SIGNIFYD.COM Privacy Policy
Effective August 16, 2019 to January 30, 2023
Welcome to the Website of SIGNIFYD Inc., a Delaware corporation (“SIGNIFYD, “we,” or “us”). This privacy policy describes how we collect, use, disclose and otherwise process Personal Information from users of our Website at www.signifyd.com (the “Site”) and our SIGNIFYD fraud and abuse prevention service provided through our customer portal on the Site (the “Service”), as well as all related applications, widgets, software, tools, and other services provided by us or on which a link to this policy is displayed (collectively, together with the Site and our Service, our “Services”). By using any of our Services, you consent to the collection and use of Personal Information in accordance with this policy. Unless separately defined in this Privacy Policy, all terms used with initial letters capitalized in this policy have the meanings set forth in the legal terms referenced in an Order Form and/or Statement of Work (the "Terms of Service") or in this privacy policy.
-
1. The information we collect
- We may collect information, which includes Personal Information, in various ways. “Personal Information” means any information that relates to an identified or identifiable individual, such as name, address, telephone number, or email address. We indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so, at the time of the collection of your Personal Information. If you do not provide the Personal Information necessary to provide you with our products and services, you will not be able to benefit from them.
Information Collected via Automated Means
When you use our Services, some information is automatically collected, such as your IP address, browser type, system type, the content and pages that you access on our Services, “referring URL” (i.e., the page from which you navigated to the Services), the pages you navigate to on the Services and other websites over time, and from which you leave the Services, the links and buttons on which you click, when you scroll, the time you spend on the Services, as well as any events sent to a behavioral tracking service, such as Google Tag Manager. We may use IP address to derive your approximate location.
We collect this information via automated means, such as standard server logs, cookies, local browser storage, ETags, clear GIFs (also known as “Web beacons”), device fingerprinting and similar technologies. We use this information to administer, operate, and improve the Services and our other services and systems, and to provide services, content and advertising that are tailored to you.
Also, please be aware that third parties may set cookies on your hard drive or use other automated means to collect information about your use of their services or content.
We use analytics providers such as Heap, which use cookies and similar technologies to collect and analyze information about use of the Site and report on activities and trends. These services may also collect information regarding the use of other websites, apps and online resources. You can learn about Heap’s practices by going to https://heapanalytics.com/privacy, or opt out of them by contacting [email protected].
Information Provided by You
We collect Personal Information that our users provide to us in a variety of ways on our Services. For instance, when you register for a SIGNIFYD account, update your account information on our Services, leave a comment on our blog, or otherwise post or transmit any information or content on or to our Services, request information about any beta testing of Services that we may provide, request help and support regarding any of our Services, or otherwise communicate with us, we collect the Personal Information that is provided to us. We may collect Personal Information such as name, email address, city, state, country, other demographic information, and your interests and preferences in these manners. We also collect any information that you include in the content of messages you send to us.
Information from Other Sources
We may receive Personal Information about you from third parties, including public databases and industry-standard data vendors. In addition, we collect information from our customers, as well as their service providers and End Users, to provide the Services as described above and in our Terms of Service. We may combine this information with other Personal Information we maintain about you. We may also obtain information about you from publicly available sources.
-
2. How we use your information
- We use Personal Information for a number of purposes, including to:
- Provide services and information that you request, respond to comments and questions, and otherwise provide support to users;
- Enhance, improve, operate, and maintain our Services, our programs, services, website, and other systems, including to protect against and prevent fraud;
- Prevent fraudulent use of our Services;
- Tailor your user experience;
- Maintain a record of our dealings with you;
- Understand and analyze the usage trends and preferences of our users, to improve the Services, and to develop new products, services, features, and functionality;
- Contact you for administrative and information purposes—this may include providing customer service or sending communications, including changes to our terms and conditions;
- Develop and provide promotional and advertising materials that may be useful, relevant, valuable, or tailored to you, or otherwise of interest;
- Achieve business purposes, such as account verification, audits, security, compliance with applicable laws and regulations, fraud monitoring and prevention;
- Enforce our Terms of Service or as necessary to establish, exercise or defend legal rights;
- Achieve purposes for which we provide specific notice at the time of collection.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we will rely on a lawful legal ground for the processing of your Personal information, including when:
- You consented to the use of your Personal Information (e.g., for our uses of cookies or similar technologies, to send you marketing communications or personalize our offerings).
- Necessary to provide you with products and services, or to respond to your inquiries.
- The processing is required by applicable law or necessary to comply with a legal obligation.
- We, or a third party, have a legitimate interest in using your Personal Information, such as to ensure and improve the safety, security, and performance of our products and services, to protect against and prevent payment fraud or to carry out data analyses. We will not engage in what is known as “automated decision-making,” which involves making decisions with legal or similarly significant effects solely based on automated processing of Personal Information, unless you explicitly consented to the processing, the processing is necessary for entering into, or to perform a contract, or when authorized by applicable law.
-
3. How we disclose your information
- When providing our Services, we may disclose Personal Information about you to our business customers (e.g., e-commerce merchants), such as whether a payment transaction is legitimate or potentially fraudulent, to help them prevent fraud in the context of online payments.
We also may disclose Personal Information to third-party service providers that assist us in our work (including, but not limited to, data enrichment, analytics, payment processing and data storage and processing facilities).
Additionally, we may disclose Personal Information to third parties if we believe that doing so is legally required or is in our interest to protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights or property of others.
In addition, information about our users, including Personal Information, may be disclosed as part of any merger, acquisition, debt financing, sale of company assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which Personal Information could be transferred to third parties as one of our business assets.
-
4. Your rights and choices
- Promotional emails
If you receive promotional emails from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving promotional emails from us by sending us an email or by writing to us at the address given at the end of this policy.
Additionally, as part of the user account functionality on our Services, we may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us.
Please be aware that if you opt-out of receiving promotional email from us, it may take up to ten business days for us to process your opt-out request, and you may receive promotional email from us during that period. Additionally, even after you opt-out from receiving promotional messages from us, you will continue to receive administrative messages from us regarding our Services.
Cookies and similar technologies
If you do not want information collected through the use of cookies, most browsers allow you to automatically decline cookies or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Services.
We work with third party advertising partners to show you personalized ads about our products on other websites and platforms. Some of our advertising partners are members of the Network Advertising Initiative (http://optout.networkadvertising.org/?c=1#!/) or the Digital Advertising Alliance (http://optout.aboutads.info/?c=2&lang=EN). If you do not wish to receive personalized ads, please visit their opt-out pages to learn about how you may opt out of receiving web-based personalized ads from member companies. You can also access any settings offered by your mobile operating system to limit ad tracking, or you can install the AppChoices mobile app to learn more about how you may opt out of personalized ads in mobile apps.
Signifyd does not process or respond to web browsers’ “do not track” signals or other similar transmissions that indicate a request to disable online tracking of users who use or visit our Services.
Access and deletion
As part of the user account functionality on our Services, you may have the ability to access and update many categories of Personal Information that you provide to us by logging into your account and accessing your account settings. If you wish to access, amend or request deletion of any Personal Information that you have provided to us, you may contact us at [email protected] call us at (866) 220-1415 or submit this request at https://www.signifyd.com/dsar.
If you request that we delete your user account on any of our Services (via a user settings page, by email, or otherwise), we will do so within a reasonable period of time, but we may need to retain some of your Personal Information in order to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so.
European users
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may have the right to:
- Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer your Personal Information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
- Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal. Those rights may be limited in some circumstances by local law requirements. You may exercise your rights by contacting us as specified below.
-
5. Links
- For your convenience, the Services may contain links to other Websites, products, or services that we do not own or operate. Please be aware that this Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties operating any Website or service to which the Services link. We encourage you to carefully review the privacy policies applicable to any Website or service you visit other than our Services before providing any Personal Information on them.
-
6. Children
- Children’s safety is important to us, and we encourage parents and guardians to take an active interest in the online activities of their children. Our Services are not directed to children under the age of 13, and we do not knowingly collect Personal Information from children under the age of 13. If we learn that we have collected Personal Information from a child under the age of 13 on our Services, we will delete that information as quickly as possible. If you believe that we may have collected any such Personal Information on our Services, please notify us at [email protected].
-
7. Data transfers
- Our Services are hosted in the United States and are intended generally for United States users. However, individuals located outside of the United States may also benefit from our Services. We may transfer your Personal Information to countries other than the country where you are located, including to the United States where we are headquartered. While the Privacy Shield Framework has been declared to be insufficient for the protection of data transfers for transfers of Personal Information from the European Economic Area, the United Kingdom, or Switzerland to the United States, Signifyd still complies with the requirements as prescribed by the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework and as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Please see Clause 8 for further details. In addition, to supplement the Privacy Shield and comply with recent rulings, Signifyd also relies on the European Commission’s Standard Contractual Clauses for transfers of Personal Information from the European Economic Area, the United Kingdom, or Switzerland, while awaiting further legal guidance from international regulators. Signifyd may also transfer your Personal Information to countries which provide an adequate level of protection under EU law. This must also be balanced with the requirement for Signifyd to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. You may contact us at [email protected] to obtain further information on the safeguards we use to transfer Personal Information outside of the EEA, the United Kingdom, or Switzerland.
-
8. EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework
- Signifyd has certified to the U.S. Department of Commerce that Signifyd satisfies the standards as prescribed by the Privacy Shield Principles and as required under the Privacy Shield Framework. This makes Signifyd subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and could face liability in cases of unlawful transfers to third parties. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern as a minimum level of protection, however Signifyd may supplement these Principles and this level of data protection. To learn more about the Privacy Shield or to view Signifyd’s certification, please visit https://go.adr.org/privacyshield.html. In compliance with the Privacy Shield Principles, Signifyd commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Signifyd at [email protected]. Signifyd has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association (“AAA”), an alternative dispute resolution provider located in the United States, which could reach a binding decision. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit AAA for more information or to file a complaint. The AAA Rules and filing forms are available online at www.adr.org, by calling the AAA at 1-800-778-7879. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles available here.
-
9. Security
- We use reasonable security measures that are designed to protect Personal Information in our control from loss, misuse, unauthorized access, use, disclosure, alteration, or accidental, unlawful or unauthorized destruction. Please note, however, that no data security measures can be guaranteed to be completely effective. Consequently, we cannot ensure or warrant the security of any Personal Information or other information or that it will not be accessed, viewed, or acquired by unauthorized persons.
We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.
-
10. Updates to this policy
- We may occasionally update this policy. When we do, we will also revise the “last updated” date at the beginning of the policy. Your continued use of our Services after such changes will mean that you accept the revised policy. We encourage you to periodically review this policy to stay informed about how we collect, use, and disclose Personal Information.
-
11. Contacting us
- If you have any questions, comments, or concerns about this privacy policy, or if you would like to exercise your rights in relation to your Personal Information, please contact us using the following contact information:
Signifyd, Inc.
Attn: Signifyd Privacy Issues
99 Almaden Blvd., 4th floor
San Jose, CA 95113
[email protected]
Tel: (866) 220-1415Please note, the role and department responsible for compliance with the obligations under this Notice is:
Data Protection Officer
Signifyd, Inc.
99 Almaden Blvd., 4th floor
San Jose, CA 95113
[email protected]
Tel: (866) 220-1415You may contact our European Local Representatives as required under Art. 27 GDPR as follows:
Managing Counsel
Signifyd, Inc.
Buzón 109
C/ Pizarro 20 — Local
28004 Madrid
[email protected]
Tel: (866) 220-1415
Previous Privacy Policy — April 20, 2018 to August 15, 2019