- Developer Hub
- SparkPost API
- Free Tools for Email Teams and Developers
- Slack Channel
- User Guides & Migrations
- Submit a Ticket
- SparkPost Academy
- Email Deliverability Resources
- Email Explained
- White Papers & Guides
- Webinars & Videos
- SparkPost vs. SendGrid
- Customers Stories
- Contact Us
Personally Identifiable Information
We collect personal information (“personally identifiable information“ or “PII”) about users of the Site and/or Services. In general, that means we collect PII about you when you provide it to us for the reason you provided it to us. The other instances in which we may collect and use PII are described below.
We may collect PII when you do any of the following:
- register as a user of the Site and/or the Services;
- use the Services to send email or other digital messages;
- use the Site to communicate with or otherwise interact with other users, our staff, or other persons who are permitted to interact with and use the Site (such as support personnel or services);
- participate in any contests, sweepstakes, surveys, user panels, focus groups or other interactive services on or related to the Site;
- visit or participate in forums or other discussions that we host or provide; or
- submit your contact information to us for the purpose of being contacted regarding our Services and for us to provide customer support.
We may collect the following PII:
- your contact information (e.g., your name, physical address, mailing address, email address, digital message address, and phone and fax numbers);
- your billing information (e.g., credit card information, billing address, etc.);
- your demographic and survey information (e.g., job function, title, topics of interest, purchase interest level, survey responses, and information solicited through online registration forms);
- your history as our customer (e.g., your order(s), payment history, Site and Services usage, promotional history, inquiries, and responses); and
- all content posted in public areas (e.g. online forum posts, comments on blog posts, articles, or other content on community areas, etc.). NOTICE: In order to maintain standards for online conduct in public areas we provide and/or sponsor, we may remove or appropriately edit/redact an inappropriate posting when we find it.
We may use your PII in the following ways:
- to respond to your inquiries and fulfill your requests, such as to send you newsletters, reports, or other communications;
- to send administrative information to you, for example, information regarding the Services and changes to our terms, conditions, and policies as well as notice regarding compliance actions we may take;
- to complete and fulfill your subscription purchase, for example, to process your payments, communicate with you regarding your subscription purchase and provide you with related customer service or technical support;
- to send you marketing communications that we believe may be of interest to you (including announcements about new services or products, featured editorial content, co-sponsored products, events, special sales and promotions, and more);
- to personalize your experience with the Services by presenting products and offers tailored to you;
- to allow you to participate in sweepstakes, contests and similar promotions and to administer these activities. Some of these activities have additional rules, which could contain additional information about how we use and disclose your PII, so we suggest that you read these rules carefully;
- to facilitate social sharing functionality;
- to allow you to send messages through the Services. By using this functionality, you are telling us that you are entitled to use and provide us with your recipients’ name and email address or other digital sending and receiving address; and
- for our business purposes, such as data analysis, audits, fraud monitoring and prevention, development of new products, enhancing, improving or modifying our Services, identifying usage trends, determining effectiveness of our promotional campaigns and operating and expending our business activities.
We may disclose your PII to the following:
- to our third-party contractors who maintain the Site and assist us with providing the Services. Such contractors who may have access to your PII include providers of services, such as website hosting, server hosting, data analysis, payment processing, subscription entitlement management, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, credit card processing, auditing, content scanning and other similar services. They are permitted to access and use your PII solely and exclusively in performance of their duties to us or to comply with applicable laws, and they owe us either direct employment duties, or they have signed confidentiality agreements, such that they are obligated to keep your PII confidential; and
We may also disclose your PII in the following circumstances:
- Audits and Business Operation. We are subject to various audits by accountants, clients, and government regulators. In the course of such audits, such auditors may come into contact with PII. Where possible, we require such auditors to keep confidential and not disclose PII consistent with law. In certain governmental audits, we may not be able to require such confidentiality. In addition, we may disclose PII to our attorneys as may be required to obtain legal advice about our and your legal rights and obligations.
- Government and Litigation Requests. We reserve the right to use or disclose PII in connection with: (i) legal proceedings or preparations therefore; (ii) to respond to judicial or other government process such as court orders, subpoenas, requests for discovery and similar litigation relation requirements; (iii) to provide information to law enforcement agencies or for an investigation on a matter related to public safety; and (iv) in general to comply with applicable laws, government requests and court orders. We may elect to make these disclosures even if we have not received a subpoena, if we believe in good faith that we have a legal obligation to do so, or if we believe that our failure to do so may result in liability to us, or a violation of law. If we receive a subpoena or other legal demand for your PII, we may endeavor to notify you of the subpoena or demand by contacting you at the current email address that we have for you. However, we cannot promise that we will always be able to send you a notice, that we will attempt to contact you if the email we send fails to get to you, that we will be able to send you the notice before we turn over your information, or that we will resist the request. Unless prohibited by applicable law or other obligations we owe you, we retain the right to impose upon you a reasonable charge for certain requests for your information or data.
- Change of Control. If we were to undergo a merger, acquisition, corporate reorganization or recapitalization, divestiture, sale of substantially all of our assets, bankruptcy, or other change in control (in each case which may be in respect of the division that administers the Site or the Services, and not necessarily the entire company), PII may be used or disclosed in connection with those activities, which may include the entire transfer of our database of PII to such successor or assignee entity.
We use the information collected by cookies in the following ways:
- to deliver, improve and develop services. We may use anonymous information that we gather to provide and improve the Services and/or the Site for all of our users, and to help us develop and implement other services and products in the future. For example, drawing from a large pool of anonymous data regarding the success of our Services to deliver messages may allow our Services to improve deliverability success for all of our users.
- to advertise our services. We may use anonymous information we gather to advertise the performance and other value derived from the use of our Services.
- to write data-supported articles related to best-practices and other literature regarding messaging.
You may choose to accept or reject cookies from the Site at any time by activating the applicable settings on your Internet browser. Information about the procedures to follow in order to enable or disable cookies can be found on your Internet browser provider’s website. You may wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html for information on commonly used browsers. Please be aware that if cookies are disabled, not all features of the Site may operate as intended. For more information on cookies, you can visit the US Federal Trade Commission’s website at: https://www.ftc.gov/site-information/privacy-policy/internet-cookies. Please note that we do not support or endorse any of the products or services listed at such websites.
The Site is not intended for use by minors (natural persons under the age of 18). We do not knowingly solicit data online from, or market online to, anyone under the age of 18. If we learn that we have obtained personally identifiable information online in error about anyone under the age of 18, we will delete that information as soon as we can. We encourage parents to supervise their children so that they do not disclose any PII about themselves in any of our public discussion areas. We cannot prevent minors from visiting the Site. We must rely on parents, guardians and those responsible for supervising anyone under the age of 18 to decide which materials are appropriate for such children to view and/or purchase. Pursuant to 47 U.S.C. Section 230(d), as amended, we hereby notify you that parental control protections (such as computer hardware, software or filtering services) are commercially available that may assist you in limiting access to material that is harmful to minors. Information identifying current providers of such protections is available at the US Federal Trade Commission’s OnGuard Online website at: http://onguardonline.gov/. Please note that we do not support or endorse any of the products or services listed at such websites.
Message Systems, Inc., d/b/a SparkPost is responsible for writing this policy and for its compliance with it. The person who is primarily responsible for our oversight and compliance with this policy is the Privacy Officer. Anyone who has a question, comment, or complaint about this policy should contact the Privacy Officer:
A request should include sufficient contact information, such as name, address, telephone number, and email address. We promise to make a good faith attempt to resolve any complaint or problem you bring to our attention.
Changes and Updates
**Ver 2.0 August 26, 2016
The categories of cookies we apply are described below:
- Essential Cookies. these cookies enable you to navigate the Site and to use the Services or features. Without these absolutely necessary cookies, the Site may not perform as smoothly for you as we would like it to and we may not be able to provide the Site or certain Services or features.
- Preference Cookies. these cookies collect information about your choices and preferences, and allow us to remember language or other local settings and customize the Site accordingly.
- Social Media Cookies. these cookies collect information about your social media usage. These cookies collect information about your activities on social media sites to provide you relevant content.
- Analytics Cookies. these cookies collect information about your use of the Site, and enable us to improve the way it works. For example, analytics cookies show us which are the most frequently visited pages on the Site, help us record any difficulties you have with the Site, and show us whether our marketing is effective or not. This allows us to see the overall patterns of usage on the Site, rather than the usage of a single person. We use the information to analyze the Site traffic, but we do not examine this information for individually identifying information.
- Advertising Cookies. these cookies are set to display targeted promotions or advertisements based upon your interests on the Site or to manage our advertising. These cookies collect information about your activities on this and other sites to provide you targeted advertising.
The following is a list of cookies that we use and a brief description of them:
Cookie Name momentumApplication-auth Category Essential Purpose This cookie stores a temporary API token that is used for subsequent calls from our Web User Interface (UI) to our application programming interface (API) Cookie type Persistent cookie — Expires after 24 hours Responsible Party SparkPost Cookie Name momentumApplication-user Category Essential Purpose This cookie stores username, customer ID (integer), and email for display in our Web UI Cookie type Persistent cookie — Expires after 24 hours Responsible Party SparkPost Cookie Name nrelateInt2 Category Preference Purpose Deliver customized content and features based on user choices and past browsing – used to display additional content user may like when browsing Cookie type Persistent cookie — Expires after 90 days Responsible Party nRelate: http://nrelate.com/privacy-policy/#section4 Cookie Name LiveRamp Category Preference Purpose Deliver customized content and features based on user choices and past browsing – used to present online content that is more likely to match users interests Cookie type Persistent cookie — Expires after 180 days Responsible Party LiveRamp: http://liveramp.com/data-privacy-policy/ Cookie Name _stid, _uset, UID, UIDR Category Social Media Purpose Track members/non-members of social media for behavioral advertising, analytics, market research Cookie type Persistent cookie — Expires after 2 years Responsible Party ShareThis: http://www.sharethis.com/legal/privacy Cookie Name _ga Category Analytics Purpose Analyze audience to improve site design and content – used to distinguish users Cookie type Persistent cookie — Expires after 2 years Responsible Party Google Analytics: https://www.google.com/policies/privacy/ Cookie Name __utma Category Analytics Purpose Analyze browsing activity across sites to establish user profile – used to distinguish users and sessions Cookie type Persistent cookie — Expires after 2 years Responsible Party Google Analytics: https://www.google.com/policies/privacy/ Cookie Name __utmb Category Analytics Purpose Analyze browsing activity across sites to establish user profile – used to determine new sessions/visits Cookie type Persistent cookie — Expires after 30 minutes Responsible Party Google Analytics: https://www.google.com/policies/privacy/ Cookie Name __utmc Category Analytics Purpose Analyze browsing activity across sites to establish user profile – operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit Cookie type Session cookie Responsible Party Google Analytics: https://www.google.com/policies/privacy/ Cookie Name __utmz Category Analytics Purpose Analyze browsing activity across sites to establish user profile – stores the traffic source or campaign that explains how the user reached your site Cookie type Persistent cookie — Expires after 6 months Responsible Party Google Analytics: https://www.google.com/policies/privacy/ Cookie Name __utmv Category Analytics Purpose Analyze browsing activity across sites to establish user profile – used to store visitor-level custom variable data Cookie type Persistent cookie —Expires after 2 years Responsible Party Google Analytics: https://www.google.com/policies/privacy/ Cookie Name __gads Category Advertising Purpose Deliver behavioral/targeted advertising Cookie type Persistent cookie — Expires after 2 years Responsible Party Google DoubleClick: http://www.google.com/intl/en/policies/ Cookie Name Twitter cookies Category Advertising Purpose Deliver behavioral/targeted advertising Cookie type Both, persistent cookie —Expires after 90 days Responsible Party Twitter: https://support.twitter.com/articles/20170514-twitters-use-of-cookies-and-similar-technologies Cookie Name Adroll cookies Category Advertising Purpose Deliver behavioral/targeted advertising Cookie type Both, persistent cookie — Expires after 90 days Responsible Party Adroll: http://www.adroll.com/about/privacy Cookie Name uuid2, uuid2 (opt out), sess, icu, anj, token, acb, PHPSESSID Category Advertising Purpose Deliver behavioral/targeted advertising Cookie type Both, persistent cookies — Expires after 90 days Responsible Party AppNexus: http://www.appnexus.com/cookies Cookie Name Conversion cookie Category Advertising Purpose Measure effectiveness of campaign Cookie type Persistent cookie — Expires after 30 days Responsible Party Google: http://www.google.com/intl/en/policies/technologies/types/
**Ver. 1.2 August 26, 2016
We hereby state:
- Our commitment to be subject to the Principles in regards to all EU-PII received in reliance of the Privacy Shield;
- You may contact us (including any of our Affiliates) with any inquiries or complaints as follows:SparkPost
Message Systems, Inc.
9130 Guilford Road
Columbia, MD 21046
c/o Privacy Officer
or via email:
[email protected] with the subject “PRIVACY INQUIRY”
A request should include sufficient identifying information, such as name, address, telephone number, and email address. We may request additional authentication and verification information from you, including residency verification. HOWEVER, PLEASE DO NOT INCLUDE ANY OTHER PII OR OTHER SENSITIVE INFORMATION IN ANY EMAIL SENT TO US. EMAIL IS INHERENTLY INSECURE AND WE DO NOT GUARANTEE ANY PROTECTION OF EMAIL SENT TO US THAT CONTAINS PII OR OTHER SENSITIVE INFORMATION.
If you are not satisfied with the response of the Privacy Officer, you can appeal to our General Counsel by sending a written letter to:
Message Systems, Inc.
9130 Guilford Rd.
Columbia, Maryland 21046
c/o General Counsel
or via email:
[email protected] with the subject “PRIVACY APPEAL”
- Individuals have a right to access their personal data, as described more fully below in the section entitled “ACCESS;”
- Individuals have the choices and means for limiting the use and disclosure of their personal data, as described more fully below in the section entitled “CHOICES;”
- We have selected JAMS, https://www.jamsadr.com/eu-us- privacy-shield, as the independent dispute resolution body (the “Arbiter“) designated to address your complaints and provide appropriate recourse to you free of charge. JAMS is an alternative dispute resolution provider based in the United States. An individual who decides to invoke this arbitration option must first, prior to initiating an arbitration claim, raise the claimed violation directly with us and afford us an opportunity to resolve the issue within the timeframe set forth in the Principles. If you have exhausted all other means to resolve your concern regarding a potential violation of our obligations under the Principles, you may invoke binding arbitration before the Privacy Shield Panel. For additional information about the arbitration process please visit the Privacy Shield website atwww.privacyshield.gov;
- We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC) and other United States governmental agencies;
- We are required to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; and
- We are liable in cases of onward transfers of your personal information to third parties, as discussed more fully below in the section entitled “ACCOUNTABILITY FOR ONWARD TRANSFER.”
In connection with the above we make the following additional statements and commitments:
We may also maintain publicly available or restricted information (i.e. information shared with a limited set of people such as “friend-only” content) that you have posted. In some cases, we may permit you to modify that information, but in other cases, we may prohibit modification and either allow you to select a configurable option to make the information publicly unavailable via privacy settings or to change the types of people who can review such information. Examples of instances where we may prevent modification: (i) where we have received a notice that such content infringes a third party’s rights; (ii) where we have received a “litigation hold” letter; (iii) where we believe we owe a legal duty to retain the original posting; (iv) where a law enforcement officer demands we preserve our records and; (v) in other similar types of circumstances.
Anyone seeking to know if we have information about them under Privacy Shield or applicable law or who wants access to (or a copy of) his or her personal data can make a request in writing as provided in the section entitled “NOTICE” above.
We will not normally charge you to inspect or receive a copy of the information we maintain about you. We reserve the right, however, to impose reasonable charges for requests that are very detailed, and for repeated requests and to deny or ignore requests we deem to be harassing. If we receive a subpoena or other similar court order or government request relating specifically to your information, we reserve the right to impose on you reasonable charges for responding to such request, unless prevented from doing so by applicable law.
A request for correction should identify the contested information; should state whether the information is incorrect, inaccurate, or incomplete; and should state what information should appear in place of the contested information.
In compliance with applicable laws, we may elect to provide some or all of the PII you requested via electronic means, or to provide an electronic view of your data that we retain.
We do not permit modification of anonymous data, or transactional data for payment transactions, support requests or other relationship related communications, nor may you modify data that is generated merely by operation of your interaction with us, such as tracking, Site use or other similar types of automatically collected information.
Except as noted below, we offer individuals the opportunity to choose (opt out) whether their personal information is: (i) to be disclosed to a third party; or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. We provide clear, conspicuous, and readily available mechanisms to exercise this choice on the site.
We note that we do not provide the above opt out choice when disclosure is made to a third party that is acting as an agent to perform task(s) on behalf of and under the instructions of the organization, where we have entered into a contract with such agent.
With respect to sensitive information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), which we do not collect, but if we ever do collect such information, we will obtain affirmative express consent (opt in) from individuals if such information is to be: (i) disclosed to a third party; or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice. We will also treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.
Accountability For Onward Transfer
We enter into contracts with third-party data controllers, which provide (i) that data subject to the Privacy Shield may only be processed for limited and specified purposes consistent with the consent provided by the individual; and (ii) that the recipient will provide the same level of protection as the Principles and will notify us if it makes a determination that it can no longer meet this obligation and that if such a determination is made, the third-party controller will cease processing or will take other reasonable and appropriate steps to remediate.
We transfer personal data to a third party acting as an agent under the following conditions: (i) for limited and specified purposes; (ii) we ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) we take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles; (iv) we require the agent to notify the us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) we will, upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) we will provide a summary or a representative copy of the relevant privacy provisions of our contract with that agent to the U.S. Department of Commerce (the “Department“) upon request.
We use reasonable, industry-standard precautions, including appropriate technical, administrative, and physical procedures, to protect EU-PII from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Due to the design of the Internet and other factors outside our control, we cannot guarantee that communications between you and our servers will be free from unauthorized access by third parties.
When we share EU-PII with third parties hired to help us with our activities, we require that they provide reasonable security for the information. However, we are not responsible for any breach of security by third parties (except to the extent applicable law or the Privacy Shield provides otherwise).
Data Integrity and Purpose Limitation
Consistent with the Principles, we collect only personal information that is relevant for the purposes of processing it. We do not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. We take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. We will adhere to the Principles for as long as we retain such information.
We retain information that is in a form identifying or making identifiable the individual only for as long as it serves a purpose of processing within the meaning of the Principles. This obligation does not prevent us from processing personal information for longer periods for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis. In these cases, such processing shall be subject to the other Principles and provisions of the Privacy Shield Framework and we will take reasonable and appropriate measures in complying with this provision.
Recourse, Enforcement and Liability
We provide readily available independent recourse mechanisms by which each individual’s complaints and disputes are investigated and expeditiously resolved at no cost to the individual and by reference to the Principles, and we acknowledge that we will be liable for damages awarded where the applicable law or private-sector initiatives so provide. Specifically these independent recourse mechanisms are: (i) compliant with private sector developed privacy programs that incorporate the Privacy Shield Principles into their rules and that include effective enforcement mechanisms of the type described in the Recourse, Enforcement and Liability Principle; (ii) compliant with legal or regulatory supervisory authorities that provide for handling of individual complaints and dispute resolution; and (iii) commited to cooperating with European Union data protection authorities (“DPAs”) or their authorized representatives.
Specifically, we commit to cooperate with the DPAs, including but not limited to cooperating with the DPAs in the investigation and resolution of complaints brought under the Privacy Shield and complying with any advice given by the DPAs where the DPAs take the view that we need to take specific action to comply with the Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and we further agree to provide the DPAs with written confirmation that such action has been taken.
We have procedures to follow-up to verify that the attestations and assertions we make about our privacy practices are true and that privacy practices have been implemented as presented and, in particular, with regard to cases of non-compliance. Note that we are currently verifying compliance with the Principles through self-assessment, however, we may later elect for third party verification. In connection with such self-assessment, we state we have in place procedures for: (i) training employees in implementation of the Principles; (ii) disciplining them for failure to follow them; and (iii) periodically conducting objective reviews of compliance with the above.
In creating, maintaining, using or disseminating personal information, we commit to taking reasonable and appropriate measures to protect such personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
We agree to remedy problems arising out of failure to comply with the Principles and we state our adherence to such Principles.
We agree that we will respond promptly to inquiries and requests by the Department and EU member states for information relating to the Privacy Shield and our compliance with it.
We will follow the terms set forth in Annex I to the Privacy Shield, provided that an individual has invoked binding arbitration by delivering notice to us and following the procedures and subject to the conditions set forth in Annex I. Note that terms set forth in Annex I to the Privacy Shield may be subject to the procedures of our designated Arbiter.
**Ver 1.0 August 26, 2016SparkPost © 2018 All Rights Reserved