Sift Website Privacy Notice

Effective: April 15, 2019

Previous Website Privacy Notice available here

Our commitment to privacy

Sift Science, Inc. (“Sift”, “we” or “us”) respects your privacy and wants you to be informed about what we do. This Website Privacy Notice (this “Notice” explains who we are, how we collect, share, and use personal information about you, and how you can exercise your privacy rights.

This Notice applies to the processing of personal information collected by us through our website https://sift.com and any sub-domains) (the “Website”) and in connection with our events, sales, and marketing activities or to register you as a visitor to our offices.

For information about how we process personal information that we collect if you use or otherwise interact with the Sift fraud prevention products, applications, and services, see our Service Privacy Notice.

Quick Links

We recommend that you read this Notice in full to ensure that you are fully informed. However, if you would like to access a particular section of this Notice, then you can click on the relevant link below to jump to that section.

PART I. WHO WE ARE

Sift is a Software-as-a-Service (SaaS) company based in San Francisco, California. We help online businesses (our “Customers”) detect and address fraud and other malicious behavior on their digital properties, such as their websites and mobile applications, using our proprietary real-time machine learning technology (the “Sift Services”).

For further information about our collection and use of information in connection with the Sift Services, please see our Service Privacy Notice.

PART II. WHAT WE COLLECT, HOW WE USE IT, AND THE LEGAL BASIS

Information We Collect

We may collect the following types of personal information about you:

Information that you provide to us

Certain parts of our Website might ask you to provide personal information voluntarily - for example, if you provide your contact details to register an account with us, subscribe to marketing communications (like our newsletters), access a demo or white paper, or enable us to contact you. We may also collect information from you in person at a tradeshow or event or when you register as a visitor at our offices.

If you contact us to find out more about the Sift Services (whether via our website or via a phone call with one of our sales representatives), we will collect personal information about you so that we can fulfill your request.

The personal information we collect may include:

  • contact information (such as, your name, address, telephone number, and email address) and the nature of your communication;
  • professional information (such as, your company name, job title, and company address);
  • marketing information (such as, your contact preferences); and
  • any other information you choose to provide to us when completing any 'free text' boxes in our forms (for example, for event sign-up or bot interaction).

We use this information (alone or in combination with other information we have collected about you):

  • To respond to your requests or provide information you’ve requested to perform our contract with you, or if we have not contracted directly with you, in reliance on our legitimate interest in managing communications with you.
  • For security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access.
  • To send administrative or account related information to you in reliance on our legitimate interests in managing your account.
  • To comply with and enforce applicable legal requirements, agreements, and policies.
  • To send you marketing and promotional materials (for example, newsletters, telemarketing calls, or SMS or push notifications), if this is in accordance with your marketing preferences, as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided prior consent. You can opt-out of our marketing at any time (see the section below).
  • For other business purposes - such as, data analysis, identifying usage trends, determining the effectiveness of our marketing and to enhance, customize, and improve our Websites, products and services - in reliance on our legitimate interests in expanding and developing our business activities.

Information that we collect automatically

When you visit our Website, Sift (like most website owners) collects certain information related to your device, such as your device's IP address, device type, browser type, broad geographic location (e.g. country or city-level location), referring website, what pages your device visited, and the time that your device visited our Website.

We (including our vendors) may use cookies, pixel tags, web beacons, embedded web links, and similar technologies. You can opt-out of certain collection technologies (such as cookies) but please note that you then might not be able to take advantage of many of the tailored features of our Website. For more information on our use of cookies, including how to change your cookie preferences, please see our Website Cookie Notice.

We use this information (alone or in combination with other information we have collected about you):

  • To administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes in reliance on our legitimate interests;
  • To understand how our Website is used and to improve our Website to ensure that content is presented in the most effective manner for you and your computer in reliance on our legitimate interests;
  • To display personalized advertising and content to you on and off our Website, based on your browsing activities on the Website to the extent necessary for legitimate interests in advertising our Website and services, or where necessary, to the extent you have provided prior consent; and
  • As part of our efforts to keep our Website safe and secure in reliance on our legitimate interests in ensuring the security of our Website.

Information we obtain from third party sources

We may obtain information about you from other sources, such as public databases, joint marketing partners, data providers, or social media platforms. This information may include the following: mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, LinkedIn URLs or custom profiles.

We use this information (alone or in combination with other information we have collected about you) to enhance our ability to provide relevant marketing, offers, and services, including for the purposes of targeted advertising, delivering more relevant email content, event promotion, and profiling in reliance on our legitimate interests in conducting our marketing activities and promoting the Sift Services.

Sharing information with third parties

We may share and disclose information about you in the following circumstances:

  • Vendors, consultants and other service providers
    We may share your information with third party vendors, consultants and other service providers who provide data processing services to us and with whom the sharing of such information is necessary to undertake that work. Examples of these type of service providers include: processing billing, providing customer support, hosting our infrastructure, data enrichment, or online and offline marketing optimizations. Prior to sharing data with a provider, Sift assesses the provider’s security controls to ensure the data is adequately protected.
  • Professional advisors
    We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services they render to us.
  • Compliance with laws
    We may disclose your information to any competent law enforcement body, regulator, government agency court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person (see below).
  • Vital interests and legal rights
    We may disclose information about you if we believe it necessary to protect the vital interests or legal rights of Sift, you, or any other person.
  • Corporate Affiliates and Transactions
    We may provide your information to our affiliates (meaning any subsidiary, parent company or company under common control with Sift). Our affiliates will use your information only for the purposes described in this Notice. Additionally, if Sift is involved in a merger, acquisition or sale of all or a portion of its assets, your information may be shared or transferred as part of that transaction, as permitted by law.

PART III. INTERNATIONAL TRANSFERS, SECURITY, AND DATA RETENTION

Processing of personal information in the US and other territories

Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country. Specifically, our servers are located in the United States, and our third party service providers and partners operate around the world. This means that when we collect your personal information we may process it in different countries. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Notice.

EU-US and Swiss-US Privacy Shield Frameworks

With respect to personal information we receive in the United States concerning individuals in the EU and Switzerland, we comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce when we transfer personal information from the European Union, the United Kingdom, and Switzerland to our servers in the United States for processing. Please see our Privacy Shield Notice to learn more. If there is any conflict between the terms in this Notice and the Privacy Shield Principles (as set out in the Privacy Shield Frameworks), the Privacy Shield Principles shall govern.

Security safeguards

We use appropriate technical and organizational security measures to protect personal information we process about visitors to our Website against unauthorized access, disclosure, alteration, and destruction. However, please note that no Internet transmission can ever be guaranteed 100% secure, and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, secure email, and similar technologies to protect yourself online. For the latest information about the controls we have in place to safeguard personal information, view our Security Overview.

Data retention

We retain your personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements) and for a period of time consistent with the original purpose as described in this Notice. We determine the appropriate retention period for personal information on the basis of the amount, nature, and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).

After expiration of the applicable retention periods, we will either delete or anonymize your personal information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

PART IV. YOUR PRIVACY RIGHTS

Depending on your location and subject to applicable law, you may have the following rights with regard to personal information we control about you:

Access, review, change, update, or delete your information

You can access, review, modify, and request deletion of any personal information that we process about you, as required by law. You can send an email to privacy@sift.com to exercise these rights.

Objection to processing of, or requesting restriction or portability of, personal information (EEA residents)

In addition, if you are a resident of the European Economic Area (“EEA”) and we can properly identify you, you can object to processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information. To exercise these rights, email privacy@sift.com.

Unsubscribe from our mailing list

You may at any time ask us to stop sending marketing communications to you, including by clicking "Unsubscribe" in any email communications we send you. If you have any questions in relation to the "Unsubscribe" process, please feel free to get in touch via the contact details set out below. If you choose to no longer receive marketing information, we may still communicate with you regarding such things as your security updates, product functionality, responses to service requests, or other transactional, non-marketing/administrative related purposes.

Withdrawal of consent

If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. To withdraw your consent to any processing, email privacy@sift.com.

Right to complain to a data protection authority

You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To protect your privacy and security, we may need to take reasonable steps to verify your identity before responding to your request.

PART V. OTHER IMPORTANT INFORMATION

Children and sensitive information

We do not knowingly collect any information from anyone under 13 years of age, and in the EEA under 16. The Website and its content are directed to people who are at least 18 years of age or older. If you are under the age of 18, you may not use this Website unless you have the consent of, and are supervised by, a parent or guardian.

Sift does not knowingly collect or utilize any sensitive personal information, such as, health information, full financial account information, or government identifiers. In the EEA, we do not knowingly collect or utilize any personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic or biometric data for the purpose of uniquely identifying an individual, or data concerning an individual’s health, sex life, or sexual orientation. We ask that you not provide us with such information.

Other websites

Please be aware that we are not responsible for the privacy practices of other websites that are linked to from our Website. We encourage our visitors to be aware when they leave our Website and to read the privacy statements or policies of each and every website that they visit.

Changes to the Notice

We may revise this Notice from time to time in response to changing legal, technical, or business developments. The most current version of this Notice will govern our use of your personal information. If we make any material changes to this Notice, we will post the updated version here. You can see when this Notice was last updated by checking the “last updated” or “effective” date displayed at the top of this Notice.

PART VI. HOW TO CONTACT US

Contact details

Please contact Sift with any questions or comments about this Notice or our privacy practices at:

Sift Science, Inc.
Attn: Privacy Officer
123 Mission Street, 20th Floor
San Francisco, CA 94105
Email: privacy@sift.com

Controller Status, Data Protection Officer, and EU Representative

If you are a resident in the EEA, Sift Science, Inc. is the controller of the personal information (i.e., personal data under European data protection legislation) covered by this Notice.

EEA data subjects may contact our Data Protection Officer by emailing dpo@sift.com.

If you are located in the United Kingdom or the EEA, you may contact Achieved Compliance Advocacy, our appointed representative in the UK and the EU, at the following addresses:
UK
By email: sift@privacyrep.co.uk
By mail: 40 Oxford Road, High Wycombe, Buckinghamshire, UK HP11 2EE
EEA
By email: sift@gdprrepresentative.eu
By mail: Singel 250, 1016 AB Amsterdam, Netherlands

Further Privacy Resources

Service Privacy Policy

Privacy Shield Notice

Security Overview

Website Cookie Notice

Terms of Service