Legal

Privacy Policy 

Revised December 2023
Effective December 2023

This privacy policy describes the personal information that we, Peaberry Software Inc. d/b/a Customer.io (“Customer.io,” “we,” “our” or “us”), collect (1) from individuals when they visit our website (the “Site”), interact with our marketing communications, register to attend events that we host, interact with our social media profiles and otherwise engage with us, and (2) the information we collect on behalf of our customers who employ our technology to use our digital marketing services (the “Services”). Individuals should refer to our customers’ privacy policies for information about how our customers collect, use and share information. In this privacy policy, we describe where we collect information on our own behalf, for our business purposes, and where we collect information on our customers’ behalf as a service provider or data processor.

With respect to our customers, this privacy policy is provided for informational purposes only. We enter into data processing agreements with our customers and those data processing agreements control with respect to our obligations to our customers. Please refer to our Data Processing Addendum page for more information on data processing agreements.

This privacy policy does not apply to our employees or to job applicants. We do not knowingly collect information from children. If we discover that we have inadvertently collected information from anyone younger than the age of 16, we will delete that information.

This policy includes the following sections:

  • Personal Information We Collect, Purpose for Processing & Categories of Third Parties Personal Information is Shared with
  • How We Collect Personal Information
  • How We Use Personal Information
  • How We Share Personal Information
  • European Privacy Rights
  • U.S. Data Privacy Rights
  • How We Protect Personal Information
  • How Long We Retain Personal Information
  • Your Choices
  • Changes to this Privacy Policy
  • Contact Us

Personal Information We Collect, Purpose for Processing & Categories of Third Parties Personal Information is Shared with

Categories of Personal Information

Example

Purpose for Processing

Categories of Third Parties Shared With

Identifiers

Name, email address, unique identifier, online identifier, transaction identifiers, device ID, advertising ID, and IP address

Services

  • With respect to the Services, to send messages, measure and track activity on behalf of our customers, segment recipients, and monitor the Services

Customer.io

  • To provide, support and improve our Services
  • To monitor our Services
  • For our own internal research and development purposes
  • To manage support inquiries
  • To provide you with information you request
  • To communicate with you about our products and services
  • For our own billing and other business and administrative purposes
  • Service Providers
  • Customers
  • Third Party Messaging Applications
  • Third Party Business Applications
  • Third Party Marketing Applications

Select information in customer records

Name, email, address, and telephone number, products or services purchased, appointments made

Payment processor information is collected about the transactions you make (such as transaction date, payment information, credit card or debit card number and zip code)

Services

  • Our customers may share their customer records with us in order to use the Services

Customer.io

  • To provide, support and improve our services
  • To communicate with you about our products and services
  • For our own billing and other business and administrative purposes
  • Service Providers
  • Third Party Messaging Applications
  • Third Party Business Applications

Geolocation

Course IP address (not precise geolocation)

  • To provide our Site and Services, including to perform analytical analysis of our Site, marketing messages, and Services
  • Customers
  • Service Providers
  • Third Party Messaging Applications
  • Third Party Marketing Applications

Internet or network activity

Browsing history, search history, and information regarding a consumer’s interaction with website, application, or advertisement

Services

  • We use cookies and other tracking technology to track recipient interaction with the messages our customers send

Customer.io

  • To provide, support and improve our Site, marketing communications, and Services
  • For security purposes
  • Perform data analytics to for product research and development related to the Site and Services
  • To provide you with relevant content and to remember your preferences
  • To market and advertise our Services
  • Customers
  • Service Providers
  • Third Party Messaging Applications
  • Third Party Business Applications
  • Third Party Marketing Applications

Audio, electronic, visual, thermal, olfactory, or similar information

Such as call recordings

Customer.io

  • To provide, support and improve our Services
  • For customer support, sales training and our own business and administrative purposes
  • Service Providers

Education information

Such as information that is not publicly available as defined in the California Family Educational Rights and Privacy Act

We only collect this information from employees and job applicants, in accordance with applicable law

.

Professional or employment related information

Such as place of employment, position, job history, salary, resume, and other related data

We only collect this information from employees and job applicants, in accordance with applicable law

.

Characteristics of protected classifications under California or Federal law

Characteristics of protected classifications under California or federal law refer to consumers’ race, ancestry, national origin, religion, age, mental and physical disability, sex, sexual orientation, gender identity, medical condition, genetic information, marital status, and military status

We only collect this information from employees and job applicants, in accordance with applicable law

.

Inferences from information that could be used to create a profile

Inferences drawn about you based on other personal information we collect, such as preferences, interests, user behavior data

Services

  • We do not create inferences, but our customers may use the Services to create inferences based on information they receive from us and collect from other sources. We may send this to third party integrations that our customers use

Customer.io

  • For customer support, sales training and our own business and administrative purposes
  • Customers
  • Service Providers
  • Third Party Messaging Applications
  • Third Party Business Applications
  • Third Party Marketing Applications

Sensitive Personal Information

Social security number, financial account information, your precise geolocation data, your genetic data, political beliefs, racial origin, religious beliefs, sex life, sexual orientation, trade union membership, etc.

Services

  • While we discourage our customers from processing sensitive information, our customers may upload sensitive information to the Services

Customer.io

  • We do not collect sensitive information
  • Service Providers
  • Third Party Messaging Applications

How We Collect Personal Information

We collect information in the following ways:

  • When you provide it to us, including when you complete forms, request information from us, or respond to our emails or otherwise communicate with us.
  • Directly from our customers, including contact information, demographic information, device information, and any other information that our customers provide us in connection with their use of the Services.
  • From service providers, including information about our customers and their employees, or about how our customers use our Services, the messages our customers send and how recipients interact with those messages.
  • From third party business partners, including information about our customers and their employees, about how our customers use our Services or the messages our customers send, how recipients interact with those messages, or our own sales and marketing providers. These third parties include services like Twilio, third party messaging platforms that receive communications, third party analytics providers (e.g., Google Analytics), or third party social media providers (e.g., LinkedIn) or third party sales and marketing providers.
  • Through automatic tracking technologies, including IP address, device ID or similar types of identifying information that we collect via cookies or other automatic tracking technologies. We also collect activities (links clicked, length of session, time/date, type of device, course geolocation) that we associate with IP address, device ID or other unique identifiers. We collect this information when you visit our Site, use our Services, or engage with our marketing materials. We also use automatic tracking technologies in the Services and to collect information about the messages our customers send. These automatic tracking technologies collect information about our customers’ end users, including how they interact with our customers’ messages, and whether they open or click links in any communication.

Information We Collect Automatically

When you interact with the Site or Services, certain information about your use of our Site and Services is collected automatically. This information is collected automatically when you visit our Site and when you open communications from our customers. This includes:

  • Details of your visit and your activity and information generated in the course of your interaction including, but not limited to, traffic data, location data (course geolocation), weblogs and other communication data, the resources that you access, and referring and exiting website.
  • IP address and details regarding the device you use, including operating system, device ID, and browser type.
  • Information about how you interact with our ads and newsletters or our customers messages, including whether you open communications or click links.

We use the following types of cookies on the Site for the following purposes:

  • Analytics and Performance Cookies: We use these cookies to collect information about traffic to our Site and how users use our Site. It includes the number of visitors, the websites that referred them to our Site, the pages that they visited on our Site, what time of day they visited, whether they have visited our Site before, and other similar information. We use this information to help operate our Site more efficiently, to gather broad demographic information and to monitor the level of activity.
  • Functional Cookies/Strictly Necessary Cookies: These cookies are required to provide the Site and to enable you to use its features.
  • Social Media Cookies: These cookies are used to identify you to provide advertising to you. The social media sites will record that you visited our Site and show you advertising related to our products and services. If you interact with social media materials (e.g., like or share buttons), the social media platform will receive information about your activity.
  • Targeted and Advertising Cookies: The purpose of these cookies is to provide you with a more personal experience and to remember you when you visit our Site. Targeted cookies will track your browsing habits across websites to enable us to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, third party advertisers can place cookies to enable them to show ads which we/they think will be relevant to your interests while you are on our Site. These cookies also store your location, including your latitude and longitude, which helps us/them show you locale-specific content.

How We Use Personal Information

We use the personal information that we collect to:

  • Provide the Site, Services, and our content to you.
  • For the purpose for which you provided it, to process your transactions or communicate with you.
  • Provide you with information about products, services, offers, deals, or other information that is relevant to you.
  • For research and development purposes, to study our products and services and to create new products and services.
  • Administer, provide and communicate with you about contests, promotions and sweepstakes, upcoming events, or other news about products and services that we may offer.
  • Provide you with information, products, or services that we believe will interest you.
  • Display marketing to you on other websites.
  • Monitor and analyze trends, usage, engagement, and other activities in connection with our Site, Services or other communications or content.
  • Provide certain features or functionality to you.
  • Identify you, relate you to a segment, personalize the Site, content, or the Services.
  • Provide, support, secure, monitor, and improve our Site and content.
  • Analyze our Site, the Services and any content or message, to support or trouble shoot issues related to our Site, Services or content, or for other internal business purposes.
  • Contact you with administrative communications, including changes to terms or policies.
  • Send you technical notices, updates, security alerts, support or administrative messages and to respond to your comments, questions, or other messages or requests.
  • Detect, investigate, and prevent fraudulent transactions or other illegal or harmful activities.
  • Protect our, our customer’s or our third party partner’s rights and property.
  • Protect the security or integrity of the Site or our Services.
  • Comply with regulatory and legal obligations.
  • For other purposes that may be disclosed to you at the time of collection.

How We Share Personal Information

We share personal information with the following categories of third parties:

  • Customers: We share information about a customer’s end user or end recipient with that customer. This includes information that we collect automatically through tracking technology.
  • Service Providers: We share information that our customers upload to our Service or that we collect about our customer’s end users with our service providers that support the delivery of our Services, which are listed here. We also share information that we collect for our own business purposes with our own service providers, including to provide, support and improve the Site and Services and for our own administrative purposes. Our service providers may include support ticketing systems, engineering ticketing systems, customer relationship management systems, accounting systems, and legal, accounting, and other professional service providers.
  • Third Messaging Applications: We share information about a customer’s end user or end recipient with limited third parties, these include Twilio, Apple, email messaging service providers, SMS/MMS text message service providers and other similar third parties. These third party messaging applications are not service providers and their terms of use and privacy policies apply to the information collected by the third party messaging platform.
  • Third Party Business Applications: We share information about our customers (and their employees and contractors) with certain third party business applications, including Stripe or referral partners. These business applications collect information for their own business purpose and their privacy policy applies to the information that they collect.
  • Third Party Marketing Applications: We share information about our prospective customers and our customers (and each of their employees and contractors) with certain third party marketing applications, like Google Analytics, ZoomInfo or LinkedIn. These marketing applications may collect information as our service provider and for their own purposes, including via automatic tracking technologies.
  • We also share personal information with the following third parties as we deem necessary:
    • With legal authorities or third parties if we deem necessary to enforce our rights, or the rights of third parties (including in connection with your breach of this privacy policy or any other agreement between us).
    • When required by any applicable law, rule regulation, subpoena, or other legal process.
    • In connection with the negotiation or execution of a merger or sale of our business.
    • To prevent illegal, harmful, fraudulent, or damaging activities.

EEA, UK, & Swiss Data Privacy Rights

Data Subject Rights

If you are a resident of the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, you are entitled to certain rights. These rights include:

  • Right of access and/or portability: You have the right to access any personal information that we hold about you and, in some circumstances, have that data provided to you so that you can provide or “port” that data to another provider.
  • Right of erasure: In certain circumstances, you have the right to the erasure of personal information that we hold about you (for example, if it is no longer necessary for the purposes for which it was originally collected).
  • Right to object to processing: In certain circumstances, you have the right to request that we stop processing your personal information and/or stop sending you marketing communications.
  • Right to rectification: You have the right to require us to correct any inaccurate or incomplete personal information.
  • Right to restrict processing: You have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is not accurate or lawfully held).

To submit a request to exercise your rights, please contact us at legal@customer.io. If you submit a request related to the Services, we will direct you to submit a request to exercise your rights directly with our customer. We may have a reason under the law why we do not have to comply with your request or may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

We process personal information, or “Personal Data” as that term is defined in the EU General Data Protection Regulation, on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide Services; and (3) as necessary for our legitimate interests where those interests do not override your fundamental rights and freedom related to data privacy. We may also process personal information as necessary to comply with legal obligations. Information we collect may be transferred to, and stored, and processed in, the United States or any other country in which we or our affiliates or subcontractors maintain facilities, as described above.

Users that reside in the EEA, UK, or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here.

Cross-border Transfer of Data

If you use our Services outside of the United States, you understand that we may collect, process, and store your information in the United States and other countries. The laws in the US regarding information may be different from the laws of your state or country. Any such transfers will comply with safeguards as required by relevant law.

To facilitate data transfers from the EU to other countries, we make use of the European Commission-approved standard contractual data protection clauses, the Data Privacy Framework, or other appropriate legal mechanisms to safeguard the transfer. Our standard contractual data protection clauses are available here.

Data Privacy Framework Notice

Customer.io complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Customer.io has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Customer.io has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Data Privacy Framework Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Customer.io is responsible for the processing of personal information it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf. Customer.io complies with the DPF Principles for all onward transfers of personal information from the EU, UK, and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over Customer.io’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Customer.io may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Further, Customer.io commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (“DPAs”), the UK Information Commissioner’s Office (“ICO”) and the Gibraltar Regulatory Authority (“GRA”), and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved complaints concerning our handling of personal information received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.

U.S. State Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, or Utah, or any other state that grants you specific data privacy rights, you may have additional rights regarding our use of your personal information. The rights outlined in this section do not apply to information exempted under applicable state privacy law. Further, the rights described in this Section are not absolute, are subject to exceptions and limitations, and may not be afforded to residents of all states. In certain cases, we may decline requests to exercise these rights where permitted by law.

Persons with disabilities may obtain this notice in alternative format upon request by contacting us at legal@customer.io.

U.S. Privacy Rights

To the extent you are provided additional privacy rights in the state you reside, you have the following rights with respect to the information that we collect (in each case, subject to applicable law):

  • Right to Know: To know the categories and specific personal information we have collected, the categories and sources from which we collected the personal information, the categories of third parties with whom we share personal information, and the business or commercial purpose for collecting or selling (if applicable) personal information, and the right to request information about and opt out of automated decision making (if applicable).
  • Right to Access: To request a copy of the personal information that we have collected about you during the past 12 months.
  • Right to Opt-Out of Sales or Sharing: To opt out of sales of personal information (if applicable) or sharing personal information for Cross-Contextual Behavioral Advertising.
  • Right to Delete: To request that we delete the personal information that we have collected from you.
  • Right to Correct: To correct inaccurate information that we maintain about you.
  • Right to Limit Disclosure of Sensitive Information: To limit the disclosure of sensitive personal information, if we use or disclose sensitive personal information.
  • Freedom from Discrimination: To exercise the rights described above free from discrimination or retaliation as prohibited under applicable law.

Right to Opt Out of the Sale or Sharing of Personal Information to Third Parties

You have the right to opt out of our sale of your personal information or our sharing your personal information for behavioral advertising purposes. To exercise your right to opt out of the sale of your personal information, please visit our “Do Not Sell My Personal Information” webpage.

Exercising Your State Privacy Rights

If you reside in a state that provides specific data privacy rights, you may contact us:

  • By filling out a Consumer Data Request Form available here.
  • By email as indicated in the “Contact Us” section below.

Your rights may only be exercised by you or by your designated agent. You may submit a request to know twice within a 12-month period unless applicable data privacy law grants you additional rights.

Your request must include enough information to allow us to reasonably verify that you are the person about whom we collected personal information or an authorized representative, which may include: (1) verifying your account information if you have an account with us; or (2) requesting two forms of identification that are reliable for verification purposes, unless the request includes sensitive information and, in which case, we may require three forms of verification and a signed declaration. The information included in your request must allow us to properly understand, evaluate, and respond to it.

We cannot respond to your request if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. If we cannot verify your identity or authority, we will not fulfill your request. We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.

You may submit a request through a designated agent. You must instruct that agent that they will need to state that they are acting on your behalf when making the request, have reasonably necessary documentation, and be prepared to provide the necessary personal information to properly verify your request.

We will acknowledge receipt of your request. We will provide a substantive response within 45 calendar days or inform you of the reason and extension period (up to a total of 90 days) in writing.

Special Information for Nevada Residents

Residents of the State of Nevada have the right to opt-out of the sale of certain pieces of their information to other companies who will sell or license their information to others. At this time, Customer.io does not engage in such sales. If you are a Nevada resident and would like more information about our data-sharing practices, please email legal@customer.io.

California Shine the Light

Residents of the State of California have the right to request information from Customer.io regarding other companies to whom the company has disclosed certain categories of information during the preceding year for those companies’ direct marketing purposes. If you are a California resident and would like to make such a request, please email legal@customer.io or write to us at 921 SW Washington St., Suite #820, Portland, OR 97205.

How We Protect Personal Information

We use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Services. While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf.

How Long We Retain Personal Information

We retain your personal information for as long as we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements).

The criteria used to determine appropriate retention period for personal information include:

  • The amount, nature, and sensitivity of the personal information.
  • The purpose(s) for which the personal information was collected and used.
  • Whether we have a legal obligation to retain personal information or whether retaining personal information is necessary to resolve disputes, including the establishment, exercise, or defense of legal claims.

Changes to This Policy

We may make changes to this privacy policy from time to time. We will post any changes here, and such changes will become effective when they are posted. Your continued use of the Site or our Services, or your interaction with us following the posting of any changes will mean you consent to those changes.

Your Choices Regarding Your Information

We offer the following options for updating your information or opting out of our processing of your personal information:

  • Customer Information: If you are an authorized user of the Services, you can Sign In to update your contact information and payment method.
  • Our Emails: If at any time you would like to unsubscribe from receiving future emails, you can click the unsubscribe link at the bottom of any email, or email us at legal@customer.io and we will promptly remove you from all correspondence.
  • Opt-Out of Sales: Please visit our Personal Information Rights Request Form.
  • Change Your Cookie Preferences: Please visit our Personal Information Rights Request Form.
  • Advertisements: You can learn more about ad serving companies and the options available to limit their collection and use of your information by visiting the websites for the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative.
  • Web Brower Settings: Most web browsers automatically accept cookies but, if you prefer, you can usually modify your browser setting to disable or reject cookies. If you delete your cookies or if you set your browser to decline cookies, some features of the Services may not be available, work, or work as designed. You may also be able to opt out of or block tracking by interacting directly with the other companies who conduct tracking through our Services.

Contact Us

For questions about our privacy practices, contact us at:

Peaberry Software Inc. d/b/a Customer.io

9450 SW Gemini Dr., Suite 43920, Beaverton, Oregon 97008-7105.

Email: compliance@customer.io

Phone Number: 646-820-9503