Website Privacy Notice
Last Updated: September 25, 2024
Previous Website Privacy Notice available here.
Our commitment to privacy
Sift Science, Inc. (“Sift”, “we” or “us”) respects your privacy and wants you to be informed about what we do. This Website Privacy Notice (this “Notice”) explains who we are, how we collect, share, and use personal information about you, and how you can exercise your privacy rights.
This Notice applies to the processing of personal information collected by us through our website ( and any sub-domains, except the Sift console at console.sift.com) (the “Website”) and in connection with our events, sales, and marketing activities or to register you as a visitor to our offices. If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Iowa, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, please also review our Supplemental U.S. State Law Privacy Notice which describes certain disclosures and rights available to you under your state’s privacy laws, when such laws are effective.
For information about how we process personal information that we collect if you use or otherwise interact with the Sift fraud prevention products, applications, and services, see our Service Privacy Notice.
Quick Links
We recommend that you read this Notice in full to ensure that you are fully informed. However, if you would like to access a particular section of this Notice, then you can click on the relevant link below to jump to that section.
-
PART II. WHAT WE COLLECT, HOW WE USE IT, AND THE LEGAL BASIS
-
PART III. INTERNATIONAL TRANSFERS, SECURITY AND DATA RETENTION
PART I. WHO WE ARE
Sift is a Software-as-a-Service (SaaS) company based in San Francisco, California. We help online businesses (our “Customers”) detect and address fraud and other malicious behavior on their digital properties, such as their websites and mobile applications, using our proprietary real-time machine learning technology (the “Sift Services”).
For further information about our collection and use of information in connection with the Sift Services, please see our Service Privacy Notice.
PART II. WHAT WE COLLECT, HOW WE USE IT, AND THE LEGAL BASIS
Information We Collect
We may collect the following types of personal information about you:
Information that you provide to us
Certain parts of our Website might ask you to provide personal information voluntarily – for example, if you provide your contact details to register an account with us, subscribe to marketing communications (like our newsletters), access a demo or white paper, or enable us to contact you. We may also collect information from you in person at a tradeshow or event or when you register as a visitor at our offices.
If you contact us to find out more about the Sift Services (whether via our website or via a phone call with one of our sales representatives), we will collect personal information about you so that we can fulfill your request.
The personal information we collect may include:
-
contact information (such as, your name, address, telephone number, and email address) and the nature of your communication;
-
professional information (such as, your company name, job title, and company address);
-
marketing information (such as, your contact preferences); and
-
any other information you choose to provide to us when completing any ‘free text’ boxes in our forms (for example, for event sign-up or bot interaction).
We use this information (alone or in combination with other information we have collected about you):
-
To respond to your requests or provide information you’ve requested to perform our contract with you, or if we have not contracted directly with you, in reliance on our legitimate interest in managing communications with you.
-
For security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access.
-
To send administrative or account related information to you in reliance on our legitimate interests in managing your account.
-
To comply with and enforce applicable legal requirements, agreements, and policies.
-
To validate your identity when seeking to exercise your privacy rights.
-
To process your information for marketing purposes, which may involve sending you marketing and promotional materials (for example, newsletters, telemarketing calls, or SMS or push notifications), if this is in accordance with your marketing preferences, as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided prior consent. This may involve processing your information using machine learning and artificial intelligence technologies, including profiling. This may also involve using email tracking technologies for marketing purposes to measure email engagement. You can opt-out of our marketing at any time (see the below section on how to Unsubscribe from Our Mailing List).
-
For other business purposes – such as, data analysis, identifying usage trends, determining the effectiveness of our marketing and to enhance, customize, and improve our Websites, products and services – in reliance on our legitimate interests in expanding and developing our business activities.
Information that we collect automatically
When you visit our Website, Sift (like most website owners) collects certain information related to your device, such as your device’s IP address, device type, browser type, broad geographic location (e.g. country or city-level location), referring website, what pages your device visited, and the time that your device visited our Website.
We (including our vendors) may use cookies, pixel tags, web beacons, embedded web links, and similar technologies. You can opt-out of certain collection technologies (such as cookies) but please note that you then might not be able to take advantage of many of the tailored features of our Website. For more information on our use of cookies, including how to change your cookie preferences, please see our Website Cookie Notice.
We use this information (alone or in combination with other information we have collected about you):
-
To administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes in reliance on our legitimate interests;
-
To understand how our Website is used and to improve our Website to ensure that content is presented in the most effective manner for you and your computer in reliance on our legitimate interests;
-
To display personalized advertising and content to you on and off our Website, based on your browsing activities on the Website to the extent necessary for legitimate interests in advertising our Website and services, or where necessary, to the extent you have provided prior consent; and
-
As part of our efforts to keep our Website safe and secure in reliance on our legitimate interests in ensuring the security of our Website.
Information we obtain from third party sources
We may obtain information about you from other sources, such as public databases, joint marketing partners, data providers, or social media platforms. This information may include the following: mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, LinkedIn URLs or custom profiles.
We use this information (alone or in combination with other information we have collected about you) to enhance our ability to provide relevant marketing, offers, and services, including for the purposes of targeted advertising, delivering more relevant email content, event promotion, and profiling in reliance on our legitimate interests in conducting our marketing activities and promoting the Sift Services.
Sharing information with third parties
We may share and disclose information about you in the following circumstances:
-
Vendors, consultants and other service providers
We may share your information with third party vendors, consultants and other service providers who provide data processing services to us and with whom the sharing of such information is necessary to undertake that work. Examples of these type of service providers include: processing billing, providing customer support, hosting our infrastructure, data enrichment, identity verification, or online and offline marketing optimizations, including the use of machine learning technologies, artificial intelligence or profiling. -
Third party vendor integrations
We may offer you the ability to use third party vendor integrations through our Services. If you choose to use these third party vendor integrations, then you are directly interacting with that third party vendor and providing or directing us to provide information, including Personal Information, to them for purposes of facilitating the integration. -
Professional advisors
We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services they render to us. -
Compliance with laws
We may disclose your information to any competent law enforcement body, regulator, government agency court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person (see below). -
Vital interests and legal rights
We may disclose information about you if we believe it necessary to protect the vital interests or legal rights of Sift, you, or any other person. -
Corporate Affiliates and Transactions
We may provide your information to our affiliates (meaning any subsidiary, parent company or company under common control with Sift). Our affiliates will use your information only for the purposes described in this Notice. Additionally, if Sift is involved in a merger, acquisition or sale of all or a portion of its assets, your information may be shared or transferred as part of that transaction, as permitted by law.
PART III. INTERNATIONAL TRANSFERS, SECURITY, AND DATA RETENTION
Processing of personal information in the US and other territories
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country. Specifically, please be aware that our facilities are located in the United States, and our third party service providers and partners operate around the world. This means that when we collect your personal information we may process it in different countries. However, regardless of where your data is processed we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Notice.
European data transfers
If you are resident in the EEA, UK or Switzerland, we will protect your personal information when it is transferred outside of your jurisdiction by: (i) processing it in a territory that provides an adequate level of protection for personal information based on the receiving country’s data protection laws; and/or (ii) implementing appropriate safeguards to protect your personal information, such as requiring the recipient to comply with the Standard Contractual Clauses, or another lawful and approved transfer mechanism.
Security safeguards
We use technical and organizational security measures designed to protect personal information we process about visitors to our Website against unauthorized access, disclosure, alteration, and destruction. However, please note that no Internet transmission can ever be guaranteed 100% secure, and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, secure email, and similar technologies to protect yourself online.
Data retention
We retain your personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements) and for a period of time consistent with the original purpose as described in this Notice. We determine the appropriate retention period for personal information on the basis of the amount, nature, and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiration of the applicable retention periods, we will either delete or anonymize your personal information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
PART IV. YOUR PRIVACY RIGHTS
Depending on your location and subject to applicable law, you may have the following rights with regard to personal information we control about you:
Access, review, change, update, or delete your information (EEA, UK and Swiss residents)
You may access (data portability), review, modify, and request deletion of any personal information that we process about you, as required by law. You may submit such a request by one of the following: (i) send an email to [email protected], (ii) complete this webform, or (iii) call us toll free at (+1) 877-571-0124. To protect your privacy and security, we may need to take reasonable steps to verify your identity before responding to your request. Specifically, we (or our third party service provider acting on our behalf) may need to collect a copy of your photo ID and any other information necessary to confirm your identity. Such information will be securely processed in accordance with this Notice and only used for the purpose of verifying your identity.
Objection to processing of, or requesting restriction or portability of, personal information (EEA, UK, and Swiss residents)
In addition, if you are a resident of the European Economic Area (“EEA”), United Kingdom or Switzerland and we can properly verify your identity, you can object to processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information. To exercise these rights, email [email protected].
Unsubscribe from our mailing list
You may at any time ask us to stop sending marketing communications to you, including by clicking “Unsubscribe” in any email communications we send you. If you have any questions in relation to the “Unsubscribe” process, please feel free to get in touch via the contact details set out below. If you choose to no longer receive marketing information, we may still communicate with you regarding such things as your security updates, product functionality, responses to service requests, or other transactional, non-marketing/administrative related purposes.
Withdrawal of consent
If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. To withdraw your consent to any processing, email [email protected].
Right to complain to a data protection authority
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and UK are available here and Switzerland are here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To protect your privacy and security, we may need to take reasonable steps to verify your identity before responding to your request.
PART V. OTHER IMPORTANT INFORMATION
Other websites
Please be aware that we are not responsible for the privacy practices of other websites that are linked to from our Website. We encourage our visitors to be aware when they leave our Website and to read the privacy statements or policies of each and every website that they visit.
Changes to this Notice
We may revise this Notice from time to time in response to changing legal, technical, or business developments. The most current version of this Notice will govern our use of your personal information. If we make any material changes to this Notice, we will post the updated version here. You can see when this Notice was last updated by checking the “last updated” or “effective” date displayed at the top of this Notice.
PART VI. HOW TO CONTACT US
Contact details
Please contact Sift with any questions or comments about this Notice or our privacy practices at:
Sift Science, Inc.
Attn: Privacy Officer
525 Market Street, Sixth Floor
San Francisco, CA 94105
Email: [email protected]
Controller Status, Data Protection Officer, and EU Representative
If you are a resident in the EEA, United Kingdom, or Switzerland, Sift Science, Inc. is the controller of the personal information (i.e., personal data under European data protection legislation) covered by this Notice.
You may contact our Data Protection Officer by emailing [email protected] or using the mailing address listed in the Contact Details section above. Our EU representative (for EEA, UK or Swiss data subjects) is:
Sift Science Ireland Limited
by email: [email protected]
by mail: Sift Science Ireland Limited c/o Sift Science, Inc. 525 Market Street, Sixth Floor, San Francisco, CA 94105
Further Privacy Resources
Service Privacy Notice
Supplemental U.S. State Law Privacy Notice
Website Cookie Notice