- Terms of Service
- > Service-Specific Terms
- Add-On Platform Terms of Service
- Development Platform Terms of Service
Security / Compliance
Effective May 25, 2018
This policy does not apply to the information Optimizely receives from the third-party websites, mobile apps and other digital products that use the Optimizely Services. When our customers use the Optimizely Service on their own websites and products, they remain responsible for their own privacy and security practices, which may differ from ours. You should consult the relevant privacy policies on our customers' websites and products to find out more about their privacy practices and your related choices. For more information, please consult Opt Out of Optimizely Tracking.
We collect two basic types of information: personal information and non-personally identifiable information. We may use personal and non-personally identifiable information to create aggregate information. We collect the following categories of information:
first name and surname, username and password, email address, contact information, country of residence, job title, and other information you provide us when you create an account on the Sites or Optimizely Services, sign-up to receive communications or materials from us, or otherwise submit a form to us;
Transaction and payment information you provide when purchasing a product or service from us, whether on our Sites or elsewhere. This information may include the information listed above as well as payment information;
Content and information that you submit when using the Sites or the Optimizely Services; this information includes, for example, information you provide in any blogs or forums on the Sites, comments you add on the Optimizely Service, information you provide when you participate in any interactive features or surveys, and information you submit when filing a support ticket;
Usage, viewing, logs, metrics and other device and technical data collected when you visit our Sites, use the Optimizely Service as an end user, or open or reply to emails we send. This may include information such as your web request, Internet Protocol (“IP”) address, device identifiers, device information (such as OS type or browser type), cookie IDs, referring / exit pages and URLs, interaction information (such as clickstream data), domain names, pages viewed, crash data, and other similar technical data;
Information about you and your company collected from third party or public sources or that we receive from companies that partner with us to provide products and services; this may include information about you and your company we receive from our advertising and market research partners, who may provide us with information about your interest in and engagement with our online advertisements; and
Location information when you visit our Sites or use our Optimizely Service, including location information either provided by a mobile device interacting with one of our sites or applications or associated with your IP address.
We collect information from you when you submit it to us, for example, when you request products, services, or information from us, register for an account, register to participate in a conference on our Site, participate in public forums on the Site, or respond to our customer surveys.
We may also:
obtain information about you from our resellers or other third-party partners, for example, if you purchase access to the Optimizely Services through one of these partners;
acquire information from public sources or from third-party sources, such as our advertising and market research partners, including to update or enhance the other information collected about you. Local law may require that you authorize the third party to share your information with us before we can acquire it; and
automatically acquire information when you reply to or interact with an email we send, such as to track your engagement with our messages or when your replies to our messages contain additional email addresses.
We may use the information collected to:
process your orders and requests and respond to your questions and concerns; for example, if you inquire about our services or submit an application to Optimizely, we may use your data to respond to and process these requests;
provide you with products and services, and personalize your experience; for example, we may use information on your prior activities or job function to tailor the features and content on the Optimizely Services or Sites, or we may use technical data to remember your preferences;
communicate with you about your account or transactions, and provide you with product-related communications, such as information about new features and policy updates;
operate, maintain, analyze, develop, update and improve our Sites, the Optimizely Service, and other products and services we offer. For example, we may administer and track users’ activities on our Sites and the Optimizely Service to determine how to improve our content and features, or we may analyze trends and gather demographic information about our user base to better tailor our marketing efforts;
detect, investigate and prevent activities that may violate our policies, including our Acceptable Use Policy, or applicable laws (such as fraud detection and prevention) or that may threaten the security, integrity or availability of our or another party’s products, systems and services;
send you news, updates, promotions, product information, event announcements, and other marketing communications. Please see the section entitled “Your Controls and Choices" for an explanation of your choices relating to these communications;
provide you with and target advertising based on your activity and interests, both on our own Sites and applications and on third-party sites and applications;
act pursuant to your consent for a specific purpose not listed in this policy. For example, with your consent, we may post your testimonial along with your name on our Sites. If you wish to update or delete your testimonial, please contact us as explained below; and
We also use non-personally identifiable information, such as usage data and aggregated data, for other lawful purposes, such as to create blog posts and content that others may find useful.
We do not share your personal information outside of Optimizely except in certain circumstances, including:
When you allow us to share the information, such as when you:
Elect to share your personal information with third party partners and providers listed on our Sites, so they can send you information, offers and promotions about their products and services;
Choose to share your personal information with third parties or their sites or platforms, such as when you share one of our blog posts to your social media feed;
Publish information publicly on our Site or the Optimizely Services. Any such personal information will be available to others; or
Use third-party features on our Site or the Optimizely Service, such as commenting features run by third-parties;
(Please note that once personal information is shared with another company, the information received by the other company becomes subject to its privacy policies and practices).
When we cooperate with other companies, such as our partners, to offer joint products and services to you in connection with the Optimizely Services, or when such partners sponsor or participate in our events and conferences;
When our service providers are providing services on our behalf. For example, we may use an outside platform to host portions of our Sites or to provide certain features on the Optimizely Service, or we may use a credit card processing company to bill you for services you purchase. Unless otherwise expressly noted, when acting as Optimizely’s agents, these services providers are prohibited from using the personal information we have shared with them for purposes other than those requested by us or required by law;
To enforce our terms, agreements, policies or rules, to help protect the security, integrity and availability of our or another party's products, systems and services; to exercise or protect the rights, property (including intellectual property), or safety of Optimizely, our users, or others; to comply with legal requirements; or in other cases if we believe in good faith that disclosure is required by law (including in response to a lawful subpoena or other law enforcement request); and
In connection with a sale, divesture, or transfer of our company (including any shares in the company) or any combination of its products, services, assets, affiliates, and/or businesses. Your personal information (such as customer names and email addresses, and user information related to the Optimizely Service) may be among the items sold or otherwise acquired in these types of transactions. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company. You will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
We may also share non-personally identifiable information and aggregate information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) for other business purposes. For instance, we may share aggregate reports with interested third parties to help them understand the usage patterns for certain Optimizely Services or for our Sites or those of our partners.
We provide you with certain controls and choices regarding the use of your personal information, which may include:
Correcting and Updating Account Information. By logging into your account on our Site and/or the Optimizely Service, you may be able to change certain account information. Your account settings may also permit you to opt-out of some types of notification messages. To protect your privacy and security, we require your username and password in order to verify your identity before granting you account access or making changes.
Changing your choices for marketing communications. You can opt-out of the marketing communications we send by clicking the unsubscribe link in the applicable email or by visiting this link. Please note that, even after you opt out from receiving marketing messages from us, you may continue to receive transactional and product-related messages..
In many circumstances, you can exercise these choices yourself using the tools described above. If you cannot do so, please contact us as indicated in the "Contact Us" section below to discuss your options. We will respond to your request within 30 days. Please be aware that, if you do not allow us to collect personal information from you, we may not be able to deliver certain products, features and services to you, and some of our products and services may not work appropriately or be able to take account of your interests and preferences.
Protecting the privacy of young children is especially important. For that reason, Optimizely does not knowingly collect or solicit personal information from anyone under the age of 13. In the event that we learn that we have collected personal information from a child under age 13, we will delete the information we have stored as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us as indicated in the "Contact Us" section below.
Your information may be stored and processed in – and we may transfer information to – the U.S. and other countries where Optimizely (including its subsidiaries and affiliates) and our advertising partners and service providers maintain systems and facilities. In addition, information that we collect about you (including personal information) may be transferred to our affiliated entities and/or to other third parties across borders and/or from your country to other countries around the world.
You acknowledge that we may transfer information to the U.S., to any country in which Optimizely, its advertising partners, and its service providers maintain systems or facilities, and to other countries globally.
If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, you acknowledge that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, consistent with our legal obligations governing the transfer of such data.
Optimizely is concerned about the security of your data. We have implemented technical and organizational security measures that are designed to help protect your information from unauthorized access, disclosure, use and modification. From time-to-time, we review our security procedures to consider appropriate new technologies and methods.
Please be aware, though, that despite our efforts, no security measures are perfect or impenetrable. We cannot ensure, and do not warrant or guarantee, that the information you transmit to Optimizely will remain secure, nor do we guarantee that this information will not be accessed, disclosed, altered, destroyed or used in an unauthorized manner.
If we learn of a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps. We may also post a notice on the Site or Optimizely Services if a security breach occurs. Depending on where you live, you may have a legal right to receive a notice of a security breach in writing.
Partner Pages. Some of our partner pages may have the look and feel of being on optimizely.com; however some information collected on those pages may be collected by, or sent to, our partners. Information collected by, or sent to, our partners is subject to their respective privacy policies.
Notice to End Users of the Optimizely Services. The Optimizely Services are primarily intended for use by organizations. Where the Optimizely Services are made available to you through an organization (such as your employer), that organization is responsible for administering the accounts over which it has control. If this is the case, please direct your data privacy questions and requests to your administrator. We are not responsible for the privacy or security practices of your administrator's organization, which may be different than this policy.
Notice to Users of our Customers’ Websites and Digital Product. As noted above, when Optimizely’s customers use the Optimizely Services as part of their own websites, apps, and digital products, they may collect information from you using our services, but they remain responsible for their own privacy and security practices. We are not responsible for our customers' privacy and security practices, which may differ from ours. If you have used one of our customers’ sites or products, and you would like to access, correct or delete the personal data collected through that product, you should direct your request to the applicable customer. For further information, please see "Opt Out of Optimizely Tracking" page.
Optimizely, Inc. participates in and has certified its compliance with the EU - U.S. Privacy Shield and Swiss - U.S. Privacy Shield Frameworks. Optimizely is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about each Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
In certain circumstances, Optimizely is responsible for the processing of personal data it receives under the EU - U.S. and Swiss - U.S. Privacy Shield frameworks and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Optimizely is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, Optimizely may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Additional Disclosures for EEA Data Subjects:
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Sites and Optimizely Services you use and how you use them. This means we collect and use your information only where:
We need it to provide or operate the Sites and Optimizely Services, including to provide customer support and process your orders, requests, questions and concerns;
It satisfies another legitimate interest that is not overridden by your data protection interests, including our interest in:
collecting product usage, analytics and performance data relating to our Sites and the Optimizely Services, in order to maintain, analyze, develop, update, and improve our products and services;
maintaining records of bugs, customer support requests and similar requests you file, and our response to these requests;
using information to personalize content and features on our Sites and the Optimizely Services;
detecting, investigating and preventing activities that may violate our policies or applicable laws (such as fraud detection and prevention);
maintaining corporate or business records consistent with our retention policies and applicable laws;
protecting against activities that may threaten the security, integrity, or availability of our or another party’s products, systems, and services; and
for marketing and selling our products and services, consistent with applicable laws.
We are processing your information to protect our legal rights;
You give us consent to process your personal data;
We need to process your data to comply with a legal obligation, such as a lawful subpoena or law-enforcement request or to fulfill the lawful instructions of our customers (when they are acting as the controller); and/or
We have another lawful basis for processing in accordance with applicable EU laws.
If an individual in the EEA has consented to our use of their personal information, and our processing is based on that consent, that individual has the right to withdraw their consent in accordance with the General Data Protection Regulation (“GDPR”), but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, individuals in the EEA have the right to object to that use as specified in Article 21 of the GDPR, though, in some cases, this may mean no longer using the Sites or Optimizely Service. Optimizely further acknowledges that EEA data subjects have certain other rights under the GDPR, including the right to lodge a complaint with a supervisory authority and to request from the controller access to, and rectification or erasure of, personal data, restriction of processing concerning the data subject, and data portability (in each case, as specified under the GDPR). Where Optimizely is acting as a controller, you can initiate a request by contacting us as specified in the “Contacting Us” section below. Please note that if you object to or restrict processing, you may not be able to use the Sites and Optimizely Services or certain features any longer.
EEA and Swiss data subjects can contact Optimizely’s data protection officer by emailing firstname.lastname@example.org.
Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. For information about Do Not Track, visit www.allaboutdnt.org. At this time, we do not respond to Do Not Track browser settings or signals. In addition, some of our advertising partners, and other third-party services and tools on our Site and/or the Optimizely Service, may use standard technologies, such as cookies, pixel tags, and web beacons, to collect information about your internet activities across websites. You may be able to disable certain third-party cross-site tracking as described in the "Your Choices" section above.
Notices may be by email to the last email address you provided us, by posting notice of such change on our Site or the Optimizely Service, or by other communication channels. You consent to receiving notices in these ways. We reserve the right to determine the form and means of providing notifications to you, consistent with applicable law.
Optimizely, Inc. 631 Howard Street, Suite 100 San Francisco, CA 94105