Chartbeat Privacy Policy

Effective Date: November 30, 2016

This privacy policy (the "Privacy Policy") describes how Chartbeat, Inc. ("Chartbeat", "We" or "Us") collects and uses personal information relating to: (i) users of our websites, including chartbeat.com (collectively, the “Site”); (ii) registered users of the Chartbeat service ("Customers"); and (iii) end-users of our Customers' websites on which the Chartbeat service is implemented ("Customer Websites"). Certain sections of this Privacy Policy are only relevant if you are a user of our Site; others are only relevant if you are a Customer, or an end-user of Customer Websites.

If you have any questions or comments regarding this privacy policy or its enforcement, please contact Us at privacy@chartbeat.com.

  1. CONSENT

    By visiting the Site and using the Chartbeat service (the "Service"), you agree to our use and processing of your personal information as set out in this Privacy Policy.

    If you are a Customer using the Service, this Privacy Policy is a part of Our Terms of Service. "Terms of Service" as used herein shall refer to Our online terms of use as well as the terms of any master service agreement or other agreement governing your use of the Service. You agree to be bound by the Terms of Service and this Privacy Policy. Capitalized terms used here and defined in the Terms of Service shall have the meanings set forth in the Terms of Service. Any order forms or additional agreements to which you agree governing the provision of optional Chartbeat features shall take precedence over the terms of this Privacy Policy to the extent of any differences, so please read such order forms or additional agreements carefully.

    This Privacy Policy only addresses activities on our Site and Service.

  2. NOTIFICATION OF CHANGES

    If We change this Privacy Policy and seek to use personal information which has already been collected and stored by Us in a manner which is different from that stated at the time of collection, We will either notify the relevant users and/or Customers via e-mail or otherwise in some manner through the Site or Service.

    If We make any material changes in Our privacy practices that do not affect personal information already collected and stored by Us, We will post a notice on Our Site notifying users and/or Customers of the change.

  3. NOTICE AND DATA INTEGRITY – WHAT INFORMATION WE COLLECT AND HOW WE USE IT.

    We generally use the information We collect from users of Our Site, Customers of our Service, and end users of Our Customer Websites to create a secure and personalized service.

    1. Users of our Site

      For users of our Site, We collect and store account information, such as user email addresses, names, billing information, as well as Site use data, which includes how users interact with Our Website. We use that data to allow Us to identify users, administer the Service, make product decisions and notify users of changes or updates to the Site.

      If a users decides to provide it, We also collect and store the Customer’s phone number, which We use to assist Us in providing the Service, including to contact them in account recovery and other scenarios.

      We also collect other information from users, such as IP address and browser type. We use the IP addresses to assist in login and other uses related to use of the Service. User's sessions on Our Site are also tracked for systems administration purposes and to track user trends. We may link IP address and other information to a user's account.

      We also collect user ID and password information to enable them to log into and use the Service.

      Finally, Customers are automatically opted-in to receive marketing emails from us when they register for the Service. Customers can opt-out of marketing emails by adjusting their account settings, but we may still need to send Customers e-mails relating to their accounts.

    2. Customers

      For Customers specifically, We collect and store personal information that our Customers submit to Us, such as their names and e-mail addresses, to allow Us to identify Customers, provide the Service and notify Customers of changes or updates to the Service.

      If a Customer elects to provide it, We also collect and store the Customer’s phone number, which We use to assist Us in providing the Service, including to contact them in account recovery and other scenarios.

      We also collect other information from Customers, such as IP address and browser type. We use the IP addresses of Customers to assist in login and other uses related to Customers’ use of the Service. Customers’ sessions on Our Site are also tracked for systems administration purposes and to track user trends. We may link IP address and other information to a Customer's account.

      We also collect Customers’ user ID and password information to enable them to log into and use the Service.

      Finally, Customers are automatically opted-in to receive marketing emails from us when they register for the Service. Customers can opt-out of marketing emails by adjusting their account settings, but we may still need to send Customers e-mails relating to their accounts.

    3. Users of Customer Websites

      For end users of Customer Websites, when an end user visits a Customer Website, We collect certain information regarding their use of the Customer Website, such as their IP address and browser type. Their session on the Customer Website will be tracked, but each user will remain anonymous. We may use their IP address to identify the general geographic area from which they are accessing the Customer Website. We do not link IP addresses to any personal information. We also use this information for systems administration purposes, abuse prevention and to track user trends.

      As part of the Service, We collect information relating to traffic on the Customer Websites ("Traffic Data") on which Customers choose to activate the Service. In connection with the collection of this Traffic Data, Chartbeat does not collect any personal information from users of Customer Websites, provided that (i) Chartbeat does collect IP addresses from visitors to Customer Websites in order to show geolocation information, and (ii) the Customer configures the Chartbeat code on the Customer Website in accordance with the instructions and documentation provided by Chartbeat, so that URLs containing personal information of end users are not captured by the Service.

      Traffic Data is used to provide Customers with real-time analytics and uptime monitoring. We may aggregate and anonymize Traffic Data with that from other sites to provide benchmarking data and other functionality, but Chartbeat will not use or disclose aggregated Traffic Data in a manner that reveals the identity of a Customer or Customer Website without the Customer’s express prior consent.

      We also collect and use browser header information to help Us understand from which websites a user navigates to a Customer Website.

      Chartbeat is not and shall not be liable for any collection or use of personal information of end users of a Customer Website due to a Customer’s placement of the Chartbeat code on the Customer website not in accordance with Chartbeat’s instructions or the documentation.

  4. ONWARD TRANSFER - DISCLOSURE OF INFORMATION TO THIRD PARTIES.

    Except as expressly provided otherwise herein, we will not sell, lease or exchange the personal information relating to: (i) users of our Site; (ii) our Customers; or (iii) any end user of our Customers' websites (to the extent that we obtain personal information), to third parties without first obtaining their express consent, unless required by law.


    1. Traffic Data

      For Customers and end users of Customer Websites, We may aggregate and anonymize Traffic Data with that from our other Customers to provide benchmarking data and other functionality, but we will not disclose aggregated Traffic Data in a manner that reveals the identity of a Customer or a Customer Website without the Customer’s express prior consent.

    2. Agents

      For all types of personal information (from users of our Site, Customers and end users of Customer Websites), We employ other companies and people to perform tasks on our behalf and may need to share personal information with them to provide our products and services. Examples include billing, technical assistance, and customer service. Our agents subscribe to the same level of privacy protection as we do. Unless we tell you differently, Chartbeat’s agents do not have any right to use the personal information we share with them beyond what is necessary to assist us. Any agent that we share your personal information with must agree, via contract, to provide adequate protections for the personal information that are no less protective than those set out in this policy.

    3. Business Transfers

      In some cases, Chartbeat may choose to buy or sell assets. In these types of transactions, information about Customers as well as aggregated and anonymized data is typically one of the business assets that is transferred. Moreover, if Chartbeat, or substantially all of its assets, were acquired, user information would be one of the assets that is reviewed and transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Chartbeat may continue to use your personal information as set forth in this Privacy Policy.

    4. Public authorities

      In some cases, Chartbeat may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

    In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Chartbeat remains potentially liable if third party processing personal information received from the European Union on its behalf processes that personal information in a manner which is inconsistent with the Privacy Shield Principles (unless Chartbeat can prove that it is not responsible for the event giving rise to the damage).

  5. CHOICE.
    1. Your Authorization Required

      Whether you are a user of our Site, a Customer or an end user of a Customer Website, We will not use or share your personal information other than as set forth in this Privacy Policy, or as you have explicitly authorized, without obtaining your consent.

      If at any time We would like to disclose your personal information to a third party in a manner not described above, We will provide you with an affirmative or explicit (opt in) choice. To limit the use and disclosure of your personal information, you may also submit a written opt-out request to privacy@chartbeat.com.

      Except as set out above and below specifically in relation to our Customers, personal information will not be used to directly market the Service unless that possible use of the information has been disclosed to you and you have authorized us to permit such disclosure.

    2. Email Opt-Out.

      As noted above in relation to our Customers specifically, Customers are automatically opted-in to receive marketing emails from us when they register for the Service. Customers may choose not to receive marketing emails from Us and can opt out of such e-mails through their account settings.

  6. ACCESS.
    1. Accessing Personal Information.

      Users of the Site, Chartbeat's Customers and end users of our Customers' Websites, may request access to personal information which is collected and used by Chartbeat in accordance with this Privacy Policy, so that they can correct it.

      Note that We do not retain IP addresses, browser information or header information relating to users of our Customers' Websites for more than a temporary period of time in order to provide the Service, and as such, that information cannot be accessed or modified once deleted.

      Chartbeat acknowledges that EU individuals have the right to access the personal information/data that we maintain about them. An EU individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to privacy@chartbeat.com. If requested to remove data, we will respond within a reasonable timeframe.

    2. Deletion - Customers only.

      Customers who discontinue use of the Service may choose to have their personal information deleted from the Service by contacting legal@chartbeat.com.

  7. COOKIES

    Like many other websites, We use a standard technology called "cookies."

    Cookies are small pieces of information stored on your hard drive. They can help make the Internet experience quicker and more convenient.


    1. Our site.

      We may use cookies in connection with third party services to run analytics on Our Site; these cookies do not collect or use any personal information about users of Our Site or Service.

    2. Customers.

      Cookies allow Customers to login without entering their user ID and password each time they use the Service.

    3. Customers' Websites

      We also use cookies on Customer Websites; these cookies help Us understand how users interact with those Customer Websites. Cookies also allow Us to improve the Service.

      If a Customer does not allow the placement of Chartbeat cookies on its Customer Website, the “new vs. returning user” data point in its Chartbeat dashboard will not be accurately reported. If you choose to remove Chartbeat cookies, please refer to the documentation for your browser.

    4. Disabling cookies.

      Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. If you disable cookies, you will not be able to use the Service.

    5. For our European Customers where the EU ePrivacy Directive applies:

      Chartbeat uses two cookies. One cookie (_chartbeat2) is used to register whether a user has visited the Customer Website before (to calculate “new vs returning” users). The other (_SUPERFLY_nosample) is used only if a Customer exceeds its plan’s traffic limit. When the traffic limit is reached the cookie is set and will disable the beacon from that Customer for one hour. The chartbeat2 cookie will remain valid as to any given website visitor or user, until the user elects to disable it. The SUPERFLY_nosample cookie is valid for one hour.


  8. LINKS TO THIRD PARTY WEBSITES.

    Our Site may contain links to third party websites. Please be aware that We are not responsible for the privacy practices of third party websites you choose to visit. If you provide any personal information directly to parties other than Us, different rules may apply to the use or disclosure of that personal information. We encourage you to investigate and ask questions before disclosing your personal information to third parties.


  9. THIRD PARTY ADVERTISERS.

    We may choose to deploy advertising on the Site and Service that is delivered to users through a third party's advertising server. Information about users' visits to Our Site or use of our Service, such as the number of times a user has viewed an ad (but no personal information of the user), would be used in such a scenario to serve ads to users of Our Site and Service.


  10. VOLUNTARY PUBLIC DISCLOSURE OF PERSONAL INFORMATION.

    Please be aware that whenever one voluntarily discloses personal information online - e.g., on message boards, in chat areas, in file uploads, through events, etc. - that information becomes public and can be collected and used by others and indexed in search engines. We have no control over, and take no responsibility for, the use, storage or dissemination of such publicly disclosed personal information. By posting personal information online in public forums, users may receive unsolicited messages from other parties.

    If you log on to our Site or Service through a social networking site (e.g., Facebook or Twitter), we may receive personal or anonymous data about you from that site, in accordance with the terms of use and privacy policy of that site. We may add this information to the information we have already collected from you via the Site or Service.


  11. PRIVACY PROTECTION FOR CHILDREN.

    In compliance with the Children's Online Privacy Protection Act (COPPA), We do not knowingly provide access to the Service to persons under the age of thirteen (13). If We learn that any user of the Service is under the age of thirteen (13), We will take appropriate steps to remove that user's information from our records and We will restrict that individual from future access to the Service.


  12. SECURITY.

    We have implemented security measures to protect user information from loss, misuse and alteration. We use industry-standard practices such as encrypted storage, firewalls and password protection systems to safeguard the confidentiality of personal information which is collected and used in accordance with this Privacy Policy. Each of Our employees and agents are aware of Our security policies; personal information is only available to those employees and agents who need it to perform their jobs.


  13. STORAGE OF PERSONAL INFORMATION

    We process all personal information in facilities in the United States. Personal information is either collected in the United States, obtained through websites which are hosted in the United States, or transferred to the United States from websites which are hosted outside of the United States.

    Regardless of where the personal information comes from, it is subject to this Privacy Policy and receives the same level of privacy protection as described herein.


  14. INTERNATIONAL USERS
    1. EU-US Privacy Shield Framework (the "Privacy Shield")

      Chartbeat complies with the Privacy Shield, as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information which Chartbeat receives from European Union member countries. Chartbeat has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Chartbeat’s certification, please visit https://www.privacyshield.gov/

      Chartbeat is subject to the investigatory and enforcement powers of the Federal Trade Commission in respect of any failure to comply with the Privacy Shield.

    2. U.S. – Swiss Safe Harbor Framework

      Chartbeat also complies with the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. Chartbeat has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor/


  15. CONTACT US
    1. General

      If you have any questions or complaints about how we use your personal information, or if you would like to request access to your information in accordance with this Privacy Policy, please contact Chartbeat's Chief Technology Officer at privacy@chartbeat.com, or Chartbeat, Inc. at 826 Broadway, 6th Floor, New York, New York 10003.

      Complaints under the Privacy Shield Principles

      We follow internal procedures for verifying that Our commitments under this Privacy Policy have been implemented, and will remedy problems arising out of a failure to comply with this Privacy Policy, and (if applicable) the Privacy Shield Principles.

      In compliance with the Privacy Shield Principles (where applicable), we commit to resolve complaints about your privacy and our collection or use of your personal information (without charge to you). European Union individuals with inquiries or complaints regarding this privacy policy should first contact Chartbeat at privacy@chartbeat.com.

      We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus.

      If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Us, you may contact the BBB EU PRIVACY SHIELD program by visiting www.bbb.org/EU-privacy-shield/for-eu-consumers/.

      Provided certain conditions are met, you may also be entitled to invoke binding arbitration before a Privacy Shield Panel for residual claims about whether Chartbeat has violated its obligations to you under the Privacy Shield, and if that violation remains fully or partially unremedied.

    2. Complaints under the Swiss Safe Harbor Principles

      In compliance with the US-Swiss Safe Harbor Principles, Chartbeat commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Chartbeat at: privacy@chartbeat.com.

      Chartbeat has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.