Last Updated 1/28/20
Your privacy is important to us. This Privacy Statement applies to collection, use, and disclosure of personal information through all of the sites, products, services and developer modules offered by Apptentive Inc. or its subsidiaries or affiliated companies that link to this Privacy Statement, including https://apptentive.com. It does not apply to sites or services that link to different privacy statements. Sometimes, we may post product specific privacy notices or Help Center materials to explain our products and related privacy policies in more detail.
This Privacy Statement does not apply to the activities of our customers that use our services to collect information from their end users (the “Apptentive Customers”). Each of the Apptentive Customers are responsible for establishing their own privacy statement that describes those activities. If you are interested in how the Apptentive products and services process your information as a part of a website or application operated by an Apptentive Customer, please review their privacy statement. Please see the Section “Information we collect and use on behalf of our customers” for more information.
Information we collect and how we use it
The personal information we collect depends on how you interact with us, the products you use, and the choices you make. We collect and process personal information about you with your consent and/or as necessary to provide the products you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests.
We collect information about you in various ways when you use our websites and services, including information you provide directly, information collected automatically, and third-party data sources:
- Information you provide – Contact information. when you sign up for an Apptentive Account, we ask you for personal information such as name, email address, and other information. If you choose to create your account using a third-party platform (e.g. Google or Github), we may collect your profile information from such third-party as described in their privacy statements.
- Demographic data. When you register or at other times, we request that you provide demographic details.
- Content and files. We also collect information and files you send to us, should you choose to contact us through our customer support or related contact information. If you send us email messages or other communications, we will collect and retain those communications.
- Information collected automatically – As discussed further below under “Cookies and similar technologies”, when you visit certain sites or use certain products, some information is collected automatically. For example, when you visit our websites, our web servers automatically log your computer’s operating system, Internet Protocol (IP) address, access times, browser type and language, the website you visited before our site, and your activity on our websites.
- Identifiers and device information., when you visit our websites, our web servers automatically log your computer’s operating system, Internet Protocol (IP) address, access times, and information about your device, including device identifiers (such as MAC address), device type, browser type, operating system, and language
- Usage data. We automatically log your activity on our websites and connected services, including the URL of the website from which you came to our sites.
- Information we create or generate. We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your city, state, and country location based on your IP address.
- Third-party sources – We may obtain information from third parties. We process information obtained from third parties as described in this statement (Contact information, demographic data, identifiers and device information, geolocation data, inferences), plus any additional restrictions imposed by the source of the information. These third-party sources include:
– Data sources that provide us with marketing leads or customer referrals;
– Third party partners: Applications and services, such as social networks, that make users’ information available to others;
– Partners with which we offer co-branded services or joint marketing activities; and
– Publicly-available sources, such as open government databases.
Cookies and similar technologies (California ‘Do Not Sell My Info’
Our web pages may also contain electronic images known as web beacons that we use to help deliver cookies on our websites, count users who have visited those websites, and gather usage and performance data. We also include web beacons in our email messages or newsletters to determine whether you open and act on them.
Our websites may include web beacons and cookies from third-party service providers. In some cases, that is because we have hired the third party to provide services on our behalf, such as site analytics. In other cases, it is because our web pages contain content or ads from third parties, such as videos, news content, or ads delivered by other ad networks. Because your browser connects to those third parties’ web servers to retrieve that content, those third parties are able to set or read their own cookies on your device and may collect information about your online activities across websites or online services. These third parties may combine this information with other information that you’ve provided to them or that they’ve collected from your use of their services.
This information is used to store your preferences and settings, enable you to sign-in, analyze how our websites and apps perform, track your interaction with the site or app, develop inferences, deliver advertising, combat fraud, and fulfill other legitimate purposes. We and/or our partners also share the information we collect or infer with third parties for these purposes.
The third-party analytics providers we use include: Marketo, Hubspot, Bizible, Google, Crazy Egg, New Relic, Sumo, and Disqus. Many third-party analytics providers allow you to opt-out from their collection or use. For more information, click on the links above.
Our third-party advertising partners include: Adroll, Facebook, Google, Twitter, G2Crowd, and LinkedIn. You may find more information on each company’s practices, including the choices it offers, by clicking on the above. Many of them are also members of the Network Advertising Initiative (NAI) or Digital Advertising Alliance (DAA), which each provide a simple way to opt out of ad targeting from participating companies., which you can access at http://www.networkadvertising.org/managing/opt_out.aspx, http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/.
California “Do Not Sell My Info”
The California Consumer Protection Act (“CCPA”) requires us to disclose categories of personal information sold to third parties and how to opt-out of future sales. The CCPA defines personal information to include online identifiers, including IP address, cookies IDs, and mobile IDs. The law also defines a “sale” to include simply making data available to third parties in some cases. We let advertising and analytics providers collect IP addresses, cookie IDs, mobile IDs through our sites and apps when you use our online services, but do not “sell” any other types of personal information.
If you do not wish for us or our partners to “sell” your personal information to third parties for advertising purposes, you can make your Do Not Sell Request by visiting the links set out above.
Note that although we will not “sell” your personal information after you exercise the choices at those links, we will continue to share some personal information with our partners (acting as our service providers) to help us perform advertising-related functions such as, but not limited to, measuring the effectiveness of our ads, managing how many times you may see an ad, reporting on the performance of our ads, ensuring services are working correctly and securely, providing aggregate statistics and analytics, improving when and where you may see ads, and/or reducing ad fraud. Further, exercising this choice will not necessarily opt you out of the use of previously sold personal information or stop all interest-based advertising. If you access this site (or app) from other devices or browsers, visit the links above from those devices or browsers to ensure your choice applies to the data collected when you use those devices or browsers.
Other information related to your right to opt-out from sales of personal information is contained in the California Privacy Rights section of this statement.
Use of information
We use personal information collected through our products for purposes described in this privacy statement or otherwise disclosed to you. For example, we use personal information to:
- provide and deliver our products, including securing, troubleshooting, improving, and personalizing those products;
- operate our business, such as improving our internal operations, securing our systems, and detecting fraudulent or illegal activity;
- understand you and your preferences to enhance your experience and enjoyment using our products;
- provide customer support and respond to your questions;
- send you information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
- communicate with you about new products, offers, promotions, rewards, contests, upcoming events, and other about our products and those of our selected partners (see the Choices section of this privacy statement for how to change your preferences for promotional communications); and
- display advertising to you (see the “Cookies and similar technologies” section of this privacy statement for information about your advertising choices)
In carrying out these purposes, we combine data we collect from different sources to give you a more seamless, consistent, and personalized experience.
Information we collect and use on behalf of Apptentive Customers
Below are some examples of this:
- End user communications – If you are using an application that utilizes our services for purposes of communicating with the one an Apptentive Customer, we may retain and process those communications and related information on behalf of the applicable Apptentive Customer. When you send and receive feedback messages to or from one of our services, we may collect and maintain information associated with those messages, such as the phone number, your email address, details about your device, your operating system, the wireless carrier associated with the phone number, the content of the message, and the date and time of the transaction.
- Location – Apptentive offers location-enabled services, tied to its tools and services. If you use those services on an application or website maintained by an Apptentive Customer, Apptentive may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location (such as a cell ID).
- Unique application number – Certain services maintained by Apptentive collect a unique application number. This number and information about your installation (e.g., operating system type, version number) may be sent to Apptentive when you use the Apptentive-enabled application to give feedback, send messages, or when that service periodically contacts our servers (for example, to request automatic updates to the software).
- We provide information to our subsidiaries and affiliated companies. We may also share your information with other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with our appropriate data protection, confidentiality, and security requirements and that they may not use personal information they receive from us for other purposes.
- We may share information where we have a good faith belief that access, use, preservation or disclosure of your information is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, (b) protect our rights or property, including to enforce applicable Terms of Service or agreements, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of Apptentive, its users or the public as required or permitted by law.
- We may disclose your personal information as a part of a merger, acquisition, divestiture, or any form of sale of some or all of its assets. Please note that some of our products include references or links to products provided by third parties whose privacy practices differ from ours. If you provide personal information to any of those third parties, or consent to our sharing personal information with them, that data is governed by their privacy statements.
- You can request access to, and rectification or erasure of, personal information;
We use this information collected on behalf of our customers for the purposes directed by the applicable Apptentive Customer.
We share personal information with your consent or as necessary to complete your transactions or provide the products you have requested or authorized. For example, when you provide payment data to make a purchase, we will share that data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services. In addition, we share information in the following ways:
Retention of personal information
Third party analytics and advertising companies also collect personal information through our website and apps including, transaction details, account information, marketing and communications data, demographic data, content and files, geolocation data, usage data, and inferences associated with identifiers and device information (such as cookie IDs, device IDs, and IP address) as described in the Cookies and similar technologies section of this statement.
Finally, we may share de-identified information in accordance with applicable law.
We retain personal information for as long as necessary to provide the products and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types in the context of different products, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations.
Location of Personal Information
The personal information we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. Currently, we primarily use data centers in the United States. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps designed to ensure that the data we collect under this statement is processed according to the provisions of this statement and applicable law wherever the data is located.
We transfer personal information from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use a variety of legal mechanisms, including, where appropriate, contracts, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal information protections, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
We take reasonable and appropriate steps designed to protect against unauthorized access, use, alteration, disclosure or destruction of personal information.
Access, correction, and deletion. If you wish access, correct or delete certain personal information about you that we hold, you may log in to the customer portal.
If you cannot access certain personal information we collect via the customer portal or Apptentive products or services you use, you can always contact us as described at the bottom of this privacy statement. However, to the extent permitted by applicable law, we reserve the right to charge a fee or decline requests that are unreasonable, excessive, or prohibited by law, could adversely affect the privacy or other rights of another person, or where we are unable to authenticate you as the person to whom the data relates.
Communications preferences. You can choose whether you wish to receive promotional communications from us. If you receive promotional email messages from us and would like to stop, you can do so by following the directions in that message. These choices do not apply to mandatory service communications that are part of certain of our products, or to surveys or other informational communications that may have their own unsubscribe method.
Cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can set your browser to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our website. See the “Cookies and similar technologies” section of this privacy statement for more details.
Advertising and analytics. Our third-party analytics and advertising partners typically provide options to opt-out of certain information collection or use. See the “Cookies and similar technologies” section of this privacy statement for more details.
Do Not Track
Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Our websites do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described above.
European data protection rights
If the processing of personal information about you is subject to European Union data protection law, you have certain rights with respect to that data:
- If any automated processing of personal information is based on your consent or a contract with you, you have a right to transfer or receive a copy of your personal information in a usable and portable format;
- If the processing of personal information is based on your consent, you can withdraw consent at any time for future processing;
- You can to object to, or obtain a restriction of, the processing of personal information under certain circumstances; and
- For residents of France, you can send us specific instructions regarding the use of your data after your death.
When you are asked to provide personal information, you may decline. But if you choose not to provide information that is necessary for certain products or features, those products or features may not be available or function correctly.
California Privacy Rights
Some If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that information.
Right to Know. You have a right to request that companies provide you with the following information:
Note that the CCPA defines “business purpose” broadly; and because we use service providers for a number of business purposes that require access to our systems that hold personal information (such as supplying cloud data storage, maintaining the security of our systems, and providing customer support), in the past 12 months we have disclosed for a business purpose data from each of the categories of personal information we maintain.
The categories of personal information we have sold about you (if any), for each category of third parties to which the personal information was sold. Note that [[the CCPA defines “sell” and “personal information” very broadly, and some of our data sharing described in this privacy statement may be considered a “sale” under those definitions. In particular, we let advertising and analytics providers collect IP addresses, cookie IDs, and mobile IDs through our sites and apps when you use our online services, but do not “sell” any other types of personal information. We provide our “Do Not Sell My Info” disclosures in the “Cookies and similar technologies” section of this statement.
You may make such a “request to know” by contacting us on our preference page. Note that we have provided much of this information in this privacy statement. Right to Request Deletion. You also have a right to request that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to delete, contact us on our preference page. Right to Opt-Out. You have a right to opt-out from future “sales” of personal information. To do so, please visit the “Cookies and similar technologies” of this policy. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us. Further, to provide or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. Finally, you have a right to not be discriminated against for exercising rights set out in the CCPA. To make such requests, contact us at the contact information set forth below. When we are processing data on behalf of another party that is the “data controller,” such as the Apptentive Customers, you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns. Apptentive complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Apptentive has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. Privacy Matters
European data protection rights
Privacy Shield Frameworks
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Apptentive is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
In certain situations, Apptentive may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
If third-party agents process personal information on our behalf in a manner inconsistent with the principles of either Privacy Shield Framework, we remain liable unless we prove we are not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, Apptentive commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this Privacy Statement should first contact Apptentive at firstname.lastname@example.org, or:
c/o Apptentive Inc.
24 Roy St, #440
Seattle, WA, 98109-4018
Right to Request Deletion. You also have a right to request that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to delete, contact us on our preference page.
Right to Opt-Out. You have a right to opt-out from future “sales” of personal information. To do so, please visit the “Cookies and similar technologies” of this policy.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us. Further, to provide or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. Finally, you have a right to not be discriminated against for exercising rights set out in the CCPA.
To make such requests, contact us at the contact information set forth below. When we are processing data on behalf of another party that is the “data controller,” such as the Apptentive Customers, you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
Apptentive complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Apptentive has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Questions, comments or complaints regarding Apptentive’s Privacy Statement or data collection and processing practices can be mailed or emailed to the contact information set forth below.
Apptentive has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Questions, comments or complaints regarding Apptentive’s Privacy Statement or data collection and processing practices can be mailed or emailed to:
Attn: Legal Department
24 Roy St, #440
Seattle, WA, 98109 -4018
Changes to this Privacy Statement
Please note that this Privacy Statement may change from time to time. When we post changes to the statement, we will change the “Last Updated” date at the top of the statement. If we make material changes to the statement, we will provide notice or obtain consent regarding such changes as may be required by law.