Skip to content

SIGNIFYD.COM Privacy Policy

Effective January 31, 2023 to September 19, 2023

This Privacy Policy (the “Policy”) describes the privacy practices of Signifyd, Inc. on behalf of ourselves and our affiliates (“Signifyd”, “we”, “our” or “us”). This Privacy Policy describes how we collect, use, disclose and otherwise process Personal Information from users of our website at www.signifyd.com (the “Site”) and any version of any of Signifyd’s software as a service and any related professional services (the “Services”). By using any of our Services or the Site, you consent to the collection and use of Personal Information in accordance with this Privacy Policy. Unless separately defined in this Privacy Policy, all defined terms used in this Policy have the meanings set forth in the applicable services agreement or in this Privacy Policy.

1. The information we collect

We may collect information, which includes Personal Information, in various ways. “Personal Information” means any information that relates to an identified or identifiable individual, such as name, address, telephone number or email address. We indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so, at the time of the collection of your Personal Information. If you do not provide the Personal Information necessary to provide you with our products and services, you will not be able to benefit from them.

Information Collected via Automated Means

When you use our Services, some information is automatically collected, such as your IP address, browser type, system type, the content and pages that you access on our Services, “referring URL” (i.e., the page from which you navigated to the Services), the pages you navigate to on the Services and other websites over time, and from which you leave the Services, the links and buttons on which you click, when you scroll, the time you spend on the Services, as well as any events sent to a behavioral tracking service, such as Google Tag Manager. We may use IP address to derive your approximate location.

We collect this information via automated means, such as standard server logs, cookies, local browser storage, ETags, clear GIFs (also known as “Web beacons”), device fingerprinting and similar technologies. We use this information to administer, operate and improve the Services and our other services and systems, and to provide services, content and advertising that are tailored to you.

Also, please be aware that third parties may set cookies on your hard drive or use other automated means to collect information about your use of their services or content.

We also use vendors who collect information through cookies and similar technologies about how individuals browse our Site and Services as well as the web over time to display online advertising that is more tailored to their interests. This is called online targeted advertising. If you are interested in information about targeted advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link or the Digital Advertising Alliance’s Consumer Opt-Out link. You can also opt out of certain online advertising activities by following the instructions in the “Your Rights and Choices” section below. Please note that if you exercise the choices above, you may still see online advertising, but it will not be tailored to you.

Information Provided by You

We collect Personal Information that our users provide to us in a variety of ways on our Services. For instance, when you register for a Signifyd account, update your account information on our Services, leave a comment on our blog or otherwise post or transmit any information or content on or to our Services, request information about any beta testing of Services that we may provide, request help and support regarding any of our Services or otherwise communicate with us, we collect the Personal Information that is provided to us. We may collect Personal Information such as name, email address, city, state, country, other demographic information and your interests and preferences in these manners. We also collect any information that you include in the content of messages you send to us.

Information from Other Sources

We may receive Personal Information about you from third parties, including public databases and industry-standard data vendors. In addition, we collect information from our customers, as well as their service providers and End Users, to provide the Services as described above and in our Terms of Service. We may also obtain information about you from publicly available sources. We may combine this information with other Personal Information we maintain about you and treat such combined information in accordance with this Privacy Policy.

2. How we use your information

We use Personal Information for a number of purposes, including to:

  • Provide services and information that you request, respond to comments and questions and otherwise provide support to users;
  • Enhance, improve, operate and maintain our Services, our programs, website and other systems, including to protect against and prevent fraud;
  • Prevent fraudulent use of our Services;
  • Tailor your user experience;
  • Maintain a record of our dealings with you;
  • Understand and analyze the usage trends and preferences of our users, to improve the Services and to develop new products, services, features and functionality;
  • Contact you for administrative and information purposes — this may include providing customer service or sending communications, including changes to our terms and conditions;
  • Develop and provide promotional and advertising materials that may be useful, relevant, valuable or tailored to you, or otherwise of interest;
  • Achieve business purposes, such as account verification, audits, security, compliance with applicable laws and regulations, fraud monitoring and prevention;
  • Enforce our Terms of Service or as necessary to establish, exercise or defend legal rights;
  • Achieve purposes for which we provide specific notice at the time of collection.

Some jurisdictions (including the European Union and United Kingdom) require that we inform you of the “legal bases” on which we rely to process your Personal Information. The legal grounds on which we rely are as follows:

  • Where you consented to the use of your Personal Information (e.g., for our uses of cookies or similar technologies, to send you marketing communications or personalize our offerings).
  • When necessary to provide you with products and services or to respond to your inquiries.
  • Processing is required by applicable law or necessary to comply with a legal obligation.
  • We, or a third party, have a legitimate interest in using your Personal Information, such as to ensure and improve the safety, security and performance of our products and services, to protect against and prevent payment fraud or to carry out data analyses.

3. How we disclose your information

Business Customers. When providing our Services, we may disclose Personal Information about you to our business customers (e.g., ecommerce merchants), such as whether a payment transaction is legitimate or potentially fraudulent, to help them prevent fraud in the context of online payments.

Service Providers. We also may disclose Personal Information to third-party service providers that assist us in our work (including, but not limited to, data enrichment, analytics, payment processing and data storage and processing facilities).

Legal Purposes. Additionally, we may disclose Personal Information to third parties if we believe that doing so is legally required or is in our interest to protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights or property of others.

Business Transactions. In addition, information about our users, including Personal Information, may be disclosed as part of any merger, acquisition, debt financing, sale of company assets or similar transaction, as well as in the event of an insolvency, bankruptcy or receivership in which Personal Information could be transferred to third parties as one of our business assets.

4. Your Rights and Choices

General Information Rights
Depending on your jurisdiction of residence, and subject to applicable legal exceptions, you may be able to ask us to:

  • Provide access to and/or a copy of certain information we hold about you, where possibly in portable form.
  • Provide you with information about categories of information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your information; and the categories of third parties to which we disclose your information.
  • Update information which is out of date or incorrect.
  • Object to or request restriction to our processing activities.
  • Delete or anonymize certain information which we have about you.
  • Provide for the portability of certain data.
  • Revoke previously granted consent.

If you request these rights, we will need to verify your identity for security and to prevent fraud.

To exercise these rights, please click here to access the Data Subject Access Request form or call us at 866‑893‑0777.

Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. Depending on applicable law, you may have the right to appeal our decision to deny your request. If we deny your request, we will provide you with information on how to appeal the decision, if applicable, in our communications with you.

Notice of Right to Opt Out of Sales of Personal Information and Sharing/Processing of Personal Information for Targeted Advertising Purposes

As explained in detail above, we allow third-party vendors to collect information from your device and online browsing activities for online targeted advertising purposes, so that we can provide you with more relevant and tailored ads regarding the Services. The disclosure of your information to these third parties to assist us in providing these services may be considered a “sale” of Personal Information under applicable law or the processing/sharing of Personal Information for targeted advertising purposes.

If you would like to opt out of our disclosure of your Personal Information through cookies and pixels for purposes that could be considered “sales” or “sharing” for purposes of targeted advertising, . To opt out of disclosures for these activities that are not based on cookies/pixels, please email us at [email protected].

Please note that if you have a legally-recognized browser-based opt out preference signal turned on via your device browser, we recognize such preference in accordance with applicable law.

5. Privacy Information for California Residents

If you are a California resident, the California Consumer Privacy Act (“CCPA”) requires us to provide you with the following additional information about: (1) the purpose for which we use each category of Personal Information we collect; and (2) the categories of third parties to which we (a) disclose such Personal Information for a business purpose, (b) “share” Personal Information for “cross-context behavioral advertising,” and/or (c) “sell” such Personal Information. Under the CCPA, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s Personal Information obtained from the consumer’s activity across websites, and “selling” is defined as the disclosure of Personal Information to third parties in exchange for monetary or other valuable consideration. Our use of third-party online advertising services may result in the disclosure of online identifiers (e.g., cookie data, IP addresses, device identifiers and usage information) in a way that may be considered a “sale” or “sharing” under the CCPA.

The following chart details these activities:

Category of Personal Information Purposes of use Categories of Third Parties to Which We Discloses this Personal Information Categories of Third Parties to Which We “Share” and “Sell” this Personal Information for Advertising/Analytics Purposes
Contact information
  • Business Operations
  • Customer Service
  • Legal Purposes
  • Communicate with you
  • Advertising and marketing
Affiliated entities;
Service providers;
Online advertising and analytics partners;
Entities for legal purposes;
Online advertising and analytics partners
Commercial/Financial information
  • Business Operations
  • Customer Service
  • Legal Purposes
Affiliated entities;
Service providers;
Entities for legal purposes;
We do not share/sell
Internet network and device information
  • Business Operations
  • Customer Service
  • Legal Purposes
  • Communicate with you
  • Advertising and marketing
Affiliated entities;
Service providers;
Online advertising and analytics partners;
Entities for legal purposes;
Online advertising and analytics partners
Demographic information
  • Business Operations
  • Customer Service
  • Legal Purposes
  • Communicate with you
  • Advertising and marketing
Affiliated entities;
Service providers;
Online advertising and analytics partners;
Entities for legal purposes;
Online advertising and analytics partners
Inference data
  • Business Operations
  • Customer Service
  • Legal Purposes
  • Communicate with you
  • Advertising and marketing
Affiliated entities;
Service providers;
Entities for legal purposes;
Online advertising and analytics partners

 

For more information about each category of personal information, purpose of use and third parties to which we disclose personal information, please see the “Information We Collect,” “How We Use Your Information,” and “How We Disclose Your Information” sections of our Privacy Policy.

Your Choices Regarding “Sharing” and “Selling”: If you would like to opt out of our disclosure of your Personal Information through cookies and pixels for purposes that could be considered “sales” or “sharing” for purposes of targeted advertising, . To opt out of disclosures for these activities that are not based on cookies/pixels, please email us at [email protected].

Please note that if you have a legally-recognized browser-based opt out preference signal turned on via your device browser, we recognize such preference in accordance with applicable law.

Other CCPA Rights. If we ever offer any financial incentives in exchange for your Personal information, we will provide you with appropriate information about such incentives.

The CCPA also allows you to limit the use or disclosure of your “sensitive personal information” (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for business purposes for which you cannot opt out under the CCPA.

Please see the “Your Rights and Choices” section of our Privacy Policy above for information about the additional rights you have with respect to your personal information under California law and how to exercise them.

Retention of Your Personal Information. Please see the “Security and Retention” section below.

California “Shine the Light” disclosure. The California “Shine the Light” law gives residents of California the right under certain circumstances to opt out of the disclosure of certain categories of Personal Information (as defined in the Shine the Light law) with third parties for their direct marketing purposes, or in the alternative, that we provide a cost-free means for consumers to opt out of any such disclosure. We do not currently disclose your Personal Information to third parties for their own direct marketing purposes.

Notice Concerning Do Not Track

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with choices about the information collected on our website for third party purposes, and that is why we provide the variety of opt-out mechanisms listed throughout this Privacy Policy. However, we do not currently recognize or respond to browser-initiated DNT signals. To learn more about Do Not Track, you can do so here. Please note that Do Not Track is a different functionality from the legally-required browser-based global privacy control signal discussed above, which Signifyd does honor in accordance with applicable legal obligations.

6. Links

For your convenience, the Services may contain links to other Websites, products or services that we do not own or operate. Please be aware that this Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties operating any Website or service to which the Services link. We encourage you to carefully review the privacy policies applicable to any Website or service you visit other than our Services before providing any Personal Information on them.

7. Children

Children’s safety is important to us, and we encourage parents and guardians to take an active interest in the online activities of their children. Our Services are not directed to children under the age of 16, and we do not knowingly collect Personal Information from children under the age of 16. If we learn that we have collected Personal Information from a child under the age of 16 on our Services, we will delete that information as quickly as possible. If you believe that we may have collected any such Personal Information on our Services, please notify us at [email protected].

8. Data transfers

Our Services are hosted in the United States and are intended generally for United States users. However, individuals located outside of the United States may also benefit from our Services. We may transfer your Personal Information to countries other than the country where you are located, including to the United States where we are headquartered. While the Privacy Shield Framework has been declared to be insufficient for the protection of data transfers for transfers of Personal Information from the European Economic Area, the United Kingdom or Switzerland to the United States, Signifyd still complies with the requirements as prescribed by the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework and as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union and Switzerland to the United States. Please see Clause 8 for further details. In addition, to supplement the Privacy Shield and comply with recent rulings, Signifyd also relies on the European Commission’s Standard Contractual Clauses for transfers of Personal Information from the European Economic Area, the United Kingdom or Switzerland. You may contact us at [email protected] to obtain further information on the safeguards we use to transfer Personal Information outside of the EEA, the United Kingdom or Switzerland.

9. EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework

Signifyd has certified to the U.S. Department of Commerce that Signifyd satisfies the standards as prescribed by the Privacy Shield Principles and as required under the Privacy Shield Framework. This makes Signifyd subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and could face liability in cases of unlawful transfers to third parties. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern as a minimum level of protection, however Signifyd may supplement these Principles and this level of data protection. To learn more about the Privacy Shield or to view Signifyd’s certification, please visit https://go.adr.org/privacyshield.html. In compliance with the Privacy Shield Principles, Signifyd commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Signifyd at [email protected]. Signifyd has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association (“AAA”), an alternative dispute resolution provider located in the United States, which could reach a binding decision. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit AAA for more information or to file a complaint. The AAA Rules and filing forms are available online at www.adr.org, by calling the AAA at 1-800-778-7879. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles available here.

10. Security and Retention

We use a variety of technical and organizational security measures that are designed to protect Personal Information in our control from loss, misuse, unauthorized access, use, disclosure, alteration or accidental, unlawful or unauthorized destruction. Please note, however, that no data security measures can be guaranteed to be completely effective. Consequently, we cannot ensure or warrant the security of any Personal Information or other information or that it will not be accessed, viewed or acquired by unauthorized persons.

We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible enrollment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

11. Updates to this Policy

We may occasionally update this Privacy Policy. When we do, we will also revise the “last updated” date at the beginning of the Privacy Policy. Your continued use of our Services after such changes will mean that you accept the revised Privacy Policy. We encourage you to periodically review this Privacy Policy to stay informed about how we collect, use and disclose Personal Information.

12. Contacting us

If you have any questions, comments or concerns about this Privacy Policy, or if you would like to exercise your rights in relation to your Personal Information, please contact us using the following contact information:

Signifyd, Inc.
Attn: Signifyd Privacy Issues
99 Almaden Blvd., 4th floor
San Jose, CA 95113
[email protected]
Tel: (866) 220-1415

Please note, the role and department responsible for compliance with the obligations under this Notice is:

Data Protection Officer
Signifyd, Inc.
99 Almaden Blvd., 4th floor
San Jose, CA 95113
[email protected]
Tel: (866) 220-1415

You may contact our European Local Representative as required under Art. 27 GDPR as follows:

Managing Counsel
Signifyd, Inc.
Buzón 109
C/ Pizarro 20 — Local
28004 Madrid


Prior Privacy Policy Versions:
April 20, 2018 to August 15, 2019
August 16, 2019 to January 30, 2023

California Privacy Notice: July 6, 2021 to January 30, 2023
GDPR Policy: April 20, 2018 to January 30, 2023

Brazil Privacy Policy: August 20 2021 – January 30, 2023
Mexico Privacy Policy: December 19, 2019 to January 30, 2023