Memfault, Inc. Privacy Notice

Last updated March 18, 2021

Your privacy is important to us.

Protecting your privacy is really important to us. We pledge to respect your privacy, to be transparent about our data practices, to keep your data safe and to only collect data that helps us deliver and improve our Services. With this in mind, we’re providing this Privacy Notice to explain our practices regarding the collection, use and disclosure of information that we receive through our Services. This Privacy Notice does not apply to any third-party websites, services or applications, even if they are accessible through our Services. Our CEO serves as our Data Protection Officer.

In this Privacy Notice:

  • We’ll refer to Memfault as “Memfault” or “we” or “us”.
  • We’ll refer to our website as the Site.
  • We’ll refer to the suite of services we provide individually and collectively, as the “Services”.
  • We’ll refer to you, the person or entity accessing our Site or using our Services, as “you” or “your” or (if you are a purchaser of our Services), our “customer”.

What is Personal Information? Personal information is any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual. Personal Information does not include “aggregated and de-identified” or other non-personally identifiable information. Aggregated and de-identified information is information that we collect about a group of individuals that is not personally identifiable or from which individual identities are removed.

Restrictions; Information about Children.

We offer the Services only to adults age 18 and over. We strive to comply with the requirements of COPPA (Children’s Online Privacy Protection Act). We do not knowingly collect any Personal Information from children under the age of 16. If we discover we have received any Personal Information from a child under the age of 16 then we will take reasonable steps to delete the information as quickly as possible. If you believe we have any such information please contact us as described at “Contacting Us” below.

How do we collect Personal Information?

The Personal Information we collect depends on how you interact with us and the choices you make. We collect and process personal data about you with your consent and/or as necessary to provide the products you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests.

We collect Personal Information in several ways:

  • Information you provide to us voluntarily. We may ask you to provide Personal Information voluntarily, including information you provide us when you create an account or contact us for help through the Services. That information may your name and email address along with additional information you provide in for your account or in your request so that we can provide you with assistance and improve the Service. If you make a purchase, we may also collect credit card numbers and other payment information.
  • Information we may receive from third parties. We may receive information about you, including Personal Information, from third parties, and may combine this information with other Personal Information we maintain about you. If we receive information about you, including Personal information, from third parties, this Privacy Notice governs any combined information that we maintain in personally identifiable format.
  • Information we collect automatically from your device when you visit our Site or use our Services. In addition, as part of the standard operation of the Site, we may collect and analyze information from your computer or mobile device and actions taken on the Site, including, but not limited to, information set forth below under “What information do we collect?”. Some of this information may be collected using cookies and similar technologies that are discussed below.
  • Information we collect using officially sanctioned payment processor integrations. Customers who elect to connect their payment processors to us using their payment processor’s official integrations allow us to collect relevant data directly from the payment processor.

What information do we collect?

We may collect the following types of Personal Information from you:

  • Your first and last name, username and email address.
  • Your company’s name.
  • Your (and/or your company’s) physical address.
  • If you create a project, we may collect your project name, as well as information on your operating system, chipset, compiler, build system and connectivity stack.
  • We may also collect information about your use of our Site and our Services. That information could include the date, time and type of your activity on the Site, digital device information such as your device type, mobile device advertising identifier, MAC address, Internet Protocol (IP) address, browser type, user settings, operating system, and internet activity information about how your device has interacted with our Site or Services such as the web page that you were visiting before accessing our Site, the pages or features of our Site which you browsed and the time spent on those pages or features, search terms, the links on our Site that you clicked on and how you interact with marketing emails and other communications we may send you. An IP or Internet Protocol Address is a unique numerical address assigned to a computer as it logs on to the internet).

For more detailed information on information we – or third parties associated with us – collect, and how and where it is processed, please see Exhibit A to this Privacy Notice.

What are some of the legal bases for collecting your Information?

We collect and process your Personal Information on the basis of different legal grounds, depending on the nature of the Personal Information being provided and the type of processing involved. Examples include:

  • Performance of a Contract. Some of the Personal Information processed by us is processed on the basis that it is necessary for the performance of our agreement with you, or in order to take steps at your request prior to entering such an agreement.
  • Legitimate Interest. In some cases, processing of your Personal Information is necessary for the purposes of legitimate interests pursued by us. Examples of such legitimate interests will include where we send you marketing about our products and services, where we believe you have a reasonable expectation that we will perform a particular type of processing on your behalf, where such processing is strictly necessary for fraud detection and prevention. We will only rely on such a ground where an assessment has been performed balancing the interests and rights involved and the necessity of the processing in order to provide our services, products and features to you.
  • Compliance with a Legal Obligation. It may be necessary to process your Personal Information in order to allow us to comply with a legal obligation. An example of this would be where we are required to retain business records for fixed periods of time in order to comply with local legal requirements.
  • Consent. In certain limited situations, we rely on your consent in order to process your Personal Information. Where we require your consent, we seek it at the time of provision, and the processing will only be performed where consent is secured. You can withdraw your consent, as detailed this Privacy Notice where applicable, or by sending an email to hello@memfault.com.

For what do we use your Personal Information?

We will use your Personal Information in compliance with this Privacy Notice to maintain and improve the quality of our Site, to help us deliver the Services to you, and to improve the Services. Any of the information we collect from you may be used in any of the following ways:

  • To operate, maintain, and provide to you the features and functionality of the Services (for example, data and logs are used to understand and improve the Services; to troubleshoot the Services; to detect and protect against error, fraud or other criminal activity; and to enforce this Privacy Notice and the Memfault Terms of Use).
  • To compile statistics and analysis about your and others’ use of our Site and our Services.
  • To personalize your experience (for example, to display content that is customized to your interests and preferences) — your Personal Information helps us to better respond to your individual needs.
  • To improve our Site and our Services — we continually strive to improve our Site offerings based on the information and feedback we receive from you.
  • To improve customer service — your Personal Information helps us to more effectively respond to your customer service requests and support needs.
  • To send periodic emails — the email address you provide may be used to send you information and notifications that you request about our Services, to alert you of updates to our policies and Services, and to provide you information relevant to your account.
  • To send you a newsletter.
  • If you purchase our Services, then to enable you to purchase Services from our Site.
  • We may also use Personal Information you provide to contact you regarding products, services, and offers that we believe you may find of interest. We allow you to opt-out from receiving marketing communications from us as described in the “Your Choices About Your Personal Information”, “Your Rights” and “European Data Protection Rights” sections below.
  • We store specific location data in your Memfault account.
  • In addition, de-identified data that does not identify you may be used to market and promote Memfault offerings; or for sale to interested audiences. See “Do We Disclose any Personal Information to Outside Parties?” to learn more.

We may also use your Personal Information where necessary for us to comply with a legal obligation, including to share information with government and regulatory authorities when required by law or in response to legal process, obligation, or request.

  • We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose your Personal Information to government or law enforcement officials or private parties as we believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas); (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable activity.
  • We may use a variety of methods to detect and address anomalous activity and screen content to prevent abuse such as spam or fraud. However, such detection methods are not perfect and false positives may occur. These efforts may, on occasion, result in a temporary or permanent suspension or termination of some functions for some users.

If required to do so by applicable data privacy laws, we will request your consent before we use or disclose your Personal Information for a materially different purpose than those set forth in this Notice. Consent may be obtained by any legally sufficient method. For example, depending on the circumstances and applicable laws, consent may be obtained by providing you with notice and the opportunity to opt-out.

Your Choices About Your Personal Information

We may use the information we collect or receive to communicate directly with you. We may send you emails containing newsletters, promotions and special offers. If you do not want to receive such email messages, you will be given the option to opt out. If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt out from receiving commercial email from us by sending us an email or by writing to us at the address given at the end of this Privacy Notice. Additionally, if we offer user accounts for our Services, we may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us. Please be aware that if you opt out of receiving commercial e-mail from us, it may take up to ten business days for us to process your opt-out request, and you may receive commercial e-mail from us during that period. Additionally, even after you opt out from receiving commercial messages from us, if you are our customer then you will continue to receive administrative messages from us regarding our Services (e.g., account verification, purchase and billing confirmations and reminders, changes/updates to features of the Service, technical and security notices).

You may modfy Personal Information that you provide to us. If you are our customer and remove data from your Memfault user account for our Services, it will no longer appear to you. Backups of that data will remain associated with your Memfault account and in our archive servers.

Your Rights to Opt Out. You can opt-out of receiving commercial email or other email not directly related to patient data or your account settings by unsubscribing via the “Unsubscribe” link in any Memfault email. If you are our customer then opting-out of these emails will not end transmission of important service-related emails that are necessary to your use of the Services. Please refer to your mobile device or browser’s technical information for instructions on how to delete and disable cookies, and other tracking/recording tools. Depending on your type of device, it may not be possible to delete or disable tracking mechanisms on your mobile device. Note that disabling cookies and/or other tracking tools prevents us or our business partners from tracking your browser’s activities in relation to the Service. However, doing so may disable many of the features available through the Services. If you have any questions about opting out of the collection of cookies and other tracking/recording tools, you can contact us directly.

Your Rights

Other rights you have include the rights to:

  • Withdraw your consent for us to process your Personal Information.
    • You have the right to withdraw consent where you have previously given your consent to the processing of their Personal Information.
  • Object to the processing of your Personal Information.
    • You have the right to object to the processing of your Personal Information if the processing is carried out on a legal basis other than consent
  • Ask for a copy of your Personal Information.
    • This is known as a Subject Access Request. If you would like a copy of some or all your Personal Information, please email hello@memfault.com.
  • Ask us to correct your Personal Information.
    • It is your right to lodge an objection to the processing of your Personal Information if you believe that the legal ground “relating to your particular situation” applies. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defense of a legal claims.
  • Ask us to transfer your Personal Information to other organizations.
  • Ask us to erase certain categories or types of information.
    • If you choose to remove your Personal Information, you acknowledge that we may retain archived copies of your Personal Information in order to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so.
  • Ask us to restrict certain processing.
    • You have the right to object to processing of Personal Information. Where we have asked for your consent to process information, you have the right to withdraw this consent at any time.
  • “Opt out” of certain sharing of Personal Information.
    • You may limit or “opt out” of our sharing your Personal Information with third parties.
    • For further information on opting out, please see the “Your Choices About Your Personal Information” section of this Privacy Notice.
  • Lodge a complaint.
    • You have the right to bring a claim before a competent data protection authority.

In addition, if you are a California resident (or otherwise have these rights under applicable data protection law):

  • regarding the disclosure of their Personal Information to third parties for their own direct marketing purposes. Memfault’s policy is not to disclose your Personal Information to third parties for the third parties’ direct marketing purposes if you have exercised your option to prevent that information from being disclosed to third parties for those purposes. If you wish to not have your personal information shared for those purposes, you may request that we delete your Personal Information by following the steps outlined in this Privacy Notice.
  • You can request to know, access, correct, update or delete your Personal Information by contacting us using the contact details provided under “Contacting Us” below, and we will fulfill your request in accordance with applicable data protection laws. We may need to verify your identity in order to action your request, including by asking for you to provide a government issued identification document. Once we have verified you, we will respond and comply with your specific requests.
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under “Contacting Us.”

California residents also have the following rights:

  • This Privacy Notice describes the categories of Personal Information that we have collected, disclosed for a business purpose and sold over the preceding twelve (12) months. Please refer to the sections “What information do we collect?” and “Do we disclose any Personal Information to outside parties?” for more information.
  • You are entitled to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. If you are a California resident and would like to request this information then please submit a request to Memfault as described below at “Contacting Us.”
  • You have the right to opt out of the sale of your Personal Information, described in the Section “Do we disclose any Personal Information to outside parties?” If you wish to opt out from the sale of your Personal Information, you can do so by contacting us as described below at “Contacting Us.”
  • You have the right not to receive discriminatory treatment for the exercise of your privacy rights under California law.

How do we protect your Personal Information?

Memfault supports the exercise of your data protection rights in accordance with applicable data protection laws. We care about the security of your Personal Information and strive to protect it. To help protect your privacy and security, we use appropriate security measures to protect the security of your Personal Information both online and offline. These security measures vary based on the sensitivity of the information. However, no website or internet transmission is completely secure and we cannot guarantee that information on the Services may not be accessed, disclosed, altered, or destroyed. And you are responsible for maintaining the secrecy of your unique password and account information and email communications while they are under your control. Upon becoming aware of a breach of your Personal Information, we will notify you as quickly as we can and will provide timely information relating to the breach as it becomes known in accordance with any applicable laws and regulations or as is reasonably requested by you. If you have any concerns over the security of your Personal Information, please contact us at hello@memfault.com.

Do we use cookies?

Yes. Cookies are small files that a website or its service provider transfers to your computer’s hard drive through your Web browser (if you allow). These cookies enable the Site to recognize your browser and, if you have a registered account, associate it with your registered account. We may use both session Cookies and persistent Cookies to identify that you’ve logged in to the Services and to tell us how and when you interact with our Site. We use cookies to remember information so that you will not have to re-enter it during your visit or the next time you visit the Site, and to understand and save your preferences for future visits and compile aggregate data about the Site’s traffic and interaction so that we can offer better experiences and tools in the future.

We may also use Cookies to provide aggregated information on Site usage and patterns. We may also use Cookies to monitor web traffic routing on our Services and to customize and improve our Services, to provide custom, personalized content and information relevant to your interest in our Services, and to diagnose or fix technology problems.

Unlike persistent Cookies, session Cookies are deleted when you log off from the Services and close your browser. Although most browsers automatically accept Cookies, you can change your browser options to stop automatically accepting Cookies or to prompt you before accepting Cookies. Please note, however, that if you don’t accept Cookies, you may not be able to access all portions or features of the Site or the Services. We may also collect information via standard server logs or clear GIFs (also known as “Web beacons”). Web beacons and pixel tags are images embedded in a webpage or email for the purpose of measuring and analyzing usage and activity. Memfault, or third-party service providers acting on our behalf, may use web beacons and pixel tags to help us analyze usage and improve our functionality.

Your browser may provide you the option of blocking cookies, such as third-party cookies. Some browsers also give you the ability to review and manage cookies individually. We encourage you to review your browser’s settings and documentation for additional information on any controls your browser may offer and how they work. Please note, if you delete from your device or browser any cookie Memfault uses on our Site, but do not set your browser or device to block third-party cookies, we may install the same cookie during a later visit. Some third-party cookies are also integral to the services we provide on our Site. By blocking third-party cookies, you may not be able to take advantage of all of the features available on our Site.

For more detailed information on information we – or third parties associated with us – collect, and how and where it is processed, please see Exhibit A to this Privacy Notice.

Analytics

Our Site may include Cookies from third-party service providers. In some cases, that is because we have hired the third party to provide services on our behalf, such as site analytics. For this purpose, Memfault may work with various third-party partners like Google to see what actions you take on third party websites. We use Demographics and Interest reporting features in Google Analytics to inform our requests to our service providers.

Our third-party partners like Google use Cookies on our site to

  • Measure and analyze aggregate usage and volume statistical information from our users on our site. Information gathered may include, but is not limited to the following: activity of the user browser when the user is visiting the site, the site path of users, general information regarding the visitor’s internet service provider and host, and the time users come to the site.
  • Remember our users’ previous search of products and services, and dynamically display more relevant content to them.
  • Record users’ behavior on our site, such as pages visited, emails clicked, forms completed and products and services purchased to create communications that better meet your needs.
  • Evaluate user traffic and behavior on the site to compile activity reports.
  • Conduct research and diagnostics to improve our products and services.
  • Identify users arriving at the site via a referral from an affiliate website or sponsored link.

Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. Learn more about privacy at Google here. We use the HubSpot marketing automation suite to track your use of our Site and to assist us with our marketing and sales efforts. You can view HubSpot’s privacy policy at https://legal.hubspot.com/privacy-policy?_ga=2.70649495.600016260.1580080142-1809069190.1580080142. We also use Segment as a tag management service. You can view Segment’s privacy policy at https://segment.com/legal/privacy.

For more detailed information on information we – or third parties associated with us – collect, and how and where it is processed, please see Exhibit A to this Privacy Notice.

“Do Not Track” options will not affect how we use your Personal Information

Although we do our best to honor the privacy preferences of our customers, we are not able to respond to Do-Not-Track signals from your browser at this time. As discussed above, we track our Site’s usage information through the use of cookies for analytic and internal purposes only. Because we do not collect this information to track you after you leave our Site across websites or apps over time, your selection of the “Do Not Track” option provided by your browser will not have any effect on our collection of cookie information for analytics or internal purposes.

Who at Memfault may access your Personal Information?

Designated members of our staff may access your Personal Information to help you with any questions you have, including help using our Services, or investigating security issues. This activity is logged in our system for compliance, and we maintain different levels of access for various employees depending on his or her role in our company. Some types of Personal Information may be accessible only to certain types of employees, consultants, or contractors who need to know this Personal Information to perform the tasks associated with the worker’s role (finance, administration, sales, marketing, legal, system administration).

Do we disclose any Personal Information to outside parties?

We may disclose Personal Information to third parties for a variety of business or commercial purposes. This includes the following disclosures:

  • We may share your Personal Information with other companies owned by or under common ownership with Memfault. As of the date of this Privacy Notice we have no other group companies.
    • These companies, if any, may use your Personal Information in the same way as we can under this Privacy Notice for our operational business purposes.
  • We may disclose your Personal Information to third-party service providers (for example, payment processing, data storage and processing facilities) that assist us in our work for our operational business purposes.
    • We limit the Personal Information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such Personal Information.
  • We may contract with third-party service providers to assist us in better understanding our Site’s visitors.
    • These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.
  • We may also release your Personal Information when we believe release is appropriate to comply with the law, enforce our Site’s policies, or protect our or others’ rights, property, or safety.
    • In particular, we may release your Personal Information to third parties as required to (i) satisfy any applicable law, regulation, subpoena/court order, legal process or other government request, (ii) enforce our Terms of Use, including the investigation of potential violations thereof, (iii) investigate and defend ourselves against any third party claims or allegations, (iv) protect against harm to the rights, property or safety of Memfault, its users or the public as required or permitted by law and (v) detect, prevent or otherwise address criminal (including fraud or stalking), security or technical issues.
  • If you ask us to do so, we may share your Personal Information with the public and other users of the Services. Any information or content that you voluntarily disclose for public posting to the Service, such as user-generated content, becomes available to the public. If you remove information that you posted to the Services, copies may remain viewable in cached and archived pages of the Service, or if other users of the Services have copied or saved that information.
  • You can direct us to share data with other parties. Once you direct us to share your data with a third party, that data is governed by the third party’s Privacy Notice.
  • Your Personal Information may also be transferred to another company in the event of a transfer, change of ownership, reorganization or assignment of all or part of our businesses or assets.
    • This will occur if the parties have entered into an agreement under which the collection, use and disclosure of the information is limited to those purposes of the business transaction, including a determination whether or not to proceed with the business transaction. You will be notified via email or prominent notice on our websites for thirty (30) days of any such change in ownership or control of your Personal Information or as otherwise may be required or permitted by law.

How do we handle international transfers and processing of your Personal Information?

Memfault’s own data centers are located in the United States and by interacting with our Site and using our Services, or otherwise providing your Personal Information to us, your Personal Information will be transferred to and processed in the United States.

In some cases, Memfault may share your Personal Information with its subprocessors, to the extent permitted by applicable law. Each of these subprocessors are limited to accessing or using this Personal Information to provide our hosted services only and must provide reasonable assurances that they will appropriately safeguard any customer data provided by Memfault. Each of these subprocessors using customer data processes this data in the United States only.

By submitting your Personal Information, you’re agreeing to this transfer, storing or processing. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer information, including Personal Information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction. If we transfer your Personal Information from the E.U. and process it in the United States, we do so in accordance with applicable law. With respect to information received or transferred, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Special Provisions Applicable to Residents of the European Union

This section of our Privacy Notice applies to all personal information that is governed by the General Data Protection Regulations (the ” GDPR“), within the territorial scope of the GDPR, that may be used to identify you as a visitor to our Site and that is obtained by us in connection with the Site or providing a product or service to you as part of our operations.

What is a Data Controller? For general data protection regulation purposes, the “Data Controller” means the organization who decides the purposes for which, and the way in which, any Personal Information is processed. Our customers and website visitors are the Data Controllers.

What is a Data Processor? A “Data Processor” is ** ** an organization which processes Personal Information for a Data Controller. We are the Data Processor for our customers. As a Data Processor, we may be bound by the requirements of the GDPR.

What is Data Processing? Data processing is any operation or set of operations (whether automated or not) performed upon Personal Information. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.

If the processing of personal data about you is subject to European Union data protection law, you have certain rights with respect to that data:

  • You can request access to, and rectification or erasure of, personal data;
  • If any automated processing of personal data is based on your consent or a contract with you, you have a right to transfer or receive a copy of your personal data in a usable and portable format;
  • If the processing of personal data is based on your consent, you can withdraw consent at any time for future processing;
  • You can to object to, or obtain a restriction of, the processing of personal data under certain circumstances; and
  • For residents of France, you can send us specific instructions regarding the use of your data after your death.

To make such requests, contact us at hello@memfault.com. When we are processing data on behalf of another party that is the Data Controller, you should direct your request to that party. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns. Please be aware that those rights set out above may not apply in some instances, for example where our right to processing your personal data may be necessary for exercising the right of freedom of expression (e.g., news gathering); or for the establishment, exercise or defense of legal claims.

Governed by the requirements contained in GDPR, we will provide you with a reasonable opportunity to access your Personal Information that we have collected, correct it if it is inaccurate, erase it, or to request we restrict processing of the data. You also have the right to data portability, to have us provide the data to other entities. Please see GDPR Articles 15 through 18 then 20 for the requirements and procedures necessary to exercise these rights. We do not engage in automated data processing or profiling as those terms are understood under GDPR.

With respect to these rights, (a) we reserve the right to not provide information until we receive adequate information to identify that you are the relevant data subject and to request additional information to confirm your identity; (b) with an access request or data portability request, we reserve the right to deny access to information where the rights or freedoms of other individuals may be adversely affected; (c) for requests for copies of data pursuant to an access request, we reserve the right to charge an administrative fee for any request after the first; (d) when requests are manifestly unfounded or excessive, we reserve the right to charge an administrative fee or to refuse to act on the request. When the purpose for data processing is based on consent, you have the right to withdrawal consent at any time, although that does not affect the lawfulness of processing based on consent before it is withdrawn. When the purpose for data processing is based on contract, we will likely not be able to provide you services without the Personal Information we request and so will likely have to terminate the relationship.

Special Provisions Applicable to Residents of California

If you are a California resident, you may have additional rights under the California Consumer Privacy Act relating to the collection and processing of your personal information. Please read the following if you are a California resident. For additional information, you may contact us at the address listed below or at hello@memfault.com.

For purposes of this section, the terms personal information, consumer, and sell or sold shall be defined only as broadly as set forth in the CCPA and to the extent applicable to the Site visitor.

  • We do not sell the personal information of California consumers.
  • We have no actual knowledge that we have sold personal information of minors under the age of 16 years old.

California’s “Shine the Light” law, California Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the business’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. Alternately, businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. We have such a policy in place.

In addition, if you are a California resident (or otherwise have these rights under applicable data protection law):

  • regarding the disclosure of their Personal Information to third parties for their own direct marketing purposes. Our policy is not to disclose your Personal Information to third parties for the third parties’ direct marketing purposes if you have exercised your option to prevent that information from being disclosed to third parties for those purposes. If you wish to not have your personal information shared for those purposes, you may request that we delete your Personal Information by following the steps outlined in this Privacy Notice.
  • You can request to know, access, correct, update or delete your Personal Information by contacting us using the contact details provided under “Contacting Us” below, and we will fulfill your request in accordance with applicable data protection laws. We may need to verify your identity in order to action your request, including by asking for you to provide a government issued identification document. Once we have verified you, we will respond and comply with your specific requests.
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under “Contacting Us.”

California residents also have the following rights:

  • This Privacy Notice describes the categories of Personal Information that we have collected, disclosed for a business purpose and sold over the preceding twelve (12) months. Please refer to the sections “What information do we collect?” and “Do we disclose any Personal Information to outside parties?” for more information.
  • You are entitled to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. If you are a California resident and would like to request this information then please submit a request to us as described below at “Contacting Us.”
  • You have the right to opt out of the sale of your Personal Information, described in the Section “Do we disclose any Personal Information to outside parties?” If you wish to opt out from the sale of your Personal Information, you can do so by contacting us as described below at “Contacting Us.”

You have the right not to receive discriminatory treatment for the exercise of your privacy rights under California law.

Public Areas

Our Site may include discussion forums or other interactive areas or services, including blogs, chat rooms, bulletin boards, message boards, online hosting or storage services, or other areas or services in which you or third parties create, post or store any content, messages, comments, materials or other items on the Site (“Interactive Areas”). If you use an Interactive Area, you should be aware that these areas are open to the public and any personal data you post or provide at registration may be viewable by others. We are not responsible for public disclosure of personal data you submit in connection with the Interactive Areas, nor are we responsible for how others might use that information, including to send you unsolicited messages. Interactive Area postings may be retained indefinitely. If at any time you would like to request that we remove a posting, please email us at hello@memfault.com. Please keep in mind that removal of a posting from an Interactive Area does not necessarily mean that the posting will be deleted from our backend systems.

Retention of your Personal Information

We retain your Personal Information for as long as we have a legitimate business purpose to retain the information, or as otherwise allowed by applicable law. Memfault may also store the information detailed in this Privacy Notice on its equipment or the equipment of third parties with whom Memfault has a relationship. Such storage services will be governed by appropriate protections, as required by applicable rules. Please be aware that we may use third-party cloud service providers that provide hosting, data storage and other services pursuant to standard terms and conditions that may be non-negotiable. These service providers have informed us or the general public that they apply security measures they consider adequate for the protection of information within their system, or they have a general reputation for applying such measures. However, we will not be liable (to the fullest extent permitted by law) for any damages that may result from the misuse of any information, including Personal Information, by these companies.

Third-party Links

This Site may make available links to other third-party websites This Privacy Notice only applies to our Site, so when you link to other websites you should read those separate and independent privacy policies. Your browsing and interaction on any third-party websites, app, or service, are subject to that third party’s own rules and policies. We are not responsible for the practices employed by websites, mobile apps, or services linked to or from the Service, including the information or content contained therein. In addition, you agree that we are not responsible for and we do not have any control over any third parties that you authorize to access your Personal Information. However, we seek to protect the integrity of our Site and welcome any feedback about these websites.

Your Consent

By using our Site or Services, or both, you consent to this Privacy Notice.

Changes to our Privacy Notice

We are constantly trying to improve our Site and the Services, so this Privacy Notice may need to change. If we change the Privacy Notice then we will notify you here in this Privacy Notice by describing the changes at the top of this Privacy Notice. Please review the “Last Updated” legend at the top of this page to determine when this Privacy Notice was last amended. Any changes to this Privacy Notice will become effective on the “Last Updated” date indicated above. By using the Site or providing information to us following such changes, you will have accepted the amended Privacy Notice. If we are going to use Personal Data collected through the Site in a manner materially different from that stated at the time of collection, then we will notify you via email and/or by posting a notice on the Site for 30 days prior to such use or by other means as required by law.

Contacting Us

If you have any questions, comments, complaints or concerns about this Privacy Notice, please contact us using the following contact information. We prefer email.

Memfault, Inc.

Attn: Privacy Issues 981 Mission Street

San Francisco, CA 94103 U.S.A.

hello@memfault.com

EXHIBIT A

Analytics

The services contained in this section enable us to monitor and analyze web traffic and can be used to keep track of website visitor behavior.

Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Personal Information collected to track and examine the use of our apps, to prepare reports on its activities and share them with other Google services. Google may use the Personal Information collected to contextualize and personalize the ads of its own advertising network.

Information generated by the cookie regarding use of these web pages is generally transferred to a Google server in the USA and stored there. As IP anonymization is enabled on our web pages, the user’s IP address is, however, previously abbreviated by Google within the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional instances is the full IP address transmitted to a Google server in the USA and abbreviated there. A data processing agreement with Google Analytics is in place that conforms to the requirements of the GDPR. Google analytics makes use of the Google’s Tag Manager. For more information about Google’s use of data for marketing purposes, please see the summary page: https://www.google.com/policies/technologies/ads.

Google will use this information on our behalf to evaluate use of the web page by the user, to put together reports on web page activities and to provide additional services connected with use of the web pages and use of the internet for the web page operator. The IP address transmitted as part of Google Analytics by the user’s browser is not put together with other Google data. Google Analytics is used to increase the effectiveness of our web pages and requires the passing-on of data about users to us. Generally, the user’s consent is not obtained for this. However, use of these services is justified via Art. 6 (1) (f) GDPR, because we simplify and accelerate the handling of the visits by its users to our web pages through the use of Google Analytics.

Personal Information collected: Cookies and Usage Data.

Place of processing: US – Privacy Policy – Opt Out.

Google Tag Manager (Google Inc.)

Google Tag Manager is an analytics service provided by Google Inc.

Personal Information collected: Cookies and Usage Data.

Place of processing: US – Privacy Policy.

Hubspot (Hubspot, Inc.)

For our marketing activities (plan, execute and measure integrated marketing campaigns) we are using HubSpot. HubSpot is one of the leading marketing automation platforms worldwide and allows us to analyze the behavior of our prospects and customers and automate and streamline a multitude of marketing operations. Information generated by the cookie regarding use of these web pages may be transmitted to a HubSpot server outside the EU and stored there. Personal data will only be collected and enriched if the user completes a form on this web page. In this case, in addition to the data you enters yourself, your IP address will also be saved. HubSpot processes the data on our behalf. A data processing agreement with HubSpot is in place that conforms to the requirements of the GDPR.Further information on data collection, evaluation and processing of the user’s data by HubSpot can be obtained from HubSpot´s cookies policy, which is available from https://legal.hubspot.com/cookie-policy.

Tag Management

This type of service helps us to manage the tags or scripts needed on our apps in a centralized fashion. This results in Personal Information flowing through these services, potentially resulting in the retention of this Personal Information.

Segment (Segment Inc.)

Segment is a tag management service provided by Segment.io, Inc.

Personal Information collected: Cookies and Usage Data.

Place of processing: US – Privacy Policy. Privacy Shield participant.