Sift Science Service Privacy Notice
Last Updated: December 15, 2017
Part I. General Information
Our commitment to privacy
Sift Science, Inc. (“Sift Science”, “we” or “us”) helps online businesses (our “Customers”) detect and address fraud and other malicious behavior on their digital properties. In doing so, we collect information about how Internet users (“Users”) interact with our Customers’ digital properties such as their websites and mobile applications (their “Customer Sites”). We keep privacy firmly in mind when developing, designing and operating our cloud-based, machine-learning platform that is used to predict user intent and prevent fraudulent activity in real time ("the Sift Service").
Introduction to Sift Science
Our Customers then decide what action to take, or not to take, based on the Risk Assessment. For example, they may choose to block a transaction if they believe there is a high risk of it being a fraudulent transaction. Customers also provide us with ongoing feedback on the accuracy of the Risk Assessment by reviewing transactions and activity for fraud.
Part II. Raw Data and How We Use It
Service Data that our Customers provide to us
Our Customers decide the types / format of Service Data they wish to send to Sift Science for analysis using the Sift Service. We encourage Customers to work closely with the Sift Science solutions and support teams to assess the utility of the specific Service Data they send to us. Our goal is to help Customers assess whether certain activity is problematic, for example, helping to assess the likelihood that payment information has been stolen or that a User’s identity is false.
Specifically, Customers may send Sift Science personal information provided by Users, such as email addresses, billing addresses, shipping addresses, user login name, and telephone numbers. Customers may send us information about specific User behavior on their Customer Sites, including the IP address of the device used, the pages navigated by the User, time of login/logout, items viewed, added to cart or purchased. Customers may send data points about the form of payment, such as order amount, payment method, partial credit card numbers, and order status.
In addition, Customers may provide us with information about correspondence or commentary that Users leave on their Customer Sites (e.g. private messages, forum posts, product reviews). This information helps Sift catch unsolicited content so that our Customers can operate cleaner services.
Similarly, in connection with their mobile applications, Customers may integrate with Sift-provided SDKs to help prevent fraud that may occur through their applications. The SDKs may enable Sift to collect more precise information about the user's location, such as GPS (if the location settings allow it) and IP address. Additionally, the SDK may collect phone-related metadata (e.g. battery level, device properties, carrier name, motion and proximity information) and unique device identifiers.
The security of all of the Service Data we receive is protected by Sift as further described below.
Part III. Other Information We Collect and How We Use It
Information we collect from Customers (the “Customer Information”)
We will collect information about each Customer when they register for the Sift Service, such as company name, URL, fraud-related information, and company size. We also collect personal information of those individuals that represent Customer in connection with the use of the Sift Service, such as full name, email address, phone number. We will use that information for correspondence concerning Customer’s use of the Sift Service.
If the Customer pays buy credit card, our payment processor will collect that information (Sift does not store full credit card data). We will also collect billing contact information. Such information is used for billing purposes.
We may also use the information you provide to us for our marketing purposes. Any recipients of marketing information will always be able to opt-out of receiving marketing information at any time (see the "Unsubscribe from Our Mailing List" section below).
How we use Customer Information we collect
We may use Customer Information to:
- provide and bill for the Sift Service;
- analyze Customers' use of the Sift Service for business analytics and to improve the Sift Service;
- send Customers technical alerts, updates, security notifications, and administrative communications;
- send Customers marketing information in accordance with their marketing preferences, and
- for any other purposes about which we notify Customers.
Part IV. Sharing and Disclosure to Third Parties
Vendors, consultants and other service providers: We may share Customer and User information with third party vendors, consultants and other service providers who are working on our behalf and with whom the sharing of such information is necessary to undertake that work, e.g. to process billing or to provide customer support. Prior to sharing data with a vendor, Sift Science assesses the vendor’s security controls to ensure the data is adequately protected.
Data enrichment: We may share minimal Service Data (e.g. email addresses) with select third-party vendors for data enrichment purposes. Enriching data allows us to provide a richer subset of data from which to make more informed fraud risk assessments. For example, we share select user email addresses with a third party to obtain links to publicly-available social profiles. Prior to sharing data with any data enrichment vendor, Sift Science assesses the vendor’s security controls to ensure the data is adequately protected.
Compliance with laws: We may disclose Customer Information and Service Data to a third party where we are legally required to do so in order to comply with any applicable law, regulation, legal process or government request.
Vital interests and legal rights: We may disclose personal information if we believe it necessary to protect the vital interests or legal rights of Sift Science, our Customers or the rights or property of others.
Part V. International Transfer
Processing of information in the U.S.; International Data Transfer Compliance
Sift Science will work with Customers across the world to provide the contractual protections needed for Customer’s compliance with the laws of their jurisdiction.
EU-US and Swiss-US Privacy Shield Frameworks
With respect to personal information concerning individuals in the EU and Switzerland, we comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce. Please see our Privacy Shield Notice to learn more.
Part VI. Security
We use appropriate technical and organizational security measures to protect personal information processed as part of the Sift Service against unauthorized access, disclosure, alteration, and destruction.
For the latest information about the controls we have in place to safeguard customer information, view our Security and Privacy Overview.
Part VII. Individual Privacy Rights
We provide all Customers and Users with the opportunity to access, review, modify, and delete any personal information included in the Customer Information or Service Data, as required by applicable law. You can send an email to email@example.com.
Unsubscribe from our mailing list
Individuals may at any time ask us to remove their details from any mailing list on which they previously asked us to include them by clicking "Unsubscribe" in any e-mail communications we send to them. If individuals have any questions in relation to the "Unsubscribe" process, we will respond to those questions when sent to firstname.lastname@example.org or the physical address set out below.
Part VIII. Other Important Information
Change to this policy
Sift Science, Inc.
Attn: Privacy Officer
123 Mission Street, 20th Floor
San Francisco, CA 94105