Last Updated: December 31, 2019
California Residents: Click here to see our additional privacy information for California residents.
Your privacy is of the utmost importance to PagerDuty, Inc. (“PagerDuty” or “we”) and we take our obligations regarding your privacy seriously.
We adhere to the EU-U.S. Privacy Principles and Swiss-U.S. Privacy Principles with respect to the personal data of residents of the European Economic Area (“EEA“) and Switzerland respectively who access and use our Online Services and whose personal data we collect in reliance on each Privacy Shield Framework. PagerDuty is certified with the EU-U.S. and Swiss-U.S. Privacy Shield maintained by the U.S. Department of Commerce and our participation status can be viewed here.
- What Data We Collect
PagerDuty collects the following types of PII:
- Information Provided by Website Visitors.
If you decide to sign up for information from us, schedule a demo, or create an account to use the Service, PagerDuty may collect the following PII from you: (1) first and last name, (2) organization name, (3) email address, (4) phone number, and (5) where applicable, a user-generated password for your account. If you provide us with feedback or contact us via email (e.g., in response to an employment opportunity posted on our Website), we will collect your name and email address, as well as any other content or information included in or attached to your email, in order to send you a reply. If you purchase services or products from us, we will also collect payment account and other financial information.
- Information We May Collect via Technological Means.
Our servers, which may be hosted by a third-party service provider, may collect certain technical data about your device and software, including your browser type, operating system, IP address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a time stamp of your visit. We automatically gather this data and store it in log files each time you visit our website or access your account on our network. Unless you have provided PII in connection with your use of the Online Services, such technical data cannot reasonably be used to identify you. We may also directly collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends in connection with the Online Services. We collect and use this analytics information in aggregate form such that it cannot reasonably be used to identify any particular individual user.
- Cookies, web beacons and other tracking technologies.
- Performance Cookies: These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.
- Functional Cookies: These cookies allow the provision of enhance functionality and personalization, such as videos and live chats. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these functionalities may not function properly.
- Targeting Cookies: These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. They work by uniquely identifying your browser and device. If you do not allow these cookies, you will not experience our targeted advertising across different websites.
- Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work then.
You may update your Cookie preferences anytime here. We may link the information we store in cookies or through other mechanisms to the PII you submit while using our Online Services. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Online Services. You can remove persistent cookies at any time by following the directions in the “Help” section of your Internet browser. You can also disable all cookies on your Internet browser. For details, see www.aboutcookies.org. If you choose to disable cookies, be advised that some components of our Online Services may not work properly.
- Information Provided by Website Visitors.
- Information Gathered From Your Mobile Device.
When you download and use our Apps, we automatically collect information on the type of mobile device you use and operating system version. We do not ask for, access or track any specific location information from your mobile device at any time while downloading or using Apps, but we may infer your general geographic location based on your IP address. Our Apps may send push notifications. If you no longer wish to receive such push notifications, please turn them off at the device level.
- Information Gathered From Your Mobile Device.
- How We Use the Data We Collect.
In summary, we use your PII to respond to your requests, provide, secure and enhance the Online Services, and comply with our legal obligations. In particular, PagerDuty uses your PII for the following purposes as necessary and as permitted by applicable law:
- Facilitate the creation of and secure your account on our Online Services;
- Identify you as a user of our Online Services;
- Provide and administer your use of the Online Services;
- Personalize and improve the quality of your experience when you interact with our Online Services;
- Send you a welcome e-mail to verify ownership of the e-mail address provided when your account was created;
- Send you administrative e-mail notifications, such as security or support and maintenance messages;
- Respond to your inquiries and requests;
- Provide you with hardcopy or electronic newsletters, or surveys;
- Determine which of our products and services may be of interest to you or your business;
- Send you information about upgrades and special offers related to our Online Services;
- Comply with applicable laws and regulatory requirements;
- Respond to lawful requests, court orders and legal process; and
- Protect our legal interests or those with whom we do business.
We may generate reports that contain aggregate data about usage of our Online Services and similar topics. In such instances, we use aggregate data that cannot be used to reasonably identify any individual and which contains no PII.
- Information Sharing and Disclosure
To the extent permitted by applicable law, PagerDuty may disclose your PII in the following circumstances:
- Service Providers.
We may engage our affiliates or third-party companies or individuals to support us in connection with the purposes listed above, such as to provide IT services, process payments or contact users where an alert is triggered.
- Law Enforcement.
It may be necessary − by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence − for PagerDuty to disclose your PII. We may also disclose your PII if we determine disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users.
- Business Transfer.
We may share your PII if PagerDuty engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of PagerDuty’s assets, financing acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
- Service Providers.
We may also disclose your PII with your prior informed consent. Service providers acting on our behalf are obliged to adhere to confidentiality requirements no less protective than those set forth herein and will only receive access to your PII as necessary to perform their functions.
PagerDuty adheres to the Privacy Shield Principle of Accountability for Onward Transfer. We may transfer PII (including personal data about residents of the EEA and Switzerland) to our vendors, consultants and other service providers who need access to such PII to carry out work on our behalf. If a third-party service provider providing services on PagerDuty’s behalf processes such PII in a manner inconsistent with the Privacy Shield Principles, PagerDuty will be liable unless we can prove that we are not responsible for the event giving rise to the damages. We may also be required to disclose such PII in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- How We Protect Your Data – Security
We are committed to protecting the security of information received via the Online Services, including PII. We provide reasonable and appropriate administrative, technical, and physical security controls to protect your PII from unauthorized access, use, or disclosure. For example, we use secure socket layer technology (SSL) in connection with our Online Services. We also require you to enter a password to access your account information. Please do not disclose your account password to anyone else. Despite our efforts, no security controls are 100% risk-free, and PagerDuty does not warrant or guarantee that your PII will be secure in all circumstances. To learn more about our current security practices and policies, please view our Security Practices; we keep this document updated as these practices evolve over time.
- Your Data, Your Choice
- Ability to Edit or Delete Your Personal Information.
You may edit any of your PII in your account on the Online Services, including contact information and/or notification settings, by editing your account profile. You may also request that we delete your account information by sending an email to email@example.com, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). PagerDuty will respond to such requests within thirty (30) days or sooner if required by applicable law. When we delete account information, it will be deleted from the active database, but may remain in our archives for a limited amount of time. We will otherwise retain your information for as long as your account is active, as needed to provide you with the Online Services you have requested, or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
- Information Processed Under the Direction of Customers.
If an organization has registered for the Services (a “Customer“) and your PII has been collected by PagerDuty as a result of such organization’s use of the Services, PagerDuty collects and processes any such PII of yours under the directions of the relevant Customer. If these circumstances apply to you and you wish to access, edit, delete or exercise any rights you may have under applicable data protection laws with respect to any PII that we have collected about you, please direct your query to the relevant Customer as this may expedite the completion of your request. We nevertheless provide reasonable assistance to our Customers to give effect to data subject rights as appropriate and required by applicable laws.
- Links to Third-Party Sites
- EU-US Privacy Shield and Swiss-US Privacy Shield
- PagerDuty has registered its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework and is awaiting final confirmation by the US Department of Commerce. PagerDuty is committed to subjecting personal data received from the EEA and Switzerland, respectively, in reliance on each Privacy Shield Framework to the EU-U.S. Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles. We also receive some data in reliance on other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.
- With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, PagerDuty is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
- If you have an unresolved privacy complaint, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/. If you are located in the EEA or Switzerland and have exhausted all other means to resolve your concern regarding a potential violation of PagerDuty’s obligations under the relevant Privacy Shield Principles, you may seek resolution via binding arbitration.
- Additional Information for California Residents
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).
- How We Source, Use, and Disclose Information for Business Purposes
The following chart details the categories of personal information we collect, the sources of such personal information, and how we use and share such information for business purposes.
Please note if you are a California resident, please see the “Additional Information for California Residents” section below for information about your privacy rights under California law.
|Categories of Personal Information Collected||Sources of Personal Information||Purposes for Use of Personal Information (see “How We Use the Data We Collect” for more information)||Disclosures of Personal Information for Business Purposes (see “Information Sharing and Disclosure” for more information)|
|Contact information (e.g., name, email address, phone number)||
|Financial and transactional information (e.g., payment account information and purchase history)||
|Login information (e.g., your account name and password)||
|Employment information (e.g., employer, position, employment history)||
|Device and online identifier information (e.g., IP address, browser type, operating system, general location inferred from IP address, and similar information)||
|Service usage information (e.g., the dates and times you use the services, how you use the services, and the content you interact with on the services)||
- Your California Privacy Rights.
If you are a California resident, the CCPA allows you to make certain requests about your personal information. Specifically, the CCPA allows you to request us to:
- Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information.
- Provide access to and/or a copy of certain personal information we hold about you.
- Delete certain personal information we have about you.
- Provide you with information about the financial incentives that we offer to you, if any.
The CCPA further provides you with the right not to be discriminated against (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide our services to you. We also will take reasonable steps to verify your identity before responding to a request. In doing so, we may ask you for verification information so that we can match at least two verification points with information we maintain in our files about you. If we are unable to verify you through this method, we shall have the right, but not the obligation, to request additional information from you.
Please also note that if your personal information has been collected by PagerDuty as a result of a Customer’s (as defined above) use of our services, PagerDuty collects and maintains your personal information under the directions of the relevant Customer. If these circumstances apply to you and you wish to access or delete any personal information that we have collected about you, please direct your query to the relevant Customer as this may expedite the completion of your request. We nevertheless provide reasonable assistance to our Customers to give effect to consumer choices as appropriate and required by applicable laws.
If you would like further information regarding your legal rights under California law or would like to exercise any of them, or if you are an authorized agent making a request on a California consumer’s behalf, please contact us at firstname.lastname@example.org or by using the webform here.
The CCPA provides certain rights if a company “sells” personal information, as such term is defined under the CCPA. We do not engage in activities that would be considered “sales” under the CCPA.
Shine the Light Disclosure: The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.
- Additional information for Nevada residents
Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration (as such terms are defined under Nevada law) to a person or that person to license or sell such information to additional persons. We do not engage in such activity; however, if you are a Nevada resident and you have purchased products or services from us, you may submit a request to opt out of any potential future sales under Nevada law by emailing us at email@example.com. Please note we may take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.
- Information about Children.
Our Online Services are not intended for use or access by children or minors. PagerDuty does not knowingly collect or solicit information from anyone under the age of thirteen (13). If you believe PagerDuty has inadvertently collected information about a child under the age of thirteen (13), please contact us at firstname.lastname@example.org immediately using the contact information below.
- Contact Us
Attn: Legal Department
Townsend St. #200
San Francisco, CA 94103 USA
Supplemental GDPR Privacy Statement
|Scope: This Supplemental GDPR Privacy Statement is relevant to any individual located in the European Economic Area who uses or visits PagerDuty’s Online Services where these services directly link to this Supplemental GDPR Privacy Statement.
This Supplemental GDPR Privacy Statement does not cover any other data collection or processing, including, without limitation, through other PagerDuty websites or online services that do not display a direct link to this Supplemental GDPR Privacy Statement, or through third-party websites.
Effective: May 25, 2018
European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR“), requires PagerDuty to provide additional and different information about its data processing practices to data subjects in the European Economic Area (“EEA“). If you are accessing the Online Services from a member state of the EEA, this Supplemental GDPR Privacy Statement applies to you.
PagerDuty, Inc., 600 Townsend St., #200, San Francisco, CA 94103, is the data controller. Its representative in the EU is PagerDuty Ltd. and can be contacted at email@example.com.
As exceptions, PagerDuty relies on your consent with respect to cookies that are not strictly necessary and direct marketing emails per Article 6(1)(a) of the EU GDPR; and pursues legitimate interests under Article 6(1)(f) of the EU GDPR with respect to situations where PagerDuty needs to process your personal data to comply with applicable laws (as a U.S.-based company, PagerDuty is subject to U.S. laws and must comply with them) or processes your personal data to improve our business and Online Services.
Personal Data Transfers outside of the EEA. PagerDuty may transmit some of your personal data to a country where the data protection laws may not provide a level of protection equivalent to the laws in your jurisdiction, including the United States. As required by applicable law, PagerDuty, Inc. will provide an adequate level of protection for your personal data using various means, including, where appropriate:
- relying on a formal decision by the European Commission that a certain country ensures an adequate level of protection for personal data (a full list of such decisions may be accessed online here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm);
- entering into appropriate data transfer agreements based on language approved by the European Commission, such as the Standard Contractual Clauses (2010/87/EC and/or 2004/915/EC), which are available upon request at firstname.lastname@example.org;
- implementing appropriate physical, technical and organizational security measures to protect Personal Data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing; and
- taking other measures to provide an adequate level of data protection in accordance with applicable law.
Any onward transfer is subject to appropriate onward transfer requirements as required by applicable law.
Data Retention. PagerDuty keeps personal data as long as required to provide the Online Services you have requested or registered for and comply with applicable laws.
Data Subject Rights. You have a right to request from PagerDuty access to and rectification or erasure of your personal data or restriction of processing concerning you, as well as the right to data portability under the EU GDPR. You also have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. In general, you have the right to object to our processing of your personal data for direct marketing purposes. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. You can exercise such rights by accessing the information in your account, submitting a request here, and/or by emailing email@example.com.
If you have provided consent for cookies that are not strictly necessary, direct marketing emails or other data processing based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You have the right to lodge a complaint with a supervisory authority.
Your Choices. You are not required to provide any personal data to PagerDuty but if you do not provide any personal data to PagerDuty, you cannot use the Online Services. You can use the Online Services without consenting to cookies that are not strictly necessary or direct marketing emails; the only consequence is that our Online Services will be less tailored to you or you will not receive our marketing emails. Cookie preferences can be changed by clicking here.
Profiling. PagerDuty does not use in connection with the Online Services automated decision-making, including profiling, in a way that produces legal effects concerning you or which significantly affects you.