Last Updated: September 2018
Your privacy is important to us and maintaining your trust is one of our highest priorities. Braze collects personal information from members of the public who:
Braze is a U.S. company, headquartered in New York, with global operations. Braze is a life-cycle engagement platform for companies around the world ("our Customers"), supporting stronger relationships between brands and their clients, primarily by leveraging first party data to personalize and automate lifecycle marketing campaigns through first party channels, such as email, mobile and web push notifications, and in-app/in-browser messaging. In practical terms, this means that we collect information for our use or on behalf of our Customers to customize messages to such visitors (“you”), including marketing messages, that you may find useful and to help Braze and our Customers understand your marketing preferences. Braze acts as both a “Data Controller”, where we determine the purposes and means of the processing of personal information, and as a “Data Processor” where we process personal information on behalf of our Customers.
More information about Braze can be found at www.braze.com.
Where we act as a Data Processor to our Customers, we process the data collected through our Services only on behalf of our Customers, work strictly in accordance with their instructions as Data Controllers, and do not use any personal information for our own purposes.
Braze acts as a Data Controller with respect to the personal information it collects from visitors to its Website and from its customers.
Braze collects personal information from users of our Website for several purposes, including enabling us to understand who is interested in learning about our products, services, content, and company related initiatives. In addition, we capture communication preferences people want when engaging with our organization. In connection with those purposes, we collect and use the following types of personal information:
Where we need your personal information for any other purposes, it will be obvious from the circumstances as to the purposes for which we require that personal information from you.
If you provide us with personal information relating to another person, you confirm that you have informed them of our identity and the purposes (as set out above) for which their personal information will be used and that you have obtained their consent prior to sharing their information with us.
Braze also acts as a Data Controller with respect to contact information provided by the employees of our customers in the Braze Services dashboard who are users of the Braze Services. Braze may use that contact information to message users of the Braze Services to tell them about new releases, new functionality or services, training or other events being offered by Braze that may be of interest to users of the Braze Services, to provide important information about the Services (such as dates and times for scheduled maintenance), and for other purposes consistent with our ability to keep our customers informed about the Braze Services.
Braze processes personal information about you when we act as a Data Processor on behalf of our Customers, who act as Data Controllers. Braze does not choose the information that will be sent to it by its Customers and follows the instructions of its Customers in connection with the use of such information by Braze. This section provides more information about what we do on behalf of our Customers.
Our Customers may choose to collect within the Services information about you when you visit a Customer website or when you download and use a Customer Application on your computer or mobile device, and Braze technology has been integrated into that Customer Application or website. Braze technology will automatically track certain usage metrics involved with your use of that Customer Application (such as when you first used the Customer Application and when you last used it, the total number of sessions you have had on that Customer Application). We also automatically track certain device information (such as your language and locale preferences, your current time zone, wireless carrier and relevant device metadata). A detailed list of what information is automatically captured by the Braze technology can be found at https://www.braze.com/docs/user_guide/data_and_analytics/user_data_collection/overview/#user-data-collection.
We may process information about you that our Customers choose to share with us, that is collected by their Customer Applications or other digital properties, such as your email address, name, birthdate, and/or gender.
Usage information – Our Customers may ask us to track your activity and certain performance metrics in connection with your use of a Customer Application or other digital properties, for example if you have abandoned a shopping cart or if the Customer Application is a game, when you have completed a certain level of that game. Our Customers may send us information about your previous actions in their Customer Application or other digital properties, for example, information about how many times you have purchased items through their Customer Application, digital properties, stores, or elsewhere.
Information collected by tracking technologies – In connection with the Services that we provide to our Customers, we use various technologies to collect information on their behalf, which may include saving user identifiers and other cached data to offline browser storage, or offline storage on mobile devices. Please see the section entitled "Tracking Technologies" for further information on this topic.
Location information. The Braze technology may collect device location information from you if a Customer chooses to enable location services in connection with their digital properties, and you have granted our Customer permission to collect location information from your device, and then only if that Customer chooses to share that information with Braze. Location information is used to provide our Customers with information about the use of their digital properties and to enable our Customers to target messages to you based on your location.
Information sent to our Services by our Customers from other sources. When our Customers configure the Services to do so, the Braze technology may also retrieve or receive information from third parties used for authentication, or from data augmentation partners. From authentication providers such as Facebook and Twitter, we may process information such as your name, email address, gender, interests, platform specific user identifier, and contact information. Partners such as location information vendors or install attribution partners can be directed by our Customers to send your information to Braze.
We may use the information we collect from our Customers for a variety of reasons, including:
We may share and disclose information about our Customers and you to the following types of third parties and for the following purposes:
Specifically, our Website servers are located in the United States, and our group companies and third-party service providers and partners operate in the United States, Singapore and the United Kingdom. This means that when we collect your personal information as a Data Controller, we may process it in any of these countries. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective), but we will put in place appropriate safeguards, including certification to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce.
Braze stores our Customer’s data either in the United States or in the European Union at data centers run by third-party hosting providers. As Data Controllers, our Customers decide where they want their data stored and Braze, as a Data Processor, complies with our Customers’ instructions. Personal information stored in Braze’s EU data center may nonetheless be accessed in the United States in connection with the provision of technical and customer support. Where Braze uses sub-processors located in other jurisdictions, it will employ methods to validate the transfer of personal data to such jurisdictions from the United States in accordance with the requirements of applicable law.
318 West 39th Street, 5th floor
New York, NY 10018
Braze has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints regarding personal data transferred from the EU and Switzerland. Under certain circumstances, individuals may be able to invoke binding arbitration, in accordance with the Privacy Shield requirements. In addition, as a U.S.-based company, Braze may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We use technical, organizational and administrative security measures designed to protect the security, confidentiality and integrity of information. This is the case whether we are acting as a Data Controller (see Part II above) or as a Data Processor (see Part III above). In addition, each of our Customers will have its own technical, organizational and administrative security measures to protect the data it processes, including controls such as passwords and log-in credentials to manage its and its employees’ access to the Braze Services. It is our Customers' responsibility to assess the appropriateness of the security measures they have in place to protect any data that you provide to them.
When we act as a Data Processor for our Customers. Braze, as a Data Processor, will delete all personal information that it has received from its Customers from the Braze systems within sixty (60) days following the termination or expiration of the business relationship between Braze and its Customers.
When we act as a Data Controller with respect to information we collect on our Website. We retain personal information we collect from you when we are acting as a Data Controller where we have an ongoing legitimate business need to do so (in connection with the purposes set out in Part II above). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
When you visit our Website we may send one or more cookies to your browser. They enable us to store information about your device that is then used for matching certain other device-related information that we collect via the browser. This helps us, among other things, to provide you with a good experience when you browse our Website and also allows us to recognize you when you return and to learn your interests so we can better respond to any inquiries you may make.
You may have the following privacy rights:
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Where you wish to enforce any of these rights in respect of our Services, you should contact the Customer who provides you with the Customer Application. We will then help them to fulfill that request in accordance with their instructions and applicable legal requirements.
Braze complies with all applicable anti-spam laws when it sends emails to you. You may at any time ask us to remove you from any mailing list on which you previously asked Braze to include you by going to our Preference Center, or by clicking "Unsubscribe" in any e-mail communications we send you.
We require our Customers to comply with applicable laws and to include an unsubscribe link in marketing emails sent to you using the Braze Services. The Braze Services will not send emails to you if you have opted out of the receipt of emails from Braze Customers.
If you are a visitor to our Website from the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us through this FORM (which will ask from you information necessary for us to process your request) or by using the contact details provided under the “How to contact us” heading below.
Our Services are not directed to individuals under the age of 13. We do not knowingly collect personal information from such individuals without parental consent and require our Customers to fully comply with applicable law in the data collected from children under the age of 13.
318 West 39th Street, 5th Floor
New York, NY 10018