We are committed to protecting your privacy, being transparent about the Personal Data and other information being collected, and exceeding information security standards for protecting that data. With our Services, we have worked to build features that give customers more control over their data, like IP anonymization and data redactions. We also are certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks established by the U.S. Department of Commerce regarding the handling of Personal Data transferred from the European Union and Switzerland to the United States, as discussed more below.
Information we collect and our use of that information
When you interact with us via the Services, we may collect Personal Data and other information from you, as further described below.
AUTOMATICALLY COLLECTED DATA
When you interact with us through the Services, we automatically receive and store certain information such as your Internet Protocol (“IP”) address, browser type, referring URL, operating system and information on the time and click behavior of the visitor during a browser session. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. We may store such information on our systems or such information may be included in databases owned and maintained by our agents or service providers. The Services may use such information and pool it with other information to track, for example, the total number of visitors to our Site, the number of visitors to each page of our Site, and the domain names of our visitors’ Internet service providers, so that we can better understand usage as well as make improvements. We treat this information as Personal Data if it relates to an identified or identifiable individual and is transferred to us by a visitor to the Site or user of the Services in the EU or Switzerland, as applicable.
PERSONAL DATA THAT YOU PROVIDE THROUGH THE SERVICES
In operating the Site, we and our third-party providers set and use a technology called “cookies.” A cookie is a piece of information that the computer that hosts our Site gives to your browser when you access the Site. Our cookies help provide additional functionality to the Site, help us analyze Site usage more accurately, and deliver targeted advertising. Moreover, on the console website accessible by our customers in relation to their use of the Services, we use analytics cookies (namely, Google Analytics), described below.
We also use pixel tags (usually in combination with cookies), from the third parties described below, to get information about your usage of the Services and your interaction with email or other communications. Pixel tags are a technology similar to cookies that can be embedded in online content or within the body of an email for the purpose of tracking activity on websites (for example, to know when content has been shown to you), or to know when you have viewed particular content or a particular email message.
The Site uses the following technologies:
- Strictly Necessary Cookies: Used to provide users with the Services and to use some of their features, such as the ability to log-in and access secure areas. These cookies are served by Signal Sciences and are essential for using the Services. Without these cookies, users will not receive the full intended purposes of our service offerings. Because these cookies are strictly necessary to deliver the Services, you cannot refuse them.
- Analytics/Performance Cookies: We use “analytics” cookies, described below, that allow us to recognize and track visitors to see how visitors move around our Services when they are using them. This helps us to improve the way our Services work, for example by making sure users are finding what they need easily. The collected data provides us only with traffic statistics (like pages viewed, number of visitors, and time spent on each page).
- Google Analytics, a web analytics service provided by Google Inc. (“Google”). A Google Analytics cookie is also used on the console website accessible by our customers in relation to their use of the Services. The information collected by Google (including your IP address) will be transmitted to and stored by Google on servers in the United States (Google is certified to the Privacy Shield for data transfers). How long a Google Analytics cookie remains on your computer or device depends on what it is and what it is used for. Some Google Analytics cookies expire at the end of your browser session, whilst others can remain for up to two years. You can prevent your data from being collected by Google Analytics on our Site by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser. For more information on Google Analytics privacy practices, read here.
- Crazy Egg and New Relic. These cookies track users as they navigate the Site. These cookies only collect your IP address, which is anonymized and not recorded by us. For more information about the privacy policies and practices for these providers read here and here.
- DoubleClick. Enables Google and its partners to serve ads to you based on your visit to our Site. DoubleClick cookies expiration can range from 2 months to 2 years. Learn more about Google’s privacy practices here. You may opt out of personalized advertising by visiting Google’s Ads Settings here. You can also prevent your data from being collected by DoubleClick on our Site by downloading and installing the DoubleClick Opt-out Browser Add-on for your current web browser.
- HubSpot. Provides us with information on your use of our Site. We may use this information to enable us to provide you with information which we believe will be of interest to you. Some HubSpot cookies expire at the end of your browser session, while others can remain for up to 13 months (for more details, please read here). Learn more about HubSpot’s privacy practices here and, for more details on the types of cookies used by HubSpot, read here.
- Bing. We use Bing Ads Universal Event Tracking (UET) tracking cookies which allow us to advertise on third party websites through the Bing Ads Advertising network (an advertising service provided by Microsoft, Inc.). These cookies collect information about your online activities once ads have been clicked, including pages you visited and time spent on each. Some cookies expire at the end of your browser session, while others can remain for up to 2 years. Learn more about Bing’s privacy practices here and details on the Universal Event Tracking here. You can opt out of receiving interest-based advertising from Microsoft as described in the Microsoft’s opt-out page.
- Yahoo/Gemini. We use Yahoo/Gemini tracking tags, via a single pixel, to advertise on third party websites. These tags collect information about your online activities once ads have been clicked, including pages you visited and time spent on each. You can learn more about these tags here.
- Social Media Cookies. These cookies are used when you engage with our content on or through a social networking website such as Facebook, Twitter, Quora, or LinkedIn. The social network will record that you have done this.
You can manage cookies in your web browser, including accepting, rejecting, or deleting cookies. On most web browsers, you will find a “help” section on the toolbar that can help in that process. Please also refer to this section for information on how to receive notification when you are receiving a new cookie and how to turn cookies off. We recommend that you leave cookies turned on because they allow you to take advantage of some of the Services features.
Most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit the Network Advertising Initiative’s online resources at http://optout.networkadvertising.org/?c=1 and follow the opt-out instructions there or, if you are located in the European Union, visit the European Interactive Digital Advertising Alliance’s Your Online Choices opt-out tool here. If you want to know more about cookies, some resources to get you started include: www.aboutcookies.org or www.allaboutcookies.org.
AGGREGATED PERSONAL DATA
In an ongoing effort to better understand and serve the users of the Services, we often conduct research on our customer demographics, interests and behavior based on the Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate and anonymous basis, and we may share this aggregate and anonymized data with our agents and business partners. We may also disclose aggregated and anonymized user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
We collect on behalf of our customers very limited data from users of the Services, primarily IP addresses, which is collected along with usage data, in part, via cookies (“Customer Data”). This data is collected for providing our Services to customers, protecting the systems supporting our Services, ensuring all the necessary functions of the Services are working properly, gathering necessary analytics, and ensuring compliance with our contractual agreements, or as may be required by law. Our use of Customer Data is governed by our contract with the specific customer and the customer’s own privacy policies. Signal Sciences will not review, share, distribute, or reference any such Customer Data except as provided in the Signal Sciences Master Customer Agreement (or other contract documents), or as may be required by law.
Our disclosure of your personal data and other information
Signal Sciences is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below.
As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event (collectively a “Transaction”), Personal Data may be part of the transferred assets.
AGENTS, CONSULTANTS AND RELATED THIRD PARTIES
Signal Sciences, like many businesses, sometimes hires other companies to perform certain business-related functions, such as (i) mailing information, (ii) hosting, cloud service providers and other information technology providers, (iii) processing payments, (iv) web analytics providers, (v) providers of digital advertising services and (vi) providers of CRM, marketing and sales software solutions. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific function.
Signal Sciences may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation or respond to lawful requests by public authorities, including to meet national security or law enforcement requirements, (ii) protect and defend the rights or property of Signal Sciences, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.
You can visit the Site without providing any Personal Data and/or disabling cookies. If you choose not to provide any Personal Data or disable cookies, not all of the functions on the Site may be functional. As noted above, you may “opt out” of marking communications by following the instructions contained in all such communications.
To keep your Personal Data accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update or correct Personal Data in our possession that you have previously submitted via the Site or Services.
Please read the General Data Protection Regulation (“GDPR”) section below for information on rights granted by the GDPR to users in the EU (and, to the extent applicable, Switzerland).
Links to other web sites
Signal Sciences takes reasonable steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Site or Services may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any Personal Data to us via the Internet.
If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications and request that we delete information about you in accordance with our policies.
To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case it is no longer Personal Data.
Your California privacy rights
If you are a California resident, please click here to learn more about your privacy rights.
Online Tracking and Do not track
The Privacy Shield Program
We may be accountable for the Personal Data we receive under the Privacy Shield that we may transfer onward to third-party service providers (as described in the “Our Disclosure Of Your Personal Data And Other Information” section above) if they process Personal Data in a manner inconsistent with the Privacy Shield Principles and we are responsible if they do so and for the harm caused.
You have certain rights to access, correct, amend, or delete Personal Data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles. You can contact us as described in the “Contact Us” section below. We will respond to your request within a reasonable timeframe. Please see the “General Data Protection Regulation (“GDPR”) section below for more information on the rights of individuals in the EU and, as applicable, Switzerland. When we process Customer Data on behalf of our customers, we will process such requests pursuant to our contract with the applicable customer.
Pursuant to the Privacy Shield Principles, Signal Sciences is dedicated to resolving any concerns or complaints about our collection or use of your Personal Data. Individuals in the EU and Switzerland that have questions or complaints regarding our Privacy Shield policy should start by contacting us at: firstname.lastname@example.org. If your complaint cannot be resolved through our internal processes, please contact our U.S.-based third party dispute resolution provider JAMS (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield. Signal Sciences will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at https://www.jamsadr.com/international-mediation-rules/. The mediator, or you, also may refer the matter to the U.S. Federal Trade Commission, which has Privacy Shield investigatory and enforcement powers over Signal Sciences.
If your complaint is not resolved through these channels, under certain circumstances, you may be able to invoke binding arbitration before a Privacy Shield Panel to address complaints about Signal Sciences’ compliance with the Privacy Shield Principles. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
The General Data Protection Regulation (“GDPR”)
Signal Sciences is the data controller for processing Personal Data provided by our Services visitors, but we act as data processor on behalf of our customers for Customer Data that we process on behalf of customers through the Services. You can find our contact details under the “Contact Us” section below.
LAWFUL BASIS FOR PROCESSING
We rely on the following legal bases for the processing of Personal Data we collect or process about you:
- Processing of our customers’ Personal Data for the purpose of fulfilling our customer contract, including accepting payments and providing relevant customer support, is necessary to perform our contract with the applicable customer or, as applicable, to take steps at the request of the data subject before entering into a contract.
- We process Personal Data as necessary for certain legitimate interests, as follows:
- To respond to your inquiries and fulfill your requests for products and services;
- To customize our Services for you. For example, we use information on your use of Services features, including information that we obtain through cookies and other technologies, to better understand your needs and interests in order to personalize your experience with our Services by presenting content or functionalities tailored to your interests;
- To send administrative information to you, for example, information regarding the Site, and changes to our terms, conditions, and policies;
- If you ask us to delete your data and we are required to fulfil your request, to keep basic data to identify you and prevent further unwanted processing;
- To prevent fraud or criminal activity, misuse of our products or services, and ensure the security of our IT systems, architecture and networks; and
- To comply with legal obligations and legal process and to protect and defend our rights, privacy, safety or property, and/or that of our customers or other third parties.
- Marketing. We rely on your consent to contact you to tell you about services we believe will be of interest to you. You may opt out of receiving such emails at any time by following the instructions contained in each promotional email we send you. In addition, if at any time you do not wish to receive future marketing communications, please contact us as described below.
Subject to applicable EU law (and, to the extent applicable, Swiss law), you have the following rights in relation to your Personal Data that we hold about you:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of all Personal Data you are lawfully entitled to receive along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it.
- Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent, where applicable.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing.
- Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by us by automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format.
- Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
- If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing or
- If we are processing your Personal Data for direct marketing. We may keep minimum information about you in a suppression list in order to ensure your choices are respected in the future and to comply with data protection laws (such processing is necessary for our and your legitimate interest in pursuing the purposes described above);
- Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
- Right to lodge a complaint with the data protection authority: you have the right to lodge a complaint to the data protection authority that is authorized to hear those concerns if you believe Signal Sciences has not complied with the requirements of the GDPR regarding your Personal Data.
You may exercise your rights by contacting us as indicated under “Contact Us” section below.
Signal Sciences, LLC
600 Corporate Pointe, Suite 1200
Culver City, CA 90230
Data Protection Officer: Lindsey Lowe