JFrog’s Privacy Policy

Last updated July 14, 2020

 

  1. What information do we collect?
  2. How your information is collected – and the lawful basis for that collection
  3. How we use the information collected?
  4. How can you control your information?
  5. Sharing information with third parties
  6. How do we protect your information?
  7. International Data Transfer
  8. Third Party Websites; Social Media Features
  9. Changes to the Privacy Policy
  10. Minors
  11. California Privacy Rights
  12. EU Data Subject Rights

 

JFrog (“JFrog“,“us” or “we”) respects the privacy of its customers, partners and visitors to its Websites (as defined below)  (“User” or “you”). We are committed to protecting the personal information that you share with us. We believe that you have a right to know how and why we collect your information and to know what measures we take to protect it. This Privacy Policy is intended on providing you with such information. We have taken efforts to make our Privacy Policy as clear and informative as possible and we encourage you to carefully read it.

By accessing and/or using our Websites and Services you agree to the terms and conditions set forth in this Privacy Policy (the “Privacy Policy”), including to the collection and processing of your personal information. Please note that this Privacy policy applies to the information provided by you through our websites that link to this Privacy Policy (collectively, the “Websites”), through our services/products or as you may otherwise interact with us (including, for example, by attending events and meetups) (collectively, “Services”). In case you disagree to any of these terms please do not provide us with any Personal Identifiable Information (as defined below).

 

1. What information do we collect?

We collect two types of data and information from our Users:

  • The first type of information is non-identifiable and anonymous information (“Non-Identifiable Information”). Non-Identifiable Information is any information that does not enable the identification of an individual. This kind of information is made available to us while you enter and/or use the Websites or the Services. Non-Identifiable information consists of technical information and behavioral information, and includes, among other things, the type of browser you use and the actions you take on the Websites or by using the Services, date/time stamp, referring/exit pages, clicked pages and any other information your browser may send us.
  • The second type of information that is collected, either alone or in combination with other information, is information that could identify an individual (“Personal Identifiable Information” or “PII”). PII may include your Internet Protocol Address, business contact details – first and last name, email or physical address, phone number, and cookies.

 

At all times, you may choose whether to provide or disclose PII. If you choose not to provide PII, you may still visit parts of the Websites or receive limited Services, but you may be unable to access certain options, programs, offers, and services that involve our interaction with you.

 

 2. How your information is collected – and the lawful basis for that collection

Non-Identifiable Information is collected when you access or use the Websites and/or the Services. We use industry standard tools and software to monitor your navigation and usage of the Websites and services, your usage pattern-logs and other communications data. We may also use “cookies” and Flash (or similar technologies), which stores certain information on your computer (“Local Storage”) and which allows us to enable automatic activation of certain features and improve your experience. It is easy to prohibit Local Storage, most browsers will allow you to erase cookies from your hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. To erase or disable the Local Storage option in Flash you should use the settings option of Flash according to the specific instructions provided by the technology provider. However, if you block or erase cookies, or change the settings of Flash, your online experience may be limited.

 

We also collect information that you provide us voluntarily, for example, we collect PII when you:

  • File an online form on one of our Websites
  • Provide us with information at a live event
  • Register for our services and making payments
  • Post materials, participating in online forums or providing comments and feedback to online discussions on our Websites
  • Contacting us by email
  • Register (directly or indirectly) to any of our events
  • In addition, we may receive your PII from your employer

 

Your personal data is stored by us on our servers and on the servers of various cloud-based database management services we engage, located in the United States and the European Union (“EU”). We will only collect and process personal data about you when we have a lawful basis to do so. Such basis includes your consent, a contract between us and you or a third party you are associated with, as well as other legitimate interests (for example: our compliant with applicable law, protecting the security of ours and our customers’ systems and data, and enable our services).

 

3. How we use the information collected?

We collect each type of information for different purposes.

Non-Identifiable Information is collected to allow enhancement of your experience on the Websites and Services, for statistical and research purposes and for customization and improvement of our various interfaces. It also helps us learn about the preferences of our users and general trends relating to the Websites and Services.

PII is collected to:

  • Enable use of the Services. For example, in order to register to the Services you will need to provide us with your name and email so we will be able to issue a license key.
  • Allow us to contact you (in accordance with applicable law) with proposals and tailored information regarding new products, events, offers, services, features, enhancements, special offers, upgrade opportunities, and events of interest. For example, when you fill out a request for a quote, we will need you to provide us with contact details.
  • Provide you with technical assistance and support.
  • Issue invoices and contact you in connection with payments for our services

 

4. How can you control your information?

JFrog may retain your information for a period consistent with the original purpose of collection. For example, we will retain your information for as long as you are using our services, and for a reasonable period thereafter. Aggregated and/or anonymous data, and any other Non-personal Information may remain on our servers indefinitely all as permitted under the applicable privacy laws.

 

You may request to review, correct, delete or otherwise modify any of the PII that was provided to us, or request to confirm whether we process your personal information. In addition, you may object to our processing of your PII for a legitimate interest. Kindly send an email to PII@jfrog.com in connection with the aforementioned issues and we will provide you with all required information.

 

Please note that you may manage the receipt of marketing and non-transactional information from us by clicking on the “unsubscribe” link located on the bottom of marketing emails sent by us.

 

5. Sharing information with third parties

Our Websites and some of the Services allow you to share information with other users and create and publish content. Any content that you post on or via the Websites (“User Submissions”) may be publicly available to other users. The notices and tools that we provide on the Websites are intended to inform you which information will be made publicly available. If you publish your personal information in any User Submissions, you may receive unsolicited messages from other users of the Websites or the public. We, therefore, encourage you only to post information that you are sure you want to be accessible to anyone.

 

If you are using our services on behalf of an organization or if you provide us with an email address which belongs to an organization, certain information provided to us may be accessible to the respective administrator or to other users of such organization.

JFrog uses third-party service providers to enable us to provide the Services. These providers are not permitted to store, retain, or use information collected by us except for the sole purpose of providing us with the Services on our behalf. JFrog uses commercially reasonable efforts to engage with third parties that post a privacy policy governing their collection, processing and use of non-personal and personal information. Our third party service providers include, without limitation:

  • Softlayer Technologies. Inc. privacy policy is available here;
  • Zuora, Inc. privacy policy is available here;
  • PayPal Holdings, Inc. privacy policy is available here;
  • Automattic, Inc. privacy policy is available here;
  • Microsoft Azure privacy is available here;
  • Google Cloud Platform and Google Analytics privacy policy is available here;
  • Amazon Web Services, Inc. privacy policy is available here
  • Salesforce.com privacy policy is available here
  • Netsuite Inc. privacy policy is available here
  • Marketo, Inc. privacy policy is available here
  • Orbitera Inc., privacy policy is available here.
  • Bing Ads, privacy policy is available here.

 

We also reserve the right to: (a) use or disclose your information if required by law, under a judicial proceeding, court order, or legal processor if we reasonably believe that such disclosure is required to protect our rights, including their enforcement; or (b) to transfer or assign the PII retained by us in the  event that we are acquired by or merged with a third party entity; or (c) in the event of bankruptcy or a comparable event.

 

6. How do we protect your information?

We use industry standard technologies and internal procedures (including without limitation, using tokens and encryption mechanisms) to maintain the security and integrity of our Websites and Services and your information, and to prevent unauthorized access thereto. Please note, however, that there are inherent risks in transmission of information over the internet or other methods of electronic storage and we cannot guarantee that unauthorized access or use of your information will never occur. Further information is available at privacy@jfrog.com.

 

7. International Data Transfer

We collect information globally and primarily store that information in the United States and the EU. We transfer information collected about you, including PII, to affiliated entities and to other third-party service providers, which may be located outside your country of residence. Please note that we may transfer such information to a country and jurisdiction that does not have similar data protection laws that apply to your country of residence.

  • International transfers within JFrog. JFrog is operated globally and our services are provided from various location. In order to allow us to perform our obligations and provide you with the services, we transfer information within our group of companies (a list thereof is available here). When we share information about you within and among our corporate affiliates, we make use of standard contractual data protection clauses, which have been approved by the European Commission, to safeguard the transfer of information we collect from the European Economic Area and Switzerland (collectively: “EEA”) outside of the EEA.
  • International transfers to third parties. Some of the third parties described in this Privacy Policy, that provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share information of users from the EEA outside of the EEA, we make use of standard contractual data protection clauses, which have been approved by the European Commission, or other appropriate legal mechanisms to safeguard the transfer.

 

8. Third Party Websites; Social Media Features

Our Websites and Services include social media features (“Features“), for example, you can share posts and comments on or through your social media account. The Features may enable the applicable social networks to collect your Internet Protocol address, Non-Identifiable Information and may set a cookie to enable the functionality of the Feature. Your interactions with the Features are governed by the privacy policy of the third party who provided such Features, and we are not responsible for the privacy practices or the content of such third-party Features. Please be aware that the third parties providing the Features may collect PII from you. Accordingly, we encourage you to read the terms and conditions and privacy policy of each relevant third party that you choose to use or interact with.

 

In addition, certain links on our Websites, enable our users to enter other sites or services. Those linked sites and services are provided solely as a convenience to you and are not under the control of JFrog. We are not responsible or liable for such linked sites and services’ privacy practices and/or any other practices. Your access to, use of and reliance upon any such sites, services and content and your dealings with such third parties are at your sole risk and expense.

 

9. Changes to the Privacy Policy

The terms of this Privacy Policy will govern the use of the Websites and Services and any information collected by JFrog. JFrog reserves the right to change this policy at any time, so please re-visit this page frequently. We will provide notice of substantial changes of this policy on the homepage of the Websites. All other changes to this Privacy Policy are effective as of the stated “Last Updated” date and your continued use of the Websites and the services after the Last Update date will constitute acceptance of, and agreement to be bound by, those changes. If the Privacy Policy is required to be amended to comply with any legal requirements, the amendments may take effect immediately, or as required by the law and without any prior notice.

 

10. Minors

The Websites is intended for users over the age of eighteen (18). Therefore, JFrog does not intend and does not knowingly collect PII from children under the age of eighteen (18). We reserve the right to request proof of age. If we learn that we collected PII from children under the age of eighteen (18) we will delete that information promptly. Please contact JFrog at privacy@jfrog.com if you have reasons to suspect that JFrog collected such information.

 

11. California Privacy Rights

California Civil Code Section 1798.83 permits our users who are California residents to request certain information regarding our disclosure of PII to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@jfrog.com.

 

In addition, if you are a California resident under the age of 18 and a registered user to our services, California Business and Professions Code Section 22581 permits you to remove content or Personal Information you have publicly posted.  If you wish to remove such content or PII and you specify which content or PII you wish to be removed, we will do so in accordance with applicable law.  Please be aware that after such removal you will not be able to restore the removed content. In addition, such removal does not ensure complete or comprehensive removal of the content or PII you have posted and that there may be circumstances in which the law does not require us to enable removal of content.

 

12. EU Data Subject Rights

The EU’s General Data Protection Regulation (“GDPR”) and other countries’ privacy laws provide certain rights for data subjects. Useful information regarding the GDPR (in English) is available on the following EU website.

 

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside JFrog might have received the data from JFrog; the source of the information; and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by JFrog if it is inaccurate. You may request that JFrog erase that data or cease processing it, subject to certain exceptions. You may also request that JFrog cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how JFrog processes your personal data. When technically feasible, JFrog will—at your request—provide your personal data to you or transmit it directly to another controller.

 

Got any Questions?

We are committed to protecting your privacy. If you have any questions (or comments) concerning this Privacy Policy, you are more than welcome to send us an e-mail to the following address: privacy@jfrog.com and we will make an effort to reply within a reasonable timeframe.

 

 

California Consumer Privacy Act Privacy Notice

The California Consumer Privacy Act of 2018, (“CCPA”) gives California residents rights and control over their Personal Information. JFrog provides this statement to those residents (“you”) in accordance with requirements under the CCPA to make certain disclosures about the collection and processing of their Personal Information.

 

This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS applies solely to JFrog, visitors, users, and others who reside in the State of California (“consumers” or “you”) when you visit the JFrog Websites or subscribe to receive the any of JFrog software or services (collectively, our “Services”). Any terms defined in the CCPA have the same meaning when used in this notice.

 

We Do Not Sell Your Personal Information

Under the CCPA, a business that sells California residents’ Personal Information to others:

  1. must give notice to California residents before selling their Personal Information to others; and 2. must provide the right to opt out of the sale of their personal information.

 

JFrog does not sell Personal Information, including Personal Information of anyone under 16 years old. Thus, these notification and opt-out requirements do not apply to JFrog.

 

Your Rights Under the CCPA

The CCPA provides California residents with certain rights related to their Personal Information. To submit a request based on these rights, please contact us at Privacy@jfrog.com

When receiving a request, we will verify that the individual making the request is the resident to whom the Personal Information subject to the request pertains. Only you, or a person that you authorize to act on your behalf, may make a request related to your Personal Information. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected Personal Information, or a person authorized to act on your behalf (e.g., previous transactions of person to whom request relates).

Please note that we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive, or manifestly unfounded.

With respect to their Personal Information, California residents may exercise the following rights:

Right to Know and Access. You may submit a verifiable request for information regarding the: (1) categories of Personal Information collected or disclosed by us; (2) purposes for which categories of Personal Information are collected by us; (3) categories of sources from which we collect Personal Information; (4) categories of parties with whom we share that Personal Information with; and (5) specific pieces of Personal Information we have collected about you during the past twelve months (also called a data portability request). You may only make such requests twice (2) per every twelve (12) months.

Right to know whether your Personal Information is sold or disclosed for a business purpose and to whom. California residents have the right to request from a business that sells or discloses Personal Information for a business purpose separate lists of the categories of Personal Information collected, sold or disclosed for a business purpose in the preceding 12 months, including the categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.

Right to say no to the sale of your Personal Information. As explained above, the CCPA requires businesses that sell Personal Information to allow residents the ability to opt out of the selling of their information.

Again, JFrog does not sell Personal Information.

Right to non-discrimination of service or price if you exercise your privacy right. The CCPA prohibits businesses from discriminating against a California resident for exercising any of their rights under the CCPA, including by

  • denying goods or services
  • charging different prices or rates for goods or services, including through the use of discounts or other benefits or by imposing penalties
  • providing a different level or quality of goods or services
  • suggesting that the person exercising their rights will receive a different price or rate for goods or services or a different level or quality of goods or services

Right to Delete. California residents have the right to request that a business delete any of their Personal Information that the business collected from them, subject to certain exceptions. Please note that a record of your deletion request may be kept pursuant to our legal obligations.

Response Timing and Format. We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  If you have an account with us, we will deliver our written response to the email address associated with that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide may only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons why we cannot comply with a request, if applicable. For data portability requests, we will endeavor to select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Submit Requests. To exercise your rights under the CCPA, you can:

  1. Email us at Privacy@jfrog.com; or
  2. Call us at +1-408-329-1540

 

Our Handling of Personal Information

We collect Personal Identifiable Information, as detailed above. The below examples of Personal Identifiable Information provided for each category are taken from the CCPA and are included to help you understand what the categories mean. The examples are not meant to indicate what we actually collect or disclose, and more information about our specific practices can be found in this Privacy Policy above.

 

In particular, we have collected the following categories of Personal Information from consumers within the last twelve (12) months:

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. YES
C. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. YES
D. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. Yes

We obtain the categories of Personal Information listed above from the following categories of sources:

Directly from you. For example, if you fill out a form or communicate with us through our website about our business or when you subscribe and engage our Services.

Directly and indirectly from you when using our Services or visiting our Websites. For example, usage details collected automatically in the course of your interaction with our platform or website.

From external providers that contract with us or interact with us in connection with the services we perform. For example, from vendors and partners such as social media sites and analytics providers that integrate their services with ours or provide us access to their services.

Use of Personal Information

We may use or disclose the Personal Information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that Personal Information to respond to your inquiry. If you provide your Personal Information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
  • To provide, support, personalize, and develop our Websites, products, and services.
  • To create, maintain, customize, and secure your account with us.
  • To process your requests, purchases, transactions, and payments and prevent transactional fraud.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Websites, service providers sites or via email (with your consent, where required by law).
  • To help maintain the safety, security, and integrity of our Websites, products and services, databases and other technology assets, and business.
  • For testing, research, analysis, and product development, including to develop and improve our Websites, products, and services.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of JFrog’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by JFrog about our Website users is among the assets transferred.

JFrog will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Collection and Disclosure of Personal Information

In the preceding twelve months since this notice was last updated, we have collected Personal Information from general sources including you, your use of our services, your devices, our affiliates, our customers, our vendors, and our service providers. More specific information about Personal Information we collect is laid out in this notice and in our Privacy Policy above, which we update from time to time.

As also explained in our Privacy Policy, we share your Personal Information with the following parties:

  1. Affiliates.
  2. Vendors and service providers, including for data analytics and marketing and advertising our products and services to you.
  3. External providers integrated into our services for our operational business proposes.
  4. Third parties as required by law and similar disclosures.
  5. Third parties in connection with a merger, sale, or asset transfer.
  6. Other third parties for whom we have obtained your permission to disclose your Personal Information.

 

Changes. We reserve the right to amend this Privacy Notice at our discretion and at any time. You are responsible for periodically visiting the JFrog website and this Privacy Notice to check for any changes.

 

Contact Information

If you have any questions, comments, or concerns about our processing activities, or you would like to exercise your privacy rights, please email us Privacy@jfrog.com or write to us at:

Postal Address:

JFrog, Inc.

270 E. Caribbean Drive

Sunnyvale, CA 94089