Last Updated: April 6, 2018
ConvertKit is a United States limited liability company subject to the laws of the United States. The United States may not offer a level of privacy protection as great as that offered in other jurisdictions. Since our servers are located in the United States, your data may be transferred to, stored, or processed in the United States. By using our Services, you understand and consent to the collection, storage, processing, and transfer of your data to our facilities in the United States and those third parties we share your data with as described in this Policy and our Terms of Service Agreement.
a. Customer: a person or entity that is registered with ConvertKit to use the Services.
b. Distribution List: a list of Subscribers and all data related to those Subscribers.
c. Personal Data: any information relating to an identified or identifiable natural person.
d. Subscriber: any person or entity on your Distribution List.
e. You: a ConvertKit Customer or other person or entity who visits our Services.
2. INFORMATION WE COLLECT ABOUT YOU
The Services collects two kinds of information about you: (a) Personal Data; and (b) Non-Personal Data.
a. Personal Data. Personal Data is any information relating to an identified or identifiable natural person. Personal Data we may collect includes:
i. Identification and Contact Data: name, date of birth, gender, address, title, contact details, username, or other demographic information;
ii. Financial Information: credit card details, account details, payment information;
iii. Employment Details: employer, job, title, geographic location, area of responsibility;
iv. IT Information: IP address, cookie data; and
v. Personal Interests or Preferences: purchase history, social media profile information.
You may decline to provide Personal Data to the Services. However, some of the Personal Data we ask you to provide is mandatory for a service. If you decline to provide it, we may not be able to provide that service to you.
b. Non-Personal Data. Non-Personal Data is any information not relating to an identified or identifiable natural person. Non-Personal Data we may collect includes:
i. Browser and Device Data: IP address, device type, unique user device number, device manufacturer and model, type of browser or operating system, dates and times of use, screen resolution, plug- ins, add-ons, location, and the version of the Services you are using.
ii. Cookies and Tracking Technologies: time spent on the Services, pages visited, and email campaign performance.
iii. Aggregate Information: data about how you use the Services combined with data about how others use the Services in order to help us better develop new features and tailor the Services.
3. HOW WE USE YOUR INFORMATION
a. Personal Data. We may use your Personal Data to:
i. Provide the Services;
ii. Resolve disputes, calculate and collect fees, and troubleshoot problems;
iii. Verify your identity and the information you provide;
iv. Encourage a safe online experience and enforce our policies;
v. Customize your experience and analyze usage of, improve and measure interest in, and inform you about the Services;
vi. Provide you with information that may affect your use of the Services;
vii. Communicate marketing and promotional offers;
viii. Provide customer service, including receipts;
ix. Develop new products; and
x. Perform certain other business activities.
b. Non-Personal Data. We may use your Non-Personal Data for any purpose, including, but not limited to:
i. Measuring traffic patterns;
ii. Understanding demographics, customer interest, and other trends among users;
iii. Providing, improving, and modifying the Services; and
iv. For promotional and marketing purposes.
4. HOW WE MAY DISCLOSE YOUR INFORMATION
a. Personal Data. We may disclose, and you consent to our disclosing of, your Personal Data to:
i. Service Providers and others who help with our business operations and assist in the delivery of our products and services including, but not limited to, application development, site hosting, maintenance, data analysis, infrastructure provision, IT services, customer service, email delivery services, payment processing, marketing, analytics, and enforcement of our Terms of Service Agreement and other agreements;
ii. Third parties in the event of a reorganization, merger, sale, debt financing of assets, joint venture, assignment, transfer, or other disposition of all or any portion of our business or assets (including in connection with any insolvency, bankruptcy, receivership, or similar proceeding);
iii. A ConvertKit subsidiary, affiliate, or business partner;
iv. Other users of the site to identify you to anyone to whom you send messages or make comments through the Services;
v. Persons or entities with whom you consent to have your Personal Data shared;
vi. Third parties in order to prevent damage to our property (tangible and intangible), for safety reasons, or to collect amounts owed to us;
vii. Merchants and payment processors; and
viii. Third parties as we believe necessary or appropriate, in any manner permitted under applicable law, including laws outside your country of residence to: comply with legal process; respond to requests from public and government authorities, including public and government authorities outside your country of residence; enforce our Terms of Service Agreement and other agreements; protect our operations; protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; and allow us to pursue available remedies or limit the damages that we may sustain.
We will never sell, rent, or lease your Personal Data to a third party.
b. Non-Personal Data. We may disclose Non-Personal Data for any purpose. Remember, Non-Personal Data cannot be used to identify you or another person.
a. Opting out of Receiving Electronic Communications from us. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link or by notifying us at firstname.lastname@example.org. We may still send you important messages regarding administrative matters, updates, disputes, and customer service issues that are required to provide you with the Services.
c. Web Beacons. When we send emails to Customers, we may use web beacons to track who opened the emails and clicked links to measure campaign performance and improve features for Customers. We also use web beacons in the emails we deliver for Customers to create reports about campaign performance and determine what actions Subscribers took.
6. DATA COLLECTED BY OUR CUSTOMERS
a. Our Relationship with Subscribers. Customers may import into the Services Personal Data they have collected from their Subscribers or other individuals. We have no direct relationship with Customers’ Subscribers or any individuals other than our Customers. Customers are responsible for making sure they have the necessary permissions for us to collect, store, and process Personal Data about Subscribers or other individuals.
A Subscriber should unsubscribe directly from a Customer’s newsletter or contact the Customer directly to change, update, or delete the Subscriber’s data. If a Subscriber contacts us, we will refer you to that Customer and support them in responding to your request if necessary.
7. PUBLIC DATA AND THIRD-PARTY SITES
a. Public Data. We may provide areas on the Services where you can publicly post information. This information may be read, collected, and used by anyone. We do not control or endorse the information posted by third-party users, are not liable for your or third-party posts to the Services, and specifically disclaim any liability resulting from such posts.
b. Third-Party Sites. Upon your consent, the Services may access third- party information through application interfaces. We may also provide links to third-party sites. When you click on links to third-party sites, you may leave the Services.
This Policy does not cover any collection, use, or disclosure by third parties through any applications, Websites, products, or services that we do NOT control or own, or any third-party features or services made available through the SERVICES. By using the SERVICES, you expressly relieve ConvertKit from any and all liability arising from your use of any third-party website.
The inclusion of a link or accessibility of third-party sites does not imply endorsement of such third-party site by us. All trademarks, trade names, and logos of third parties featured on the Services belong to their respective owners.
8. DATA RETENTION
9. USERS UNDER 13 YEARS OF AGE
Our Services are not directed to and we do not knowingly collect Personal Data from children under the age of 13. If we become aware that a child under the age of 13 has provided us with Personal Data, we will take steps to remove such data. If you become aware that your child has provided us with Personal Data without your consent, please contact us at email@example.com. By using the Services, you are representing to us that you are not under the age of 13.
10. PRIVACY RIGHTS NOTICE TO CALIFORNIA RESIDENTS
The State of California enacted the Shine the Light law (California Civil Code Section 1798.83) that permits users who are California residents to request certain information regarding the disclosure of certain “personal information” during the past year for marketing purposes. To make such a request, please email us at firstname.lastname@example.org.
11. DATA SECURITY
We employ commercially reasonable security measures to protect your information; however, no system is impenetrable. If you create an account on the Services, you are responsible for protecting the security of your account, its content, and all activities that occur under the account or in connection with the Services. You must immediately notify ConvertKit of any unauthorized uses of your account or any other breaches of security by emailing us at email@example.com.
12. EU-U.S. AND SWISS-U.S. PRIVACY SHIELD
ConvertKit complies with the EU-U.S. Privacy Shield Framework and the Swiss- U.S. Privacy Shield Framework (collectively, “Privacy Shield”), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union (“EU”), European Economic Area (“EEA”), and Switzerland to the United States.
a. Accountability for Onward Transfer
When ConvertKit uses Service Providers to process Personal Data received in reliance on Privacy Shield, we’re responsible if that Service Provider processes the information in violation of the Privacy Shield Principles (unless we can prove that we’re not responsible for the Service Provider’s action that violated the Privacy Shield Principles).
In certain situations, we may need to disclose Personal Data in response to lawful requests by public authorities, including to meet national security and law enforcement requirements, or otherwise comply with the law or a court order.
We use reasonable and appropriate physical, electronic, and administrative safeguards to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data and risks involved in processing that information.
c. Data Integrity and Purpose Limitation
We only collect Personal Data that is relevant for providing the Services. We process Personal Data in a way that is compatible with providing the Services or as otherwise authorized by you. We take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. We adhere to the Privacy Shield Principles for as long as we retain Personal Data.
d. Access to Personal Data
If you would like to review, correct, delete, or update personal data that you have previously disclosed to us, please email us at firstname.lastname@example.org. We may limit or deny access to Personal Data where providing such access is unreasonably burdensome, expensive, or as otherwise permitted by the Privacy Shield Principles.
We will assist our Customers in responding to EU/EEA and Swiss individuals exercising their rights under the Privacy Shield Principles.
If you are a Subscriber of one of our Customers, please contact the Customer directly with your request to access or limit the use or disclosure of your Personal Data. If you contact us, we will refer you to that Customer and support them in responding to your access request if necessary.
We need to retain certain information about you for legal and internal business reasons. We will retain your Personal Data for as long as necessary to provide you with the Services and as needed to comply with our legal obligations and enforce our agreements.
e. Recourse, Enforcement, and Dispute Resolution
If EU/EEA or Swiss individuals have questions or complaints about our compliance with the Privacy Shield Principles, please email us as email@example.com. If we do not resolve your complaint, you may contact JAMS, an independent third-party dispute resolution provider based in the United States, and they will investigate and assist you free of charge. A binding arbitration option may also be available to you in order to address unresolved complaints. More information about that is here. ConvertKit is subject to the investigatory and enforcement powers of the Federal Trade Commission.
f. Data Processing Agreement
ConvertKit offers a Data Processing Agreement for those Customers processing Personal Data on behalf of EU/EEA and Swiss individuals. To request our Data Processing Agreement, please fill out this form.
g. Notice and Choice
13. DO NOT TRACK DISCLOSURE
Currently, there is no industry standard for recognizing Do Not Track browser signals, so we do not respond to them.
15. CONTACT INFORMATION