Privacy Notice
Incorporating Rypple.ai services following acquisition
Version 12.2 | Last Updated: May 2026 | Effective Date: June 2, 2026
Betterworks Systems, Inc. (“Betterworks,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Notice (“Notice”) describes how we collect, use, disclose, and safeguard your personal data, and outlines the choices and rights available to individuals.
ACQUISITION NOTE: This Notice applies to all Betterworks products and services, including those previously offered as part of Rypple.ai. References to “Betterworks” throughout this Notice include the Rypple platform and related services accessible at Rypple.ai.
Scope of This Notice
This Notice applies to:
Individuals who visit our websites (“Visitors”)
Individuals who register to attend our events (“Attendees”)
Companies and their end-users who register to use our applications and services (“Customers”)
Individuals who use the Rypple platform and related services at Rypple.ai (“Users”)
This Notice does not apply to third-party services not operated by Betterworks.
Applicable Regulations
We are committed to protecting your privacy in accordance with the highest applicable standards of data protection law. The regulations below apply depending on your location, but should not be considered an exhaustive list. Where multiple laws apply, we apply the most protective standard for the individual.
Regulation | Jurisdiction | Key Requirements |
GDPR | EU / EEA | Lawful basis, data subject rights, DPO, SCCs for transfers |
PIPEDA + Quebec Law 25 | Canada | Consent, access, rectification, privacy officer publication |
CCPA / CPRA | California, USA | Know, delete, opt-out of sale/sharing, sensitive data limits |
CPA | Colorado, USA | Access, correction, deletion, opt-out of profiling, appeal |
VCDPA | Virginia, USA | Access, correction, deletion, opt-out, appeal |
CTDPA | Connecticut, USA | Access, correction, deletion, opt-out, appeal |
UCPA | Utah, USA | Access, deletion, opt-out of sale / targeted advertising |
EU-US / Swiss-US DPF | US ↔ EU / UK / CH | Certified transfer mechanism; BBB Programs dispute resolution |
NOTE: Users in the EU and EEA are protected by GDPR. Where GDPR applies, it is treated as the applicable standard for those users.
Contents
1. Betterworks as Data Controller & Data Processor
2. Websites, Mobile Applications & Platforms
3. Betterworks Platform
4. Legal Bases for Processing
5. Information We Collect
6. Disclosure of Personal Information
7. Your Choices and Controls
8. Accessing and Updating Your Information
9. Data Security & Compliance
10. International Data Transfers
11. Data Privacy Framework (DPF)
12. California Privacy Rights (CCPA/CPRA)
13. Automated Decision-Making
14. Children’s Privacy
15. Privacy Officer
16. Updates to This Notice
17. Contact Information
1. Betterworks as Data Controller & Data Processor
Betterworks processes personal data in two distinct roles:
As a Data Controller
We act as a data controller when we determine the purposes and means of processing personal data, including when you:
Visit our websites or mobile applications (including Rypple.ai)
Register for events or webinars
Subscribe to marketing communications
Interact with us for sales or support
As a Data Processor
We act as a data processor when we process personal data on behalf of our Customers. In this case:
The Customer is the data controller
We process data only according to the Customer’s instructions and applicable agreements
If you are an employee or end-user of a Customer, please contact your organization directly for privacy-related requests.
Where Betterworks processes personal data subject to the EU-U.S. Data Privacy Framework (DPF), UK Extension, or Swiss-U.S. DPF, we comply with the DPF Principles in our role as a controller and, where applicable, as a processor.
2. Websites, Mobile Applications & Platforms
This Notice applies to Betterworks websites and applications, including:
https://rypple.ai and associated Rypple subdomains and applications
Betterworks and Rypple mobile applications
3. Betterworks Platform
Betterworks provides Customers a performance management platform that enables goal setting, feedback, check-ins, and performance reviews to support organizational performance and engagement.
Following the acquisition of Rypple.ai, our Services also include the Rypple platform’s scheduling, engagement, and related features accessible at Rypple.ai.
4. Legal Bases for Processing
We process personal data based on the following legal grounds:
Consent – where you have given permission
Contractual Necessity – to perform a contract
Legitimate Interests – for business operations, where not overridden by your rights
Legal Obligation – to comply with applicable laws
We process personal data only for the purposes for which it was collected or subsequently authorized, and do not process it in a manner incompatible with those purposes. Where we rely on consent, you may withdraw it at any time. Where we rely on legitimate interests, you may object to such processing.
5. Information We May Collect
When using websites, related applications, services, or events offered by or related to Betterworks (together, the “Services”), Betterworks may process personal data including, but not limited to:
Customer Data
Confidential or proprietary information supplied by Customers
User Account Information
Profile details within the Betterworks or Rypple platform
Name, email address, job title, company, phone number
On the Rypple platform: age, gender, and location (where provided)
NOTE: Age, gender, and location data collected on the Rypple platform are treated as sensitive categories under applicable law. See Section 5 — Sensitive Personal Data for the heightened protections that apply.
Usage Information
User activity within the Betterworks and Rypple platforms
Content users submit
Event Information
Registration and attendance details for Betterworks marketing events and webinars
Technical Data
Device, log, and system information
IP address, browser type, time stamps, and usage patterns
Google Account and Calendar Data (Rypple.ai)
If you choose to sign in using your Google account, we use your Google account information (name, email address, profile picture) solely to authenticate your identity and enable access to our Services.
If you grant optional access to your Google Calendar, that data is used only to display your events and manage scheduling within the platform. We do not use or share Google user data for advertising, marketing, analytics, or any purpose unrelated to core platform functionality.
Our use of Google data complies with the Google API Services User Data Policy, including the Limited Use requirements. You can revoke Google access at any time at https://myaccount.google.com/permissions.
Cookies and Tracking
We use cookies and similar tracking technologies to improve user experience and analyze usage. Please refer to our Cookie Consent and Preference Management platform located in the footer of the web page.
Cookie Consent and Preference Management Platform
We implement a Cookie Consent and Preference Management platform that allows you to make granular choices about which non-essential cookies are placed on your device. In most cases, based on targeted geography, non-essential cookies are not placed until you provide affirmative consent.
Types of cookies we use:
Strictly Necessary — Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Preference / Functional — Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Statistics — Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Marketing / Targeted Advertising — Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
You can change or withdraw your cookie preferences at any time by:
Clicking the “Cookie Preferences” icon in the lower left in the footer of our website
Configuring your browser to block or delete cookies (note: this may affect functionality)
Visiting the Google advertising opt-out page at www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/
Sensitive Personal Data
Betterworks generally prohibits the processing of sensitive personal data (e.g., government IDs, financial data, health data).
Where sensitive personal data is processed by Betterworks as a data controller, we will obtain affirmative express consent (opt-in) or otherwise ensure processing is permitted by applicable law.
Where sensitive personal data is processed by Betterworks as a data processor, processing shall be at the discretion and consent of the Customer.
In some cases, Betterworks permits the optional transmission of special categories of personal data — including racial or ethnic origin, gender identity, and sexual orientation — where applicable and at the consent and discretion of the Customer.
For all sensitive categories and special categories, we apply the following heightened protections:
Data is collected only with explicit consent or as strictly necessary to provide the requested service
Data is not sold or shared for advertising or marketing purposes
Additional access controls and encryption are applied
You may opt out at any time via your account settings or by emailing us (See Contact Information below)
Data Minimization and Retention
We limit data collection to what is necessary and retain personal data only for as long as needed to fulfill the purposes described or comply with legal obligations.
Data Aggregation and Anonymization
Betterworks may aggregate metadata and usage data such that personal information is no longer identifiable (“Aggregated Anonymous Data”). Aggregated Anonymous Data may be used for:
Internal statistical analysis
Developing and improving the Services
Creation and distribution of reports and other materials regarding use of the Services
6. Disclosure of Personal Information
Betterworks does not sell personal data. We may disclose personal data in the following circumstances:
To Service Providers & Sub-Processors
Third parties who perform services on our behalf under contractual obligations that require them to protect your data and use it only for the purposes for which it was shared. Additional information about sub-processors is available at the Betterworks Sub-Processors page.
To Third-Party Services
Some third-party services may require compliance with their independent privacy policies. The Betterworks web and mobile applications may permit the integration of Google Services; use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
The terms of a third-party provider (“3PP”) may govern the use of AI and large language model (LLM) services or features. Currently, the OpenAI Terms of Service govern the 3PP-hosted LLM and are available here: https://openai.com/policies/business-terms.
Under these business terms, OpenAI will not use business data to train their models. AI and LLM services may only be used in supported jurisdictions (see https://platform.openai.com/docs/supported-countries). For more information on AI use at Betterworks see https://www.betterworks.com/ai-terms-and-conditions and https://www.betterworks.com/responsible-ai-policy.
For Legal Reasons
To comply with law enforcement or legal obligations:
Subpoena or similar legal processes
Requests from government or data protection authorities
To enforce our rights:
Defend the rights, property, or safety of Betterworks and third-parties
Investigations of fraud, abuse, or security issues
Business Transfers
In connection with mergers, acquisitions, or asset sales.
With Consent
Where you explicitly agree.
Your Right to Opt-Out
You have the right to opt out of:
Disclosure to non-agent third-parties
Use for materially different purposes
To exercise this right, contact us.
We require third-parties to provide the same level of data protection as required under applicable laws and the DPF Principles.
7. Your Choices and Controls
Depending on your location and applicable law, your privacy rights may include the following:
Right | Description |
Right to Access | Obtain a copy of personal data we hold about you |
Right to Rectification / Correction | Correct inaccurate or incomplete personal data |
Right to Erasure / Deletion | Request deletion (subject to legal retention requirements) |
Right to Data Portability | Receive data in a structured electronic format |
Right to Object / Opt-Out | Object to processing for marketing, profiling, or data sale / sharing |
Right to Restrict Processing | Limit how we use your data in certain circumstances |
Right to Withdraw Consent | Withdraw consent at any time, without penalty |
Non-discrimination | No degraded service for exercising privacy rights |
Right to Appeal | Appeal our response to a rights request to the relevant authority |
Lodge a Supervisory Complaint | File with a data protection authority |
As a Data Controller
You may:
Opt out of marketing communications
Withdraw consent where applicable
Object to or restrict processing
Opt out of the sale or sharing of your personal data (see Section 6)
Opt out of targeted advertising and profiling via our Cookie Consent & Preference Management platform.
To exercise these rights: please click “unsubscribe” in any email or contact us.
As a Data Processor
Please contact your organization’s administrator to exercise rights related to your personal data. Betterworks will assist our Customer (the controller) in responding to your request, as required by law.
Filing an Appeal
If you disagree with how we resolved your rights request, you may file a complaint or appeal with the relevant authority:
Colorado: https://coag.gov/office-sections/consumer-protection/
Virginia: https://www.oag.state.va.us/consumer-protection/index.php
Connecticut: https://portal.ct.gov/AG
Canada: https://www.priv.gc.ca/en/
EU/EEA: Contact your local Data Protection Authority — https://edpb.europa.eu/about-edpb/about-edpb/members_en
DPF disputes: BBB National Programs — https://bbbprograms.org/programs/all-programs/dpf-consumers
8. Accessing and Updating Your Information
You have the right to:
Access your personal data
Correct or delete your data
Request data portability
Restrict or object to processing
We will respond to requests within forty-five (45) days or as required by applicable law. We will verify your identity before processing requests.
If we deny your request, you may appeal by contacting us, or by filing a complaint with the relevant supervisory authority listed in Section 7.
9. Data Security & Compliance
We implement reasonable technical and organizational safeguards to protect personal data, including:
Encryption in transit (TLS) for all personal data exchanged between your browser and our services
Encryption at rest for sensitive data categories
Role-based access controls limiting employee access on a need-to-know basis
Regular security assessments and penetration testing
Contractual requirements on all third-party processors to maintain equivalent security measures
However, no system is completely secure. Given the nature of information processing systems and the internet, it is impossible to guarantee absolute security during transmission or storage. Should you suspect a security breach related to your information, please report it by emailing breach@betterworks.com.
If you are a resident of the European Economic Area (EEA) as defined by GDPR, you may have additional rights regarding breach notification. Under GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach.
10. International Data Transfers
Personal data may be transferred to the United States and other countries where Betterworks or its affiliates, subsidiaries, or third-party service providers maintain facilities or personnel. These countries may have data protection laws that are different from, and in some cases less protective than, the laws of your country.
We follow applicable data protection laws when transferring personal data. We rely on:
Data Privacy Framework (DPF) — for transfers from the EU, UK, and Switzerland to the US (see Section 11)
Standard Contractual Clauses (SCCs) — approved by the European Commission for EEA-to-third-country transfers
PIPEDA equivalent-protection assessments — for data transferred outside Canada; where a receiving jurisdiction does not offer comparable protections, we implement contractual safeguards
Other lawful mechanisms — as required by applicable law
If you are a resident of or visitor from the EEA, United Kingdom, or Switzerland, we will protect your personal data when it is transferred outside of such locations by processing it in a territory which the European Commission has determined provides an adequate level of protection, or by implementing appropriate safeguards.
11. Data Privacy Framework (DPF)
Betterworks complies with the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. DPF as set forth by the US Department of Commerce (DOC).
We adhere to the DPF Principles of:
Notice: Organizations must publicly state their privacy practices, including their commitment to the DPF Principles, the types of data collected, choices available for limiting its use, and their liability for onward transfers
Choice: Individuals must be given clear mechanisms to "opt-out" if their personal information is to be disclosed to a third party or used for a materially different purpose than originally authorized
Accountability for Onward Transfer: To maintain privacy protections when transferring data to a third party, organizations must ensure the receiving party provides the same level of protection and enter into a contract to enforce this.
Security: Organizations must take reasonable and appropriate technical and physical measures to protect personal data from loss, misuse, unauthorized access, or disclosure.
Data Integrity and Purpose Limitation: Personal information must be limited to what is relevant for the processing purpose, and organizations should only retain data for as long as it serves that purpose.
Access: Individuals must have the ability to access, correct, amend, or delete their personal information held by the organization.
Recourse, Enforcement, and Liability: Organizations must provide robust mechanisms for individuals to resolve complaints (often a free, independent dispute resolution body) and assure compliance, which is enforceable by the U.S. Federal Trade Commission (FTC) or Department of Transportation.
If there is any conflict between the terms in this Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.
Learn more: https://www.dataprivacyframework.gov/.
Your Rights Under DPF
You may:
Access your data
Request correction or deletion
Limit use and disclosure
Choice
You may opt out of:
Disclosure to third parties
Use for new purposes
Sensitive data requires opt-in consent.
Onward Transfers
We remain responsible for third-party processing under DPF. Betterworks remains liable under the DPF Principles if its onward transfer recipients process personal data in a manner inconsistent with the DPF Principles, unless Betterworks proves that it was not responsible for the event giving rise to the damage.
Dispute Resolution
Individuals with DPF inquiries or complaints should first contact us at: security@betterworks.com.
Betterworks has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. This service is provided free of charge.
If unresolved, complaints may be submitted to BBB National Programs: https://bbbprograms.org/programs/all-programs/dpf-consumers.
Regulatory Oversight
Betterworks is subject to enforcement by the U.S. Federal Trade Commission (FTC). We cooperate with:
EU Data Protection Authorities (DPAs)
UK Information Commissioner’s Office (ICO)
Swiss Federal Data Protection and Information Commissioner (FDPIC)
Binding arbitration may also be available for unresolved complaints. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf.
12. California Privacy Rights (CCPA/CPRA)
We do not sell personal information to third-parties (pursuant to California Civil Code §§ 1798.100–1798.199), nor do we share personal information with third-parties for their direct marketing purposes (pursuant to California Civil Code § 1798.83).
California residents have the right to:
Know about the personal information a business collects about them and how it is used and shared
Request correction of personal information collected from them
Request deletion of personal information collected from them (with some exceptions)
Opt out of the sale or sharing of their personal information
Opt out of automated decision-making
Opt out of or limit the use of sensitive personal information
Not be discriminated against for exercising these rights
To exercise rights: please contact us.
We will respond to verified requests within forty-five (45) calendar days as required by law. We do not knowingly sell the personal information of consumers under 16 years of age.
13. Automated Decision-Making
Betterworks may use automated tools, including artificial intelligence, to support Services. These do not currently result in decisions with legal or similarly significant effects without human involvement, as defined under GDPR Article 22.
We may use automated processing of personal data — including profiling — for:
Personalizing content, recommendations, and in-app experiences based on usage patterns
Fraud detection and security risk scoring
Targeted advertising based on inferred interests and behavior (where consent is given)
Performance insights and analytics delivered to Customers as part of the platform
Your rights regarding automated processing:
Under GDPR Article 22: the right not to be subject to a decision based solely on automated processing that produces significant legal or similar effects
Under CPRA, CPA, VCDPA, CTDPA, and UCPA: the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects
To opt out of profiling for advertising purposes: use the Cookie Consent and Preference Management platform.
Depending on your jurisdiction, you may also have rights related to automated processing under applicable state or national law. Contact us to exercise these rights.
14. Children’s Privacy
Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children under 18. This threshold reflects the requirements of Quebec Law 25 and our broader commitment to heightened protection for minors.
When we collect age-related information at registration, users who indicate they are under 18 are prevented from creating an account. If we become aware that we have inadvertently collected personal data from a person under 18, we will promptly delete that information. Please contact us if you believe a child’s data has been collected.
15. Privacy Officer
Betterworks has designated a Privacy Officer responsible for overseeing compliance with this Notice and applicable data protection laws.
Role | Director, Information Security |
Privacy Inquiries | security@betterworks.com |
EU/EEA residents may raise a complaint directly with their national Data Protection Authority. A list of EU DPAs is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
16. Updates to This Notice
We may update this Notice periodically. Changes will be posted on this page with an updated effective date. We encourage you to review this Notice periodically to stay informed on our privacy practices. Your continued use of our Services constitutes your agreement to be bound by changes to this Notice. Your only remedy, if you do not accept the terms of this Notice, is to discontinue use of our Services.
17. Contact Information
For security or privacy-related inquiries, to exercise your rights, or to report a security incident, please use the following:
Betterworks
General Inquiries | support@betterworks.com |
Compliance Inquiries | security@betterworks.com |
Breach Reporting | breach@betterworks.com |
Mailing Address | Betterworks Systems, Inc., 101 Jefferson Drive, 1st Floor, Menlo Park, CA 94025 USA |
Rypple.ai
General Inquiries | |
Compliance Inquiries | |
Breach Reporting | breach@betterworks.com |
Privacy Inquires |
