Privacy Policy
Effective Date: April 28, 2023
This Privacy Policy covers Duboce Labs, Inc. dba pganalyze (“pganalyze”) (“pganalyze,” “we,” “us,” “our”) policies on the collection, use, and disclosure of personal information and data (as defined by applicable law, including, but not limited to, the California Consumer Privacy Act of 2018, Civil Code sections 1798.100 et seq (“CCPA”) and the Virginia Consumer Data Protection Act of 2021, as amended, VA Code Title 59.1 a chapter numbered 52, consisting of sections numbered 59.1-571 through 59.1-581 (“VCDPA”) (collectively referred to as “Personal Information”) when visitors and customers (collectively “Users”) access, use, or otherwise interact with pganalyze.com (the “Site”) and/or receive access to downloadable pganalyze software (collectively with the Site, the “Services”).
pganalyze is a Delaware corporation with offices in the United States. pganalyze collects Personal Information and processes, transfers and stores data within the United States.
Section 8 is intended to provide the Notice of Collection required under the California Consumer Privacy Act.
1. Information Collected by pganalyze
Account Creation Information: When creating an account, users must register either by providing their name, email and a password, through their existing Google account, or through single-sign on through a third party user authentication service. Account creation information will be utilized to (i) verify your account upon account creation, (ii) provide information regarding our services, (iii) to provide service-related communications, and (iv) communicate material changes to our Terms of Service and Privacy Policy.
Payment Processing: pganalyze will collect (but does not store, see Section 2 below) credit card information (including credit/debit card number, expiration date, verification code and billing name and address) to process Services-related payments.
Services-Related User Information: To utilize and facilitate the provision of Services, pganalyze collects from a user’s database(s) OS performance data, database schema, error logs, and information about queries that have been run. pganalyze may also use such data in aggregate form, that is, as a statistical measure to improve our Services, and not in a manner that would identify you personally.
Log Data: pganalyze may collect Log Data based on a user’s access to the Site and Services, including, but not limited to IP addresses, system configuration information, and other information about traffic to and from the Site.
Web Beacons. Pages of our Site and/or emails from pganalyze may contain small electronic files known as web beacons that permit pganalyze, for example, to count users who have visited those pages or opened an email and for other related Site statistics.
Cookies. pganalyze’s Site uses cookies to provide users with a better browsing experience -- cookies are only collected with your express consent. In addition, by accepting pganalyze’s Privacy Policy upon purchase of the Services, you are consenting to pganalyze’s use of cookies in connection with the Services itself. pganalyze utilizes cookie technology to gather information on Internet use in order to serve you more effectively. Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and transferred to your device. You can set your browser to remove or reject cookies; however some Platform features or Services may not work properly without cookies.
How You Can Control Advertising Cookies. Cookies are also utilized to deliver advertising on our site. Among other uses, they allow us to show more relevant advertising to people who visit the site by showing you ads that are based on your browsing patterns and the way you have interacted with our sites. You can find information about how to opt out of the cookies provided by our advertising partners here:
- Google Ads. Google Ads utilizes search engine marketing to serve ads to target audiences. Users can manage ad settings on Google Advertising Opt-Out and revisit their privacy preferences on Google’s Privacy Checkup tool.
- Twitter Advertising. Twitter utilizes cookies to provide interest based advertising. See Twitter Privacy Policy for more information on its data collection and processing policies. Please See Twitter Privacy Controls for more information on how to adjust your privacy settings.
Even if you opt out of cookies/ads personalization, you may still see ads based on factors such as your general location derived from your IP address, your browser type, and your search terms. You can also manage cookies for any online advertising service via the consumer choice tools created under self-regulation programs, such as the US-based aboutads.info choices page or the European Union (“EU”)-based Your Online Choices. See also the Network Advertising Consumer Opt-Out and/or the Digital Advertising Alliance Opt-Out.
2. Personal Information Received by pganalyze or Disclosed or Shared by pganalyze
Personal Information is collected to facilitate the Services offered, for marketing of our services and products, or for internal analysis relating to product improvements and data security. pganalyze shares Personal Information with only those contractors, service providers and other third parties who are bound by contractual obligations to keep Personal Information confidential and to limit such use only for the purpose for which it is disclosed. Personal Information collected is processed by the following service providers to facilitate provision of the Services on the Platform or as otherwise disclosed at the time of collection to:
Provide Services. Personal Information is used to:
- Provide, operate and improve the Platform and Services;
- Process payments and complete transactions;
- Update you and provide marketing communications about new features and services;
- Respond to inquiries and provide customer support and feedback;
- Detecting, preventing, and investigating security incidents that compromise the availability, authenticity, integrity or confidentiality of stored or transmitted personal information;
- Protecting against malicious, deceptive, fraudulent or illegal activity directed at Company;
- Debugging to identify and repair errors that impair existing intended functionality.
- Analyze data to assess, understand and improve the services and personalize user experiences, including creation of anonymized aggregated, statistical and benchmark data. Aggregated data is utilized to help develop and market products or services and present targeted content and advertising
- Enable functionality of the services to authenticate a user, prevent fraud, and implement security measures
- Undertaking activities to verify or maintain the quality of a service or product that is developed or provided, and to improve, upgrade, or enhance any service or product that is developed or provided by Company.
Share with Service Providers. pganalyze has engaged with third party service providers to facilitate the pganalyze services and operate our business, including without limitation, account registration, hosting and data storage, information technology, email/SMS delivery, customer support, automated marketing and customer outreach, content delivery, analytics, data security and compliance services necessary to provide the Services. For each service provider, Company will have in place written contracts that describes the purpose of the service and disclosure of Personal Information, and requires the service provider to both keep the Personal Information confidential and not use it for any purpose except performing the services pursuant to such contract.
Analytics: pganalyze uses the following third party analytics services:
- Google Analytics. Google Analytics is used to access anonymous data to help us understand how users engage with our Site, so that we can review and improve our Services. Google Analytics collects information anonymously. It provides a report to pganalyze with website trends without identifying individual visitors. Site usage is tracked using Google Analytics in accordance with their Privacy Policy. However, if you do not want your data to be used by Google Analytics, you may opt-out by installing Google Analytics Opt-out Browser Add-on.
- Segment. Segment collects general user data, including username and email address, and provides reports to pganalyze regarding our customer’s use of the Platform, to assist with customer engagement and customer support.
- Sentry. Sentry provides real-time error-tracking to help improve our Services. Please see the Sentry Privacy Policy for additional information.
- Skylight. Skylight.io provides application monitoring and performance report services to help improve our Services. Please see the Skylight.io Privacy Policy for additional information.
Compliance and Protection. Personal Information may be disclosed to serve our legitimate business interests as follows: (1) as required by law, such as to comply with a subpoena, or similar legal process, (2) if pganalyze is involved in a merger, acquisition, or sale of all or a portion of its assets, (3) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (4) enforce our agreements with you, and/or (5) investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify you about law enforcement or court ordered requests for data unless otherwise prohibited by law.
3. Personal Information of Minors
pganalyze does not knowingly collect Personal Information from anyone under the age of 16. If we learn we have collected or received Personal Information from anyone under the age of 16 without verification of parental consent, we will delete that information. If a parent or guardian becomes aware that their child under the age of 16 has provided pganalyze with Personal Information without their consent, they should contact pganalyze at privacy@pganalyze.com. pganalyze will delete such Personal Information from our files within a commercially reasonable time, but no later than required under the applicable law.
4. Retention and Deletion of Personal Information; De-Identified Data
Unless erasure is otherwise requested under applicable law or as otherwise stated in this Privacy Policy, pganalyze will retain account data as long as it is necessary to provide services to our customers. Personal Information obtained from Platform visitors will be maintained as long as it is necessary to provide requested communications and information-based services or until a visitor exercises the right to opt-out of requested communications or information-based services. Anonymized and pseudo-anonymized data will be retained as long as pganalyze determines such data is commercially necessary for its legitimate business interests.
To the extent pganalyze de-identifies any Personal Information, pganalyze shall maintain and use such de-identified data without attempting to re-identify the data.
5. pganalyze’s Security Practices
We have implemented reasonable administrative, technical and physical security measures to protect Personal Information against unauthorized access, destruction or alteration. However, although we endeavor to provide reasonable security for Personal Information we process and maintain, no security system can ever be 100% secure.
6. Response To “Do Not Track” Signals
“Do Not Track” is a feature enabled on some browsers that sends a signal to request that a website disable its tracking or cross-website user tracking.
pganalyze shall treat any user-enabled Global Privacy Control, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicate or signal the consumer’s choice to opt-out of the sale of their Personal Information as a valid request submitted pursuant to the CCPA for that browser or device, or, if known, for the consumer.
7. Changes to this Privacy Policy
If we make material changes to our Privacy Policy, we will notify you by (1) changing the Effective Date at the top of the Privacy Policy, or (ii) sending an electronic notification to all active account holders, or (iii) adding a banner/notification to the Site itself.
8. Supplemental U.S. State-Specific Notices - Notice of Collection
This supplemental notice sets forth the disclosures and rights applicable to residents of California, Colorado, Virginia, Connecticut, and Utah. Such consumer privacy notices and rights shall also apply to other state residents to the extent other state consumer privacy laws are implemented following the last effective update to this Privacy Policy.
pganalyze collects, uses and/or discloses Personal Information as follows:
| Personal Information Collected, Used and/or Disclosed in Preceding 12 Months |
|---|
| Category of Personal Information Collected | Categories of Source of Collection | Purpose of Use | Categories to Whom pganalyze Discloses Personal Information | Purpose of Disclosure |
|---|---|---|---|---|
| Name/Alias | Customer | Performing Services; Auditing; Data Security; Customer Support; Marketing | Service Provider | Performing Services; Auditing; Data Security; Customer Support; Marketing |
| Customer | Performing Services; Auditing; Data Security; Customer Support; Marketing | Service Provider | Performing Services; Auditing; Data Security; Customer Support; Marketing | |
| Address | Customer | Performing Services | Service Provider | Payment Processing |
| Unique/Online ID (cookies) | Device | Analytics; Auditing; Data Security | Service Provider | Performing Services; Data Security; Analytics; Marketing |
| IP Address | Device | Debugging; Analytics | Service Provider | Performing Services; Data Security; Analytics; Marketing |
| Account Name | Customer | Performing Services; Data Security | N/A | N/A |
| Credit or Debit Card # / ACH | Customer | Payment Processing | Yes; Service Provider | Payment Processing* Token only |
| Browsing/search history; Interaction with site/advertisement | Device | Analytics | Yes; Service Provider | Analytics |
Other Potential Third Party Disclosures: Personal Information may also be disclosed to serve our legitimate business interests as follows: (a) as required by law, such as to comply with a subpoena, or similar legal process, (b) as part of a merger, acquisition, bankruptcy or other transaction in which a third party assumes control of all or part of the business, (c) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies as required by law; (d) enforce our agreements with you, and/or (e) investigate and defend ourselves against any third-party claims or allegations.
A. Sale of Personal Information; Sharing of Personal Information Right to Opt-Out
pganalyze does not and will not sell your Personal Information. However, under the CCPA, some sharing of personal information necessary to provide you with personalized ads may be considered a “sale,” even if no money is exchanged.
pganalyze shares your Personal Information with third parties for cross-context behavioral advertising purposes.
To the extent pganalyze is regarded as “selling” your personal information (as the term “sell” is defined under the CCPA), you have the right to opt-out of that “sale” on a going-forward basis at any time. Certain state residents have a right to opt-out from the “sale” or “sharing” of your personal information with third parties who are not our service providers (as those terms are defined by applicable laws) and/or to opt out of cross-context behavioral advertising. To exercise this right, click the Do Not Sell or Share My Personal Information link on the bottom of the Platform page where your information is being collected or go to your account settings. You can also submit a request to opt-out by emailing us at privacy@pganalyze.com with the subject line “Do Not Sell or Share.” Finally, if your browser supports it, you can turn on the Global Privacy Control to opt-out of the “sale” or “sharing” of your personal information.
B. Collection of Sensitive Information
Company does not collect Sensitive Information.
C. Consumer Rights. Consumers may contact pganalyze to exercise the following consumer rights:
Request pganalyze Disclose At No Charge:
- Specific pieces of personal information it has collected about you;
- categories of Personal Information collected, used, and/or disclosed about you;
- categories of sources from which Personal Information is collected;
- business and/or commercial purposes for collecting and disclosing your Personal Information;
- categories of third parties with whom your Personal Information has been disclosed/shared; and
Right to Know Requests can be submitted to pganalyze by email at privacy@pganalyze.com.
Request pganalyze to Delete At No Charge:
Deletion Requests can be submitted to pganalyze be email at privacy@pganalyze.com or by mail to pganalyze at: Duboce Labs, Inc., Attention: Privacy Request to Delete, 2201 12th Avenue, San Francisco, CA or by email at: privacy@pganalyze.com.
D. Request pganalyze Correct At No Charge:
Requests that pganalyze correct any inaccurate Personal Information collected by pganalyze can be submitted by email to privacy@pganalyze.com.
E. Verified Request Process
pganalyze will verify all consumer requests prior to taking any action in response to such request. For consumers that maintain an account with pganalyze, it may verify the identity of the consumer making the request by either matching information with the account information on file or through existing account authentication credentials.
Under applicable state law, you may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf. Authorized agents must demonstrate they have written authorization from you to make requests on your behalf. pganalyze may additionally require the consumer to confirm their identity and verify the authorized agent’s permission before complying with any request.
F. Consumer Request Limitations
Please note that these rights are not absolute and in certain cases are subject to conditions or limitations as specified in the applicable state laws, including, but not limited to:
- pganalyze is obligated to disclose/delete only upon a verifiable Consumer request from the consumer or an authorized agent acting on behalf of Consumer.
- Consumers may only make a personal information request twice in a 12-month period.
- Deletion is not required if it is necessary for pganalyze to maintain the Personal Information to fulfill applicable permissible purposes enumerated pursuant to applicable state consumer privacy laws.
pganalyze will confirm and respond to all requests within the timeframe required under applicable state law. In responding to any request to disclose/delete, pganalyze shall maintain a record of the requests as required under applicable state law.
G. Non-Discrimination Policy
You have the right not to receive discriminatory treatment for exercising any rights conferred by the CCPA and VCDPA. pganalyze shall not discriminate against a consumer for exercising any statutory consumer privacy rights, including, but not limited to, (a) denying goods or services, (b) charging different prices or rates (including discounts/penalties) that is not directly related to the value provided to pganalyze for the Personal Information, (c) suggesting Consumer will receive a different rate/price or different level of quality of goods/services, or (d) providing a different level of quality of goods/ services.
Employees, applicants and independent contractors have the right not to be retaliated against for the exercise of their CCPA rights.
H. Your Virginia Privacy Rights under VCDPA
If pganalyze is unable to process requests relating to your Personal Information and denies your request, Virginia residents have the right to appeal by emailing pganalyze at privacy@pganalyze.com. pganalyze will respond to your appeal request within 60 days of receiving the request to appeal.
I. Your California Privacy Rights under California Civil Code Section 1798.83 & Business and Professions Code Section 22581
California law permits Consumers to request and obtain from pganalyze once a year, free of charge, certain information about their Personally Identifiable Information (“PII”) (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year.
In addition, a business subject to California Business and Professions Code Section 22581 must allow California residents under age 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted. Your request should include a detailed description of the specific content or information to be removed. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.
J. Accessibility of this Policy.
You can download and print a copy of this Notice here.
K. Contact Us
If you have any questions regarding your Personal Information or about our privacy practices, please contact us at: Duboce Labs, Inc., Attention: Privacy Department, 2201 12th Avenue, San Francisco, CA 94116 or by email at: privacy@pganalyze.com.
9. Applicable EU GDPR Notices
Data Processor. pganalyze is the processor of all Customer Data (as defined in the applicable Terms of Service), including Personal Information input by a Customer, and its Authorized Users, in connection with a Customer’s use of the pganalyze Services. pganalyze’s Data Protection Offer can be reached at Duboce Labs, Inc. Attention: Privacy Department, 2201 12th Avenue, San Francisco, CA 94116. You may contact us at any time through by emailing us at privacy@pganalyze.com.
Data Controller. The Personal Information input by (a) visitors in general, and (b) Customer for purposes of establishing a commercial account with pganalyze, is controlled by Duboce Labs, Inc. at 2201 12th Avenue, San Francisco, CA 94116. You may contact us at any time by emailing us at privacy@pganalyze.com.
For applicable EU Users, we will only collect and process Personal Information about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you, and “legitimate interests.” Where we rely on your consent to process Personal Information, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your Personal Information, please submit a request through email pganalyze at privacy@pganalyze.com.
Data Processing Addendums: Processing of Personal Data is subject to the pganalyze Data Processing Addendum and Standard Contract Clauses and shall apply to customers subject to the data protection laws and regulations of the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
How to Review, Transfer, Restrict the Use of or Request Erasure of Personal Information
IF YOU WOULD LIKE TO:
- Access, review, restrict processing of, or otherwise request erasure of your Personal Information;
- Obtain the identity of the source of any Personal Information collected;
- Request correction of any errors contained within your Personal Information;
- Request pganalyze transfer your Personal Information to another service provider;
- Object to the manner in which your Personal Information is processed;
- Lodge a complaint with an EU supervisory authority; or
- Withdraw consent to the collection of your Personal Information
Requests under this Section can be made through email at privacy@pganalyze.com. We will respond in the timeframes required under applicable law. For all requests made pursuant to this section, pganalyze will (a) respond as required under applicable law, (b) provide a copy of any requested Personal Information in a structured, commonly used and machine-readable format, and/or (c) transmit such Personal Information to another service provider without restriction in accordance with applicable law.
10. Contact Us
If you have any questions regarding your Personal Information or about our privacy practices, please contact us at: Duboce Labs, Inc., Attention: Privacy Department, 2201 12th Avenue, San Francisco, CA 94116 or by email at: privacy@pganalyze.com.
This Privacy Policy was last updated on April 28, 2023