Last revised on June 14, 2017, effective as of July 16, 2017
This policy does not apply to third parties that Customer.io does not own or control. Such third parties are not under Customer.io’s control and Customer.io is not responsible for their privacy or security practices.
Customer.io participates in and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Customer.io’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks below. In particular, Customer.io remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Customer.io proves that it is not responsible for the event giving rise to the damage.
We collect, process, and retain information from you and any devices you may use when you use or interact with our Site and Services, and in other ways described below.
We receive and store information you enter on our Site or give us in any other way, including your name, mailing address, phone number, email address, and payment information, as well as company name, and colleagues’ names and email addresses. We collect information about your use of our Site, such as the pages you view and other interactions you have. We receive and store certain types of information whenever you interact with our Site. Our Site uses “cookies,” tagging and other tracking technologies to help enable us to enhance or personalize your online browsing experience. This information includes computer and connection information such as statistics on your page views, traffic to and from our Site, referral URL, ad data, your IP address, and device identifiers. This information also may include your browsing history, transaction history, and your web log information.
We use your information to help us personalize and continually improve your experience on the Site, including fulfilling requests for information, analyzing and compiling trends and statistics, and communicating with you. For information about how to manage your information and the choices you have, see how to limit the use of your information below.
Most browsers allow you to prevent the browser from accepting new cookies, to be notified when you receive a new cookie, or to disable cookies. If you delete your cookies or if you set your browser to decline cookies, some features of the Site may not work or may not work as designed. Note that if you choose to remove cookies, you may remove opt-out cookies that affect your advertising preferences.
We partner with third-party advertising companies who also use these tracking tools to provide advertisements on other websites. These third parties may use these technologies to collect information about you when you use the Site. They may collect information about your online activities over time and across different websites and other online services. They may also use persistent identifiers to track your Internet usage across other websites in their networks beyond the Site. They may use this information to provide you with interest-based advertising or other targeted content. While we do not knowingly provide these entities with information that personally identifies you such third parties may, with sufficient data from other sources, be able to personally identify you, unknown to us.
Some content or applications on the Site may be served by unaffiliated third parties. We do not control these third parties’ tracking technologies or how they may be used. We are not responsible for the content or privacy practices on any website not operated by us to which our Site links or that links to our Site.
Your browser or device may include “Do Not Track” functionality. Our information collection and disclosure practices, and the choices that we provide to visitors, will continue to operate as described in this privacy notice, whether or not a Do Not Track signal is received.
Many of the third party advertisers that place tracking tools on our Site are members of programs that offer you additional choices regarding the collection and use of your information. You can learn more about the options available to limit these third parties’ collection and use of your information by visiting the websites for the Network Advertising Initiative and the Digital Advertising Alliance.
Similarly, you can learn about your options to opt-out of mobile app tracking by certain advertising networks through your device settings.
Please note that opting-out of advertising networks services does not mean that you will not receive advertising on other websites, nor will it prevent the receipt of interest-based advertising from third parties that do not participate in these programs. It will, however, exclude you from interest-based advertising conducted through participating networks, as provided by their policies and choice mechanisms.
This section describes our policies for handling information about End Users provided to us by our clients using our Services or other sources of their choosing. We provide our clients with the ability to create profiles of their End Users in order to effectively communicate with them via marketing communications tools like email, analytics services, and the ability to export information, at our client’s direction, to other applications. To do this, our clients integrate our technology into their applications, websites, or other online services.
In the course of providing Services to our clients, Customer.io collects personally identifiable information (“PII”) about End Users of our clients. Customer.io uses this information to provide our Services to our clients.
PII is information that is linked or linkable to you. The PII we collect includes name, address, phone number, or email address, which you may have provided to our client. Customer.io takes precautions not to collect, and, if discovered, will not retain, passwords, credit card, and certain other information submitted through our services.
We may automatically collect information about your use, navigation of, and interactions with our clients’ applications, websites, or other online services when our client has installed our technology on its properties.
Cookies that we set on our clients’ websites expire after three years and the expiration date updates every time you encounter our server. Customer.io retains standard web log data 5 years after you visit a client’s website, and aggregations and reports for up to 10 years after you visit a client’s website.
Customer.io may provide services or sell products jointly with affiliated businesses. We may share End User information collected from our clients that is related to such transactions with those affiliated businesses. We require our affiliates, via contract, to provide the same level of privacy protection as set forth in this policy and they do not have the right to share or use PII for any purpose other than for an authorized transaction.
If we ever were to engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected or subsequently authorized, we would provide you with an opt-out choice to limit the use and disclosure of your personal data.
This section describes our policies for our clients’ use of the Customer.io Site and Services.
We receive and store any information clients enter on the Site, through the Services, or provide to us in any other way. Clients can choose not to provide us with certain information, but then they may not be able to take advantage of many of our features. We use clients’ PII for such purposes as responding to their requests for Services, customizing the content they see, communicating with them about our products, and marketing our Services to them.
In order for clients to use all of our features, they must register with Customer.io. We require clients’ e-mail addresses and passwords during the registration process.
Further information may be required if clients choose to purchase paid components of the Services, such as credit card and billing information. Customer.io uses third party partners for credit card processing who may require and store your credit card and billing information.
If a client purchases Customer.io’s online tools to collect and analyze user and usage data for its websites, applications, or services, Customer.io will communicate with it about the services it purchases by e-mail. Clients consent to receiving such confirmations by e-mail. If clients contact us via e-mail, we may retain a record of their contact information and any information they provide us in their messages to respond to them. We may receive a confirmation when clients open an e-mail from Customer.io.
We may also send e-mails with news or promotions. If clients do not want to receive news or promotional e-mail from us, please contact us at email@example.com (this will not affect e-mails related to certain important, legal, or service-related messages such as outage information).
To improve our Services, we may receive information about clients from other sources and add it to our account information. Like the information clients provide to us, we do not share this information with anyone except authorized third parties in connection with providing clients with our Services.
If you are a California resident, California law permits you to request certain information regarding the disclosure of your PII by us and our related companies to third parties for the third parties' direct marketing purposes. To make such a request, please send your request, by mail or email, to the addresses listed at the end of this policy.
We employ other companies and people to perform tasks on our behalf and need to share client and End User information with them to provide products and services. Examples include billing, processing payments, providing marketing assistance, and providing customer service. Our agents use the same level of privacy protection as we do. Unless we tell you differently, Customer.io does not share, and Customer.io’s agents do not have any right to use, PII collected from our Site and Services beyond what is necessary to assist us.
In some cases, we may change our ownership or corporate organization, or may choose to buy or sell assets. End User information may be transferred to another entity, its affiliates, or service providers in connection with the transaction. You acknowledge that such transfers may occur, and that Customer.io or its successor organization may continue to use your information as set forth in this policy.
We may release PII when we in our sole discretion believe in good faith that release is necessary or appropriate to comply with the law, enforce or apply our conditions of use and other agreements, or protect the rights, property, or safety of Customer.io, our employees, our clients, or others. We also may be required to disclose an individual’s PII in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Clients’ Customer.io account information is protected by a password for your privacy and security as well as other reasonable security measures. We use reasonable safeguards to protect the security of clients’ information during transmission, including by encrypting all of the information clients input. Only employees or agents who need PII to perform a specific job are granted access to it. All of our employees are kept up to date on our privacy and security practices.
While Customer.io uses commercially reasonable means to secure information provided to us, we do not guarantee that such information will not be improperly accessed, disclosed, or destroyed by breach of any of our safeguards. Clients and End Users are responsible for the security of their information that is transmitted to us or that is viewed, downloaded, or otherwise accessed when using unencrypted, public or otherwise unsecured networks.
You are able to access, add to, update, correct, amend, or delete certain information about you, including PII. When you update information, however, we often maintain a copy of the unrevised information in our records. A client may deactivate its Customer.io account by following the deactivation process set forth on the Site. Some information may remain in our records after account deletion. Please contact us at firstname.lastname@example.org if you have questions or concerns about accessing, correcting, or deleting your PII.
EU and Swiss data subjects have a right to access their information. Please see the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks section below.
If you use our Websites outside of the United States, you understand and consent to the transfer of your personal information to, and the collection, processing, and storage of your personal information in, the United States and elsewhere. The laws in the U.S. and these countries regarding personal information may be different than the laws of your state or country.
Customer.io’s Site is not intended for children under the age of 18. Accordingly, we will not knowingly collect or use any PII from children that we know to be under the age of 18. If we become aware of PII in our database that was collected from a child under 18, we will delete such information.
For purposes of this section only, the following definitions shall apply:
“Agent” means any third party that collects or uses personal information under the instructions of, and solely for, Customer.io or to which Customer.io discloses personal information for use on Customer.io’s behalf.
“Personal information” means any information or set of information that identifies or could be used by or on behalf of Customer.io to identify (together with other information) a living individual. Personal information does not include information that is anonymized or aggregated. For the purposes of data received from Switzerland under the Swiss-U.S. privacy shield, personal information also includes ideological views or activities, information on social security measures or administrative or criminal proceedings and sanctions.
“Sensitive information” means any personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information that concerns health or sex life, and information about criminal or administrative proceedings and sanctions.
Customer.io will subject all personal information received via the EU-U.S. and Swiss-U.S. Privacy Shields to these Principles.
Choice: Customer.io will offer individuals the opportunity to choose whether their information is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by contacting us at the address given below. Customer.io offers an opt-out to individuals whose personal information is disclosed to non-agent third parties. Additionally, Customer.io will not use sensitive personal information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless Customer.io has received the individual’s affirmative and explicit consent (opt-in). Customer.io will treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.
Data Integrity: Customer.io will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Customer.io will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete and current.
Transfers to Agents: Customer.io contracts with third parties who perform business functions on our behalf. Customer.io uses these third parties to assist with activities such as billing, processing payments, providing marketing assistance, and providing customer service. These entities may have access to personal information if needed to perform their functions for Customer.io.
For information received under the Privacy Shield, Customer.io will require its agents to safeguard personal information consistent with this Policy by contract, obligating the agent to provide at least the same level of protection as is required by the Privacy Shield Principles.
Under certain circumstances, Customer.io may bear liability for onward transfers of personal data where its agent processes personal data inconsistent with the Privacy Shield Principles, unless Customer.io proves that it is not responsible for the event giving rise to the damage.
Access and Correction: Upon request, Customer.io will grant individuals reasonable access to personal information that it holds about them. In addition, Customer.io will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. An individual may request to access their information, or otherwise correct, amend, or delete their information by contacting us at the address given below.
Security: See “Information Security,” above.
Customer.io will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that Customer.io determines is in violation of this policy will be subject to disciplinary action.
Customer.io is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Customer.io has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
If you have any questions or concerns regarding privacy at Customer.io, please send us a detailed message to email@example.com or to Peaberry Software Inc. at 921 SW Washington St, Suite #820, Portland, OR 97205. Your privacy is important to us and we will make every effort to resolve your concerns.
Last Updated: June 14, 2017