Sift Website Privacy Notice
Effective: October 19, 2020
Updated: March 18, 2021
Our commitment to privacy
Sift Science, Inc. (“Sift”, “we” or “us”) respects your privacy and wants you to be informed about what we do. This Website Privacy Notice (this “Notice”) explains who we are, how we collect, share, and use personal information about you, and how you can exercise your privacy rights.
This Notice applies to the processing of personal information collected by us through our website https://sift.com and any sub-domains) (the “Website”) and in connection with our events, sales, and marketing activities or to register you as a visitor to our offices.
For information about how we process personal information that we collect if you use or otherwise interact with the Sift fraud prevention products, applications, and services, see our Service Privacy Notice.
We recommend that you read this Notice in full to ensure that you are fully informed. However, if you would like to access a particular section of this Notice, then you can click on the relevant link below to jump to that section.
Sift is a Software-as-a-Service (SaaS) company based in San Francisco, California. We help online businesses (our “Customers”) detect and address fraud and other malicious behavior on their digital properties, such as their websites and mobile applications, using our proprietary real-time machine learning technology (the “Sift Services”).
For further information about our collection and use of information in connection with the Sift Services, please see our Service Privacy Notice.
We may collect the following types of personal information about you:
Certain parts of our Website might ask you to provide personal information voluntarily - for example, if you provide your contact details to register an account with us, subscribe to marketing communications (like our newsletters), access a demo or white paper, or enable us to contact you. We may also collect information from you in person at a tradeshow or event or when you register as a visitor at our offices.
If you contact us to find out more about the Sift Services (whether via our website or via a phone call with one of our sales representatives), we will collect personal information about you so that we can fulfill your request.
The personal information we collect may include:
- contact information (such as, your name, address, telephone number, and email address) and the nature of your communication;
- professional information (such as, your company name, job title, and company address);
- marketing information (such as, your contact preferences); and
- any other information you choose to provide to us when completing any 'free text' boxes in our forms (for example, for event sign-up or bot interaction).
We use this information (alone or in combination with other information we have collected about you):
- To respond to your requests or provide information you’ve requested to perform our contract with you, or if we have not contracted directly with you, in reliance on our legitimate interest in managing communications with you.
- For security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access.
- To send administrative or account related information to you in reliance on our legitimate interests in managing your account.
- To comply with and enforce applicable legal requirements, agreements, and policies.
- To validate your identity when seeking to exercise your privacy rights.
- To send you marketing and promotional materials (for example, newsletters, telemarketing calls, or SMS or push notifications), if this is in accordance with your marketing preferences, as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided prior consent. You can opt-out of our marketing at any time (see the section below).
- For other business purposes - such as, data analysis, identifying usage trends, determining the effectiveness of our marketing and to enhance, customize, and improve our Websites, products and services - in reliance on our legitimate interests in expanding and developing our business activities.
When you visit our Website, Sift (like most website owners) collects certain information related to your device, such as your device's IP address, device type, browser type, broad geographic location (e.g. country or city-level location), referring website, what pages your device visited, and the time that your device visited our Website.
We use this information (alone or in combination with other information we have collected about you):
- To administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes in reliance on our legitimate interests;
- To understand how our Website is used and to improve our Website to ensure that content is presented in the most effective manner for you and your computer in reliance on our legitimate interests;
- To display personalized advertising and content to you on and off our Website, based on your browsing activities on the Website to the extent necessary for legitimate interests in advertising our Website and services, or where necessary, to the extent you have provided prior consent; and
- As part of our efforts to keep our Website safe and secure in reliance on our legitimate interests in ensuring the security of our Website.
We may obtain information about you from other sources, such as public databases, joint marketing partners, data providers, or social media platforms. This information may include the following: mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, LinkedIn URLs or custom profiles.
We use this information (alone or in combination with other information we have collected about you) to enhance our ability to provide relevant marketing, offers, and services, including for the purposes of targeted advertising, delivering more relevant email content, event promotion, and profiling in reliance on our legitimate interests in conducting our marketing activities and promoting the Sift Services.
We may share and disclose information about you in the following circumstances:
- Vendors, consultants and other service providers
We may share your information with third party vendors, consultants and other service providers who provide data processing services to us and with whom the sharing of such information is necessary to undertake that work. Examples of these type of service providers include: processing billing, providing customer support, hosting our infrastructure, data enrichment, identity verification, or online and offline marketing optimizations. Prior to sharing data with a provider, Sift assesses the provider’s security controls to ensure the data is adequately protected.
- Professional advisors
We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services they render to us.
- Compliance with laws
We may disclose your information to any competent law enforcement body, regulator, government agency court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person (see below).
- Vital interests and legal rights
We may disclose information about you if we believe it necessary to protect the vital interests or legal rights of Sift, you, or any other person.
- Corporate Affiliates and Transactions
We may provide your information to our affiliates (meaning any subsidiary, parent company or company under common control with Sift). Our affiliates will use your information only for the purposes described in this Notice. Additionally, if Sift is involved in a merger, acquisition or sale of all or a portion of its assets, your information may be shared or transferred as part of that transaction, as permitted by law.
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country. Specifically, please be aware that our facilities are located in the United States, and our third party service providers and partners operate around the world. This means that when we collect your personal information we may process it in different countries. However, regardless of where your data is processed we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Notice.
If you are resident in the EEA, UK or Switzerland, we will protect your personal information when it is transferred outside of your jurisdiction by: (i) processing it in a territory that provides an adequate level of protection for personal information based on the receiving country's data protection laws; and/or (ii) implementing appropriate safeguards to protect your personal information, such as requiring the recipient to comply with the Standard Contractual Clauses, or another lawful and approved transfer mechanism.
In addition, although we do not rely on the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce to lawfully receive EEA, UK or Swiss personal information in the US, we previously certified our adherence to the Privacy Shield Principles with respect to such personal information that we transferred to our servers in the United States for processing. Sift has withdrawn from the EU-US and Swiss-US Privacy Shield Frameworks. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.
We use technical and organizational security measures designed to protect personal information we process about visitors to our Website against unauthorized access, disclosure, alteration, and destruction. However, please note that no Internet transmission can ever be guaranteed 100% secure, and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, secure email, and similar technologies to protect yourself online.
We retain your personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements) and for a period of time consistent with the original purpose as described in this Notice. We determine the appropriate retention period for personal information on the basis of the amount, nature, and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiration of the applicable retention periods, we will either delete or anonymize your personal information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Depending on your location and subject to applicable law, you may have the following rights with regard to personal information we control about you:
Access, review, change, update, or delete your information (EEA, UK and Swiss residents, and California residents)
You may access (data portability), review, modify, and request deletion of any personal information that we process about you, as required by law. You may submit such a request by one of the following: (i) send an email to email@example.com, (ii) complete this webform, or (iii) call us toll free at 877-571-0124. To protect your privacy and security, we may need to take reasonable steps to verify your identity before responding to your request. Specifically, we (or our third party service provider acting on our behalf) may need to collect a copy of your photo ID and any other information necessary to confirm your identity. Such information will be securely processed in accordance with this Notice and only used for the purpose of verifying your identity.
Objection to processing of, or requesting restriction or portability of, personal information (EEA, UK, and Swiss residents)
In addition, if you are a resident of the European Economic Area (“EEA”), United Kingdom or Switzerland and we can properly verify your identity, you can object to processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information. To exercise these rights, email firstname.lastname@example.org.
You may at any time ask us to stop sending marketing communications to you, including by clicking "Unsubscribe" in any email communications we send you. If you have any questions in relation to the "Unsubscribe" process, please feel free to get in touch via the contact details set out below. If you choose to no longer receive marketing information, we may still communicate with you regarding such things as your security updates, product functionality, responses to service requests, or other transactional, non-marketing/administrative related purposes.
If we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. To withdraw your consent to any processing, email email@example.com.
You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and UK are available here and Switzerland are here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To protect your privacy and security, we may need to take reasonable steps to verify your identity before responding to your request.
This Supplemental Privacy Notice supplements the information in our Privacy Notice above and applies solely to California residents.
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).
Throughout this Notice, we discuss in detail the specific pieces of personal information we collect from and about users. Under the CCPA, we are also required to provide you with the “categories” of personal information we collect. The categories we collect are: identifiers (such as name, address, email address); internet or other network or device activity (such as browsing history or Services usage); general geolocation information (e.g., your city and state based on IP address); professional or employment related data; and other information that identifies or can be reasonably associated with you.
We and our service providers may use the categories of personal information we collect from and about you consistent with the various business purposes and commercial we discuss throughout this Notice. Please see the relevant section(s) above for more information.
Sift may disclose the following categories of information about you or your use of the Website for business purposes (as defined by applicable law) or as required by applicable law: identifiers (such as name, address, email address); internet or other network or device activity (such as browsing history or services usage); general geolocation information (e.g., your city and state based on IP address); professional or employment related data; and other information that identifies or can be reasonably associated with you.
The CCPA sets forth certain obligations for businesses that “sell” personal information. We do not sell information that directly identifies you, such as your name and email address. We share certain information and allow third parties to collect certain information about your activity, for example through cookies, as explained in both the “Sharing information with third parties” section and our Website Cookie Notice. You can control these cookies through browser settings and other controls. We do not believe these activities are a sale of personal information under the current regulatory guidance for the CCPA.
As provided by the CCPA, you may exercise certain privacy rights outlined in Part IV. Privacy Rights. You may authorize another person (your “agent”) to submit a request on your behalf. Please note that before completing any requests, and in addition to our identification verification process, we are required to verify that your agent has been properly authorized to request information on your behalf and this may take additional time to fulfill your request.
Under Part IV. Privacy Rights, we include information as to how you can exercise your privacy rights under the CCPA. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide you a different level or quality of goods or services; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. However, we may offer you certain financial incentives permitted by CCPA that can result in different prices, rates or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
We do not knowingly collect any information from anyone under 16 years of age. The Website and its content are directed to people who are at least 18 years of age or older. If you are under the age of 18, you may not use this Website unless you have the consent of, and are supervised by, a parent or guardian.
Sift does not knowingly collect or utilize any sensitive personal information, such as, health information, full financial account information, or government identifiers. In the EEA, UK or Switzerland, we do not knowingly collect or utilize any personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic or biometric data for the purpose of uniquely identifying an individual, or data concerning an individual’s health, sex life, or sexual orientation. We ask that you not provide us with such information.
Please be aware that we are not responsible for the privacy practices of other websites that are linked to from our Website. We encourage our visitors to be aware when they leave our Website and to read the privacy statements or policies of each and every website that they visit.
We may revise this Notice from time to time in response to changing legal, technical, or business developments. The most current version of this Notice will govern our use of your personal information. If we make any material changes to this Notice, we will post the updated version here. You can see when this Notice was last updated by checking the “last updated” or “effective” date displayed at the top of this Notice.
Please contact Sift with any questions or comments about this Notice or our privacy practices at:
Sift Science, Inc.
Attn: Privacy Officer
525 Market Street, Sixth Floor
San Francisco, CA 94105
If you are a resident in the EEA, United Kingdom, or Switzerland, Sift Science, Inc. is the controller of the personal information (i.e., personal data under European data protection legislation) covered by this Notice.
You may contact our Data Protection Officer by emailing firstname.lastname@example.org or using the mailing address listed in the Contact Details section above. Our EU representative (for EEA, UK or Swiss data subjects) is:
Sift Science Ireland Limited
by email: email@example.com
by mail: Sift Science Ireland Limited c/o Sift Science, Inc. 525 Market Street, Sixth Floor, San Francisco, CA 94105