Sift Supplemental U.S. State Law Privacy Notice

Updated: December 14, 2022

Sift Science, Inc. (“Sift”, “we” or “us”) respects your privacy and wants you to be informed about what we do. This Supplemental U.S. State Law Privacy Notice (this “Notice”) applies to residents of California and Virginia and explains how we Process Personal Information about you and how you can exercise your privacy rights under your state’s privacy law.

  1. Definitions. For the purposes of this Notice:
    1. “State Privacy Laws” means, collectively, all U.S. state privacy laws and their implementing regulations, as amended or superseded from time to time, that apply generally to the processing of individuals’ Personal Information and that do not apply solely to specific industry sectors (e.g., financial institutions), specific demographics (e.g., children), or specific classes of information (e.g., health or biometric information). State Privacy Laws include the following:
      1. California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (California Civil Code §§ 1798.100 to 1798.199) (“CCPA”);
      2. Virginia Consumer Data Protection Act (Virginia Code Ann. §§ 59.1-575 to 59.1-585) (“VCDPA”).
    2. “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable natural person. Where applicable, Personal Information shall be interpreted consistent with the same or similar term under State Privacy Laws.
    3. “Share,” “Shared,” and “Sharing” have the meaning defined in the CCPA.
    4. “Sale” and “Selling” have the meaning defined in the State Privacy Laws.
    5. “Controller” means “Controller” or “Business” as those terms are defined in the State Privacy Laws.
    6. “Processor” means “Processor,” “Service Provider,” or “Contractor” as those terms are defined in the State Privacy Laws.
    7. “Consumer” has the meaning defined in the State Privacy Laws.
    8. “Processing,” “Process,” and “Processed” have the meaning defined in the State Privacy Laws.
    9. In the event of a conflict in the meanings of defined terms in the State Privacy Laws, the meaning from the law applicable to the state of residence of the relevant Consumer applies.
  2. Applicability

    This Notice applies to Personal Information that Sift Processes in its capacity as a Controller, including Personal Information Sift collects through its website as described in the Website Privacy Notice, and information Sift collects about its customers’ authorized end users using its services under its Customers’ (your employer’s) account as described in the Service Privacy Notice. For clarity, Personal Information Processed by Sift in its capacity as a Service Provider or Processor to its customers is covered by the Service Privacy Notice, not this Notice.

  3. Sources of Personal Information We Collect

    We collect Personal Information from you when you provide it to us or automatically when you use our website or services. We may also obtain information about you from other sources, such as public databases, joint marketing partners, data providers, or social media platforms.

  4. Categories of Personal Information We Collect

    In the past 12 months, we may have collected the following categories of Personal Information about you:

    • Identifiers – such as contact details including your name, address, telephone number, social media profiles, or email address;
    • Commercial Information – such as records of your purchase history or tendencies;
    • Professional or Employment-Related Data – such as your company name, job title, company address, LinkedIn URLs;
    • Internet or Other Network Activity Information – such as your device's IP address, device type, browser type, broad geographic location (e.g. country or city-level location), referring website, what pages your device visited, the time that your device visited our website, and content you post on our website or to our services;
    • Inference data – such as intent data (or user behavior data) and custom profiles; and Other data – such as any other information you choose to provide to us when completing any 'free text' boxes in our forms (for example, for event sign-up or bot interaction).
  5. Purposes For Which We Collect Personal Information

    We use the Personal Information we collect about you (alone or in combination with other information we have collected about you):

    • To enable you to register an account with us, subscribe to marketing communications (like our newsletters), access a demo or white paper, or enable us to contact you.
    • To respond to your requests or provide information you’ve requested to perform our contract with you.
    • To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes in reliance on our legitimate interests;
    • To understand how our website is used and to improve our website to ensure that content is presented in the most effective manner for you and your computer in reliance on our legitimate interests.
    • To provide relevant marketing, offers, and services, including for the purposes of targeted advertising on and off our website based on your browsing activities on the website, delivering more relevant email content, event promotion, and profiling to promote the Sift services.
    • As part of our efforts to keep our website safe and secure.
    • For security reasons, to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to protect our offices and our confidential information against unauthorized access.
    • To send administrative or account related information to you.
    • To comply with and enforce applicable legal requirements, agreements, and policies.
    • To validate your identity when seeking to exercise your privacy rights.
    • To send you marketing and promotional materials (for example, newsletters, telemarketing calls, or SMS or push notifications), if this is in accordance with your marketing preferences.
    • For other business purposes - such as, data analysis, identifying usage trends, determining the effectiveness of our marketing and to enhance, customize, and improve our websites, products and services.

  6. Disclosing Your Personal Information for Business and Commercial Purposes

    In the past 12 months, we may have disclosed your Personal Information to the following categories of third parties for the business and commercial purposes described below.:

    Vendors, consultants and other service providers. We may disclose your information to third party vendors, consultants and other service providers who provide data Processing services to us and with whom the sharing of such information is necessary to undertake that work. Examples of these types of service providers include: processing billing, providing customer support, hosting our infrastructure, data enrichment, identity verification, or online and offline marketing optimizations. In addition, we may offer you the ability to use third party vendor integrations through our Services. If you choose to use these third party vendor integrations, then you are directly interacting with that third party vendor and providing or directing us to provide information, including Personal Information, to them for purposes of facilitating the integration.

    Professional advisors. We may disclose your Personal Information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services they render to us.

    Advertising Partners. We disclose your information to third party advertising partners to show you ads for our services and to report on the effectiveness of ad campaigns.

    Corporate affiliates. We may provide your information to our affiliates (meaning any subsidiary, parent company or company under common control with Sift). Our affiliates will use your information only for the purposes described in this Notice.

    Parties to a corporate merger or transaction. If Sift is involved in a merger, acquisition or sale of all or a portion of its assets, or it seeks investment in or financing of its business, your information may be disclosed or transferred to potential transaction or financing partners, as permitted by law.

    Categories of Personal Information We CollectCategories of Third Parties to Whom We Disclose Personal Information for Business Purposes
    Identifiers
    • Vendors, consultants, and other service providers
    • Professional advisers
    • Corporate affiliates
    Commercial Information
    • Vendors, consultants, and other service providers
    • Professional advisers
    • Corporate affiliates
    Professional or employment related data
    • Vendors, consultants, and other service providers
    • Professional advisers
    • Corporate affiliates
    • Parties to a corporate merger or transaction
    Internet or other network or device activity
    • Vendors, consultants, and other service providers
    • Professional advisers
    • Corporate affiliates
    Inference data
    • Vendors, consultants, and other service providers
    • Corporate affiliates
    Other data
    • Vendors, consultants, and other service providers
    • Professional advisers
    • Corporate affiliates

    Sift does not collect Sensitive Personal Information in its capacity as a Controller and therefore does not disclose Sensitive Personal information for purposes other than those permitted by the CCPA.

    Over the past 12 months, Sift has disclosed Identifiers, Internet or other similar network activity information, and Commercial Information that we collect from our website (https://www.sift.com and any sub-domains except the Sift console at console.sift.com) to advertising partners to show you ads for our services and report on the effectiveness of our ad campaigns. Under the CCPA, these data disclosures may broadly be considered a “sale” of information and a “sharing” of Personal Information for cross-context behavioral advertising. Other than this type of data disclosure, we do not sell your Personal Information. Sift does not have actual knowledge that it sells Personal Information or shares for cross-context behavioral advertising the Personal Information of consumers under 16 years of age. Sift does not use or disclose Sensitive Personal Information for purposes other than those set forth in the CCPA.

  7. Other Disclosures of Your Personal Information

    We may also disclose your Personal Information to third parties on other lawful grounds, including to any competent law enforcement body, regulator, government agency court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person (see below).

  8. Data Retention

    We retain your Personal Information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements) and for a period of time consistent with the original purpose as described in this Notice. We determine the appropriate retention period for Personal Information on the basis of the amount, nature, and sensitivity of your Personal Information Processed, the potential risk of harm from unauthorized use or disclosure of your Personal Information and whether we can achieve the purposes of the Processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).

    After expiration of the applicable retention periods, we will either delete or anonymize your Personal Information or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further Processing until deletion is possible.

  9. Your Rights

    Depending on your location and subject to applicable law, you may have the following rights with regard to Personal Information we control about you:

    • The right to know what Personal Information, if any, we have collected about you, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, Selling, or Sharing Personal Information, the categories of third parties to whom we disclose, Sell, or Share Personal Information.
    • The right to access a copy of your Personal Information in a portable format.
    • The right to delete Personal Information provided by or obtained by you, subject to certain exceptions.
    • The right to correct inaccurate Personal Information that we maintain about you.
    • The right to opt-out of the Processing of your Personal Information for targeted advertising, the Sale of your Personal Information or the Sharing of your Personal Information for cross-context behavioral advertising.
    • The right not to receive discriminatory treatment from us for exercising your rights under the State Privacy Laws.
  10. Exercising Your Rights

    You may access, review, modify, and request deletion of any Personal Information that we Process about you, as required by law. You may submit such a request by one of the following: (i) send an email to privacy@sift.com. (ii) complete this webform, or (iii) call us toll free at 877-571-0124. To protect your privacy and security, we may need to take reasonable steps to verify your identity before responding to your request. Specifically, we (or our third party service provider acting on our behalf) may need to collect a copy of your photo ID and any other information necessary to confirm your identity. Such information will be securely Processed in accordance with this Notice and only used for the purpose of verifying your identity.

    You may opt out of the processing of your Personal Information for targeted advertising purposes here. If you implement browser-based opt-out preference signals, Sift will opt you out of the Sale of your Personal Information and Sharing of your Personal Information for cross-context behavioral advertising. You can implement these signals through your browser settings for browsers that offer them. Please refer to your browser for additional information and instructions.

    You may authorize another person (your “agent”) to submit a request on your behalf through the methods described above. Your authorized agent should submit proof that you gave the agent signed permission to submit the request. We may still require you to directly verify your identity and directly confirm that you have provided the authorized agent permission to submit the request.

    If we decline to take action on your request to exercise your rights under the State Privacy Laws, you may appeal that decision by contacting us at DPO@sift.com

  11. Non-discrimination for Exercising Your Rights

    We will not discriminate against you for exercising any of your rights under the State Privacy Laws. Unless permitted by the applicable State Privacy Laws, we will not deny you goods or services; charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; provide you a different level or quality of goods or services; or suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. However, we may offer you certain financial incentives permitted by the State Privacy Laws that can result in different prices, rates or quality levels. Any permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

  12. Changes to this Notice

    We may revise this Notice from time to time in response to changing legal, technical, or business developments. The most current version of this Notice will govern our use of your Personal Information. If we make any material changes to this Notice, we will post the updated version here. You can see when this Notice was last updated by checking the “last updated” or “effective” date displayed at the top of this Notice.

  13. Contact Details

    Please contact Sift with any questions or comments about this Notice or our privacy practices at:

    Sift Science, Inc.
    Attn: Privacy Officer
    525 Market Street, Sixth Floor
    San Francisco, CA 94105
    Email: privacy@sift.com

  14. Further Privacy Resources

    Service Privacy Notice

    Website Privacy Notice

    Website Cookie Notice

    Terms of Service

Download here.