Privacy Policy

GDPR Ready Badge

Thanks for choosing SparkPost!  Please carefully read this privacy policy as it provides important information about SparkPost’s privacy practices.  If you have any questions about this privacy policy, please contact us at privacy@sparkpost.com.

Message Systems, Inc.  (dba SparkPost), a Delaware corporation, and its Affiliates (collectively, “SparkPost”, “we”, “us” or “our”) are committed to protecting the privacy of information you provide to us.   Accordingly, SparkPost provides this privacy policy to inform you about our online information practices, the kinds of information we may collect, how we intend to use and share that information, and how you can request access, correction, portability, or deletion of such information (our “Privacy Policy”).  All undefined capitalized terms used in this Privacy Policy have the meaning set forth in the Terms of Use.

DEFINITIONS.

  • Personal Information” is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

SCOPE.

Except where otherwise indicated, this Privacy Policy applies to individuals who: (a) visit SparkPost’s websites (“Websites”); (b) register to attend SparkPost’s online or offline events (“Events”); (c) use SparkPost’s email delivery platform and related services through the Websites (“Platform”); or (d) use any other, present or future, online or offline, programs, services, or offerings of SparkPost (“Offerings”) (collectively, the Websites, Events, Platform and Offerings constitute the SparkPost “Services”).  When we say “Customer,” we are referring to the person or entity that is registered with us to use the Platform or Offerings.  When we say “you,” we are referring to Customers and/or to some other individual who visits any of our Websites or attends or Events.

SparkPost provides the Platform to Customers so they may provide information to, market to, and stay in contact with their subscribers and other individuals (“Recipients”) through email.  When we Process Personal Information of Recipients (“Recipient Personal Information”) on behalf of our Customers, we Process such Personal Information only as a data processor and in accordance with our Customers’ instructions.  If you are a Recipient of one of our Customers, you should review that Customer’s privacy policy, terms, or other notices to learn how that Customer collects and uses information about you, including through the Platform.  If a Customer has submitted Personal Information pertaining to you as an individual to us as Recipient Personal Information and you wish to exercise any rights you may have to access, correct, port, or delete such Personal Information, please inquire with the applicable Customer directly.  Because SparkPost personnel have limited ability to access Recipient Personal Information, if you wish to make your request directly to SparkPost, please provide the name of the applicable SparkPost Customer. We will refer your request to that Customer and will support them as needed in responding to your request within the timeframe required by applicable law.

YOUR INFORMATION.

Information We Collect

We collect your Personal Information in the following ways:

  • Information you voluntarily provide to us: When you sign up for and/or use the Services, consult with our customer service team, send us an email, post on our blog, fill out a form on our Websites, integrate the Services with another website or service (for example, when you choose to connect your application to the Platform), or communicate with us in any way, you are voluntarily giving us information that we collect.  That information may include your name, physical address, email address, phone number, billing information, as well as details including occupation, location, purchase history, and other demographic information. By giving us this information, you agree to this information being collected, used, disclosed, transferred, and stored by us as described in our Terms of Use (available at: https://www.sparkpost.com/policies/tou) and in this Privacy Policy.
  • Information we collect automatically: We may collect information about your visit to our Websites, your usage of the Services, and your web browsing.   That information may include your IP address, your operating system, your browser ID, your browsing activity, and other information about how you interacted with our Websites or other websites.  We may collect this information as a part of log files as well as through the use of cookies or other tracking technologies. Our use of cookies and other tracking technologies is discussed more below, and in more detail in our Cookie Policy (available at: https://www.sparkpost.com/policies/cookies).
  • Information from your use of the Services: We may receive information about how and when you use the Services, store it in log files or other types of files associated with your account, and link it to other information we collect about you.  This information may include, for example, your IP address, time, date, browser used, and actions you have taken within the application. This type of information helps us to improve our Services for both you and for all of our Customers.
  • Cookies and tracking: We and our partners may use various technologies to collect and store information when you use our Services, and this may include using cookies and similar tracking technologies on our Website, such as pixels and web beacons, to analyze trends, administer the website, track your movements around the website, serve targeted advertisements, and gather demographic information about our user base as a whole.  You can control the use of cookies at the individual browser level through its settings and preferences.
  • Ad Choices: We partner with third parties to display advertising on our Websites or to manage and serve our advertising on other sites.  Our third-party partners may use cookies or similar tracking technologies in order to provide you advertising or other content based upon your browsing activities and interests.   This type of advertising is sometimes called interest-based advertising. If you wish to opt out of interest-based advertising, please visit: http://optout.aboutads.info/?c=2&lang=ENhttp://preferences-mgr.truste.com/ (or if located in the European Union, please visit: http://www.youronlinechoices.eu/).  Please note you still might continue to receive generic ads.  For more information about our use of cookies and other tracking technologies, as well as how to opt out of the use of cookies, please refer to our Cookie Policy (available at: https://www.sparkpost.com/policies/cookies).
  • Web beacons: We use web beacons, also called pixel tags, on our Websites and in our emails.  When we send emails to Customers, we may track behavior such as who opened the emails and who clicked the links.  This allows us to measure the performance of our email campaigns and to improve our features for specific segments of Customers.  To do this, we include a single pixel tag in emails we send. These tags allow us to collect information about when you open the email, your IP address, your browser or email client type, and other similar details.  We also include single pixel tags in the emails we deliver, through the Platform, on our Customer’s behalf. We use the data from those web beacons to create reports about how our Customer’s email campaign performed and what actions their Recipients took with respect to that email.  Similarly, reports are also available to us when we send email to you, so we may collect and review that information to analyze how our email campaigns to Customers performed and what actions our Customers took with respect to that email.
  • Contest and Sweepstakes: We may, from time to time, offer surveys, contests, sweepstakes, or other promotions on our Websites or through social media (collectively, “Promotions”).  Your participation in our Promotions is completely voluntary.  Information requested for entry may include personal contact information such as your name, address, date of birth, phone number, email address, username, and similar details.  We use the information you provide to administer our Promotions. We may also, unless prohibited by the Promotion’s rules or law, use the information provided to communicate with you, or other people you select, about our Services.  We may share this information with our Affiliates and other organizations or Service Providers in line with this policy and the rules posted for the Promotion.
  • Blog: We have public blogs on our Websites.  Any information you include in a comment on our blog may be read, collected, and used by anyone.  If your Personal Information appears on our blogs and you want it removed, please contact us at privacy@sparkpost.com.  If we are unable to remove your information, we will tell you why.
  • Social media platforms and widgets: Our Websites may include social media features, such as the Facebook Like button.  These features may collect information about your IP address and which page you are visiting on our Website, and they may set a cookie to make sure the feature functions properly.  Social media features and widgets are either hosted by a third party or hosted directly on our Website. We also maintain presences on social media platforms including Facebook, Twitter, and LinkedIn.  Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves.  Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
  • Information from other sources: We may, from time to time, obtain information about you from third party sources, such as public databases, third party data providers, and our joint marketing partners.  We take steps to ensure that such third parties are legally permitted or required to disclose such information to us. Examples of the information we may receive from other sources include: demographic information, company information, device information (such as IP addresses), location, and online behavioral data (such as information about your use of social media websites, page view information, and search results and links).   We use this information, alone or in combination with other information (including Personal Information) we collect, to enhance our ability to provide relevant marketing and content to you and to develop and provide you with more relevant products features, and services.

Use and Disclosure of Your Personal Information

We may use and disclose your Personal Information only for the following purposes:

  • To promote use of our Services to you and others.  For example, if we collect your Personal Information such as your email address when you visit our Websites and do not sign up for any of the Services, we may send you an email inviting you to sign up where permitted by applicable law.  If you use any of our Services and we think you might benefit from using another Service we offer, we may send you an email about that. You can stop receiving our promotional emails by following the unsubscribe instructions included in every promotional email we send.  In addition, we may use information we collect in order to advertise our Services to you or suggest additional features of our Services that you might consider using. In addition, we may use your Personal Information to advertise our Services to potential or other users like you.  For more information on how we use cookies or other tracking technologies for these purposes, as well as how to opt out of the use of cookies, please see our Cookie Policy (available at: https://www.sparkpost.com/policies/cookies).
  • To send you informational and promotional content in accordance with your marketing preferences.  You can manage your preferences to receive specific content in our subscription center (which is available by clicking the “Email Subscription Center” link found in the footer of our marketing emails) or choose to stop receiving these emails altogether by following the unsubscribe instructions included in every marketing email.
  • To bill and collect money owed to us by our Customers.  This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number.  We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments.
  • To send you important messages about the Services.  For example, we may inform you of temporary or permanent changes to our Services, such as scheduled maintenance, new features, version updates, releases, abuse warnings, and changes to our Privacy Policy.
  • To communicate with our Customers about their account and provide customer support.
  • To enforce compliance with our Terms of Use and applicable law.  This may include developing and using tools that help detect fraud and prevent violations.
  • To protect the rights and safety of our Customers and third parties, as well as our own.
  • To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
  • To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.
  • To prosecute or defend a court, arbitration, or any other legal proceeding.
  • To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • To provide, support, and improve the Services we offer.  This includes our use of the data that our Customers provide us in order to enable our Customers to use the Services to communicate with their Recipients.  This also includes, for example, aggregating information from your use of the Services and sharing this information with third parties to improve our Services.  This might also include sharing your information or the information you provide us about your Recipients with third parties in order to provide and support our Services or to make certain features of the Services available to you.  When we do have to share Personal Information with third parties, we take steps to protect your information by requiring these third parties to enter into a contract with us that require them to use the Personal Information we transfer to them in a manner that is consistent with this policy.
  • To transfer your information in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition.  In that event, we will endeavor to require any acquirer to be subject to our obligations under this Privacy Policy, including your rights to access and choice.  We will notify you of the change either by sending you an email or posting a notice on our Website.

We may combine Personal Information with other information we collect or obtain about you (such as information we source from our third party partners), to serve you specifically, such as to deliver a product or service according to your preferences or restrictions, or for interest-based advertising purposes in accordance with this Privacy Policy.  When we combine Personal Information with other information in this way, we treat the entire data set as Personal Information, and apply all of the safeguards in this Privacy Policy applicable to Personal Information.

Disclosure of Personal Information to Third Parties

We may disclose Personal Information to the following types of third parties for the purposes described in this Privacy Policy:

  • Service Providers.  Sometimes, we share Personal Information with our third-party service providers who help us provide and support our Services (“Service Providers”).   For example, if it is necessary to provide you something you have requested, then we may share your Personal Information with a Service Provider for that purpose.  Our Service Providers enter into a contract with us that requires them to use the Personal Information only for the provision of services to us and in a manner that is consistent with this Privacy Policy.  Examples of Service Providers include payment processors, hosting services, and content delivery services.
  • Advertising partners.  We may partner with third party advertising networks and exchanges to display advertising on our Websites or to manage and serve our advertising on other sites and may share your Personal Information with them for this purpose.  We and our third-party partners may use cookies and other tracking technologies, such as pixel tags and web beacons, to gather information about your activities on our Websites and other sites in order to provide you with targeted advertising based on your browsing activities and interests.   For more information about cookies and other tracking technologies, please see our Cookie Policy (available at: https://www.sparkpost.com/policies/cookies).  For more information about interest-based advertising, please visit: http://optout.aboutads.info/?c=2&lang=ENhttp://preferences-mgr.truste.com/ (or if located in the European Union, please visit: http://www.youronlinechoices.eu/).
  • Business Partners.  From time to time, SparkPost may partner with other companies to jointly offer products, services or programs including, for example, webinars, events, downloadable content, or integrated features.  If you purchase, specifically express interest in, or register for a jointly offered product, service, or program from or through SparkPost, we may share your Personal Information collected in connection with your purchase or expression of interest with our business partners.  SparkPost does not control our business partners’ use of shared Personal Information and their use of such information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt to not purchase or specifically express interest in a jointly offered product or service.
  • Information Disclosed for our Protection and the Protection of Others.  We may disclose information about you to third parties: (a) if we are required to do so by law, court order or legal process; (b) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (c) under the discovery process in litigation; (d) to enforce SparkPost policies or contracts; (e) to collect amounts owed to SparkPost; (f) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (g) if we, in good faith, believe that disclosure is otherwise necessary or advisable.  In addition, from time to time, server logs may be reviewed for security purposes including, for example, to detect unauthorized activity on the Services. In such cases, server log data containing Personal Information may be shared with law enforcement bodies so that they may identify users in connection with their investigation of the unauthorized activities.

Data Collected for and by our Customer

As a Customer, you may import into our system Personal Information you have collected from your Recipients.  We have no direct relationship with your Recipients and for this reason, you are responsible for making sure you have the appropriate permission for us to collect and Process information about those Recipients.  We may transfer Recipient Personal Information to our Service Providers. All Service Providers enter into a contract with us that protects Recipient Personal Information and restricts their use of any Recipient Personal Information consistent with this Privacy Policy.  As part of our Services, we may use and incorporate the information you have provided, we have collected from you, or we have collected about Recipients into features.

If you are a Recipient and no longer want to be contacted by one of our Customers, please unsubscribe directly from that Customer’s emails or contact the Customer directly to update or delete your data.  If you contact us, we may remove or update your information within a reasonable time and after providing notice to the Customer of your request.

Content of Emails Sent

When a Customer sends an email to a Recipient, it bounces from server to server as it crosses the Internet.  Along the way, server administrators can read what you send. Email was not built for sending confidential information and most emails end up in an unencrypted inbox.  Please do not use the Services to send confidential information.

Sometimes we review the content of our Customer’s email campaigns to make sure they comply with our Terms of Use.  To improve that process, we employ software that helps us find email campaigns that may violate our Terms of Use. Our employees or independent contractors may review those particular email campaigns.  This benefits all Customers who comply with our Terms of Use because it reduces the amount of spam being sent through our servers and helps us maintain high deliverability.

Usage Data and Aggregate Data

Where permitted by applicable law and subject to the restrictions set forth in our Terms of Use and/or Customer agreements, SparkPost may: (a) collect  and pseudonymously store the email address of a Recipient (“Recipient Email Address”); (b) collect and use data generated from our Customers’ use and operation of the Service (“Usage Data”) including, without limitation, routing data (e.g., server hostnames, server IP addresses, and timestamps), delivery data (e.g., whether, when, where, and how an Email was sent or delivered), engagement data (e.g., whether, when, where, and how an Email was opened or clicked), and message data (e.g., message type, tone, length, and presentation); and (c) aggregate or compile Usage Data with other data, including data obtained via third parties and the usage data of other SparkPost customers (“Aggregate Data”).   SparkPost may use such information in a number of ways, including research, internal analysis, analytics, intelligence, and any other legally permissible purpose subject to restrictions as set forth in our Terms of Use and/or Customer agreements.   We may share this information within SparkPost and with third parties for our or their purposes in a pseudonymous and/or aggregated form that is designed to prevent anyone from identifying you personally.

YOUR CHOICES.

You have the right to opt out of certain uses and disclosures of your Personal Information, as set out in this Privacy Policy.

General

Where you have consented to SparkPost’s Processing of your Personal Information, you may withdraw that consent at any time and opt out by following the instructions below.  Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will provide information regarding the new purpose and give you the opportunity to opt out.  Note that, due to the nature of the Services, you may have to provide the email address or other identifying value that is associated with your Personal Information in order for SparkPost to segregate out the use and retention of such Personal Information.  Where consent of the individual for the Processing of Personal Information is otherwise required by law or contract, SparkPost will comply with the law or contract.

Sensitive Personal Data

Sensitive Personal Data” is a subset of Personal Information, which due to its nature, has been classified by law or by policy as deserving additional privacy and security protections.  Sensitive Personal Data includes Personal Information regarding EU-residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (a) race or ethnic origin; (b) political opinions; (c) religious or philosophical beliefs; (d) trade union membership; (e) genetic data; (f) biometric data where Processed to uniquely identify a person; (g) health information; (h) sexual orientation or information about the individual’s sex life; or (i) information relating to the commission of a criminal offense.

SparkPost does not collect Sensitive Personal Data from you.  However, if we do ever collect it, we will, prior to disclosing it to a third party or Processing it for a purpose other than its original purpose or the purpose authorized subsequently by the individual, obtain your consent.  Where consent of the individual for the Processing of Personal Information is otherwise required by law or contract, SparkPost will comply with the law or contract.

Email Communications

An “Unsubscribe” button will be provided in each marketing communication sent to you by SparkPost so that you can opt-out of such communications.  However, we may continue to send transaction-related emails regarding products or Services you have requested in response to such request including, for example, a support inquiry.  We may need to send you certain communications regarding the Services and you will not be able to opt out of those communications, including for example, communications regarding updates to our Terms of Use or this Privacy Policy.

“Do Not Track”

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers.  DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services.  At this time, there is no general agreement on how companies like SparkPost should interpret DNT signals. Therefore, SparkPost does not recognize or respond to browser-initiated DNT signals, whether that signal is received on a computer or a mobile device.

THE EUROPEAN ECONOMIC AREA AND GDPR.

Legal Basis for Processing EU Personal Information

Where SparkPost is a controller of data (e.g., when collected via the Websites or for billing purposes for Customers), the legal basis is either legitimate interest or consent depending on the type of information subject to processing and the information we receive from upstream partners.  We may also process data for the performance of a contract with you. Where we rely upon legitimate interest, we have assessed the processing is not high risk, does not involve the processing of sensitive data and will not violate fundamental human rights. With respect to providing the Platform to Customers, SparkPost is a processor of data and the legal basis for processing such data is determined by each Customer.

Data Protection Addendum

While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, if you or your Recipients reside in the European Economic Area, we take many steps to protect your and your Recipients’ privacy, including offering a Data Protection Addendum (DPA), which is available at: https://www.sparkpost.com/policies/DPA.

Cross-Border Data Transfers

SparkPost primarily stores Personal Information in the United States and the European Union (as applicable), in the cloud, our servers, the servers of our Affiliates, or the servers of our Service Providers.  To facilitate our global operations, we may transfer and access such information from around the world.

Privacy Shield Framework

SparkPost participates in and has certified its compliance with the EU-U.S.  Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles.  To learn more about the Privacy Shield Frameworks, and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.  A list of Privacy Shield participants is maintained by the Department of Commerce and is available at: https://www.privacyshield.gov/list.

We comply with the Privacy Shield Principles for all onward transfers of Personal Information from the EU and Switzerland, including the onward transfer liability provisions.  SparkPost is responsible for the processing of Personal Information it receives under the Privacy Shield and subsequently transfers to a Service Provider acting as an agent on its behalf.  SparkPost requires third parties and Service Providers to which it discloses Personal Information to protect Personal Information using substantially similar standards to those required by SparkPost and at least the same level of privacy protection as is required by the Privacy Shield Frameworks and this Privacy Policy.  SparkPost shall remain liable under the Privacy Shield principles if its Service Provider(s) Processes such Personal Information in a manner inconsistent with the Privacy Shield principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S.  Federal Trade Commission. In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If your Personal Information was received in reliance on either Privacy Shield Framework and you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider JAMS, at no cost to you, at https://www.jamsadr.com/eu-us-privacy-shield.  Under certain conditions, more fully described on the Privacy Shield website, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration after other dispute resolution procedures have been exhausted.

EU Data Subject Rights

The General Data Privacy Regulation (“GDPR”) affords additional rights to EU data subjects.  Those rights include the right to complain to EU Supervisory Authorities and the right to access, receive a copy of, correct, delete, block, and limit or object to the processing of your Personal Information processed by SparkPost.  Where otherwise permitted by applicable law, you may contact us at privacy@sparkpost.com to request access to, receive, port, restrict Processing, seek rectification or request erasure of Personal Information held about you by SparkPost.  Such requests will be carried out in accordance with applicable laws. Although SparkPost makes good faith efforts to provide you with access to your Personal Information, there may be circumstances in which SparkPost is unable to provide access, including for example, where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where it is commercially proprietary.  If SparkPost determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, SparkPost will take reasonable steps to verify your identity before granting access to or making any changes to your Personal Information.

Access Rights for Recipient Personal Information

As a data processor for our Customers, SparkPost Processes data in connection with the Platform, which may include Recipient Personal Information on behalf of our Customers.  We will not use, share, distribute, or reference any such Recipient Personal Information except as provided in the applicable agreement between us and our Customer, or as may be required by law.  If Personal Information pertaining to you as an individual has been submitted to us by a Customer as Recipient Personal Information and you wish to exercise any rights you may have to access, receive, port, restrict Processing, seek rectification, or request erasure, please inquire with the applicable Customer directly.  Because SparkPost personnel have a limited ability to access Recipient Personal Information, if you wish to make your request directly to SparkPost, please provide the name of the applicable SparkPost customer as part of that request. We will refer your request to that Customer and will support them as needed in responding to your request within the timeframe required by applicable law.

RETENTION.

SparkPost retains the Personal Information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.  For Personal Information provided by Customers such as Recipient Personal Information, SparkPost processes such information as directed by each Customer.

SECURITY.

We take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the Processing and the nature of the Personal Information.

Our credit card processing vendor uses security measures to protect your information both during the transaction and after it is complete.  Our vendor is certified as compliant with card association security initiatives, including the Visa Cardholder Information Security and Compliance (CISP), MasterCard® (SDP), and Discovery Information Security and Compliance (DISC).  We also perform annual SOC II audits. If you have any questions about the security of your Personal Information, you may contact us at security@sparkpost.com.

SparkPost accounts require a username and password to log in.  You must keep your username, password, and API key(s) secure, and never disclose them to a third party.  If you have reason to believe that your passwords or Personal Information is no longer secure, please promptly notify us at security@sparkpost.com.

ACCOUNTABILITY.

If after reviewing this Privacy Policy, you would like to submit a request or you have any questions or privacy concerns, please contact us at privacy@sparkpost.com.  SparkPost will address your concerns and attempt to resolve any privacy issues in a prompt manner.  If you are an EU or Swiss citizen and feel that SparkPost is not abiding by the terms of this Privacy Policy, please contact SparkPost at the contact information provided above.  If any request remains unresolved, you may contact the national data protection authority for your EU Member State.

OTHER RIGHTS AND IMPORTANT INFORMATION.

Children

Due to the nature of SparkPost’s business, our Services are not marketed to minors.  SparkPost does not knowingly solicit or collect Personal Information from children under the age of 13 (and in certain jurisdictions under the age of 16).  This applies to any Personal Information directly collected by us but does not apply to the Personal Information provided to us by third party services and organizations or from our Customers regarding their Recipients (please refer to the terms of their respective privacy policies).   If we learn that we have collected Personal Information from a child under the age of 13 (and in certain jurisdictions under the age of 16) in relation to the Services, we will promptly delete that information.

California Privacy Rights

California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties.  If you are a California resident and would like to make such a request, please submit your request to privacy@sparkpost.com.

Links to Third Party Websites

Our Websites include links to other websites, whose privacy practices may be different from ours.  If you submit Personal Information to any of those websites, your information is governed by such websites’ privacy policies.  We encourage you to carefully read the privacy policy of any website you visit.

Changes

SparkPost may update this Privacy Policy from time to time as it deems necessary in its sole discretion.  SparkPost will provide notification of any material changes to this Privacy Policy through the Website or as otherwise required by applicable law.  We encourage you to review this Privacy Policy periodically to be informed regarding how SparkPost is using and protecting your information and to be aware of any policy changes.  Your continued relationship with SparkPost after the posting or notice of any amended Privacy Policy will constitute your agreement to be bound by any such changes. Any changes to this Privacy Policy take effect immediately after being posted or otherwise provided by SparkPost.

Contact Us

If you have any questions about this Privacy Policy or the Services, please contact us directly at: privacy@sparkpost.com.  Written inquiries may be addressed to: SparkPost, Attn: Privacy, 9160 Guilford Road, Columbia, MD 21046, USA.  If you’re located in the European Economic Area and have data protection questions, you may contact our Data Protection Officer at privacy@sparkpost.com.

v3.1 May 14, 2019

Previous version (v3.0 April 2, 2018)