Data Privacy Framework Notice
Effective September 1, 2023
Braze, Inc. (“Braze”, “we”, “us”, “our”) complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the United Kingdom and Switzerland, as applicable, to the United States in reliance on the Data Privacy Framework (“Personal Data”). We have certified to the Department of Commerce that we adhere to the Data Privacy Framework Principles (the "Principles"). You can learn more about the Data Privacy Framework program here and you can view our certification here.
Scope of this Notice
Our compliance with the Data Privacy Framework also applies to Personal Data that we process on behalf of our business customers in the course of providing our services to them (“Customer Personal Data”). As Braze is a customer engagement platform used by businesses for multichannel marketing, the Customer Personal Data that our customers entrust to us for processing includes information about their own customers, including contact information, device information, and information concerning consumer engagement. Braze processes Customer Personal Data to provide our services to our customers and otherwise carry out their instructions.
Third party transfers
Inquiries and complaints
If Braze cannot resolve your complaint, where required by law, we will cooperate with the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office and the Swiss Federal Data Protection and Information Commissioner with regard to your unresolved complaint concerning our handling of your Personal Data.
If neither Braze nor the relevant panel can resolve your complaint, you may be able to invoke binding arbitration, in accordance with the Data Privacy Framework requirements, through the Data Privacy Framework Panel. For more information on this option, see Annex I of the Principles.
Enforcement and compelled disclosure
Braze is subject to the investigatory and enforcement powers of the Federal Trade Commission. In addition, Braze may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Effective date and amendment of this Notice
Until they take effect, Braze will not rely on the UK Extension to the EU-U.S. Data Privacy Framework or the Swiss-U.S. Data Privacy Framework, but we adhere to their required commitments in anticipation that they will.
This Notice may be amended or modified from time to time consistent with the Data Privacy Framework. If there is any conflict between the terms in this Notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.