Website Privacy Notice
Last Updated: December 14, 2022
Our commitment to privacy
Sift Science, Inc. (“Sift”, “we” or “us”) respects your privacy and wants you to
be informed about what we do. This Website Privacy Notice (this “Notice”) explains who we are, how we
collect, share, and use personal information about you, and how you can exercise your privacy rights.
This Notice applies to the processing of personal information collected by us through our website
(https://sift.com and any sub-domains, except the Sift console at
console.sift.com) (the “Website”) and in
connection with our events, sales, and marketing activities or to register you as a visitor to our offices.
If you are a resident of California or Virginia, please also review our
Supplemental U.S. State Law Privacy Notice which describes
certain disclosures and rights available to you under your state’s privacy laws.
For information about how we process personal information that we collect if you use or otherwise interact
with the Sift fraud prevention products, applications, and services, see our
Service Privacy Notice.
Quick Links
We recommend that you read this Notice in full to ensure that you are fully informed. However, if you would
like to access a particular section of this Notice, then you can click on the relevant link below to jump to
that section.
PART I. WHO WE ARE
Sift is a Software-as-a-Service (SaaS) company based in San Francisco, California. We help online businesses
(our “Customers”) detect and address fraud and other malicious behavior on their digital properties,
such as their websites and mobile applications, using our proprietary real-time machine learning technology
(the “Sift Services”).
For further information about our collection and use of information in connection with the Sift Services,
please see our Service Privacy Notice.
PART II. WHAT WE COLLECT, HOW WE USE IT, AND THE LEGAL BASIS
Information that you provide to us
Certain parts of our Website might ask you to provide personal information voluntarily – for example, if you
provide your contact details to register an account with us, subscribe to marketing communications (like our
newsletters), access a demo or white paper, or enable us to contact you. We may also collect information from
you in person at a tradeshow or event or when you register as a visitor at our offices.
If you contact us to find out more about the Sift Services (whether via our website or via a phone call with
one of our sales representatives), we will collect personal information about you so that we can fulfill your
request.
The personal information we collect may include:
-
contact information (such as, your name, address, telephone number, and email address) and the nature of
your communication; -
professional information (such as, your company name, job title, and company address);
-
marketing information (such as, your contact preferences); and
-
any other information you choose to provide to us when completing any ‘free text’ boxes in our forms (for
example, for event sign-up or bot interaction).
We use this information (alone or in combination with other information we have collected about you):
-
To respond to your requests or provide information you’ve requested to perform our contract with you, or
if we have not contracted directly with you, in reliance on our legitimate interest in managing
communications with you. -
For security reasons, to register visitors to our offices and to manage non-disclosure agreements that
visitors may be required to sign, to the extent such processing is necessary for our legitimate interest
in protecting our offices and our confidential information against unauthorized access. -
To send administrative or account related information to you in reliance on our legitimate interests in
managing your account. -
To comply with and enforce applicable legal requirements, agreements, and policies.
-
To validate your identity when seeking to exercise your privacy rights.
-
To send you marketing and promotional materials (for example, newsletters, telemarketing calls, or SMS or
push notifications), if this is in accordance with your marketing preferences, as necessary for our
legitimate interest in conducting direct marketing or to the extent you have provided prior consent. You
can opt-out of our marketing at any time (see the
section below). -
For other business purposes – such as, data analysis, identifying usage trends, determining the
effectiveness of our marketing and to enhance, customize, and improve our Websites, products and
services – in reliance on our legitimate interests in expanding and developing our business activities.
Information that we collect automatically
When you visit our Website, Sift (like most website owners) collects certain information related to your
device, such as your device’s IP address, device type, browser type, broad geographic location (e.g. country
or city-level location), referring website, what pages your device visited, and the time that your device
visited our Website.
We (including our vendors) may use cookies, pixel tags, web beacons, embedded web links, and similar
technologies. You can opt-out of certain collection technologies (such as cookies) but please note that you
then might not be able to take advantage of many of the tailored features of our Website. For more information
on our use of cookies, including how to change your cookie preferences, please see our
Website Cookie Notice.
We use this information (alone or in combination with other information we have collected about you):
-
To administer our Website and for internal operations, including troubleshooting, data analysis, testing,
research, statistical, and survey purposes in reliance on our legitimate interests; -
To understand how our Website is used and to improve our Website to ensure that content is presented in the
most effective manner for you and your computer in reliance on our legitimate interests; -
To display personalized advertising and content to you on and off our Website, based on your browsing
activities on the Website to the extent necessary for legitimate interests in advertising our Website and
services, or where necessary, to the extent you have provided prior consent; and -
As part of our efforts to keep our Website safe and secure in reliance on our legitimate interests in
ensuring the security of our Website.
Information we obtain from third party sources
We may obtain information about you from other sources, such as public databases, joint marketing partners,
data providers, or social media platforms. This information may include the following: mailing addresses, job
titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media
profiles, LinkedIn URLs or custom profiles.
We use this information (alone or in combination with other information we have collected about you) to
enhance our ability to provide relevant marketing, offers, and services, including for the purposes of targeted
advertising, delivering more relevant email content, event promotion, and profiling in reliance on our
legitimate interests in conducting our marketing activities and promoting the Sift Services.
Sharing information with third parties
We may share and disclose information about you in the following circumstances:
-
Vendors, consultants and other service providers
We may share your information with third party vendors, consultants and other service providers who
provide data processing services to us and with whom the sharing of such information is necessary to
undertake that work. Examples of these type of service providers include: processing billing, providing
customer support, hosting our infrastructure, data enrichment, identity verification, or online and
offline marketing optimizations. -
Third party vendor integrations
We may offer you the ability to use third party vendor integrations through our Services. If you choose to
use these third party vendor integrations, then you are directly interacting with that third party vendor
and providing or directing us to provide information, including Personal Information, to them for purposes
of facilitating the integration. -
Professional advisors
We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors, and
insurers, where necessary in the course of the professional services they render to us. -
Compliance with laws
We may disclose your information to any competent law enforcement body, regulator, government agency
court, or other third party where we believe disclosure is necessary (i) as a matter of applicable law or
regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital
interests or those of any other person (see below). -
Vital interests and legal rights
We may disclose information about you if we believe it necessary to protect the vital interests or legal
rights of Sift, you, or any other person. -
Corporate Affiliates and Transactions
We may provide your information to our affiliates (meaning any subsidiary, parent company or company under
common control with Sift). Our affiliates will use your information only for the purposes described in
this Notice. Additionally, if Sift is involved in a merger, acquisition or sale of all or a portion of its
assets, your information may be shared or transferred as part of that transaction, as permitted by law.
PART III. INTERNATIONAL TRANSFERS, SECURITY, AND DATA RETENTION
Processing of personal information in the US and other territories
Your personal information may be transferred to, and processed in, countries other than the country in which
you are resident. These countries may have data protection laws that are different to the laws of your country.
Specifically, please be aware that our facilities are located in the United States, and our third party service
providers and partners operate around the world. This means that when we collect your personal information we
may process it in different countries. However, regardless of where your data is processed we have taken
appropriate safeguards to require that your personal information will remain protected in accordance with this
Notice.
European Data Transfers
If you are resident in the EEA, UK or Switzerland, we will protect your personal information when it is
transferred outside of your jurisdiction by: (i) processing it in a territory that provides an adequate level
of protection for personal information based on the receiving country’s data protection laws; and/or (ii)
implementing appropriate safeguards to protect your personal information, such as requiring the recipient to
comply with the Standard Contractual Clauses, or another lawful and approved transfer mechanism.
Security safeguards
We use technical and organizational security measures designed to protect personal information we process
about visitors to our Website against unauthorized access, disclosure, alteration, and destruction. However,
please note that no Internet transmission can ever be guaranteed 100% secure, and so we encourage you to take
care when disclosing personal information online and to use readily available tools, such as Internet
firewalls, secure email, and similar technologies to protect yourself online.
Data retention
We retain your personal information where we have an ongoing legitimate business need to do so (for example,
to provide you with a service you have requested or to comply with applicable legal, tax, or accounting
requirements) and for a period of time consistent with the original purpose as described in this Notice. We
determine the appropriate retention period for personal information on the basis of the amount, nature, and
sensitivity of your personal information processed, the potential risk of harm from unauthorized use or
disclosure of your personal information and whether we can achieve the purposes of the processing through
other means, as well as on the basis of applicable legal requirements (such as applicable statutes of
limitation).
After expiration of the applicable retention periods, we will either delete or anonymize your personal
information or, if this is not possible (for example, because your personal information has been stored in
backup archives), then we will securely store your personal information and isolate it from any further
processing until deletion is possible.
PART IV. YOUR PRIVACY RIGHTS
Depending on your location and subject to applicable law, you may have the following rights with regard to
personal information we control about you:
Access, review, change, update, or delete your information (EEA, UK and Swiss residents)
You may access (data portability), review, modify, and request deletion of any personal information that we
process about you, as required by law. You may submit such a request by one of the following: (i) send an email
to [email protected], (ii) complete
this webform, or (iii) call us toll free at 877-571-0124. To protect your privacy
and security, we may need to take reasonable steps to verify your identity before responding to your request.
Specifically, we (or our third party service provider acting on our behalf) may need to collect a copy of your
photo ID and any other information necessary to confirm your identity. Such information will be securely
processed in accordance with this Notice and only used for the purpose of verifying your identity.
Objection to processing of, or requesting restriction or portability of, personal information (EEA, UK, and
Swiss residents)
In addition, if you are a resident of the European Economic Area (“EEA”), United Kingdom or Switzerland
and we can properly verify your identity, you can object to processing of your personal information, ask us to
restrict processing of your personal information, or request portability of your personal information. To exercise
these rights, email [email protected].
Unsubscribe from our mailing list
You may at any time ask us to stop sending marketing communications to you, including by clicking “Unsubscribe”
in any email communications we send you. If you have any questions in relation to the “Unsubscribe” process,
please feel free to get in touch via the contact details set out below. If you choose to no longer receive
marketing information, we may still communicate with you regarding such things as your security updates,
product functionality, responses to service requests, or other transactional, non-marketing/administrative
related purposes.
Withdrawal of consent
If we have collected and process your personal information with your consent, then you can withdraw your
consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted
prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on
lawful processing grounds other than consent. To withdraw your consent to any processing, email
[email protected].
Right to complain to a data protection authority
You have the right to complain to a data protection authority about our collection and use of your personal
information. For more information, please contact your local data protection authority. Contact details for
data protection authorities in the EEA and UK are available here and Switzerland are here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in
accordance with applicable data protection laws. To protect your privacy and security, we may need to take
reasonable steps to verify your identity before responding to your request.
PART V. OTHER IMPORTANT INFORMATION
Other websites
Please be aware that we are not responsible for the privacy practices of other websites that are linked to
from our Website. We encourage our visitors to be aware when they leave our Website and to read the privacy
statements or policies of each and every website that they visit.
Changes to the Notice
We may revise this Notice from time to time in response to changing legal, technical, or business
developments. The most current version of this Notice will govern our use of your personal information. If we
make any material changes to this Notice, we will post the updated version here. You can see when this Notice
was last updated by checking the “last updated” or “effective” date displayed at the top of this Notice.
PART VI. HOW TO CONTACT US
Contact details
Please contact Sift with any questions or comments about this Notice or our privacy practices at:
Sift Science, Inc.
Attn: Privacy Officer
525 Market Street, Sixth Floor
San Francisco, CA 94105
Email: [email protected]
Controller Status, Data Protection Officer, and EU Representative
If you are a resident in the EEA, United Kingdom, or Switzerland, Sift Science, Inc. is the controller of the
personal information (i.e., personal data under European data protection legislation) covered by this Notice.
You may contact our Data Protection Officer by emailing
[email protected]
or using the mailing address listed in the Contact Details section above. Our EU representative (for EEA, UK
or Swiss data subjects) is:
Sift Science Ireland Limited
by email:
[email protected]
by mail: Sift Science Ireland Limited c/o Sift Science, Inc. 525 Market Street, Sixth Floor, San Francisco,
CA 94105