Sift Supplemental U.S. State Law Privacy Notice
Last Updated: June 8, 2023
Effective: July 1, 2023
Sift Science, Inc. (“Sift”, “we” or “us”) respects your
privacy and wants you to be informed about what we do. This Supplemental U.S. State Law Privacy Notice
(this “Notice”) applies to residents of California, Colorado and Virginia and explains how we Process
Personal Information about you and how you can exercise your privacy rights under your state’s privacy law.
Definitions. For the purposes of this Notice:
- “State Privacy Laws” means, collectively, all U.S. state privacy laws and their
implementing regulations, as amended or superseded from time to time, that apply generally to the
processing of individuals’ Personal Information and that do not apply solely to specific industry sectors
(e.g., financial institutions), specific demographics (e.g., children), or specific classes of information
(e.g., health or biometric information). State Privacy Laws include the following:
- California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020
(California Civil Code §§ 1798.100 to 1798.199) (“CCPA”);
- Colorado Privacy Act (Colorado Rev. Stat. §§ 6-1-1301 to 6-1-1313) (“ColoPA”); and
- Virginia Consumer Data Protection Act (Virginia Code Ann. §§ 59.1-575 to 59.1-585)
(“VCDPA”).
- “Personal Information” means information that identifies, relates to, describes, is
reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with
an identified or identifiable natural person. Where applicable, Personal Information shall be interpreted
consistent with the same or similar term under State Privacy Laws.
- “Share,” “Shared,” and “Sharing” have the meaning
defined in the CCPA.
- “Sale” and “Selling” have the meaning defined in the State Privacy Laws.
- “Controller” means “Controller” or “Business” as those
terms are defined in the State Privacy Laws.
- “Processor” means “Processor,” “Service Provider,” or
“Contractor” as those terms are defined in the State Privacy Laws.
- “Consumer” has the meaning defined in the State Privacy Laws.
- “Processing,” “Process,” and “Processed” have the
meaning defined in the State Privacy Laws.
- In the event of a conflict in the meanings of defined terms in the State Privacy Laws, the meaning from
the law applicable to the state of residence of the relevant Consumer applies.
Applicability
This Notice applies to Personal Information that Sift Processes in its capacity as a Controller, including
Personal Information Sift collects through its website as described in the
Website Privacy Notice, and information Sift collects about its customers’
authorized end users using its services under its Customers’ (your employer’s) account as described in the
Service Privacy Notice. For clarity, Personal Information Processed by Sift
in its capacity as a Service Provider or Processor to its customers is covered by the
Service Privacy Notice, not this Notice.
Sources of Personal Information We Collect and Process
We collect Personal Information from you when you provide it to us or automatically when you use our
website or services. We may also obtain information about you from other sources, such as public databases,
joint marketing partners, data providers, or social media platforms.
Categories of Personal Information We Collect and Process
We collect and process the following categories of Personal Information about you:
- Identifiers – such as contact details including your IP address, online identifier, name,
address, telephone number, social media profiles, or email address;
- Commercial Information – such as records of your purchase history or tendencies;
- Professional or Employment-Related Data – such as your company name, job title, company
address, LinkedIn URLs;
- Internet or Other Network Activity Information – such as your device's device type,
browser type, broad geographic location (e.g. country or city-level location), referring website, what
pages your device visited, the time that your device visited our website, and content you post on our
website or to our services;
- Inference data – such as intent data (or user behavior data) and custom profiles; and Other
data – such as any other information you choose to provide to us when completing any 'free text' boxes
in our forms (for example, for event sign-up or bot interaction).
- Other data you choose to provide – such as any other information you choose to provide to us
when completing any 'free text' boxes in our forms (for example, for event sign-up or bot interaction).
Over the past 12 months, we have collected and processed each of the categories of Personal Information
as described above.
Purposes For Which We Collect and Process Personal Information
We use the Personal Information we collect about you (alone or in combination with other information we
have collected about you):
Categories of Personal Information We Collect and Process | Processing Purpose | Identifiers | - To enable you to register an account with us, subscribe to marketing communications (like our
newsletters), access a demo or white paper, or enable us to contact you.
- To respond to your requests or provide information you’ve requested to perform our contract
with you.
- To administer our website and for internal operations, including troubleshooting, data
analysis, testing, research, statistical, and survey purposes in reliance on our legitimate
interests.
- To provide relevant marketing, offers, and services , including for the purposes of targeted
advertising on and off our website based on your browsing activities on the website,
delivering more relevant email content, event promotion, and profiling to promote the Sift
services.
- For security reasons, to register visitors to our offices and to manage non-disclosure
agreements that visitors may be required to sign, to protect our offices and our confidential
information against unauthorized access.
- To send administrative or account related information to you.
- To comply with and enforce applicable legal requirements, agreements, and policies.
- To validate your identity when seeking to exercise your privacy rights.
- To send you marketing and promotional materials (for example, newsletters, telemarketing
calls, or SMS or push notifications), if this is in accordance with your marketing preferences.
- For other business purposes - such as, data analysis, identifying usage trends, determining
the effectiveness of our marketing and to enhance, customize, and improve our websites,
products and services.
|
Commercial Information | - To respond to your requests or provide information you’ve requested to perform our contract
with you.
- To administer our website and for internal operations, including troubleshooting, data
analysis, testing, research, statistical, and survey purposes in reliance on our legitimate
interests.
- To provide relevant marketing, offers, and services, including for the purposes of targeted
advertising on and off our website based on your browsing activities on the website, delivering
more relevant email content, event promotion, and profiling to promote the Sift services.
- As part of our efforts to keep our website safe and secure.
- To send administrative or account related information to you.
- To comply with and enforce applicable legal requirements, agreements, and policies.
- For other business purposes - such as, data analysis, identifying usage trends, determining the
effectiveness of our marketing and to enhance, customize, and improve our websites, products
and services.
|
Professional or Employment-Related Data | - To enable you to register an account with us, subscribe to marketing communications (like our
newsletters), access a demo or white paper, or enable us to contact you.
- To respond to your requests or provide information you’ve requested to perform our contract
with you.
- To administer our website and for internal operations, including troubleshooting, data
analysis, testing, research, statistical, and survey purposes in reliance on our legitimate
interests.
- For security reasons, to register visitors to our offices and to manage non-disclosure
agreements that visitors may be required to sign, to protect our offices and our confidential
information against unauthorized access.
- To send administrative or account related information to you.
- To comply with and enforce applicable legal requirements, agreements, and policies.
- To validate your identity when seeking to exercise your privacy rights.
- To send you marketing and promotional materials (for example, newsletters, telemarketing
calls, or SMS or push notifications), if this is in accordance with your marketing preferences.
- For other business purposes - such as, data analysis, identifying usage trends, determining
the effectiveness of our marketing and to enhance, customize, and improve our websites,
products and services.
|
Internet or Other Network Activity Information | - To enable you to register an account with us, subscribe to marketing communications (like
our newsletters), access a demo or white paper, or enable us to contact you.
- To respond to your requests or provide information you’ve requested to perform our contract
with you.
- To administer our website and for internal operations, including troubleshooting, data
analysis, testing, research, statistical, and survey purposes in reliance on our legitimate
interests.
- For security reasons, to register visitors to our offices and to manage non-disclosure
agreements that visitors may be required to sign, to protect our offices and our confidential
information against unauthorized access.
- To send administrative or account related information to you.
- To comply with and enforce applicable legal requirements, agreements, and policies.
- To validate your identity when seeking to exercise your privacy rights.
- To send you marketing and promotional materials (for example, newsletters, telemarketing
calls, or SMS or push notifications), if this is in accordance with your marketing preferences.
- For other business purposes - such as, data analysis, identifying usage trends, determining
the effectiveness of our marketing and to enhance, customize, and improve our websites,
products and services.
|
Inference Data | - To administer our website and for internal operations, including troubleshooting, data analysis,
testing, research, statistical, and survey purposes in reliance on our legitimate interests;
- To understand how our website is used and to improve our website to ensure that content is
presented in the most effective manner for you and your computer in reliance on our legitimate
interests.
- To provide relevant marketing, offers, and services, including for the purposes of targeted
advertising on and off our website based on your browsing activities on the website, delivering
more relevant email content, event promotion, and profiling to promote the Sift services.
- For other business purposes - such as, data analysis, identifying usage trends, determining the
effectiveness of our marketing and to enhance, customize, and improve our websites, products
and services.
|
Other Data You Choose to Provide | - To enable you to register an account with us, subscribe to marketing communications (like our
newsletters), access a demo or white paper, or enable us to contact you.
- To respond to your requests or provide information you’ve requested to perform our contract
with you.
|
Categories of Personal Information We Collect and Process |
Identifiers |
Processing Purpose |
- To enable you to register an account with us, subscribe to marketing communications (like our
newsletters), access a demo or white paper, or enable us to contact you.
- To respond to your requests or provide information you’ve requested to perform our contract
with you.
- To administer our website and for internal operations, including troubleshooting, data
analysis, testing, research, statistical, and survey purposes in reliance on our legitimate
interests.
- To provide relevant marketing, offers, and services , including for the purposes of targeted
advertising on and off our website based on your browsing activities on the website,
delivering more relevant email content, event promotion, and profiling to promote the Sift
services.
- For security reasons, to register visitors to our offices and to manage non-disclosure
agreements that visitors may be required to sign, to protect our offices and our confidential
information against unauthorized access.
- To send administrative or account related information to you.
- To comply with and enforce applicable legal requirements, agreements, and policies.
- To validate your identity when seeking to exercise your privacy rights.
- To send you marketing and promotional materials (for example, newsletters, telemarketing
calls, or SMS or push notifications), if this is in accordance with your marketing preferences.
- For other business purposes - such as, data analysis, identifying usage trends, determining
the effectiveness of our marketing and to enhance, customize, and improve our websites,
products and services.
|
Categories of Personal Information We Collect and Process |
Commercial Information |
Processing Purpose |
- To respond to your requests or provide information you’ve requested to perform our contract
with you.
- To administer our website and for internal operations, including troubleshooting, data
analysis, testing, research, statistical, and survey purposes in reliance on our legitimate
interests.
- To provide relevant marketing, offers, and services, including for the purposes of targeted
advertising on and off our website based on your browsing activities on the website, delivering
more relevant email content, event promotion, and profiling to promote the Sift services.
- As part of our efforts to keep our website safe and secure.
- To send administrative or account related information to you.
- To comply with and enforce applicable legal requirements, agreements, and policies.
- For other business purposes - such as, data analysis, identifying usage trends, determining the
effectiveness of our marketing and to enhance, customize, and improve our websites, products
and services.
|
Categories of Personal Information We Collect and Process |
Professional or Employment-Related Data |
Processing Purpose |
- To enable you to register an account with us, subscribe to marketing communications (like our
newsletters), access a demo or white paper, or enable us to contact you.
- To respond to your requests or provide information you’ve requested to perform our contract
with you.
- To administer our website and for internal operations, including troubleshooting, data
analysis, testing, research, statistical, and survey purposes in reliance on our legitimate
interests.
- For security reasons, to register visitors to our offices and to manage non-disclosure
agreements that visitors may be required to sign, to protect our offices and our confidential
information against unauthorized access.
- To send administrative or account related information to you.
- To comply with and enforce applicable legal requirements, agreements, and policies.
- To validate your identity when seeking to exercise your privacy rights.
- To send you marketing and promotional materials (for example, newsletters, telemarketing
calls, or SMS or push notifications), if this is in accordance with your marketing preferences.
- For other business purposes - such as, data analysis, identifying usage trends, determining
the effectiveness of our marketing and to enhance, customize, and improve our websites,
products and services.
|
Categories of Personal Information We Collect and Process |
Internet or Other Network Activity Information |
Processing Purpose |
- To enable you to register an account with us, subscribe to marketing communications (like
our newsletters), access a demo or white paper, or enable us to contact you.
- To respond to your requests or provide information you’ve requested to perform our contract
with you.
- To administer our website and for internal operations, including troubleshooting, data
analysis, testing, research, statistical, and survey purposes in reliance on our legitimate
interests.
- For security reasons, to register visitors to our offices and to manage non-disclosure
agreements that visitors may be required to sign, to protect our offices and our confidential
information against unauthorized access.
- To send administrative or account related information to you.
- To comply with and enforce applicable legal requirements, agreements, and policies.
- To validate your identity when seeking to exercise your privacy rights.
- To send you marketing and promotional materials (for example, newsletters, telemarketing
calls, or SMS or push notifications), if this is in accordance with your marketing preferences.
- For other business purposes - such as, data analysis, identifying usage trends, determining
the effectiveness of our marketing and to enhance, customize, and improve our websites,
products and services.
|
Categories of Personal Information We Collect and Process |
Inference Data |
Processing Purpose |
- To administer our website and for internal operations, including troubleshooting, data analysis,
testing, research, statistical, and survey purposes in reliance on our legitimate interests;
- To understand how our website is used and to improve our website to ensure that content is
presented in the most effective manner for you and your computer in reliance on our legitimate
interests.
- To provide relevant marketing, offers, and services, including for the purposes of targeted
advertising on and off our website based on your browsing activities on the website, delivering
more relevant email content, event promotion, and profiling to promote the Sift services.
- For other business purposes - such as, data analysis, identifying usage trends, determining the
effectiveness of our marketing and to enhance, customize, and improve our websites, products
and services.
|
Categories of Personal Information We Collect and Process |
Other Data You Choose to Provide |
Processing Purpose |
- To enable you to register an account with us, subscribe to marketing communications (like our
newsletters), access a demo or white paper, or enable us to contact you.
- To respond to your requests or provide information you’ve requested to perform our contract
with you.
|
Disclosing Your Personal Information for Business and Commercial Purposes
We disclose your Personal Information to the following categories of third
parties for the business and commercial purposes described below.:
Vendors, consultants and other service providers. We may disclose your information to third party
vendors, consultants and other service providers who provide data Processing services to us and with whom
the sharing of such information is necessary to undertake that work. Examples of these types of service
providers include: processing billing, providing customer support, hosting our infrastructure, data
enrichment, identity verification, or online and offline marketing optimizations. In addition, we may offer
you the ability to use third party vendor integrations through our Services. If you choose to use these
third party vendor integrations, then you are directly interacting with that third party vendor and
providing or directing us to provide information, including Personal Information, to them for purposes of
facilitating the integration.
Professional advisors. We may disclose your Personal Information to professional advisors, such as
lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services they
render to us.
Advertising Partners. We disclose your information to third party advertising partners to show you
ads for our services and to report on the effectiveness of ad campaigns.
Corporate affiliates. We may provide your information to our affiliates (meaning any subsidiary,
parent company or company under common control with Sift). Our affiliates will use your information only
for the purposes described in this Notice.
Parties to a corporate merger or transaction. If Sift is involved in a merger, acquisition or sale of all
or a portion of its assets, or it seeks investment in or financing of its business, your information may be
disclosed or transferred to potential transaction or financing partners, as permitted by law.
Categories of Personal Information We Disclose | Categories of Third Parties to Whom We Disclose Personal Information for Business Purposes |
Identifiers | - Vendors, consultants, and other service providers
- Professional advisers
- Corporate affiliates
|
Commercial Information | - Vendors, consultants, and other service providers
- Professional advisers
- Corporate affiliates
|
Professional or employment related data | - Vendors, consultants, and other service providers
- Professional advisers
- Corporate affiliates
- Parties to a corporate merger or transaction
|
Internet or other network or device activity | - Vendors, consultants, and other service providers
- Professional advisers
- Corporate affiliates
|
Inference data | - Vendors, consultants, and other service providers
- Corporate affiliates
|
Other data You Choose to Provide | - Vendors, consultants, and other service providers
- Professional advisers
- Corporate affiliates
|
Categories of Personal Information We Collect and Process |
Identifiers |
Categories of Third Parties to Whom We Disclose Personal Information for Business Purposes |
- Vendors, consultants, and other service providers
- Professional advisers
- Corporate affiliates
|
Categories of Personal Information We Collect and Process |
Commercial Information |
Categories of Third Parties to Whom We Disclose Personal Information for Business Purposes |
- Vendors, consultants, and other service providers
- Professional advisers
- Corporate affiliates
|
Categories of Personal Information We Collect and Process |
Professional or employment related data |
Categories of Third Parties to Whom We Disclose Personal Information for Business Purposes |
- Vendors, consultants, and other service providers
- Professional advisers
- Corporate affiliates
- Parties to a corporate merger or transaction
|
Categories of Personal Information We Collect and Process |
Internet or other network or device activity |
Categories of Third Parties to Whom We Disclose Personal Information for Business Purposes |
- Vendors, consultants, and other service providers
- Professional advisers
- Corporate affiliates
|
Categories of Personal Information We Collect and Process |
Inference data |
Categories of Third Parties to Whom We Disclose Personal Information for Business Purposes |
- Vendors, consultants, and other service providers
- Corporate affiliates
|
Categories of Personal Information We Collect and Process |
Other data You Choose to Provide |
Categories of Third Parties to Whom We Disclose Personal Information for Business Purposes |
- Vendors, consultants, and other service providers
- Professional advisers
- Corporate affiliates
|
Over the past 12 months, we have disclosed each of the categories of Personal Information as described above.
Sift does not collect Sensitive Personal Information in its capacity as a Controller and therefore does not
disclose Sensitive Personal information for purposes other than those permitted by the CCPA.
Over the past 12 months, Sift has disclosed Identifiers, Internet or other similar network activity
information, and Commercial Information that we collect from our website (https://www.sift.com and any
sub-domains except the Sift console at console.sift.com) to advertising partners to show you ads for our
services and report on the effectiveness of our ad campaigns. Certain State Privacy Laws may broadly consider
these data disclosures to be a “sale” of information, “sharing” of Personal Information for cross-context
behavioral advertising, and “processing” of Personal Information for targeted advertising. Other than this type of data disclosure, we do not sell your Personal Information.
Sift does not have actual knowledge that it sells Personal Information or shares for cross-context
behavioral advertising the Personal Information of consumers under 16 years of age. Sift also does not have actual knowledge that it collects or processes the Personal Information of consumers under 13 years of age.
Other Disclosures of Your Personal Information
We may also disclose your Personal Information to third parties on other lawful grounds, including to any
competent law enforcement body, regulator, government agency court, or other third party where we believe
disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or
defend our legal rights, or (iii) to protect your vital interests or those of any other person (see below).
Data Retention
We retain your Personal Information where we have an ongoing legitimate business need to do so (for
example, to provide you with a service you have requested or to comply with applicable legal, tax, or
accounting requirements) and for a period of time consistent with the original purpose as described in this
Notice. We determine the appropriate retention period for Personal Information on the basis of the amount,
nature, and sensitivity of your Personal Information Processed, the potential risk of harm from
unauthorized use or disclosure of your Personal Information and whether we can achieve the purposes of the
Processing through other means, as well as on the basis of applicable legal requirements (such as applicable
statutes of limitation).
After expiration of the applicable retention periods, we will either delete or anonymize your Personal
Information or, if this is not possible (for example, because your Personal Information has been stored in
backup archives), then we will securely store your Personal Information and isolate it from any further
Processing until deletion is possible.
Your Rights
Depending on your location and subject to applicable law, you may have the following rights with regard to
Personal Information we control about you:
- The right to know what Personal Information, if any, we have collected about you, including the categories
of Personal Information, the categories of sources from which the Personal Information is collected, the
business or commercial purpose for collecting, Selling, or Sharing Personal Information, the categories of
third parties to whom we disclose, Sell, or Share Personal Information.
- The right to access a copy of your Personal Information in a portable format.
- The right to delete Personal Information provided by or obtained by you, subject to certain exceptions.
- The right to correct inaccurate Personal Information that we maintain about you.
- The right to opt-out of the Processing of your Personal Information for targeted advertising, the Sale of
your Personal Information or the Sharing of your Personal Information for cross-context behavioral
advertising.
- The right to opt-out of Profiling in further of producing legal or significant decisions concerning a
consumer. We do not engage in such Profiling.
- The right not to receive discriminatory treatment from us for exercising your rights under the State
Privacy Laws.
Exercising Your Rights
You may access, review, modify, and request deletion of any Personal Information that we Process about you,
as required by law. You may submit such a request by one of the following: (i) send an email to
privacy@sift.com. (ii) complete
this webform, or (iii) call us toll free at 877-571-0124. To
protect your privacy and security, we may need to take reasonable steps to verify your identity before
responding to your request. Specifically, we (or our third party service provider acting on our behalf) may
need to collect a copy of your photo ID and any other information necessary to confirm your identity. Such
information will be securely Processed in accordance with this Notice and only used for the purpose of
verifying your identity.
You may opt out of the processing of your Personal Information for targeted advertising purposes
here. If
you implement browser-based opt-out preference signals, Sift will opt you out of the Sale of your Personal
Information and Sharing of your Personal Information for cross-context behavioral advertising. You can
implement these signals through your browser settings for browsers that offer them. Please refer to your
browser for additional information and instructions.
You may authorize another person (your “agent”) to submit a request on your behalf through the methods
described above. Your authorized agent should submit proof that you gave the agent signed permission to
submit the request. We may still require you to directly verify your identity and directly confirm that you
have provided the authorized agent permission to submit the request.
If we decline to take action on your request to exercise your rights under the State Privacy Laws, you may
appeal that decision by contacting us at DPO@sift.com
Non-discrimination for Exercising Your Rights
We will not discriminate against you for exercising any of your rights under the State Privacy Laws. Unless
permitted by the applicable State Privacy Laws, we will not deny you goods or services; charge you different
prices or rates for goods or services, including through granting discounts or other benefits, or imposing
penalties; provide you a different level or quality of goods or services; or suggest that you may receive a
different price or rate for goods or services or a different level or quality of goods or services. However,
we may offer you certain financial incentives permitted by the State Privacy Laws that can result in
different prices, rates or quality levels. Any permitted financial incentive we offer will reasonably relate
to your Personal Information’s value and contain written terms that describe the program’s material aspects.
Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at
any time.
Changes to this Notice
We may revise this Notice from time to time in response to changing legal, technical, or business
developments. The most current version of this Notice will govern our use of your Personal Information. If
we make any material changes to this Notice, we will post the updated version here. You can see when this
Notice was last updated by checking the “last updated” or “effective” date displayed at the top of this
Notice.
Contact Details
Please contact Sift with any questions or comments about this Notice or our privacy practices at:
Sift Science, Inc.
Attn: Privacy Officer
525 Market Street, Sixth Floor
San Francisco, CA 94105
Email: privacy@sift.com
Further Privacy Resources
Service Privacy Notice
Website Privacy Notice
Website Cookie Notice
Terms of Service