Last revised on November 03, 2021, effective as of December 03, 2021
This policy does not apply to third parties that Customer.io does not own or control. Such third parties are not under Customer.io’s control and Customer.io is not responsible for their privacy or security practices.
Customer.io participates in and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Customer.io’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks below. In particular, Customer.io remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Customer.io proves that it is not responsible for the event giving rise to the damage.
Peaberry Software Inc. d/b/a Customer.io (“Customer.io”) works hard to respect your privacy, starting with being transparent about what data we collect and how we use it. This policy describes our information processing practices when you interact with our websites, social media sites and handles, email, and online services. It also describes how we handle information on behalf of our clients (“Clients”), who engage us to provide email marketing optimization and delivery services as described on our Features page. Collectively, this policy refers to our information processing activities as our “Services.”
We also include specific disclosures for residents of the European Economic Area and Switzerland as well as California.
This Policy applies when you interact with us through our Services. It also applies anywhere it is linked. It does not apply to non-Customer.io websites and mobile applications that may link to the Services or be linked to or from the Services; please review the privacy policies on those websites and applications directly to understand their privacy practices.
Information We Collect
Information you give us
Some of the Services may include features or services that permit you to enter contact information and other information about you. We collect and store any information you, or our Clients, enter on our Services. This includes:
- Contact and demographic information, such as the information you provide when you complete forms or register to use our Services.
- Payment information and associated contact information when engaging in a transaction on our site.• Email address information when subscribing to our email newsletters.
- If you contact us, we may keep a record of that correspondence and any contact information provided.
Information our Clients give us about you
- Contact and demographic information, including email address.
- Device information collected from third-party API integrations. For example, Clients can use third-party integrations to record the Client website pages you visit and upload that information to our systems.
- Information about how you interact with Clients’ newsletters, including whether you open or click links in any correspondence.
- Any other information that Clients choose to upload to our systems, such as notes.
- Inferences about you that Clients derive from the information they give us, including which audience segments you are a part of. Clients use this information to send you communications that are more likely to be relevant to you.
Information We Collect Automatically
When you interact with the Services, certain information about your use of our Services is collected automatically. This includes:
- Details of your visits to our site and information generated in the course of the use of our site (including the timing, frequency, and pattern of service use) including, but not limited to, traffic data, location data, weblogs and other communication data, the resources that you access, and how you reached our site.
- Details regarding the device you use to access our Services, including, but not limited to, your IP address, operating system, and browser type.
- Information about how you interact with our ads and newsletters, including whether you open or click links in any correspondence.
Much of this information is collected through cookies, web beacons, and other tracking technologies, as well as through your web browser or device. Customer.io relies on partners to provide many features of our sites and Services using data about your use of Customer.io and other sites.
Our Cookie Declaration contains a list of these partners.
How We Use and Protect Your Information
We may use the information we collect from you for the following purposes:
- To provide you with our products and services, including to take steps to enter into a contract for sale or for services, process payments, fulfill orders, and send service communications.
- Create custom audiences on social media sites.
- To provide you with the best service and improve and grow our business, including by understanding our customer base and purchasing trends and understanding the effectiveness of our marketing.
- To understand how our Services are being used, track site performance, and make improvements.
- To deliver ads about our Services to you around the web and measure their effectiveness.
- To detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal, and to comply with legal requirements regarding the provision of products and services.
How We Secure the Information We Collect From or About You
We use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Services. While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf.
How We Share Your Information
- Service Providers: We engage vendors to perform specific business functions on our behalf, and they may receive information about you from us or collect it directly. These vendors are obligated by contract to use information that we share only for the purpose of providing these business function, which include:
- Supporting Service functionality, such as vendors that support customer service and customer relationship management, application development, postal mailings, and communications (email, fax).
- Auditing and accounting firms, such as firms that assist us in the creation of our financial records.
- Professional services consultants, such as firms that perform analytics, assist with improving our business, provide legal services, or supply project-based resources and assistance.
- Analytics and marketing services, including entities that analyze traffic on our online properties and assist with identifying and communicating with potential customers.
- Security vendors, such as entities that assist with security incident verification and response, service notifications, and fraud prevention.
- Information technology vendors, such as entities that assist with website design, hosting and maintenance; data and software storage; and network operation.
- Marketing vendors, such as entities that support distribution of marketing emails.
The service providers we use to directly support the delivery of our Services are listed here.
- Other parties when required by law or as necessary to protect the Services: We may disclose your information to third parties in order to protect the legal rights, safety, and security of Customer.io, our corporate parents, affiliates, and subsidiaries, and the users of our Services; enforce our Terms of Service; prevent fraud (or for risk management purposes); and comply with or respond to law enforcement or legal process or a request for cooperation by a government or other entity.
Additional Information About our Data Collection and Sharing Practices
Sharing of De-identified or Aggregated Data
We may share aggregated or de-identified data at our discretion.
Combination of Information
We may combine information from the Services together and with other information we obtain from our business records.
Change of Ownership or Corporate Organization
We may transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Policy.
Cross-border Transfer of Data
If you use our Services outside of the United States, you understand that we may collect, process, and store your information in the United States and other countries. The laws in the U.S. regarding information may be different from the laws of your state or country. Any such transfers will comply with safeguards as required by relevant law. By using the Services, you consent to the collection, international transfer, storage, and processing of your data.
Our Practices Regarding Information Belonging to Children
The Services are intended for users age thirteen and older. Customer.io does not knowingly collect information from children. If we discover that we have inadvertently collected information from anyone younger than the age of 13, we will delete that information.
Sharing of Medical or Health Information
To the extent that we receive protected health information about you, that information is subject to electronic disclosure to the extent permitted by applicable law.
Your Options and Rights Regarding Your Information
Please note that if you make a request to exercise your rights regarding information our Clients collected about you, then we will direct your inquiry to that Client because it is their responsibility to respond to you under the law.
Visit the “Sign In” page to update your contact information and payment method.
If at any time you would like to unsubscribe from receiving future emails, you can click the unsubscribe link at the bottom of any email, or email us at email@example.com and we will promptly remove you from all correspondence.
You can learn more about ad serving companies and the options available to limit their collection and use of your information by visiting the websites for the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative. Similarly, you can learn about your options to opt out of mobile app tracking by certain advertising networks through your device settings and by resetting the advertiser ID on your Apple or Android device.
Most web browsers automatically accept cookies but, if you prefer, you can usually modify your browser setting to disable or reject cookies. If you delete your cookies or if you set your browser to decline cookies, some features of the Services may not be available, work, or work as designed. You may also be able to opt out of or block tracking by interacting directly with the other companies who conduct tracking through our Services.
Please note that opting out of advertising networks’ services or modifying cookie behavior via your device’s controls does not mean that you will not receive advertising while using our Services or on other websites, nor will it prevent the receipt of interest-based advertising from other companies that do not participate in these programs. It will, however, exclude you from interest-based advertising conducted through participating networks, as provided by their policies and choice mechanisms. If you delete your cookies, you may also delete your opt-out preferences.
You may choose to activate a “do-not-track” signal via your browser. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. Because there currently is no industry standard concerning what, if anything, websites should do when they receive such signals, we currently does not take action in response to these signals. For more information on “do-not-track,” visit http://www.allaboutdnt.com.
Your California Privacy Rights
Persons with disabilities may obtain this notice in alternative format upon request by contacting us at firstname.lastname@example.org.
California Shine the Light
Residents of the State of California have the right to request information from Customer.io regarding other companies to whom the company has disclosed certain categories of information during the preceding year for those companies’ direct marketing purposes. If you are a California resident and would like to make such a request, please email email@example.com or write to us at 921 SW Washington St., Suite #820, Portland, OR 97205.
California Consumer Privacy Act
The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of personal information, as well as rights to know/access, delete, and limit sharing of personal information. To the extent that we collect personal information that is subject to the CCPA, that information, our practices, and your rights are described below.
Right to Notice at Collection Regarding the Categories of Personal Information Collected
You have the right to receive notice of the categories of personal information we collect, and the purposes for which those categories of personal information will be used. The following table summarizes the categories of personal information we collect, the categories of sources of that information, and whether we disclose or sell that information to service providers or third parties, respectively. The categories we use to describe the information are those enumerated in the CCPA, and additional information about the specific types of personal information we collect are described above in “Information We Collect.” We collect this personal information for the purposes described in the “How We Use and Protect Your Information” section above.
|Category of Personal Information||Categories of Sources||Categories of Entities to which We Disclose Personal Information||Categories of Entities to which We Sell Personal Information|
|Personal Identifiers||You; Clients; Customer.io’s social media pages||Service providers||None|
|Commercial Information||You||Service providers||None|
|Geolocation||You; Customer.io’s analytics partners||Service providers||Analytics and advertising partners (but only with respect to information that Customer.io collects directly, not from Clients)|
|Audio, electronic, visual, thermal, olfactory, or similar information, specifically call recordings||You||Service providers||None|
|Internet or Other Electronic Network Activity Information||You; Clients (via third-party integrations they choose); Customer.io’s analytics partners||Service providers||Analytics and advertising partners (but only with respect to information that Customer.io collects directly, not from Clients)|
We may use any of the categories of information listed above for other business or operational purposes compatible with the context in which the personal information was collected.
*Note on “Selling”: The CCPA defines “sale” and “personal information” broadly to include the information transfer between a website or app and third party tracking technologies. For this reason, Customer.io “sells” personal information.
Right to Opt Out of Sale of Personal Information to Third Parties
You have the right to opt out of any sale of your personal information by Customer.io to third parties. To exercise your right to opt out of the sale of your personal information, please visit our “Do Not Sell My Personal Information” webpage.
Please note that your right to opt out does not apply to our sharing of personal information with service providers, who are parties we engage to perform a function on our behalf and are contractually obligated to use the personal information only for that function.
Right to Know and Request Access to and Deletion of Personal Information
You have the right to request access to personal information collected about you and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. You also have the right to request in certain circumstances that we delete personal information that we have collected directly from you. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
You may submit a request to exercise your rights to know/access or delete your personal information through one of two means:
- By filling out a Consumer Data Request Form available here.
- By contacting us using the information below.
In order to process your request to know/access or delete personal information we collect, disclose, or sell, we must verify your request. We do this by asking you to provide personal identifiers we can match against information we may have collected from you previously and confirm your request using the email or telephone account stated in the request.
You may authorize another individual or a business registered with the California Secretary of State, called an authorized agent, to make requests on your behalf. We will require verification of the authorized agent’s identity and confirmation that you have authorized them to act on your behalf.
Customer.io does not offer any rewards programs or incentives for the collection or sharing of data at this time.
Special Information for Nevada Residents
Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to other companies who will sell or license their information to others. At this time, Customer.io does not engage in such sales. If you are a Nevada resident and would like more information about our data sharing practices, please email firstname.lastname@example.org.
Information for Individuals Located in the EEA and Switzerland
We process “Personal Data,” as that term is defined in the EU General Data Protection Regulation, on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide Services; and (3) as necessary for our legitimate interests in providing the Services where those interests do not override your fundamental rights and freedom related to data privacy. Information we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or subcontractors maintain facilities, as described above.
Users that reside in the European Economic Area (“EEA”) or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here.
If you are a resident of the EEA or Switzerland, you are entitled to certain rights. Please note: In order to verify your identity, we may require you to provide us with information prior to accessing any records containing information about you. These rights include the ability:
- to request from us access to information held about you.
- to ask for the information we hold about you to be rectified if it is inaccurate or incomplete.
- to ask for data to be erased if the data is no longer necessary for the purpose for which it was collected, you withdraw consent and no other legal basis for processing exists, or you believe your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing.
- to request that we restrict our processing if we are processing your data based on legitimate interests or the performance of a task in the public interest as an exercise of official authority (including profiling); using your data for direct marketing (including profiling); or processing your data for purposes of scientific or historical research and statistics.
To submit a request to exercise your rights, please contact us at email@example.com. We may have a reason under the law why we do not have to comply with your request, or may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
Changes to This Policy
We may make changes to this Policy from time to time. We will post any changes here, and such changes will become effective when they are posted. Your continued use of our Services following the posting of any changes will mean you consent to those changes.
For questions about our privacy practices, contact us at:
Peaberry Software Inc. d/b/a Customer.io
9450 SW Gemini Dr., Suite 43920, Beaverton, Oregon 97008-7105.