Last Updated: September 24, 2024
TABLE OF CONTENTS
PART II. DATA COLLECTION AND USE
2.3 DISCLOSURE OF INFORMATION TO THIRD PARTIES
PART III. INTERNATIONAL TRANSFERS, SECURITY AND DATA RETENTION
3.1 PROCESSING OF PERSONAL DATA IN THE U.S. AND ELSEWHERE
4.1 EXERCISING YOUR PRIVACY RIGHTS
4.2 PRIVACY RIGHTS AND BRAZE CUSTOMERS
4.4 COOKIES AND OTHER TRACKING TECHNOLOGIES
PART V. LEGAL BASIS FOR PROCESSING PERSONAL DATA
PART VI. IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS
6.1 YOUR CALIFORNIA PRIVACY RIGHTS.
6.2 CATEGORIES OF PERSONAL DATA THAT WE COLLECT AND THIRD PARTIES TO WHOM THE DATA MAY BE DISCLOSED
6.3 THE SALE AND SHARING OF PERSONAL INFORMATION
6.4 SENSITIVE PERSONAL INFORMATION AND DE-IDENTIFIED DATA
PART VII. IMPORTANT INFORMATION FOR JAPANESE VISITORS
PART VIII. OTHER IMPORTANT INFORMATION
8.1 CHANGES TO OUR PRIVACY POLICY
PART I. GENERAL INFORMATION
1.1 OUR COMMITMENT TO PRIVACY
Your privacy is important to us and maintaining your trust is one of our highest priorities. This Privacy Policy provides you with a description of how we collect and use data relating to or identifying individuals (“Personal Data”). We also provide information on privacy rights, how to exercise these rights and how to contact us with any questions.
1.2 INTRODUCTION TO BRAZE
Braze is a U.S. company, headquartered in New York, with global operations. A reference to “Braze,” “we,” “us” or the “Company” is a reference to Braze, Inc. and the relevant affiliate(s) involved in the processing activity.
Braze is a life-cycle engagement platform for companies around the world, supporting stronger relationships between brands and their clients, primarily by leveraging first party data to personalize and automate life-cycle marketing campaigns through first party channels, such as email, SMS, mobile and web push notifications, and in-app/in-browser messaging.
More information about Braze can be found at www.braze.com.
Our Japanese website can be found at https://www.braze.co.jp/.
1.3 SCOPE OF THIS POLICY
What is in Scope?
This Privacy Policy applies to Braze, where we determine the purposes and means of the processing of Personal Data for our marketing or business purposes (further details below) and in such capacity, we will use the term “Data Controller”.
What is not in Scope?
Our Websites and Services are intended to be used by businesses and their representatives. We do not offer any products or services to individuals for personal, family or household use. All Personal Data that we process is treated as belonging to individuals in a business capacity.
Braze’s privacy commitments to its customers, where we process Personal Data on behalf of our customers, are outlined in Braze’s agreements with such customers. In our capacity as a processor of our customers’ data, we will refer to ourselves as a “Data Processor.” Specifically, in that capacity, Braze processes Personal Data of people who interact with customer applications or websites that are offered by our customers and that have incorporated Braze technology (“Customer Applications”). The protections that apply to such Personal Data will be described in the individual privacy policies of those customers, and not in this Privacy Policy. If you wish to learn more about the privacy and data security practices of those customers, you should reach out to them directly. For clarity, this Privacy Policy does not cover any Personal Data that our customers choose to collect and share with Braze, where Braze is not the Data Controller, but is instead a Data Processor.
Individuals who are interested in, apply for, or are recruited for a job with Braze can find our related privacy practices described in our Candidate Privacy Policy.
Additionally, our Websites or Services (as defined below) may contain links to other websites, applications and services maintained by third parties. The privacy and data security practices of such third-party sites and/or services are governed by the privacy statements of those third parties, and not by this Privacy Policy.
PART II. DATA COLLECTION AND USE
2.1 DATA COLLECTION
The Personal Data that Braze collects will be determined by your interaction with Braze, our partners, Braze publications and other sources.
How and where do we collect data?
Braze collects Personal Data from prospects, customers, participants at our trainings, certifications and events, business partners and vendors (if they are natural persons), their respective employees, advisors, and/or consultants, along with the data of whomever our customers have authorized to use the Braze services (the “Services”) on their behalf (collectively, “Individuals”), who:
Braze collects Personal Data from a variety of sources, such as from:
What type of data do we collect?
Personal Data that we may collect includes, but is not limited to:
Some of the information described above is collected through our Websites and our Services using logs, cookies and/or other tracking technologies. To read more about the cookies and tracking technologies we use, please visit our Cookie Policy. You can manage your cookie consent preferences by visiting our Cookie Consent Manager.
We also use session replay technology provided by third-party vendors to record the interactions and Personal Data of dashboard users of our Services. We and such third-party vendors may use information from these recordings, which may include the Usage Data detailed above. Personal Data within these recordings may be processed for the purposes outlined in Section 2.2 of this Privacy Policy. Such recordings do not include Personal Data for which Braze is a Data Processor.
2.2 PURPOSES OF PROCESSING
Braze collects Personal Data for several purposes, including:
Where we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to comply with our legal obligations or perform our contract with you.
If you provide us with Personal Data relating to another person, you confirm that you have informed them of our identity, the purposes (as set out above) for which their Personal Data will be used, and that you have obtained their consent prior to sharing their Personal Data with us.
2.3 DISCLOSURE OF INFORMATION TO THIRD PARTIES
We may disclose Personal Data to the following types of third parties and for the following purposes:
PART III. INTERNATIONAL TRANSFERS, SECURITY AND DATA RETENTION
3.1 PROCESSING OF PERSONAL DATA IN THE U.S. AND ELSEWHERE
Braze, Inc. is located in the United States ("U.S.") and our group companies operate in Singapore, Germany, Japan, Canada, France, Australia, Indonesia, the United Kingdom ("UK"), Ireland, Romania, Brazil and South Korea. Braze works with vendors and partners who operate predominantly in these countries. From time to time, we may work with vendors and partners in other parts of the world where we do business. This means that when we collect your Personal Data, we may process it in any of these countries. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective), but we have in place appropriate safeguards and international transfer mechanisms (e.g., the Data Privacy Framework or the EU Standard Contractual Clauses). We also implement a number of supplementary measures designed to better protect the Personal Data with which we are entrusted.
Where available, Braze, Inc. complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union, the UK and Switzerland, as applicable, to the US in reliance on the Data Privacy Framework. Please visit our Data Privacy Framework Notice for further information.
For non-US transfers, Braze may rely on an alternative transfer mechanism, including the 2021 EU Standard Contractual Clauses, to transfer Personal Data from the UK and European Economic Area ("EEA") to other third-party countries.
3.2 SECURITY
We use a number of technical, organizational and administrative security measures designed to protect the security, confidentiality and integrity of information. However, security risk is inherent in internet and information technologies and we cannot guarantee the security of your Personal Data.
3.3 DATA RETENTION
We will retain Personal Data we collect from you for so long as we have an ongoing legitimate business need to do so (in connection with the purposes set out in Part II above). We determine the appropriate retention period for Personal Data on the basis of the purpose for which we process the Personal Data, the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation). When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it.
PART IV. YOUR PRIVACY RIGHTS
4.1 EXERCISING YOUR PRIVACY RIGHTS
You may have the right under applicable law to request that we take certain actions in connection with Personal Data that we may have about you. Not all jurisdictions grant privacy rights, so whether or not you have any such rights, and the nature of those rights, if any, are determined by multiple factors, including your location, country, state, or place of residence. Privacy rights may include the following:
If you wish to exercise any of these requests, please fill out this form. We will respond to requests from individuals wishing to exercise data protection rights applicable to them. For certain rights, such as where you request access to Personal Data, we will need to confirm your identity. To verify your identity, we will require you to provide ID, where permitted or required by applicable law. You also have the right to exercise your applicable privacy rights free from discriminatory treatment and retaliation as prohibited by applicable law. These rights are not absolute, and in certain cases we may decline or partially decline your request as permitted by law.
You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local supervisory authority. If you have a question about your privacy rights, please email us at [email protected].
4.2 PRIVACY RIGHTS AND BRAZE CUSTOMERS
Braze customers may collect Personal Data through their websites or applications and send that data to the Braze Services. Where you wish to enforce any of your rights in respect of such data, we encourage you to contact the customer who provides you with the Customer Application, as this will be the quickest way to have your request processed. Where you submit a request about a Braze customer and you are able to identify the customer, we forward your request to the customer to handle.
4.3 MARKETING AND ADVERTISING
At any time, you have the right to opt-out of marketing communications that we send, or object to the use of your personal data for behavioral advertising. You can exercise these rights by visiting the Braze Preference Center, or by using the contact details provided under the “How to Contact Us” heading below. Authorized users of the Services may exercise this right through preference center options available within the Services. Where applicable, you may also opt-out through unsubscribe options available within the marketing communication itself.
Please note that opting-out of the receipt of marketing communications or objecting to the use of your personal data for behavioral advertising does not opt you out of receiving important business communications related to your current relationship with us, such as communications about event registrations, service announcements or security information.
4.4 COOKIES AND OTHER TRACKING TECHNOLOGIES
You can manage your cookie preferences by visiting our Cookie Consent Manager. Please see our Cookie Policy for further information on cookies and other tracking technologies.
4.5 CHAT TECHNOLOGIES
We use chat technologies provided by third-party vendors that employ cookies and software code to operate the chat features you can use to communicate with us through our Websites. We and such third-party vendors may monitor, record and use information from your interactions with our Websites. This information includes details you have shared through online chats, data on sections of the Website you have visited, your IP address and your general geographic information (e.g., city, state). This Personal Data may be processed for the purposes outlined in Section 2.2 of this Privacy Policy.
PART V. LEGAL BASIS FOR PROCESSING PERSONAL DATA
If you are from a region that requires us to have a legal basis for processing your Personal Data, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
However, we will normally collect Personal Data from you only where we have your consent to do so, where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
PART VI. IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS
If you are a California resident, this section applies to you in addition to the rest of the Privacy Policy. It provides more detail on how we collect, use and disclose Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this Part VI, Personal Information has the meaning given in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”). However, this Part VI does not apply:
6.1 YOUR CALIFORNIA PRIVACY RIGHTS
As a California resident, you have information, access, rectification/correction, erasure/deletion, and non-discrimination rights as described in Part IV (Your Privacy Rights). In addition, you have the right to opt-out of the “sale” or “sharing” of Personal Information as those terms are defined by the CCPA.
If you have appointed an authorized agent to act on your behalf, your authorized agent may request to exercise these rights on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to applicable California law. If you have not provided your agent with such a power of attorney, we may ask you and/or your agent to take additional steps permitted by law to verify that your request is authorized, such as information required to verify your identity and that you have given the authorized agent permission to submit the request.
6.2 CATEGORIES OF PERSONAL DATA THAT WE COLLECT AND THIRD PARTIES TO WHOM THE DATA MAY BE DISCLOSED
The following chart describes our practices currently in use and in use during the past 12 months. This chart summarizes the Personal Information we collect by reference to the statutory categories specified in the CCPA, and the categories of third parties to whom we may disclose it for a business purpose. These third parties are defined in Section 2.3 (Disclosure of Information to Third Parties). Information you voluntarily provide to us, such as in free-form webforms or via email, may contain other categories of Personal Information not described below. The business/commercial purposes for which we use these categories of Personal Information listed in the below table are described above in Section 2.2 (Purposes of Processing). Our relevant data retention practices are addressed in Section 3.3 (Data Retention).
6.3 THE SALE AND SHARING OF PERSONAL INFORMATION
Like many companies, Braze uses services that employ cookies and other technologies to collect Personal Information (including the identifiers and internet activity information described in the table above) about your use of our Websites and other online services over time, which helps us to deliver behavioral advertising. In addition, we may provide your contact details to our advertising vendors for the placement of targeted ads. Braze may share contact details of business contacts with our technology or solutions partners during any sales negotiations. Our use of some of these services constitutes the “sale” or “sharing” of Personal Information as defined under the CCPA.
You may opt-out of such sales or sharing by clicking on the “Do Not Sell or Share my Personal Information” link in the footer of our Websites and following the instructions therein. You can also opt-out of advertising cookies by visiting our Cookie Consent Manager or by enabling Global Privacy Control (“GPC”) in your web browser or browser extension, which we recognize to the extent required by applicable law. Enabling GPC will automatically set your cookie settings to opt out of the sharing of Personal Information for behavioral advertising. If you choose to use GPC, you will need to turn it on for each supported browser or browser extension you use. Other than GPC, we do not recognize any “do not track” signals.
Authorized users of the Services can also opt-out of the selling or sharing of contact details through setting preference center options available within the Services.
While our Website and Services are not directed to children under the age of 16, we are required to inform you that we have no actual knowledge that we have sold or shared the Personal Information of California residents under 16 years of age.
6.4 SENSITIVE PERSONAL INFORMATION AND DE-IDENTIFIED DATA
Braze does not use or disclose Sensitive Personal Information (as defined by the CCPA) for restricted purposes that California residents have a right to limit under the CCPA.
We do not to attempt to re-identify de-identified information that we derive from Personal Information, except for the purpose of testing whether our deidentification processes comply with applicable law.
PART VII. IMPORTANT INFORMATION FOR JAPANESE VISITORS
7.1 PERSONAL DATA DISCLOSURE
Braze K.K. (“Braze Japan”) may disclose your Personal Data to Braze group affiliates and other third parties for the purposes described in Section 2.3 (Disclosure of Information to Third Parties). A list of the Braze office locations may be found on our Website. The categories or items of the Personal Data that Braze Japan may disclose to a third party are the same as those described in Section 2.1 (Data Collection). When Braze Japan discloses your Personal Data to entrusted third parties, Braze Japan shall be the entity that is responsible for processing and managing your Personal Data.
7.2 BRAZE JAPAN’S INFORMATION
Braze Japan’s official name, address and the name of the representative director is described in https://www.braze.co.jp/company. However, if you have any questions, requests or complaints about our processing of your Personal Data or this Privacy Policy, please follow the instructions described in Section 8.3 (How to Contact Us).
PART VIII. OTHER IMPORTANT INFORMATION
8.1 CHANGES TO OUR PRIVACY POLICY
If we change our Privacy Policy, we will update the “Last Updated” date at the top of this webpage. We encourage you to review this Privacy Policy frequently to stay informed of the latest modifications.
8.2 CHILDREN
Our Websites are not directed to individuals under the age of 16. We do not knowingly collect Personal Data from such individuals without parental consent and require our customers to fully comply with applicable law in the data collected from children under the age of 16. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in the “How to Contact Us” section, below, and we will take steps to delete such Personal Data from our systems.
8.3 HOW TO CONTACT US
or
Braze, Inc.
Privacy Policy Issues
Attention: General Counsel
63 Madison Building
28 East 28th Street
12th Floor Mailroom
New York, NY 10016
USA