Sift Supplemental U.S. State Law Privacy Notice
Last Updated: December 20, 2024. Previous version available here.
Sift Science, Inc. (“Sift”, “we” or “us”) respects your privacy and wants you to be informed about what we do. This Supplemental U.S. State Law Privacy Notice (this “Notice”) applies to residents of California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia and explains how we Process Personal Information about you and how you can exercise your privacy rights under your state’s privacy law, when such law is effective.
1. Definitions. For the purposes of this Notice:
(1) “State Privacy Laws” means, collectively, all U.S. state privacy laws and their implementing regulations, as amended or superseded from time to time, that apply generally to the processing of individuals’ Personal Information and that do not apply solely to specific industry sectors (e.g., financial institutions), specific demographics (e.g., children), or specific classes of information (e.g., health or biometric information). State Privacy Laws include the following:
-
- California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (California Civil Code §§ 1798.100 to 1798.199) (“CCPA”);
- Colorado Privacy Act (Colorado Rev. Stat. §§ 6-1-1301 to 6-1-1313) (“ColoPA”);
- Connecticut Personal Data Privacy and Online Monitoring Act (Public Act No. 22-15) (“CPOMA”);
- Delaware Personal Data Privacy Act (Del. Code tit. 6 §§ 12D-101 to 12D-111) (“DPDPA”);
- Iowa Consumer Data Protection Act (Iowa Code Ann. §§ 715D.1 to 715D.9) (“ICDPA”);
- Montana Consumer Data Privacy Act (Mont. Code Ann. §§ 30-14-2801 to 30-14-2817) (“MTCDPA”);
- Nebraska Data Privacy Act (L.B.1074) (“NDPA”)
- New Hampshire Privacy Act (S.B. 225, 2023 Leg., Reg. Sess. (NH. 2023)) (“NHPA”);
- New Jersey Privacy Act (S.B. 332, 220th Leg., Reg. Sess. (Nj. 2024)) (“NJPA”);
- Oregon Consumer Privacy Act (S.B. 619, 82nd Leg. Assemb., Reg. Sess. (Or. 2023)) (“OCPA”);
- Tennessee Information Privacy Act (Tenn. Code Ann. §§ 47-18-3201 to 47-18-3213) (“TIPA”);
- Texas Data Privacy and Security Act (Tex. Bus. & Com. Code §§ 541.001 to 541.205) (“TDPSA”);
- Utah Consumer Privacy Act (Utah Code Ann. §§ 13-61-101 to 13-61-404) (“UCPA”); and
- Virginia Consumer Data Protection Act (Virginia Code Ann. §§ 59.1-575 to 59.1-585) (“VCDPA”).
(2) “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable natural person. Where applicable, Personal Information shall be interpreted consistent with the same or similar term under State Privacy Laws.
(3) “Share,” “Shared,” and “Sharing” have the meaning defined in the CCPA.
(4) “Sale” and “Selling” have the meaning defined in the State Privacy Laws.
(5) “Controller” means “Controller” or “Business” as those terms are defined in the State Privacy Laws.
(6) “Processor” means “Processor,” “Service Provider,” or “Contractor” as those terms are defined in the State Privacy Laws.
(7) “Consumer” has the meaning defined in the State Privacy Laws.
(8) “Processing,” “Process,” and “Processed” have the meaning defined in the State Privacy Laws.
In the event of a conflict in the meanings of defined terms in the State Privacy Laws, the meaning from the law applicable to the state of residence of the relevant Consumer applies.
2. Applicability
This Notice applies to Personal Information that Sift Processes in its capacity as a Controller, including Personal Information Sift collects through its website as described in the Website Privacy Notice, and information Sift collects about its customers’ authorized end users (where applicable State Privacy Laws recognize them as Consumers) using its services under its Customers’ (your employer’s) account as described in the Service Privacy Notice. For clarity, Personal Information Processed by Sift when you interact with any of the Customer Sites that use Sift Services and Personal Information that Sift otherwise processes on behalf of our Customers for fraud/abuse detection and prevention and/or other related purposes as a Service Provider or Processor is covered by the Service Privacy Notice, not this Notice.
3. Sources of Personal Information We Collect and Process
We collect Personal Information from you when you provide it to us or automatically when you use our website or services.
We may also obtain information about you from other sources, such as public databases, joint marketing partners, data providers, or social media platforms.
4. Categories of Personal Information We Collect and Process
We collect and process the following categories of Personal Information about you:
-
Identifiers – such as contact details including your IP address, online identifier, name, address, telephone number, social media profiles, or email address;
-
Commercial Information – such as records of your purchase history or tendencies;
-
Professional or Employment-Related Data – such as your company name, job title, company address, LinkedIn URLs;
-
Internet or Other Network Activity Information – such as your device’s device type, browser type, broad geographic location (e.g. country or city-level location), referring website, what pages your device visited, the time that your device visited our website, and content you post on our website or to our services;
-
Inference data – such as intent data (or user behavior data) and custom profiles; and Other data – such as any other information you choose to provide to us when completing any ‘free text’ boxes in our forms (for example, for event sign-up or bot interaction).
-
Other data you choose to provide – such as any other information you choose to provide to us when completing any ‘free text’ boxes in our forms (for example, for event sign-up or bot interaction) and opting into and out of marketing communications.
Over the past 12 months, we have collected and processed each of the categories of Personal Information as described above.
5. Purposes For Which We Collect and Process Personal Information
We use the Personal Information we collect about you (alone or in combination with other information we have collected about you):
Categories of Personal Information We Collect and Process | Processing Purpose |
---|---|
Identifiers |
|
Commercial Information |
|
Professional or Employment-Related Data |
|
Internet or Other Network Activity Information |
|
Inference Data |
|
Other Data You Choose to Provide |
|
6. Disclosing Your Personal Information for Business and Commercial Purposes
We disclose your Personal Information to the following categories of third parties for the business and commercial purposes described below.
Vendors, consultants and other service providers. We may disclose your information to third party vendors, consultants and other service providers who provide data Processing services to us and with whom the sharing of such information is necessary to undertake that work. Examples of these types of service providers include: processing billing, providing customer support, hosting our infrastructure, data enrichment, identity verification, or online and offline marketing optimizations, including the use of profiling, artificial intelligence or or machine learning technologies. In addition, we may offer you the ability to use third party vendor integrations through our Services. If you choose to use these third party vendor integrations, then you are directly interacting with that third party vendor and providing or directing us to provide information, including Personal Information, to them for purposes of facilitating the integration.
Professional advisors. We may disclose your Personal Information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services they render to us.
Advertising Partners. We disclose your information to third party advertising partners to show you ads for our services and to report on the effectiveness of ad campaigns.
Corporate affiliates. We may provide your information to our affiliates (meaning any subsidiary, parent company or company under common control with Sift). Our affiliates will use your information only for the purposes described in this Notice.
Parties to a corporate merger or transaction. If Sift is involved in a merger, acquisition or sale of all or a portion of its assets, or it seeks investment in or financing of its business, your information may be disclosed or transferred to potential transaction or financing partners, as permitted by law.
Categories of Personal Information We Disclose | Categories of Third Parties to Whom We Disclose Personal Information for Business Purposes |
---|---|
Identifiers |
|
Commercial Information |
|
Professional or employment related data |
|
Internet or other network or device activity |
|
Inference data |
|
Other data You Choose to Provide |
|
Over the past 12 months, we have disclosed each of the categories of Personal Information as described above.
Sift does not collect Sensitive Personal Information in its capacity as a Controller and therefore does not disclose Sensitive Personal information for purposes other than those permitted by the CCPA.
Over the past 12 months, Sift has disclosed Identifiers, Internet or other similar network activity information, and Commercial Information that we collect from our website (https://www.sift.com and any sub-domains except the Sift console at console.sift.com) to advertising partners to show you ads for our services and report on the effectiveness of our ad campaigns. Certain State Privacy Laws may broadly consider these data disclosures to be a “sale” of information, “sharing” of Personal Information for cross-context behavioral advertising, and “processing” of Personal Information for targeted advertising. Other than this type of data disclosure, we do not sell your Personal Information. Sift does not have actual knowledge that it sells Personal Information or shares for cross-context behavioral advertising the Personal Information of consumers under 16 years of age. Sift also does not have actual knowledge that it collects or processes the Personal Information of consumers under 13 years of age.
7. Other Disclosures of Your Personal Information
We may also disclose your Personal Information to third parties on other lawful grounds, including to any competent law enforcement body, regulator, government agency court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person (see below).
8. Data Retention
We retain your Personal Information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements) and for a period of time consistent with the original purpose as described in this Notice. We determine the appropriate retention period for Personal Information on the basis of the amount, nature, and sensitivity of your Personal Information Processed, the potential risk of harm from unauthorized use or disclosure of your Personal Information and whether we can achieve the purposes of the Processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiration of the applicable retention periods, we will either delete or anonymize your Personal Information or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further Processing until deletion is possible.
9. Your Rights
Depending on your location and subject to applicable law, you may have the following rights with regard to Personal Information we control about you:
-
-
The right to know what Personal Information, if any, we have collected about you, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, Selling, or Sharing Personal Information, the categories of third parties to whom we disclose, Sell, or Share Personal Information.
-
The right to obtain a list of specific third parties, other than natural persons, to which we have disclosed Personal Information.
-
The right to access a copy of your Personal Information in a portable format.
-
The right to delete Personal Information provided by or obtained by you, subject to certain exceptions.
-
The right to correct inaccurate Personal Information that we maintain about you.
-
The right to opt-out of the Processing of your Personal Information for targeted advertising, the Sale of your Personal Information or the Sharing of your Personal Information for cross-context behavioral advertising.
-
The right to opt-out of Profiling in furtherance of producing legal or significant decisions concerning a consumer. We do not engage in such Profiling.
-
The right not to receive discriminatory treatment from us for exercising your rights under the State Privacy Laws.
-
10. Exercising Your Rights
You may access, review, modify, and request deletion of any Personal Information that we Process about you, as required by law. You may submit such a request by one of the following: (i) send an email to [email protected]. (ii) complete this webform, or (iii) call us toll free at 877-571-0124. To protect your privacy and security, we may need to take reasonable steps to verify your identity before responding to your request. Specifically, we (or our third party service provider acting on our behalf) may need to collect a copy of your photo ID and any other information necessary to confirm your identity. Such information will be securely Processed in accordance with this Notice and only used for the purpose of verifying your identity.
You may opt out of the processing of your Personal Information for targeted advertising purposes here. If you implement browser-based opt-out preference signals, Sift will opt you out of the Sale of your Personal Information and Sharing of your Personal Information for cross-context behavioral advertising. You can implement these signals through your browser settings for browsers that offer them. Please refer to your browser for additional information and instructions.
You may authorize another person (your “agent”) to submit a request on your behalf through the methods described above. Your authorized agent should submit proof that you gave the agent signed permission to submit the request. We may still require you to directly verify your identity and directly confirm that you have provided the authorized agent permission to submit the request.
If we decline to take action on your request to exercise your rights under the State Privacy Laws, you may appeal that decision by contacting us at [email protected].
11. Non-discrimination for Exercising Your Rights
We will not discriminate against you for exercising any of your rights under the State Privacy Laws. Unless permitted by the applicable State Privacy Laws, we will not deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide you a different level or quality of goods or services; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. However, we may offer you certain financial incentives permitted by the State Privacy Laws that can result in different prices, rates or quality levels. Any permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
12. Changes to this Notice
We may revise this Notice from time to time in response to changing legal, technical, or business developments. The most current version of this Notice will govern our use of your Personal Information. If we make any material changes to this Notice, we will post the updated version here. You can see when this Notice was last updated by checking the “last updated” or “effective” date displayed at the top of this Notice.
13. Contact Details
Please contact Sift with any questions or comments about this Notice or our privacy practices at:
Sift Science, Inc.
Attn: Privacy Office
525 Market Street, Sixth Floor
San Francisco, CA 94105
Email: [email protected]
14. Further Privacy Resources
Service Privacy Notice
Website Privacy Notice
Website Cookie Notice
Terms of Service
Download here.