Legal


Privacy Policy


Last Updated: July 2021

TABLE OF CONTENTS

PART I. GENERAL INFORMATION

1.1 OUR COMMITMENT TO PRIVACY

1.2 INTRODUCTION TO BRAZE

1.3 SCOPE OF THIS POLICY

PART II. DATA COLLECTION AND PURPOSES OF PROCESSING

2.1 DATA COLLECTION

2.2 PURPOSES OF PROCESSING

2.3 SHARING AND DISCLOSURE OF INFORMATION TO THIRD PARTIES

PART III. INTERNATIONAL TRANSFERS, SECURITY AND DATA RETENTION

3.1 PROCESSING OF PERSONAL INFORMATION IN THE U.S. AND ELSEWHERE

3.2 SECURITY

3.3 DATA RETENTION

PART IV. YOUR PRIVACY RIGHTS

PART V. IMPORTANT INFORMATION FOR EEA AND UK VISITORS

PART VI. IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS

6.1 YOUR CALIFORNIA PRIVACY RIGHTS.

6.2 HOW TO EXERCISE YOUR RIGHTS

6.3 PERSONAL INFORMATION THAT WE COLLECT, USE AND SHARE

PART VII. OTHER IMPORTANT INFORMATION

7.1 CHANGES TO OUR PRIVACY POLICY

7.2 CHILDREN

7.3 HOW TO CONTACT US

PART I. GENERAL INFORMATION

1.1 OUR COMMITMENT TO PRIVACY

Your privacy is important to us and maintaining your trust is one of our highest priorities. This Privacy Policy provides you with a description of how we collect and use personal data. We also provide information on privacy rights, how to exercise these rights and how to contact us with any questions.

1.2 INTRODUCTION TO BRAZE

Braze is a U.S. company, headquartered in New York, with global operations. A reference to “Braze,” “we,” “us” or the “Company” is a reference to Braze, Inc. and the relevant affiliate(s) involved in the processing activity.

Braze is a life-cycle engagement platform for companies around the world, supporting stronger relationships between brands and their clients, primarily by leveraging first party data to personalize and automate life-cycle marketing campaigns through first party channels, such as email, SMS, mobile and web push notifications, and in-app/in-browser messaging.

More information about Braze can be found at www.braze.com.

Our Japanese website can be found at https://www.braze.co.jp/.

1.3 SCOPE OF THIS POLICY

What is in Scope?

This Privacy Policy applies to Braze, where we determine the purposes and means of the processing of Personal Data for our recruitment, marketing or business purposes (further details below) and in such capacity, we will use the term “Data Controller”.

What is not in Scope?

Braze’s privacy commitments to its customers, where we process personal data on behalf of our customers, are outlined in Braze’s agreements with such customers. In our capacity as a processor of our customers’ data, we will refer to ourselves as a “Data Processor.” Specifically, in that capacity, Braze processes personal data of people who interact with customer applications or websites that are offered by our customers and that have incorporated Braze technology (“Customer Applications”). The protections that apply to such personal data will be described in the individual privacy policies of those customers, and not in this Privacy Policy. If you wish to learn more about the privacy and data security practices of those customers you should reach out to them directly. For clarity, this Privacy Policy does not cover any personal data that our customers choose to collect and share with Braze, where Braze is not the Data Controller, but is instead a Data Processor.

Braze also hosts Braze Alloys, which is an online marketplace for on-demand web applications that are provided by third parties (see here). Because the partners listed on Braze Alloys are third parties, this Privacy Policy does not apply to their collection or use of Personal Data.

Additionally, our Websites or Services (as defined below) may contain links to other websites, applications and services maintained by third parties. The privacy and data security practices of such third-party sites are governed by the privacy statements of those third parties, and not by Braze.

PART II. DATA COLLECTION AND USE

2.1 DATA COLLECTION

The Personal Data that Braze collects will be determined by your interaction with Braze, our partners, Braze publications and other sources.

How and where do we collect data?

Braze collects personal data relating to or identifying individuals (“Personal Data”) from job candidates, prospects, customers, participants at our trainings, certifications and events, business partners and vendors (if they are natural persons), their respective employees, advisors, and/or contractors, along with the data of whomever our customers have authorized to use the Braze services (the “Services”) on their behalf (collectively, “Individuals”), who:

  • Visit our websites (the “Websites”);
  • Visit our offices;
  • Receive communications from us, including mail, emails, phone calls or texts;
  • Use our Services as an authorized user (for example, an employee of one of our customers who has been given a log-in to access to our Services);
  • Register for, attend and/or otherwise take part in our events, webinars, contests, trainings and certification courses;
  • Download or otherwise engage with Braze content and publications;
  • Submit requests for an action, support or information;
  • Participate in recorded meetings or events;
  • Apply to work with us, view or share job postings by Braze; or
  • Work at partners or suppliers of Braze and interact with our company in the course of doing business or contemplating doing business with us.

Braze collects Personal Data from a variety of sources, such as from:

  • the Individual who is the subject of such Personal Data,
  • publicly available sources (such as an Individual’s Social Media account),
  • our business partners or vendors, and
  • Braze affiliates.

What type of data do we collect?

Personal Data that we may collect includes but is not limited to:

  • name, email address and job title,
  • industry,
  • employer,
  • CV/resume and work history, education, interests, professional references,
  • marketing subscription status,
  • audio and video recordings of meetings, event attendance,
  • trainings and certifications
  • downloads or engagement with Braze reports and other publications,
  • content of requests for action, support or information,
  • certain information in connection with the use of the Websites by visitors and information about your interaction with other relevant third-party pages displaying Braze content; these will also include:
  • Device Data: information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier
  • Usage Data: information, such as the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage.

Our Websites and our Services may use cookies and/or other tracking technologies. To read more about the cookies and tracking technologies we use, please visit our Cookie Policy. You can manage your cookie consent preferences by visiting our Cookie Consent Manager.

2.2 PURPOSES OF PROCESSING

Braze collects Personal Data for several purposes, including:

  • Enabling us to understand and engage with those who are interested in learning about our products, services, content, and company-related initiatives;
  • Promoting the security of our Websites and Services by tracking use of our Websites and Services, enforcing our terms and policies, investigating and preventing fraudulent, suspicious or illegal activities, and preventing unauthorized access to the Services;
  • Providing, operating, and maintaining the Services including billing and account management purposes;
  • Responding to requests for action, support or information;
  • Complying with our contractual obligation to provide technical and customer success support;
  • Registering office visitors to maintain the security of our offices and to ensure the confidentiality of our business activities;
  • Analyzing our customers' use of the Services and Websites for trend monitoring, marketing, advertising, for improvements, for security purposes and to ensure continued proper functioning;
  • To send marketing communications about us and our affiliates and partners, including information about our products, promotions or events;
  • For internal training and research;
  • Sending messages to the users of our Services with respect to technical alerts, updates, security notifications, and educational and administrative communications;
  • Recruiting, interviewing, evaluating and hiring job candidates including having oversight of interactions with our job postings on our Websites, third-party social media platforms and recruitment systems; and
  • Complying with legal obligations, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.

Where we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to comply with our legal obligations or perform our contract with you.

If you provide us with Personal Data relating to another person, you confirm that you have informed them of our identity and the purposes (as set out above) for which their Personal Data will be used and that you have obtained their consent prior to sharing their information with us.

2.3 SHARING AND DISCLOSURE OF INFORMATION TO THIRD PARTIES

We may share and disclose Personal Data to the following types of third parties and for the following purposes:

  • General Business Purposes - We may disclose information to Braze corporate group affiliates, consultants, third-party vendors and other service providers, in connection with customer or technical support, marketing, recruiting, operations, account management, and general business purposes.
  • Compliance with Laws – We may disclose information to a third party where we are legally required to do so in order to comply with any applicable law, regulation, legal process or governmental request;
  • Protection of our legal rights – We may also disclose information where we believe it necessary in order to protect or exercise, establish or defend our legal rights;
  • Business Transfers – We may share or transfer information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company;
  • Managing Events – If you use our Websites to register for an event or webinar organized by one of our partners, we may share your Personal Data with these partners to process your registration and ensure your participation in the event; in such instances, our partner will process the relevant Personal Data as a separate controller and the partner’s use and control over your Personal Data will be governed by their privacy policy;
  • Receiving Professional Advice – In individual instances, we may share Personal Data with professional advisers acting as processors or joint controllers, including lawyers, bankers, auditors and insurers based in countries in which we operate, who provide consultancy, banking, legal, insurance and accounting services, but only to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Data;
  • Publicly shared data – Any Personal Data or other information you choose to submit in communities, forums, blogs or chat rooms on our Websites may be read, collected and used by others who visit these forums, depending on your account settings.

PART III. INTERNATIONAL TRANSFERS, SECURITY AND DATA RETENTION

3.1 PROCESSING OF PERSONAL INFORMATION IN THE U.S. AND ELSEWHERE

Our Website servers are located in the United States, and our group companies and third-party service providers and partners operate in the United States, Singapore, Germany, Japan and the United Kingdom. This means that when we collect your Personal Data, we may process it in any of these countries. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective), but we have in place appropriate safeguards and international transfer mechanisms (e.g., EU Standard Contractual Clauses). We also provide a number of supplementary measures designed to better protect the Personal Data that we are entrusted with.

Notwithstanding the fact that it has been held to no longer provide a valid mechanism for transfers of Personal Data from the EU to the U.S., Braze continues to comply with and self-certify to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union, the United Kingdom and Switzerland to the United States. Braze has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. Braze is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In connection with onward transfers, Braze has responsibility for the processing of Personal Data that it receives under the Privacy Shield and subsequently transfers to any third party who is acting as an agent on Braze’s behalf. Braze will remain responsible under the Privacy Shield Principles if any such agent processes such Personal Data in a manner that is inconsistent with those Principles, unless Braze can provide evidence that it is not responsible for the event giving rise to the damage. In compliance with the Privacy Shield Principles, Braze commits to resolve complaints about our collection or use of your Personal Data. EU, UK and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Braze at:

privacy@braze.com
Braze Privacy Policy Issues
330 West 34th Street, 18th Floor
New York, NY 10001
USA

Braze has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints regarding Personal Data transferred from the EU, the United Kingdom and Switzerland. Under certain circumstances, individuals may be able to invoke binding arbitration, in accordance with the Privacy Shield requirements. In addition, as a U.S.-based company, Braze may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

3.2 SECURITY

We use technical, organizational and administrative security measures designed to protect the security, confidentiality and integrity of information.

3.3 DATA RETENTION

We will retain Personal Data we collect from you for so long as we have an ongoing legitimate business need to do so (in connection with the purposes set out in Part II above). We determine the appropriate retention period for Personal Data on the basis of the purpose for which we process the Personal Data, the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

PART IV. YOUR PRIVACY RIGHTS

You may have the following privacy rights:

  • If you wish to access, correct, update or request deletion of your Personal Data, you can do so at any time by contacting us through this FORM (which will ask from you information necessary for us to process your request) or by using the contact details provided under the “How to contact us heading below. We provide additional information below for California residents who wish to submit access or deletion requests.
  • In addition, if you are a resident of the EEA or the United Kingdom, you can object to processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data. Again, you can exercise these rights by contacting us through this FORM (which will ask from you information necessary for us to process your request) or by using the contact details provided under the How to contact us heading below. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"). Automated Decision-Making currently does not take place on our Websites or in our Services;
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” link in the marketing communications we send you, by going to our Preference Center, or by using the contact details provided under the How to contact us heading below. Please note that opting-out of the receipt of marketing communications from us does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions or event registrations, service announcements or security information.
  • If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local supervisory authority.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Where you wish to enforce any of these rights in respect of our Services, you should contact the customer who provides you with the Customer Application.

If you have a question about your privacy rights, please email us at privacy@braze.com

PART V. IMPORTANT INFORMATION FOR EEA AND UK VISITORS

If you are a visitor to our Websites from the EEA or the United Kingdom, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

However, we will normally collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.

If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us through this FORM (which will ask from you information necessary for us to process your request) or by using the contact details provided under the How to contact us heading below.

PART VI. IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS

This section applies only to California residents. It describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this Part VI, Personal Information has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”). However, this Statement does not apply:

  • To information exempted from the scope of the CCPA;
  • Except as required by the CCPA, to Personal Information we collect from individuals acting in their capacities as representatives of organizations solely in the context of conducting due diligence regarding, or providing or receiving a product or service to or from, such organizations; or
  • To Personal Information we collect, use, and share on behalf of our customers as a "service provider" under the CCPA for purposes of providing our services to them.

6.1 YOUR CALIFORNIA PRIVACY RIGHTS.

As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

  • Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
  • The categories of Personal Information that we have collected.
  • The categories of sources from which we collected Personal Information.
  • The business or commercial purpose for collecting and/or selling Personal Information.
  • The categories of third parties with whom we share Personal Information.
  • Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third-party recipient.
  • Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third-party recipient.
  • Deletion. You can ask us to delete the Personal Information that we have collected from you.
  • Non-discrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services, increasing the price/rate of services, decreasing service quality, or suggesting that we may penalize you as described above for exercising your rights.

6.2 HOW TO EXERCISE YOUR RIGHTS

You can request to exercise your information, access and deletion rights by visiting our Preference Center or by using the contact details provided under the “How to contact us heading below. We will need to confirm your identity and California residency to process your information, access or deletion requests, and we reserve the right to confirm your California residency. Government identification may be required. Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity, and provide us with confirmation that you have given the authorized agent permission to submit the request.

6.3 PERSONAL INFORMATION THAT WE COLLECT, USE AND SHARE

The chart below summarizes the Personal Information we collect by reference to the statutory categories specified in the CCPA, and how we use and share it. It describes our practices as of, and during the 12 months preceding, the ‘last updated’ date of this Privacy Policy.

STATUTORY CATEGORY (including statutory definition)

WHAT WE COLLECT

SOURCE

Commercial Information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

· Data about what an individual has purchased from Braze (including tickets to Braze-sponsored events)

· Data about publications, content and events where an individual has attended webinars or events or viewed or downloaded content.

You

Braze

Affiliates

Data providers

Identifiers. Real name, alias, postal address, unique personal identifier, customer number, email address, account name, social security number, driver’s license number, passport number or other similar identifiers.

· Real name

· Alias

· Unique customer number (assigned randomly by Braze)

· Email address

· Account name

You

Braze

Inferences. The derivation of information, data, assumptions, or conclusions from any other category of Personal Information to create a profile about a person reflecting the person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

May be derived from your:

· Device Data (as described in Section 2.1

· Usage Data (as described in Section 2.1)

· Job title

· Company size

Braze

Data providers

Internet or Network Information. Browsing history, search history, and information regarding a person’s interaction with an Internet website, application, or advertisement.

Usage Data (as described in Section 2.1)

Automatic Collection

Online Identifiers. An online identifier or other persistent identifier that can be used to recognize a person, family or device, over time and across different services, including but not limited to, a device identifier; an Internet Protocol (IP) address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers (i.e., the identification of a person or a device to a degree of certainty of more probable than not) that can be used to identify a particular person or device.

· Device data (as described in Section 2.1)

· Unique customer number (assigned randomly by Braze)

Braze

Data providers

Professional or Employment Information. This term is not defined in the CCPA, but likely includes any information relating to a person's current, past or prospective employment or professional experience (e.g., job history, performance evaluations).

· Current company

· Current job title

· Industry

You

Data Providers

Audio, electronic, visual, thermal, olfactory, or similar information.

Audio and video recordings.

You

Braze

Protected Classification Characteristics. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

We do not intentionally collect this data, but certain characteristics may be revealed in identity data or other information we collect.

The business/commercial purposes for which we use these categories of Personal Information are described above in Section 2.2 (Use of Personal Data). The categories of third parties to which we these categories of Personal Information are described above in Section 2.3 (Sharing of Personal Data).

PART VII. OTHER IMPORTANT INFORMATION

7.1 CHANGES TO OUR PRIVACY POLICY

If we change our Privacy Policy, we will update the "Last Updated" date at the top of this webpage. We encourage you to review this Privacy Policy frequently to stay informed of the latest modifications.

7.2 CHILDREN

Our Services are not directed to individuals under the age of 16. We do not knowingly collect Personal Data from such individuals without parental consent and require our customers to fully comply with applicable law in the data collected from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in the “How to Contact Us” section, below, and we will take steps to delete such Personal Data from our systems.

7.3 HOW TO CONTACT US

  1. If you would like to update your preferences with regards to our marketing communications to you, you can do this in our Preference Center.
  2. If you have a request regarding Braze’s processing (e.g., access, update or deletion) of your Personal Data (other than setting up your preferences for our marketing communications, which you can do in our Preference Center), please complete this FORM.
  3. If you would like to manage your cookie settings you may do so by visiting our Cookie Consent Manager
  4. If you have any questions about this Privacy Policy, if you have a complaint, or would like to contact our DPO, you may contact us at:

privacy@braze.com
Braze Privacy Policy Issues
330 West 34th Street, 18th Floor
New York, NY 10001
USA