.svg?format=pjpg&auto=webp){kind=logo}
.svg?format=pjpg&auto=webp)
.svg?format=pjpg&auto=webp)
.svg?format=pjpg&auto=webp)
.svg?format=pjpg&auto=webp)
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
Privacy Policy
Last Updated: July 1, 2024
Contentstack Inc. ("Contentstack") operates a family of websites including, but not limited to contentstack.com and contentstack.io (“Site” or “Sites”), as well as providing software as a service (SaaS) for businesses (“Services”). It is Contentstack's policy to respect your privacy regarding any information we may collect while operating our Sites and using our Services in accordance with applicable laws.
This privacy policy (the "Privacy Policy") is intended to inform you of how Contentstack ("Contentstack” or "us" or “we”) gathers and uses personal information and data submitted to the Sites and Services. In this Privacy Policy, "user" or "you" means any person viewing the Sites, it also means any person subscribing to or using the SaaS. By using the Sites and Services, you are indicating your consent to this Privacy Policy.
Please address any questions or concerns regarding data privacy to us at privacy@contentstack.com or at
Privacy Questions:
Contentstack Inc.
315 Montgomery St., Suite 909
San Francisco, CA 94104
CLASSIFICATION OF USERS
There are four (4) types of users who may be connected to our services.
“Visitors” are people who visit our Site without logging on or requesting information.
“Customers” are persons who, on behalf of themselves or an entity request information from us regarding SaaS or related services or use of Services via log-on to our Site either for a limited time free trial or by purchasing the SaaS we offer.
“Referral Partners” are persons who on behalf of themselves or an entity request information from us regarding referrals of business entities or other Referral Partners that are interested in purchasing our Services or having us refer them with the consent of the business entity.
For purposes of this Privacy Policy, we are the Data Controller only with respect to our sales, customer service management and billing operations and any interactions with Visitors, Referral Partners or Customers via our Services and Sites.
END USER INFORMATION
In the course of Customers using our Services, their customers, members, contractors or employees (“End Users”) may provide personally identifiable information using the Services End User data from customers or users of our customer’s services is under the control of the Customer, who is the data controller.
Except as expressly set forth in this Privacy Policy, we will not sell or disclose or use End User personal data or content to any third parties without the authorization of the controller.
End User information which may be considered personal data will be governed by our Master Agreement and Schedules providing the SaaS to our Customers who are the data controllers and who instruct us how to process the data or use the SaaS to process the data they collect. However, for entities or individuals that are Customers, and which are located in the European Economic Area (EEA), United Kingdom, Switzerland or California or serving data subjects located in the European Economic Area (EEA), United Kingdom, Switzerland or California providing personal information to business entities subject the California Consumer Protection Act, we will govern our use of End User Data based on the execution of a Data Processing Addendum or other written agreement incorporating EU Standard Contractual Clauses or other applicable terms.
In cases of End User data provided by employees or contractors of Customer to access the Services, this Privacy Policy will also apply.
END USER DATA SUBJECT REQUESTS
Individuals who have provided information to Contentstack’s Customers must send requests regarding the exercise of their digital rights under the General Data Protection Regulation (GDPR) and state implementing laws to the particular Contentstack Customer who is the data controller.
TRACKING INFORMATION
Contentstack may collect information automatically using web tracking technologies such as cookies, web beacons, pixel tags, clear GIFs and third party tracking services in order to ensure that the Sites and Services operate efficiently and to collect data related to usage of the Sites and Services such as, but not limited to, the browser type, language preference, referring site, and the date and time of each visitor request (“Tracking Information”). We may also use Tracking Information web beacons or pixel tags to compile anonymized tracking reports regarding Site user demographics and Site traffic patterns. We may then provide these reports to advertisers and others. For our own research purposes we may link Tracking Information with personal information voluntarily provided to us. Once such a link is made, all of the linked information is treated as Personal Data and will be used and disclosed only in accordance with this Privacy Policy.
COOKIES
We use both session-based and persistent cookies. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. They are unique and allow us to do site analytics and customization, among other similar things. If you access our Site through your browser, you can manage your cookie settings.
In order to collect Tracking Information and make your use of the Sites and Services more efficient and responsive to your needs, Contentstack and its cookie service providers, detailed in the Cookie Policy, store cookies on your computer. Contentstack also uses cookies and web beacons that are placed in web pages on the Sites and Services or in email communications to collect information and learn about actions users take when they interact with the Sites and Services, such email communications.
Contentstack does not link Tracking Information to individual user Personal Information; nor does it include the Personal Information with the Tracking Information that Contentstack shares with the web tracking companies that use and process the Tracking Information without your consent, except as strictly necessary to provide and improve the Services (including customer support services). Some Tracking Information may include log or other data, such as IP address data, that is unique to you. You may be able to modify your browser settings to alter which web tracking technologies are permitted when you use the Sites and Services, but this may affect the performance of the Sites and Services.
If you do not wish to receive cookies, you may deactivate storing cookies on your computer by changing your browser settings accordingly or, for specific cookie sources, follow the instructions on our Cookie Policy.. Please note that the functionality of the Sites and Services may be impaired and the range of functionalities may be severely limited if you deactivate cookies.
Specifics of which cookies we use and opt-out instructions/tools can be found on our Cookie Policy page.
LOGS
We collect logs related to the Users and Visitors access of our Sites and use of the Services. For Users, this will include IP Address, device type and general use history such as log-ins and dates and times up uploads of content.
POTENTIALLY IDENTIFYING DATA
When Visitors or Users access our Sites and when anyone visits or uses the Services, we or our service providers may collect your IP address (the Internet address of the Internet service provider you access via your computer or device) and use it for various purposes, including to analyze and report upon visits to and usage of the Services; to approximate your physical location so that we may localize the Services based on your geographic region; to diagnose and prevent service or technology problems affecting the Services; and to monitor and prevent fraud and abuse. We or our service providers may also collect the device type and identification number and request access to settings and location information for similar reasons. While the collection of this information is absolutely necessary for the operation of the Services, we work with Customers to provide documentation to assist in limiting the sharing of IP Addresses to minimize or eliminate the collection of IP Addresses from anyone other than Users or Visitors.
PERSONAL DATA
Customers who access Contentstack's Sites or use the SaaS choose to interact with Contentstack in ways that require Contentstack to gather personally-identifying information such as name, address (email or physical), credit card billing information, username, passwords. The amount and type of information that Contentstack gathers depends on the nature of the interaction.
Referral Partners who access Contentstack's Sites and choose to interact with Contentstack in ways that require Contentstack to gather personally-identifying information such as name, address (email or physical), username, passwords. The amount and type of information that Contentstack gathers depends on the nature of the interaction.
We ask Visitors who sign up for an account at Contentstack, or who have questions, to provide a username and email address.
Those who engage in transactions with Contentstack by purchasing access to the Contentstack platform to use the SaaS or sign up for a trial period are asked to provide name, address and additional payment and billing information (e.g. purchase order or bank information) and user name and password. Once signed up and the SaaS is purchased, Customer employees or contractors given access to the Services on behalf of a Customer will be asked to provide their name and email address and a password.
We also collect Customer content and track Customer usage of the SaaS and other Services as part of the Services.
HOW WE USE YOUR INFORMATION
Visitors
For Visitors, if you do not purchase the SaaS but want information, we use your contact information to follow up on your request. If a Visitor (or Customer) attends one of our workshops or events promoting our Services, we will use the information you provide to us to follow up on your interest. For persons located in the European Economic Area, the United Kingdom and Switzerland (EEA), our lawful basis in the processing of such Personal Data is under Article 6.1 (b) of the General Data Protection Regulation (GDPR).
We will also use Visitor Personal Data to evaluate the efficiency of our events. Our lawful basis in the processing of such Personal Data is under Article 6.1 (f) of the General Data Protection Regulation (GDPR).
We may also ask your consent to communicate with you regarding the provision of services or notify you about new services, changes and improvements. For persons located in the EEA, our lawful basis in the processing of such Personal Data is under Article 6.1 (a) of the GDPR.
For Referral Partners
With respect to Referral Partners, Contentstack does not disclose personal identifying information for marketing purposes other than as described below. We use such personal data, as well as Tracking Information connected with your personal data for purposes of account and Referral Partner program administration. For persons located in the EEA, our lawful basis in the processing of such Personal Data is under Article 6.1 (a) and (d) of the GDPR.
For Customers
To Provide the Services
With respect to our Customers and their account users, Contentstack does not disclose personal identifying information for marketing purposes other than as described in this Privacy Policy. We use such personal data, as well as Tracking Information connected with your personal data for purposes of account and services administration and providing the Services. We link IP Addresses with cookies and your email address in order to identify you and track your use of the Services. The collection of this particular set of Tracking Information and other data for the provision of the Site use of the Services, and the processing of the data, is absolutely necessary for the operation of the Site and Services.
For Customer employees or contractors we link your email address to the Customer master account to coordinate provision of the SaaS and related Services as well as to track usage of the SaaS.
If you post any comments or tags to others on your team in your use of the SaaS Services, then we will collect the Personal Data you tag with there to share with your team and the persons on your team that you tagged.
If you provide your payment information, we will use that information to charge you for the Services you purchase.
For persons located in the EEA, our lawful basis in the processing of such Personal Data is under Article 6.1 (c) and (f) of the GDPR.
Fraud and SaaS stability and security
We use Personal Data, Content, Tracking Information, and your usage history to detect fraud, abuse, violation of our contract terms, violation of any laws, rules or regulations, to ensure the stability and security of our Services, to protect the rights, property or safety of Contentstack or to protect public safety and threats to public health. For persons located in the EEA, our lawful basis in the processing of such Personal Data is under Article 6.1 (d) and (f) of the GDPR.
Direct Marketing and Updating You Regarding the Use of the Services
We will use Customer contact information to contact you via email or by phone, if necessary, to let Customers know about Services we and our affiliates provide, new Services or features or to update you regarding Customer use of the Services. For persons located in the EEA, our lawful basis in the processing of such Personal Data is under Article 6.1 (f) of the GDPR.
To Improve the Quality of Services
We use Tracking Information and usage history to improve the quality of our Services, including, but not limited to user experience. For persons located in the EEA, our lawful basis in the processing of such Personal Data is under Article 6.1 (f) of the GDPR.
Social Media
We may offer you the opportunity to engage with our Site and content we produce on or through third-party social networking websites, plug-ins and applications. When you engage with our content on or through third-party social networking websites, plug-ins and applications, you may allow us to have access to certain information associated with your social media account, which may include Personal Data (e.g., name, username, email address, profile picture, gender) to deliver the content or as part of the operation of the website, plug-in or application. When you provide information from your social media account, we may, through third party advertisers or the social media host website or application, use this information to personalize your experience on the third-party social networking websites, plug-ins and applications, and to provide you with other products or services you may request. Contentstack does not build profiles based on this information. The sharing of such information is exclusively controlled by the social media platform you are using. If you do not wish to share such information or exercise any data subject rights related to such information, please refer to the privacy notices or policies of the social media platform you are using. For persons located in the EEA, our lawful basis in the processing of such Personal Data is under Article 6.1 (f) of the GDPR.
Behavioral Advertising
Third parties such as ad networks and other advertising companies may serve advertisements on other websites and social networking sites (We do not have advertising on our Sites). Those third parties may use cookies, tracer tags or web beacons to report certain information about your visits to our Sites and other websites, such as web pages you visit and your response to ads, in order to measure the effectiveness of our marketing campaigns, better understand our users and to deliver ads that are more relevant to you.
To find out how to control and where possible, opt out of having your information used by participating companies for online behavioral advertising purposes, we encourage you to visit the following site:
United States of America
Digital Advertising Alliance: http://optout.aboutads.info/#!/
Network Advertising Initiative: https://optout.networkadvertising.org/?c=1
Canada
Digital Advertising Alliance of Canada’s (DAAC) http://youradchoices.ca/choices
European Union/European Economic Area & United Kingdom
European Interactive Digital Advertising Alliance: https://www.youronlinechoices.eu/
Please note that if you choose to opt-out you must opt-out of each web browser on each computer, mobile device and tablet you use. If you opt-out of receiving interest-based ads, you will continue to receive advertising, but it will not be based on online behavioral information about you. For persons located in EEA our lawful basis in the processing of such Personal Data is under Article 6.1 (f) of the GDPR
Aggregated Statistics
To the extent permitted by law, Contentstack will use Tracking Information to compile and/or create for analytical purposes, statistical, aggregated data relating to our users and the Sites and Services and display or share this information. Aggregated data is derived from Personal Information and Tracking Information but in its aggregated form it is de-identified in a manner so that it cannot be used to identify any individual or individuals. This data is used to understand our customer base, their needs, to develop, improve, and market our services. For persons located in the EEA, our lawful basis in the processing of such Personal Data is under Article 6.1 (f) of the GDPR.
Do Not Track Settings and Signals
Some web browsers may transmit “do not track” signals to the websites and other online services with which your web browser communicates. There is no standard that governs what websites should do if they receive these signals. We currently do not respond to “Do Not Track” browser signals, settings or similar mechanisms. If and when a standard is established, we may revise our policy on responding to these signals. Third parties may collect personal information about your online activities over time and across sites when you visit the Sites or use the Sites or Services as set forth below.
HOW WE SHARE INFORMATION
We will not sell, rent, or share Personal Data with third parties outside of our company without your consent, except in the following ways:
Law Enforcement and Internal Operations
Personal Data, Tracking Information, Content and End User Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary (i) to respond to claims asserted against Contentstack or to comply with the legal process (for example, discovery requests, subpoenas or warrants); (ii) to enforce or administer our policies and agreements with users; (iii) for fraud prevention, risk assessment, investigation, customer support, product development and debugging purposes; or (iv) to protect the rights, property or safety of Contentstack, its users or members of the general public. We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to any third party request to compel disclosure of your information.
Account Owner & Teammates
If you are a group user under an account owned by your employer, we may use your email address to link your use to your employer account. We may also share your email, password and use history with your employer and use history with your employer in connection with the use of the Services they purchased and authorized you to use. We also may share log information with tracking use of the Services with the account owner for purposes of preserving the security/integrity of the Services and improving the Services.
If you post comments or tags, your information that you post and user name will be shared with the teammates you tag or comment to.
Referral Partners
We may share the identity with the parties Referral Partners refer us to.
Business Transfer
Contentstack may sell, transfer or otherwise share some or all of its assets, including your Personal Data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. Under such circumstances, Contentstack will use commercially reasonable efforts to notify its users if their personal information is to be disclosed or transferred and/or becomes subject to a different privacy policy.
Affiliates
Contentstack provides Personal Data and Tracking Information to our affiliates that need to use such Information to provide the Services.
Third Parties
We sometimes contract with other companies and individuals to perform functions or services on our behalf, such as software maintenance, data hosting, sending email messages, etc. We necessarily have to share your Personal Data with such third parties as may be required to perform their functions. We take steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addenda and incorporating EU Model Clauses.
Third Party Service Providers
Third party service providers may collect Personal Data on our behalf directly from you and share it with us. Such providers that collect information via cookies can be found on our Cookie Policy. The others are listed below
We use Channeltivity to manage and provide information to our Referral Partners. It collects Referral Partner, name, email address and other contact information for this purpose. Channeltivity includes the EU Standard Contractual Clauses in their Data Protection Addendum and we have a Data Processing Addendum in place with them. For more information, please refer to the Channeltivity Privacy Policy.
We utilize the DocuSign application (‘DocuSign’) and other applications to enable contracts and notices to be signed, provided to and shared with third-party suppliers, customers and business partners electronically, collecting name, address and other information required to execute and validate contracts and protect against fraud. Docusign has Binding Corporate Rules and sometimes relies on the EU Standard Contractual Clauses as well. We have a Data Processing Addendum in place with them. For more information please refer to DocuSign’s privacy policy.
We use Google Forms to collect inquiries from our Site. Processing takes place in the United States. Google uses the EU Standard Contractual Clauses as a basis for transfer. For more information on Google Forms and Google’s privacy practices, please review their privacy policy at https://www.google.com/policies/privacy/.
We use HotJar to collect aggregated insights regarding use of the Sites by Visitors and potential Customers, HotJar collects the IP Addresses (in a de-identified format), device type, geographic location (country only), referring pages and pages visited and clicks on the Sites. We do not match this data with other Personal Data and Hotjar states that all of its processing takes place within the European Union under the terms of a DPA we have with them. If you do not wish HotJar to collect data, please follow the instructions HotJar provides, and for more information, please refer to their privacy policy.
We use Intercom in connection with our Sites and Services to store and track usage statistics, support conversations and contact information such as name and email in connection with those support live chat conversations. Intercom is used for customer support purposes. In particular, we provide a limited amount of your information (such as sign-up date and some personal information like your email address) to Intercom, Inc. (“Intercom”) and utilize Intercom to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Intercom analyzes your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information on Intercom's use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy. We may also use Intercom as a medium for communications, either through email, or through messages within our product(s). As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience. Processing takes place in the United States. We have entered into a Data Processing Addendum with them using the EU Standard Contractual Clauses. For more information on the privacy practices of Intercom, please visit their privacy policy. Intercom’s services are governed by Intercom’s terms of use which can be found at https://www.intercom.com/terms-and-policies#terms.
We also may use Marketo to track, follow up and market products to existing customers based on the name, email address and other contact information provided and tracking information collected through cookies. If you would like to be removed from such marketing, follow the removal instructions at the bottom of the emails sent to you. Processing takes place in the United States. Data is processed in the United States under a Data Privacy Addendum and Standard Contractual Clauses. Please refer to Marketo’s Privacy Notice for more information.
We may use MixPanel to onboard customers and track your interaction with our Services and third party services through our Services. It collects name, contact information and other Personal Data. Data is processed in the United States. Data is only shared subject to a Data Protection Addendum with the EU Standard Contractual Clauses. For more information please check out Mixpanel’s privacy policy as it applies to their general practices and their mobile, apps and web analytics.
We also may use Outreach to send you emails after you sign up for the Services or if you indicate an interest in receiving information and track your interaction with those emails based on the email address Customers provide to us. We have a Data Processing Addendum with EU Standard Contractual Clauses in place with them. If you wish for us to remove yourself, please follow the instructions at the bottom of the email communications. For more information on Outreach, follow the link to https://www.outreach.io/legal/privacy-policy/.
We use Salesforce.com to collect personal information related to sales (name, contact information, employer) in order to follow up on inquiries and sales to our customers or potential customers who have contacted us. Data is only shared subject to a Data Protection Addendum as well as Binding Corporate Rules. For more information about Salesforce’s privacy practices refer to Salesforce’s privacy policies and notices.
We use Twilio’s Authy service for a two-factor confirmation your identity to use the Services. We store your personal information in the form of your contact information to confirm your identity to keep your account secure. Twilio relies on the EU Standard Contractual Clauses as a basis for international transfer.For information on the privacy practices of Authy and its parent company Twilio, please read the Twilio Privacy Policy.
We use Typeform to collect and track survey feedback from our customers, which includes the email contact information of people providing feedback. Data is processed in Spain. For more information regarding Typeform’s privacy and security practices, please refer to their Privacy Policy and Terms.
We use the tool "Zendesk" on our website and within our SaaS, an offer of Zendesk Inc, which supports us in the processing of Customer requests (inquiries and customer support) using cookies to link requests to Customer email. The recorded information is processed by Zendesk on different servers, some of which are located in the United States. Zendesk collects information about your browser, your hardware and software, your Internet service provider as well as your IP address, which can also be sent to the United States. Zendesk uses this information to provide the services described above. Zendesk has filed Binding Corporate Rules with the Dutch and UK authorities, and we have a Data Processing Addendum in place with them. For more information on data protection, visit Zendesk’s Privacy Policy: If you do not want share information with Zendesk, you can refuse to set a cookie in your browser settings.
We use the services G2, ZoomInfo and TechTarget to provide us with interested Customer insights and contacts based on the consents they have obtained from their users. In each case, we have data processing terms in place with them. If you have used these sites and have provided consent via their services, you can get more information from the G2 privacy policy, ZoomInfo privacy policy and privacy center and TechTarget privacy policy on your rights and choices.
Third Party Sources
We collect Customer Personal Data for potential customers to reach out to regarding the services. For a list of third party data providers please go to our Third Party Providers and Data Sources Disclosure Page.
Your Information Choices
Right to Review and Rectify Your Personal Data
Customers can update most of their Personal Data by logging on to their account (except their contact email, which cannot be edited because it is tied to the account). However, if additional assistance is required to change or delete inaccuracies within your Personal Data or you would like to know what information about you was collected, please contact us at privacy@contentstack.com.
Right to Remove or Withdraw Consent
You have the right to withdraw consent where such consent is required to share or use data and you may request that we delete your Personal Data. If you receive communications from us and no longer wish to receive them, please follow the removal instructions in the email or change your account settings. You can delete your Personal Data by logging into your account and deleting your account.
However, since your Personal Data is required for us to provide the Services to you, deleting it, especially your email address, will also terminate your access to the services. Deleting your Personal Data does not mean that all of it will be removed. We may be required by law to retain your data, or retain data to exercise or defend legal claims, fulfill contractual obligations with our customers; retain some information in connection with our obligation to provide the Services. We may de-identify and anonymize some data for purposes of retaining it.
Right to Object to Processing
You have the right to object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third-party) and there is some reason you object to our processing on that basis, such as it being disclosed to a third-party or it being used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. You can also object to our processing of your Personal Data where we are doing so for direct marketing purposes.
Right to Request Restriction
You have the right to request the restriction of processing your Personal Data. This allows you to ask us to suspend the processing of your Personal Data, for example, if you want us to establish its accuracy or our reason for processing it.
Data Portability
If you would like us to transmit your Personal Data to another company providing similar services, to the extent required by law, we will work with them to do so upon request and verification of such request with both the requestor and the company receiving the Personal Data.
Data Retention
We take steps to delete data after we no longer have a legitimate purpose for retaining it. After master accounts are terminated, we delete Customer Content data and End User data within 180 days after termination. We retain Customer information as long as necessary to achieve legitimate business purposes (such as to defend against legal claims or archive with anonymization techniques) or as required by law.
California Privacy Notice
We do not believe that we “sell” the data of consumers as defined in the California Consumer Privacy Act (CCPA). As a “Service Provider” under the CCPA, we will not “sell” consumer data as defined in the CCPA or use consumer data for any other purpose other than business operations and fulfilling our contractual obligations to our Customers.
Even so, we provide for many of the rights set forth in the CCPA as set out in the “Your Information Choices” section above.
With respect to consumer personal information, as defined by the CCPA, if we were to collect such consumer personal information, you would be entitled to certain rights with respect to such data. California law would permit you to request that we:
- Provide you: the categories of personal information we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we shared personal information.
- Provide access to and/or a copy of certain information we hold about you.
- Delete certain information we have about you.
You would also have the right to receive information about the financial incentives that we offer to you (if any). You also have the right not to be discriminated against (as provided for in applicable law) for exercising certain of your rights.
Certain information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide the Services to you, to defend against legal claims, detect fraud for compliance with applicable law and other business operations purposes. If you ask us to delete certain information, you may no longer be able to access or use the Services.
As explained above, we do not believe that we currently “sell” consumer data. If we did, you would have the right to make the requests set out herein. You would also be able to designate an authorized agent to make a request on your behalf. To do so, you would have to provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You would also still need to verify your identity directly with us prior to responding to or complying with any requests.
RIGHT TO OPT OUT
To the extent we ever do "sell" Personal Information, you have the right to opt out of that sale. Note that if you chose to use our Services again after requesting to opt-out, that will serve as a voluntary opt-in as we require use of your Personal Information to provide the Services.
YOUR PRIVACY RIGHTS (CALIFORNIA AND NEVADA)
Even though we don’t sell consumer data, under California’s “Shine the Light” law California Civil Code § 1798.83 California residents, and under Nevada law, Nevada residents may still request and obtain from us, once a year, free of charge, a list of third parties, if any, to which we disclosed their Personal Information for direct marketing purposes during the preceding calendar year and the categories of Personal Information shared with those third parties. If you are a California or Nevada resident and wish to obtain that information, please submit your request by sending us an email at privacy@contentstack.com, or write us at Contentstack, attention Legal, 315 Montgomery St. #909, San Francisco, CA 94104. We will confirm your identity and respond in accordance with legal requirements.
DATA PRIVACY FRAMEWORK (DPF)
Contentstack complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Contentstack has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Contentstack has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Contentstack commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Contentstack at: privacy@contentstack.com. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Contentstack commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. Individuals have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. See Annex I of the DPF Principles for additional information: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
Contentstack has responsibility for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf. Contentstack shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless Contentstack proves that it is not responsible for the event giving rise to the damage.The Federal Trade Commission has jurisdiction over Contentstack’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). Contentstack may disclose personal information in response to lawful requests by US public authorities, including to meet national security or law enforcement requirements.
PROTECTION OF DATA
We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. For example:
- SSL encryption (https) everywhere where we deal with Personal Data.
- Password protection on your account.
- Customer Personal Data is kept on secure, encrypted servers.. We also have an EEA instance that stores data (other than data shared with our subprocessors located outside of the EEA) from our European customers in Ireland and Germany. All other customers’ data is stored in the United States
- SSL encryption and API key for backend storage of User Content.
- Restricting staff access to Personal Data protected by password logs and two factor authentication.
- Regular staff privacy and security training.
However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we store, process or transmit.
OTHER TERMS
Third Party Links and Services
The Sites and Services may contain links to other websites and services or use services not provided by Contentstack. Contentstack cannot be, and is not responsible for the use of data, privacy practices or the content of those websites or services. You should be aware of this when you leave our site and be sure to review the privacy statements of each website you visit that collects information. This Privacy Policy applies solely to personal information collected by Contentstack.
Users Under 16 Years of Age
The Sites and Services do not knowingly collect personal information from users under the age of 16 nor are they intended to be used by anyone under 16. If you are under the age of 16, you are not permitted to use the Sites and Services or to disclose Personal Information using the Sites and Services. If we learn we have collected or received Personal Information from a child under 16, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at privacy@contentstack.com.
Privacy Policy Changes
Although most changes are likely to be minor, Contentstack may change its Privacy Policy from time to time, and in Contentstack's sole discretion. Contentstack encourages visitors to frequently check this page for any changes to its Privacy Policy. In the event we make material changes to our Privacy Policy, we will notify you in advance by email or by notice when you log in to the Sites and Services or both. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.
