, including obtaining consent where required and ensuring that any consent relied upon is meaningful and appropriate in context. Where commercial electronic messages are sent, applicable anti-spam requirements must also be met.

California and other U.S. state laws

Where applicable U.S. privacy laws apply, we process Personal Data for the business and commercial purposes described in this Notice and provide the rights required by applicable law.

B. Where Blindside acts as a processor.

Where Blindside acts as a processor, the legal basis for the processing is determined by the relevant customer as controller, not by Blindside. Blindside processes such data only on documented instructions, unless otherwise required by applicable law.

7. Marketing communications

Blindside may send marketing communications about our own products and services were permitted by law and, where required, with consent.

You can opt out of marketing communications at any time by using the unsubscribe link in the message or by contacting privacy@blindsidenetworks.com.

Opting out of marketing communications does not affect service, transactional, security, or administrative communications.

Blindside does not treat participation in a customer’s session as consent to receive Blindside marketing.

8. Your rights

Your rights and choices

You may have choices regarding our processing of your Personal Data:

A. Opting in/out of receiving electronic communications from us.

Subject to applicable laws, we will rely on your consent to send electronic marketing communications. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails or by contacting our DPO at privacy@blindsidenetworks.com. Please note that you may still receive transactional communications if you opt-out of receiving marketing-related emails from us.

B. Your data protection rights.

Depending on your location and subject to applicable law, you may have certain rights regarding your Personal Data, including:

  • The right to access Personal Data relating to you (‘access right’).
  • The right to rectify/correct Personal Data relating to you (‘right to rectification’).
  • The right to object to processing of Personal Data relating to you (‘right to object’).
  • The right to restrict the processing of Personal Data relating to you (‘right to restriction’).
  • The right to erase/delete Personal Data relating to you (i.e., the “right to erasure”) and
  • The right to ‘port’ certain Personal Data relating to you from one organisation to another (‘right to data portability’).

Where our processing of your Personal Data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.

These rights are not absolute and only apply in certain circumstances. You may exercise any of the above rights by e-mailing our DPO at privacy@blindsidenetworks.com.

You may also lodge a complaint with your local supervisory authority with respect to our processing of your Personal Data.

The local Supervisory Authority in Ireland where our GDPR Article 27 Representative is located is the Data Protection Commission. The website is www.dataprotection.ie. In Canada, the federal Supervisory Authority is the Office of the Privacy Commissioner of Canada.

Where our processing of your personal data is based on your consent to that processing, you may have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.

Where Blindside acts as a processor

Where Blindside processes your Personal Data on behalf of a customer, requests relating to that processing should generally be directed to the relevant customer first. Blindside will assist customers with such requests where required by law or contract.

For rights requests or questions, contact: our DPO privacy@blindsidenetworks.com.

9. Security and retention

We implement appropriate technical and organisational measures to protect Personal Data against unauthorised access, loss, misuse, alteration, or disclosure.

No system can be guaranteed to be completely secure, and transmission over the internet involves inherent risks.

Retention

  • Where Blindside acts as a controller, we retain Personal Data only for as long as necessary for the purposes described in this Notice, including legal, accounting, security, dispute resolution, and operational requirements.
  • Where Blindside acts as a processor, retention of service data is generally determined by the relevant customer, subject to limited retention required for security, backup, troubleshooting, legal obligations, or the orderly operation of the service.

Residual copies may remain in backups for a limited period where necessary for resilience and disaster recovery.

10. International transfers

Blindside and its service providers may process Personal Data in jurisdictions outside your own.

Where Blindside transfers Personal Data internationally, we implement appropriate safeguards as required by applicable law, which may include:

  • adequacy decisions.
  • standard contractual clauses.
  • transfer risk assessments.
  • additional technical, organisational, or contractual protections.

Where Blindside acts as a processor, such transfers are undertaken in support of the Services and subject to the customer agreement and applicable data protection requirements.

11. Links and social media

Our website may contain links to third-party sites and services. Those third parties have their own privacy notices, and we are not responsible for their practices.

We also maintain social media accounts and may use embedded social media features on our website. These may place cookies or collect usage data subject to the third party’s own privacy practices.

Where required by law, non-essential cookies and similar technologies will be used only with appropriate consent.

12. Jurisdiction-specific information and exercising those rights.

  • Australia. If you are an Australian resident and you have any questions or concerns regarding how we process your Personal Data under this Notice, please contact our DPO at privacy@blindsidenetworks.com. You may also to contact the Office of the Australian Information Commissioner.
  • UK. If you are a resident of the UK, and you have any questions or concerns regarding how we process your Personal Data under this Notice, please contact our DPO at privacy@blindsidenetworks.com or our Article 27 UK Rep, DPCSL Ltd., at ellis_dpcsl@outlook.com You may also contact the UK Information Commissioner’s Office.
  • Switzerland. If you are a resident of Switzerland and you have any questions or concerns regarding how we process your Personal Data under this Notice or the Swiss Federal Act on Data Protection, please contact our DPO at privacy@blindsidenetworks.com.
  • Brazil. If you are a resident of Brazil and you have any questions or concerns regarding how we process your Personal Data under this Notice or the Lei Geral de Proteção de Dados Pessoais, please contact our DPO at privacy@blindsidenetworks.com.
  • Argentina If you are an Argentinian resident and you have any questions or concerns regarding how we process your Personal Data under this Notice, please contact our DPO at privacy@blindsidenetworks.com. You may also to contact the Argentinian data protection authority (AAIP)

United States – California.
If you are a resident of California and would like to exercise your right to request access to the personal information collected about you by Blindside Networks Inc, or would like to request that your personal information be deleted, as outlined in the California Consumer Privacy Act (CCPA), you may so initiate the process by e mail us privacy@blindsidenetworks.com. If you would like to be unsubscribed from Blindside Networks Inc marketing emails, please email us at privacy@blindsidenetworks.com.

Please note that Blindside Networks Inc does not and will not sell your information as such terms are defined in the CCPA. We respect your browsers Universal opt out signal.

YOUR CALIFORNIA PRIVACY RIGHTS

This document supplements the information contained in our Privacy Notice and applies solely to California Consumers, as defined by the California Consumer Privacy Act of 2018 (“CCPA”).

Information We Collect, Use, and Disclose.

Blindside Networks Inc collects, uses, and discloses Personal Information about California Consumers for business purposes only, and which are consistent with applicable laws. Where Blindside Networks Inc discloses Personal Information to third parties, it requires that they only use the personal information for the business purposes described below. It also requires that such parties maintain the personal information’s confidentiality, and that appropriate systems and processes are in place to ensure its security. Blindside Networks Inc does not and will not sell your Personal Information.

In addition to the uses set forth above, Blindside Networks Inc may use and share various categories of Personal Information to provide our service, see summary tables in section 1.

  • In addition, we may also use and share personal information :
  • To comply with applicable legal and regulatory requests and obligations (including investigations).
  • To establish or defend legal claims and allegations.
  • For security or the prevention, detection, or investigation of fraud, suspected or actual illegal activity, or other misconduct.
  • To seek advice from lawyers, auditors and other professional advisers.

Your Rights and Choices.

If you are a consumer located in California, we process your personal information in accordance with the California Consumer Privacy Act (“CCPA”). You have a right to receive notice of our practices at or before collection of personal information. This section provides additional details about the personal information we collect and use for purposes of CCPA. To the extent the CPRA applies to our processing of your personal information, you are entitled to the following rights:

  • Right to Access/Know. You have the right to request what personal information we have collected, used, disclosed, and sold about you, unless doing so proves impossible or would involve disproportionate effort. You may only make a request for access twice within a 12-month period.
  • Right to Deletion. You have the right to request the deletion of your personal information that we collect or maintain, subject to certain exceptions. For example, if we are required by law to retain the information that you are asking to be deleted, we would not be able to delete the information until we are legally permitted to delete it.
  • Right to Correct. You have the right to correct inaccurate personal information that we collect or maintain.
  • Right to Opt Out of Sale/Sharing. You have the right to opt out of the sale or sharing of your personal information to third parties. See our opt out icon
  • Right to Non-Discrimination. You have the right to not receive discriminatory treatment if and when you exercise your privacy rights under the CPRA.
  • Right to Limit Use of Sensitive Personal Information. You have the right to limit the use of your sensitive personal information when such use goes beyond that which is necessary for providing the Services or certain other permissible purposes like fraud, customer service or quality control. Sensitive information includes Social Security number, driver’s license number, biometric information, precise geolocation, and racial and ethnic origin.

If you are a California resident and wish to exercise your privacy rights, you may submit a request by email at privacy@blindsidenetworks.com.To exercise your right to opt out of the sale/share of your information via cookies, please visit our CMP tool on our website

For requests submitted via telephone, you must provide us with sufficient information that allows us to reasonably verify you are the person about whom we collected the personal information and describe your request with sufficient detail to allow us to properly evaluate and respond to it. In doing so, we will take steps to verify your request by matching information provided by you with the information we have in our records. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information, including, for example, details of your relationship with us (e.g., nature of relationship, date of last contact, etc.).

Only you, or a person that you authorise to act on your behalf may make a request related to your personal information. If you are an authorised agent making a request on behalf of another individual, you must provide us with signed documentation that you are authorised to act on behalf of that individual.

Access to Specific Pieces of Personal Information

You have the right to request the specific pieces of personal information we (and any third parties which are Service Providers to Blindside Networks Inc) have collected about you over the past 12 months.

Request for Deletion of Personal Information

You have the right to request that we (and any third parties which are Service Providers to Blindside Networks Inc) delete your Personal Information, subject to certain exceptions. These exceptions include:

  • Completing the transaction for which we collected the personal information, providing a good or service that you requested, taking actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise performing our contract with you.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, or prosecuting those responsible for such activities.
  • Debugging products to identify and repair errors that impair existing intended functionality.
  • Exercising free speech, ensuring the right of another consumer to exercise their free speech rights, or exercising another right provided for by law.
  • Complying with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engaging in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enabling solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Complying with a legal obligation;
  • Making other internal or lawful uses of that information that are compatible with the context in which you provided it.

Exercising Your Access and Deletion Rights.

To exercise the rights described above, please submit a verifiable consumer request via email to privacy@blindsidenetworks.com. Please note that under the CCPA, you may only make such a request twice within a 12-month period. Blindside Networks Inc will respond appropriately within the required timeframes of the CCPA.

When you exercise these rights and submit a request to us, we will verify your identity by asking you to log in to your account if you have one with us. Or if you do not, we may ask for your email address and for instance an order number from a previous order. We also may use a third-party verification provider to verify your identity.

Marketing Opt-Out Requests.

If you wish to opt out of receiving marketing related communications from us, please send a email to privacy@blindsidenetworks.com.

Non-Discrimination.

We will not discriminate against you for exercising your rights under the CCPA. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level of quality of goods or services.

Other US State Laws, as these emerge, please contact our DPO.

Global Privacy Control signals. We honour the Global Privacy Control (GPC) opt-out preference signals.

If you have any questions or complaints, please contact our DPO at privacy@blindsidenetworks.com

13. Complaints

If you have concerns about how Blindside processes Personal Data, please contact our DPO at privacy@blindsidenetworks.com.

14. Changes to this Notice

We may update this Privacy Notice from time to time. Where required by law, we will notify you of material changes. The latest version will always be made available through the relevant channel, including our website where appropriate.

15. Contact details

Questions, comments, requests and complaints regarding this Notice and your Personal Data we hold are welcome and should be addressed to our DPO at privacy@blindsidenetworks.com.

All requests will be dealt with promptly and efficiently.

If you have questions or wish to lodge a complaint about how your Personal Data is being processed by us (or third parties as described above), or how your complaint has been handled, you have the right to contact a supervisory authority and also our Data Protection Officer at privacy@blindsidenetworks.com.

Our Data Protection Officer may be contacted at privacy@blindsidenetworks.com.

Our EU Rep is Data Ocean Ltd trading as Data Compliance Europe
12 City Gate
Lower Bridge Street, Dublin 8
Ireland
Email: hello@datacomplianceeurope.eu
Our UK Rep is DPCSL Ltd., at ellis_dpcsl@outlook.com
This Notice is effective from May 18th, 2026

Schedule 1 – Categories of third-party providers

Schedule 1

We have set out below a list of some third parties with whom we share your Personal Data. A full list is available on request.

Third party name  Description of services provided
AWS Amazon Web Services Cloud Service Providers
Digital Ocean                                                  Cloud Service Providers
DocuSign                                               Digital signatures
Google  Emails/document management/ Analytics
Baycloud Systems (Ireland) Ltd            CMP Cookie tool
Mailchimp                         Email marketing
Mailgun                                 Email marketing
Microsoft                                document management
Microsoft Azure                 Cloud services
Zendesk/ Zensell Customer support
Stripe                                              Payment services
Dropbox                                           Document management
QuickBooks                                      Invoicing