Productboard, Inc., (“Productboard”) and its subsidiaries (collectively, the “Productboard Group”, “we”, “us”, or “our”) are committed to protecting your information. This Privacy Policy (“Policy”) informs you how we collect, use, secure and share your personal information that we collect when you visit our Websites, use our Services, visit our branded social media pages, visit our offices, receive communication from us, register or attend our events or webinars, or ask questions about our products.
We may provide “just-in-time” disclosures or additional information about our data collection, use and sharing practices of specific services. These notices may supplement or clarify Productboard’s privacy practices or may provide you with additional choices about how Productboard processes your personal information.
If you do not feel comfortable with any part of this Policy, you should cease using our Websites and Services.
Contents
1. Policy Scope
The Productboard Group is committed to protecting the privacy of individuals who interact with us. This Policy applies to the personal information we collect and use for our own purposes (i.e., as a “data controller”).
We provide this Policy to explain the ways in which we collect, use, and share personal information about individuals who:
The term “Subscriber” refers to an individual or entity that has agreed to our Master Subscription Agreement, available at: www.productboard.com/msa, and/or such other applicable agreement of the Productboard Group relating to access and use of our Services (“Services Agreement”), including an individual representing the Subscribing company. The term “Account” refers to a Productboard account or instance created by or on behalf of a Subscriber within the Services. The term “Users” shall refer to the individuals authorized to use our Services through a Subscriber’s Account.
In providing our Services, we may process certain personal information, including certain information from Users, on behalf of our Subscribers as a “data processor.” In such cases, Subscribers to our Services act as data controllers. Such Subscribers are solely responsible for establishing privacy policies for and ensuring compliance with all applicable laws and regulations, agreements or other obligations, relating to the processing of personal information of individuals, including Users, who use the Subscriber’s instance of our Services. If you are an individual who uses a Subscriber’s instance of our Services, then except as otherwise noted in this Privacy Policy, the processing of your personal information will be subject to the Subscriber’s privacy practices, and you should contact that Subscriber for assistance with any requests or questions relating to the processing of your personal information.
2. Personal Information You Provide
In this Policy, “personal information” means information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, including by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity. Below are examples of Personal Information you may provide in your use of the Services:
Account and Registration Information. If you are Subscriber or User, we must process certain personal information about you, including, but not limited to, name, address, phone number, email address, company name, and username, to provide our Services (collectively “Account Information”), and name or alias for each of your Users. By voluntarily providing us with this information, you represent that you are the owner of such personal information or are otherwise authorized to provide it to us, specifically, if you as a Subscriber provide us information related to the User, you represent that the User has not objected to such processing.
Commercial Information. We collect commercial information, such as payment information, including credit card information and your purchases from and transactions with us. We use a third-party intermediary to manage credit card processing, and we do not process any such information.
User Information. We collect certain information automatically from Users through cookies and other tracking technologies when they use a Subscriber’s Account, subject to the applicable law’s consent requirements. We use this information to improve our services. In relation to all of the information that Users voluntarily provides when working in a Subscriber’s Account, the Subscriber is the data controller and we are a data processor.
Any other information you provide, such as when you submit requests for customer support or technical assistance, feedback, or questions to us.
3. Personal Information Automatically Collected
Cookies and Other Tracking Technologies. We and our authorized partners use cookies and other information gathering technologies for a variety of purposes. These technologies may provide us with your personal information, information about devices and networks you utilize to access our Websites, and other information regarding your interactions with our Websites. For more details about the categories of cookies utilized on our Websites, as well as how we use them, please see our Cookie Policy: https://www.productboard.com/cookies/.
We partner with third parties to manage our advertising for our Website and Services and delivery of content from our Websites (“Content”) on other sites. Our third-party partners may use technologies such as cookies to gather information about your activities on our Websites and other sites in order to suggest advertisements based upon your browsing activities and interests. They and we may also use cookies to gather information about your interaction with our Content. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the EEA or the United Kingdom click here). Please note this will not opt you out of being served ads, and you will continue to receive ads that may be less relevant to you.
Logs. As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and Services. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information. Occasionally, we connect personal information to other information gathered in our log files as necessary to improve our Websites and Services. In such a case, we would treat the combined information in accordance with this Policy.
Location information. We may collect general information about the location of the device from which you are accessing the Websites or Services (e.g., IP address and city).
4. Personal Information We Collect From Other Sources
Social Media Widgets. Our Websites may include social media features, such as the Facebook Like button, and widgets, such as the Share This button or interactive mini-programs that run on our Websites. These features may collect your IP address, which page you are visiting on the Websites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Websites. Your interactions with these features are governed by the privacy policy of the companies that provide them.
Single Sign-On. Enterprise customers can log into certain Services using sign-in services such as Google Authentication or SAML. These services will authenticate your identity, without the need to sign in with a username and password combination.
Information From Third Party Services. We may also obtain personal information from third parties and combine that with information we collect through our Websites. For example, we may have access to certain information from a third-party social media or authentication service if you log into our Services through such a service or otherwise provide us with access to information from the service. Any access that we may have to such information from a third-party social media or authentication service is in accordance with the authorization procedures determined by that service. By electing to use a third party authentication service, you authorize us to process the personal information that the third party service makes available to us, and to use and disclose it in accordance with this Policy. The disclosure of your personal information is subject to the third party’s privacy policy. You should check your privacy settings on these third-party services to understand the personal information sent to us through these services. For example, you can log in to the Services using sign-in services such as Google Authentication, as further described below.
5. Why We Process Your Personal Information
We process your personal information to:
6. Legal Basis for Processing Personal Information
For individuals who are located in the European Economic Area, the United Kingdom or Switzerland or Brazil at the time their personal information is collected, our legal basis for processing your information under the applicable laws will depend on the personal information at issue, the specific context in the which the personal information is collected and the purposes for which it is used.
We process your information for the purposes described in this Policy, based on the following legal grounds:
(i) When we are pursuing legitimate interests.
(ii) When we are providing a service pursuant to a contract.
(iii) When we are complying with legal obligations.
(iv) With your consent.
In some rare instances, we may need to process your personal information to protect your vital interests or those of another person. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to Contact Us” heading below.
7. Why We Disclose Your Personal Information
We take care to allow your personal information to be accessed only by those who really need access in order to perform their tasks and duties, and to disclose to entities who have a legitimate purpose for accessing it. We may disclose personal information about you with third parties in the following circumstances.
8. Security & Confidentiality
We maintain (and require service providers to maintain) generally accepted, reasonable, and appropriate standards to protect your personal information, both during transmission and once it is received.
9. Retention of Your Personal Information
We will retain personal information we collect from you where we have a justifiable business need to do so or for as long as we determine it is needed to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, legal, accounting or other purposes). After that time, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
10. International Transfer of Personal Information
We primarily store personal information about Website Visitors and Subscribers within the European Economic Area (the “EEA”) and in the United States. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which the Productboard Group has operations. If and when transferring your personal data from the EEA, United Kingdom or Switzerland, or via an onward transfer we generally rely on our DPF certification or Standard Contractual Clauses adopted by the EU Commission as appropriate safeguards, though we may rely on other legally approved mechanisms as well.
Productboard has certified to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss – U.S. Data Privacy Framework (collectively, the “DPF”) for personal information that it receives from the EEA, the UK, and Switzerland (respectively) in the United States. As explained in our Data Privacy Framework Privacy Policy here [insert link], personal information covered by our DPF certification will be protected in accordance with the DPF Principles.
11. Your Privacy Rights and Choices
Marketing Communications. If you do not want to receive marketing email communications from us, you can opt-out by clicking on the “unsubscribe” link located on the bottom of our marketing emails or you may send a request to [email protected].
Updating Your Information. You may request that we correct or update any inaccurate or incomplete personal information by contacting [email protected]. Subscribers to our Services may update or change their Account Information at any time by editing their profile or organization record or by contacting [email protected] for more detailed instructions.
Additional Rights for Certain Territories. If you reside in certain territories (such as California, the European Economic Area, Switzerland, the United Kingdom. Japan or Brazil), you may have the right to exercise certain privacy rights available to you under applicable law. If any of the rights listed below are not provided under law for your jurisdiction, we have the absolute discretion in providing you with those rights.
Your personal information rights are not absolute and your rights or requests may be subject to exceptions under applicable law. Depending upon your jurisdiction and the applicable law, you might have the rights to request the following:
Your rights and our responses will vary based on your state or country of residency.
To assert your privacy rights, please email [email protected] with the subject line, “Privacy Rights Request.” Please note that to protect your privacy and security, we must be able to verify your identity before we can process your request to exercise any of the privacy rights that you may be entitled to under the applicable law. We may conduct the verification process by email or phone, and we may ask you to provide information to verify you such as your name, contact information, and any additional relevant information based on your relationship with us. You may also use an authorized agent to submit a request to opt out on your behalf if you provide the authorized agent signed written permission to do so.
California Residents Only: Right to Opt Out of Sale of Personal Information or Sharing of Personal Information for Targeted Advertising; Right to Limit:
If you are a California resident, you may opt out of the sale of personal information and the sharing of your personal information for targeted advertising, under the California Consumer Privacy Act (“CCPA”). Targeted advertising is when we or our partners display ads to you based on your personal information that is collected across different businesses.
To submit a request to opt out of the sale or “share” of your personal information such as cookies, device identifiers and browsing information or use for targeted advertising, you may visit our “Do Not Sell or Share My Personal Information” page. To opt out for contract information, you can send an email to [email protected] with the subject line “Do Not Sell My Info.” Even if you opt out, you will still see advertising, it just may be less relevant to you. Your preference may be lost if you clear, or your browser is set to clear, cookies. You will need to make these choices on each browser you use.
The CCPA also allows residents the right to limit the use or disclosure of “sensitive personal information” (as defined in the CCPA) if sensitive personal information is used for certain purposes. Please note, in the limited circumstances that we process sensitive personal information as defined by the CCPA, we do not use or disclose it other than for disclosed and permitted business purposes for which there is not a right to limit under the CCPA.
Rights and Choices for Users and other instances where Productboard Acts as a Processor: An individual, such as a User, who seeks access to, or who seeks to correct, amend, or delete inaccuracies in personal information stored or processed by us on behalf of a Subscriber should direct his/her query to the Subscriber (the data controller).
Social Media Accounts
We maintain accounts with various social media networks. When you visit these social media networks, a variety of data processing operations are triggered. We use your personal information when you visit Our profiles on these social media networks, or when you click on the like-button on one of our social media advertisements. When you visit Our profiles, your personal information is not only used by Us but also by the social network provider, regardless of whether you have a profile in the social network or not. The individual processing and its scope differ from provider to provider, and they are not completely transparent to Us. Details about the processing of the social network providers can be found in the relevant social media network’s Privacy Policy:
The social network providers collect your usage information to provide us with usage statistics. To learn more about how such tracking takes place and to understand how we use social media plugins on our Websites, please read our Cookie Policy.
12. Notice to California Residents
This notice to California residents is provided under California law, including the California Consumer Privacy Act (“CCPA”), Cal. Civ. Code 1798.100, et seq.. The information provided below relates to the personal information, the Productboard Groups process as a data controller, which is known as a “business” under the CCPA. If you are a California resident, this Section applies to you in addition to the rest of this Policy.
Categories of Personal Information Collected. In the preceding 12 months, we have collected the following categories of personal information: identifiers (such as your name and contact information); commercial information (such as information about products or services you have purchased); internet or other electronic network activity information (such as your IP address, device identifier, and other information captured by online tracking technologies); and inferences drawn from the information collected about you. When you purchase a product or service from us, we may also collect information described in Section 1798.80(e) of the California Civil Code (such as signature and credit/debit card number). For examples of the precise data points we collect and the categories of sources of such collection, please see Sections 3, 4, and 5 of this Policy.
Business or Commercial Purpose for Collecting and Using Personal Information. We collect the categories of personal information described in this Section for the business or commercial purposes described in Section 6 of this Policy.
Categories of Personal Information Disclosed and Categories of Recipients. In the preceding 12 months, we have disclosed the following categories of personal information for business or commercial purposes to the following recipients:
We may also disclose the above categories of information with government entities as may be needed to comply with our legal obligations or prevent illegal or fraudulent activity.
Sale or sharing of personal information. We engage in targeted (or cross context behavioral) advertising about the Websites or Services on other sites when we advertise our Services elsewhere. In connection with such advertising, we may share the following categories of information with advertising networks and providers and social media networks, which may be considered a sale under California law and is the processing of personal information for targeted advertising:
California residents can opt out for cookie, device ID, browsing and similar information at the following page: Do Not Sell or Share My Personal Information.
To opt out for contract information, you can send an email to [email protected] with the subject line “Do Not Sell My Info.”
Retention. We keep your information to fulfill the purposes described above, unless a longer retention is required or permitted by law. Our retention is based upon the amount, nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we process the information, applicable legal requirements, and our legitimate interests. The purposes for which we process information may dictate different retention periods for the same types of information. We may delete or de-identify your information sooner if we receive a verifiable deletion request, subject to exemptions under applicable law.
Your Rights. California residents have certain rights set forth in Section 11 and may exercise those rights as provided in such Section. We will not discriminate against those who exercise their rights.
Do Not Track. Some Internet browsers include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT” signals have not been adopted, our Websites do not process or respond to “DNT” signals.
13. Children’s Personal Information
We do not knowingly collect any personal information from children under the age of 16. If you are under the age of 16, please do not use or submit any personal information through our Websites or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us through the Websites or Services, please contact us at [email protected], and we will use commercially reasonable efforts to delete that information.
14. Changes to this Policy
We may change this Policy from time to time. We always indicate the date the last changes were published and offer access to the last version of our Policy for your review. If changes are material, you will be notified prior to the change becoming effective either via a notice on our Websites or an email sent to the email address we have on file for you or as otherwise required by law.
15. Contact Us
If you have questions regarding this Policy or about the privacy practices of Productboard, please contact us by email at [email protected], or at: Productboard, Inc., Attn: Privacy Officer, 333 Bush Street, 20th floor, San Francisco, CA 94104, United States of America.
Previous Versions