Last Updated: February 13, 2024
TABLE OF CONTENTS
PART I. GENERAL INFORMATION
1.1 OUR COMMITMENT TO PRIVACY
1.2 INTRODUCTION TO BRAZE
Braze is a U.S. company, headquartered in New York, with global operations. A reference to “Braze,” “we,” “us” or the “Company” is a reference to Braze, Inc. and the relevant affiliate(s) involved in the processing activity.
Braze is a life-cycle engagement platform for companies around the world, supporting stronger relationships between brands and their clients, primarily by leveraging first party data to personalize and automate life-cycle marketing campaigns through first party channels, such as email, SMS, mobile and web push notifications, and in-app/in-browser messaging.
More information about Braze can be found at www.braze.com.
Our Japanese website can be found at https://www.braze.co.jp/.
1.3 SCOPE OF THIS POLICY
What is in Scope?
What is not in Scope?
Our Websites and Services are intended to be used by businesses and their representatives. We do not offer any products or services to individuals for personal, family or household use. All Personal Data that we process is treated as belonging to individuals in a business capacity.
PART II. DATA COLLECTION AND USE
2.1 DATA COLLECTION
The Personal Data that Braze collects will be determined by your interaction with Braze, our partners, Braze publications and other sources.
How and where do we collect data?
Braze collects Personal Data from prospects, customers, participants at our trainings, certifications and events, business partners and vendors (if they are natural persons), their respective employees, advisors, and/or consultants, along with the data of whomever our customers have authorized to use the Braze services (the “Services”) on their behalf (collectively, “Individuals”), who:
- Visit our websites (the “Websites”);
- Visit our offices;
- Receive/send communications from/to us, including via mail, email, phone call, Slack, chat features of our Websites, support tickets or texts;
- Use our Services as an authorized user (for example, an employee of one of our customers who has been given a log-in to access our Services);
- Register for, attend and/or otherwise take part in our events, webinars, contests, trainings and certification courses;
- Download or otherwise engage with Braze content and publications, such as viewing our videos, reading content on our Websites, or interacting with our chat bot;
- Submit requests for an action, support or information;
- Participate in recorded meetings or events;
- Engage with our resellers or partners; or
- Work at partners or suppliers of Braze and interact with our company in the course of doing business or contemplating doing business with us.
Braze collects Personal Data from a variety of sources, such as from:
- The Individual who is the subject of such Personal Data, including in their use of the Websites and the Services;
- Publicly available sources, such as an individual’s social media account, online communities, forums, blogs or chat rooms;
- Our business partners;
- Vendors; and
- Braze affiliates.
What type of data do we collect?
Personal Data that we may collect includes, but is not limited to:
- Name and job title;
- Contact information such as email address, business phone number, and business address;
- Marketing subscription status;
- Audio and video recordings of meetings, event attendance and preferences associated with in person event attendance such as dietary preferences;
- Trainings and certifications;
- Downloads or engagement with Braze reports and other publications;
- Communications that we exchange with you, including when you contact us with questions or feedback, through the support portal, email, calls to our support team, our chat features, social media, survey participation, or otherwise;
- Certain information in connection with the use of the Websites by visitors and the Services by authorized users, and information about your interaction with other relevant third-party pages displaying Braze content, which may include:
- Device Data: information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, and operating system and system configuration information; and
- Usage Data: information, such as activity on the Websites and Services, the pages and files viewed, conversations through our chat features, searches, account configuration information and date/time stamps associated with your usage.
2.2 PURPOSES OF PROCESSING
Braze collects Personal Data for several purposes, including:
- Enabling us to understand and engage with those who are interested in learning about our products, services, content, and company-related initiatives;
- Promoting the security of our Websites and Services by tracking use of our Websites and Services, enforcing our terms and policies, investigating and preventing fraudulent, suspicious or illegal activities, and preventing unauthorized access to the Services;
- Providing, operating, and maintaining the Services including billing and account management purposes;
- Responding to requests for action, support or information;
- Complying with our contractual obligation to provide technical and customer success support;
- Registering office visitors to maintain the security of our offices and to ensure the confidentiality of our business activities;
- Analyzing our customers' use of the Services and Websites for trend monitoring, marketing, advertising, business development, for improvements, for security purposes and to ensure continued proper functioning;
- Marketing purposes;
- To send marketing communications about us and our affiliates and partners, including information about our products, promotions or events via email and other channels;
- To facilitate targeted advertising campaigns;
- To send marketing communications about us and our affiliates and partners, including information about our products, promotions or events via email and other channels;
- For internal training and research;
- Sending messages to the users of our Services with respect to technical alerts, updates, security notifications, and educational, administrative or transactional communications; and
- Complying with legal obligations, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.
Where we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to comply with our legal obligations or perform our contract with you.
If you provide us with Personal Data relating to another person, you confirm that you have informed them of our identity, the purposes (as set out above) for which their Personal Data will be used, and that you have obtained their consent prior to sharing their Personal Data with us.
2.3 SHARING AND DISCLOSURE OF INFORMATION TO THIRD PARTIES
We may share with, and disclose Personal Data to the following types of third parties and for the following purposes:
- Braze Affiliates - We may disclose Personal Data to Braze corporate group affiliates in connection with customer or technical support, marketing, business development, operations, account management, events or webinars, for general business purposes, in order to protect, exercise, establish or defend legal rights, where we are legally required to do so and to receive professional advice.
- Vendors – We may disclose Personal Data to third party vendors and service providers for general business purposes and to support our internal operations, including IT solutions vendors, marketing vendors, advertising vendors, consultants, professional advisers acting as processors or controllers, including lawyers, bankers, auditors and insurers. We may also disclose Personal Data where we believe it necessary in order to protect or exercise, establish or defend our legal rights.
- Shared Communities - Any Personal Data or other information you choose to submit in communities, forums, blogs or chat rooms on our Websites may be read, collected and used by others who visit these forums, depending on your account settings.
- Law Enforcement - We may disclose Personal Data to a third party where we are legally required to do so in order to comply with any applicable law, regulation, legal process or governmental request, including government authorities, law enforcement and others.
- Corporate Transaction Participants - We may share or transfer Personal Data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
PART III. INTERNATIONAL TRANSFERS, SECURITY AND DATA RETENTION
3.1 PROCESSING OF PERSONAL DATA IN THE U.S. AND ELSEWHERE
Braze, Inc. is located in the United States ("U.S.") and our group companies operate in Singapore, Germany, Japan, Canada, France, Australia, Indonesia, the United Kingdom ("UK"), and Ireland. Braze works with vendors and partners who operate predominantly in these countries. From time to time, we may work with vendors and partners in other parts of the world where we do business. This means that when we collect your Personal Data, we may process it in any of these countries. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective), but we have in place appropriate safeguards and international transfer mechanisms (e.g., the Data Privacy Framework or the EU Standard Contractual Clauses). We also implement a number of supplementary measures designed to better protect the Personal Data with which we are entrusted.
Where available, Braze, Inc. complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union, the UK and Switzerland, as applicable, to the US in reliance on the Data Privacy Framework. Please visit our Data Privacy Framework Notice for further information.
For non-US transfers, Braze may rely on an alternative transfer mechanism, including the 2021 EU Standard Contractual Clauses, to transfer Personal Data from the UK and European Economic Area ("EEA") to other third party countries.
We use a number of technical, organizational and administrative security measures designed to protect the security, confidentiality and integrity of information. However, security risk is inherent in internet and information technologies and we cannot guarantee the security of your Personal Data.
3.3 DATA RETENTION
We will retain Personal Data we collect from you for so long as we have an ongoing legitimate business need to do so (in connection with the purposes set out in Part II above). We determine the appropriate retention period for Personal Data on the basis of the purpose for which we process the Personal Data, the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation). When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it.
PART IV. YOUR PRIVACY RIGHTS
4.1 EXERCISING YOUR PRIVACY RIGHTS
You may have the right under applicable law to request that we take certain actions in connection with Personal Data that we may have about you. Not all jurisdictions grant privacy rights, so whether or not you have any such rights, and the nature of those rights, are determined by multiple factors, including your location, country, state, or place of residence. Privacy rights may include the following:
- Information: You may be able to request information about the categories of Personal Data we collect, the categories of sources from which we collect it, the purposes for which we process it, and the categories of third parties to whom we disclose it.
- Access: You may be able to request access to the Personal Data we hold about you.
- Rectification/correction: You may be able to request modification or correction of your Personal Data if it is inaccurate or incomplete.
- Erasure/deletion: You may be able to request that we delete Personal Data we hold about you.
- Restriction: You may be able to request that we restrict use of your Personal Data.
- Objection: You may be able to object to the processing of your Personal Data for direct marketing or where our legal basis for the processing is our legitimate interest.
- Portability: You may be able to request a copy of your Personal Data in a structured, commonly used, machine-readable format, to allow you to transfer your data to another provider.
- Automated Decision Making: You may be able to request not to be subject to a decision based solely on automated processing, where it produces a legal or similar effect.
If you wish to exercise any of these requests, please fill out this form. We will respond to requests from individuals wishing to exercise data protection rights applicable to them. For certain rights, such as where you request access to Personal Data, we will need to confirm your identity. To verify your identity, we will require you to provide ID, where permitted or required by applicable law. You also have the right to exercise your applicable privacy rights free from discriminatory treatment and retaliation as prohibited by applicable law. These rights are not absolute, and in certain cases we may decline or partially decline your request as permitted by law.
You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local supervisory authority. If you have a question about your privacy rights, please email us at [email protected].
4.2 PRIVACY RIGHTS AND BRAZE CUSTOMERS
Braze customers may collect Personal Data through their websites or applications and send that data to the Braze Services. Where you wish to enforce any of your rights in respect of such data, we encourage you to contact the customer who provides you with the Customer Application, as this will be the quickest way to have your request processed. Where you submit a request about a Braze customer and you are able to identify the customer, we forward your request to the customer to handle.
4.3 MARKETING COMMUNICATIONS
You have the right to opt-out of any marketing communications that we send you at any time. You can exercise this right by visiting the Braze Preference Centre, or by using the contact details provided under the “How to Contact Us” heading below.
Authorised users of the Services may exercise this right through setting options available within the Services.
Where applicable, you may also opt-out through unsubscribe options available within the marketing communication itself.
Please note that opting-out of the receipt of marketing communications from us does not opt you out of receiving important business communications related to your current relationship with us, such as communications about event registrations, service announcements or security information.
4.5 CHAT TECHNOLOGIES
PART V. LEGAL BASIS FOR PROCESSING PERSONAL DATA
If you are from a region that requires us to have a legal basis for processing your Personal Data, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
However, we will normally collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
PART VI. IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS
- To information exempted from the scope of the CCPA;
- To Personal Information we collect, use, and share on behalf of our customers as a "service provider" under the CCPA for purposes of providing our Services to them.
6.1 YOUR CALIFORNIA PRIVACY RIGHTS
As a California resident, you have information, access, rectification/correction, erasure/deletion, and non-discrimination rights as described in Part IV (Your Privacy Rights). In addition, you have the right to opt-out of the “sale” or “sharing” of Personal Information as those terms are defined by the CCPA.
If you have appointed an authorized agent to act on your behalf, your authorized agent may request to exercise these rights on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to applicable California law. If you have not provided your agent with such a power of attorney, we may ask you and/or your agent to take additional steps permitted by law to verify that your request is authorized, such as information required to verify your identity and that you have given the authorized agent permission to submit the request.
6.2 CATEGORIES OF PERSONAL DATA THAT WE COLLECT AND THIRD PARTIES WITH WHOM THE DATA MAY BE SHARED
The following chart describes our practices currently in use and in use during the past 12 months. This chart summarizes the Personal Information we collect by reference to the statutory categories specified in the CCPA, and the categories of third parties to whom we may disclose it for a business purpose. These third parties are defined in Section 2.3 (Sharing and Disclosure of Information to Third Parties). Information you voluntarily provide to us, such as in free-form webforms or via email, may contain other categories of Personal Information not described below. The business/commercial purposes for which we use these categories of Personal Information listed in the below table are described above in Section 2.2 (Purposes of Processing). Our relevant data retention practices are addressed in Section 3.3 (Data Retention).
CATEGORY OF PERSONAL INFORMATION AS DEFINED IN THE CCPA
*The categories of data set forth below appear in the CCPA but are not necessarily collected by Braze.
PERSONAL INFORMATION WE MAY COLLECT
SOURCE OF YOUR PERSONAL INFORMATION
THIRD PARTIES WITH WHOM WE MAY SHARE PERSONAL INFORMATION
Identifiers are defined by the CCPA to include real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
Protected Classification Characteristics are defined by the CCPA to include age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
We do not intentionally collect this data, but certain characteristics may be revealed in identity data or other information we collect or you may volunteer such information.
Commercial information is defined by the CCPA to include records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Internet or other electronic network activity information is defined by the CCPA to include browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.
Audio, electronic, visual, thermal, olfactory, or similar information
Professional or employment-related information
Education information that is not publicly available
Sensitive information is defined by the CCPA to include social security number, driver’s license number, state ID card number, passport number, log-in, financial account number, debit card or credit card number in combination with any required security or access code, password or credentials allowing access to an account, precise geolocation, racial or ethnic origin, religious or philosophical beliefs or union membership, the content of a person’s mail, email or text message (unless Braze is the intended recipient), genetic data.
Inferences are defined by the CCPA to include information drawn from data to create a profile about a person reflecting the person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
6.3 THE SALE AND SHARING OF PERSONAL INFORMATION
Like many companies, Braze uses services that employ cookies and other technologies to collect Personal Information (including the identifiers and internet activity information described in the table above) about your use of our Websites and other online services over time, which helps us to deliver targeted ads. In addition, we may share your contact details with our advertising vendors for the placement of targeted ads. Our use of some of these services may constitute the “sale” or “sharing” of Personal Information as defined under the CCPA to/with third party advertisers. You may opt-out of such sales or sharing by clicking on the “Do Not Sell or Share my Personal Information” link in the footer of our Websites. Alternatively, you may opt out of advertising cookies by visiting our Cookie Consent Manager or by enabling Global Privacy Control ("GPC") in your web browser or browser extension, which we recognize to the extent required by applicable law. Enabling GPC will automatically set your cookie settings to opt out of the sharing of Personal Information for behavioral advertising. If you choose to use GPC, you will need to turn it on for each supported browser or browser extension you use. Other than GPC, we do not recognize any "do not track" signals.
Authorised users of the Services can opt-out of such selling or sharing through setting options available within the Services.
While our Website and Services are not directed to children under the age of 16, we are required to inform you that we have no actual knowledge that we have sold or shared the Personal Information of California residents under 16 years of age.
6.4 SENSITIVE PERSONAL INFORMATION AND DE-IDENTIFIED DATA
Braze does not use or disclose Sensitive Personal Information (as defined by the CCPA) for restricted purposes that California residents have a right to limit under the CCPA.
We do not to attempt to re-identify de-identified information that we derive from Personal Information, except for the purpose of testing whether our deidentification processes comply with applicable law.
PART VII. IMPORTANT INFORMATION FOR JAPANESE VISITORS
7.1 PERSONAL DATA SHARING
Braze K.K. (“Braze Japan”) may share your Personal Data with Braze group affiliates and other third parties for the purposes described in Section 2.3 (Sharing and Disclosure of Information to Third Parties). A list of the Braze office locations may be found on our Website. The categories or items of the Personal Data that Braze Japan may share with a third party are the same as those described in Section 2.1 (Data Collection). When Braze Japan shares your Personal Data with entrusted third parties, Braze Japan shall be the entity that is responsible for processing and managing your Personal Data.
7.2 BRAZE JAPAN’S INFORMATION
PART VIII. OTHER IMPORTANT INFORMATION
Our Websites are not directed to individuals under the age of 16. We do not knowingly collect Personal Data from such individuals without parental consent and require our customers to fully comply with applicable law in the data collected from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in the “How to Contact Us” section, below, and we will take steps to delete such Personal Data from our systems.
8.3 HOW TO CONTACT US
- If you would like to update your preferences with regards to our marketing communications to you, you can do this in our Preference Centre.
- If you have a request regarding Braze’s processing (e.g., access, update or deletion) of your Personal Data, please complete this Form.
- If you would like to manage your cookie settings you may do so by visiting our Cookie Consent Manager.
Attention: General Counsel
330 West 34th Street, 18th Floor
New York, NY 10001