Privacy Policy

Last updated: April 9, 2020

Overview

This Privacy Policy (“Privacy Policy”, “Policy”) describes how HashiCorp, Inc. (“HashiCorp”, “we”, “us” or “our”) collects, uses, shares, processes and protects personal information (“Personal Information”) relating to individuals (“you”, or “your”), who may use or interact with our websites or services, communicate with us, contact us, or attend our events. “You” may be a visitor to one of our websites, a user of one or more of our Services (“User”), a collaborator, or a customer (“Customer”).

HashiCorp respects your privacy and is committed to protecting your Personal Information (any information that relates to an identified or identifiable individual). Our belief is that any Personal Information provided to us by you is just that: personal and private.

Note: We do not rent, sell or trade your Personal Information.

Scope

This Policy applies to all visitors of our websites, and users of our products, websites, features or services, or any other HashiCorp websites that link to this Policy (collectively, the “Websites”), unless covered by a separate privacy policy, and explains how we collect, use, disclose, and safeguard your information. Please note that this Privacy Policy does not apply to the extent that we process Personal Information in the role of a processor (or a comparable role such as “service provider” in certain jurisdictions) on behalf of our customers, including where we offer to our customers various cloud products and services, through which our customers (and/or their affiliates) connect their own applications to our hosted platform, sell or offer their own products and services, send electronic communications to other individuals, or otherwise collect, use, share or process Personal Information via our cloud products and services.

Please read this Privacy Policy carefully.

Data collections and uses

Overview

This Policy describes how we collect and use your Personal Information, whether it is shared and/or disclosed, and how we address privacy matters, such as deletion of your Personal Information upon request, and opting-out of marketing communications. Lastly, we describe methods for contacting us if you have privacy questions, comments or feedback.

Personal Information we collect

Transparency is one of the best ways to earn your trust. The summary table explains what information we collect from you and why, based upon your relationship with us and as your relationship evolves with HashiCorp.

Description

What we collect

Why we collect it

Visitors

Individuals who visit our public Websites, without logging into an account or using our products and/or services

  • IP Address
  • Cookie Information
  • Browser Info
  • To gauge interest in our products
  • To assess effectiveness of marketing efforts
  • To monitor usage patterns and improve our Websites, products and/or services

Visitors
(Marketing)

You may voluntarily share your information with us to receive information about our products and services, or to receive marketing information

  • Name
  • Email
  • Company Name
  • To share information about our products and/or services
  • For marketing purposes

Users

Individuals who establish an account with us, or otherwise use our Websites, products and/or services

  • Name
  • Email
  • Username
  • Company Name
  • Credit Card details
  • Phone number
  • To access our products and Websites, products and/or services
  • Billing
  • Security
  • Identity verification
  • 2-Factor Authentication

Customer collaborators

Individuals who contribute to our public repositories

  • Name
  • Email
  • Username
  • To understand who contributes to our repositories
  • To track changes to our repositories

Visitors

When you visit our Websites, we consider you a Visitor. As a Visitor, the information we collect from you is listed below. You’re not obligated to provide us with such Personal Information, and you are free to change or completely remove information shared with us; however refusing to provide requested Personal Information might prevent you from using certain features of the Websites.

What do we collect?

Why do we collect it?

Can you limit collection?

HashiCorp Cookies

  • To recognize you when you make a return visit and deliver overall a consistent experience
  • Most modern browsers allow you to delete or limit cookies

    Third-Party Tags and Cookies

  • To measure our marketing effectiveness
  • Most modern browsers allow you to delete or limit cookies, including third-party cookies; however, you may not be able to limit marketing tags entirely unless you do not visit our sites

    Internet Protocol (IP) Address

    • Part of the basic function of the internet
    • To measure who is visiting us and from where

    The only way to avoid this is to not visit our sites

    Browser Metadata

    (i.e. browser type, version, operating system)

    • Part of the basic function of the internet
    • To ensure we maintain a positive website experience for most used browsers

    Browsers communicate this automatically; however, some third-party extensions may allow you to limit this

    For further information on our use of cookies and similar technologies, please refer to our Cookie Policy - https://www.hashicorp.com/cookies

    Marketing

    In addition to the data above, you may also voluntarily share Personal Information with us, in order to receive information about products, or to register for an upcoming event.

    What do we collect?

    Why do we collect it?

    Can you limit collection?

    Name + Email

    • To respond to your inquiry
    • Email you about product offerings, updated and other marketing promotions
    • No, these are required for us to contact you
    • You can opt out of marketing emails, see the Opt-Out section

    Company Name

    • To further develop our understanding of you
    • No, this is required

    Job Title

    • To further develop our understanding of you
    • Yes, this is voluntary

    Phone Number

    • To contact you
    • Yes, this is voluntary

    Users

    If you choose to register for an account with HashiCorp or on our Websites, you will share Personal Information with us.

    When you register, create a User Account on our Website and begin using our products, we consider you a User. This section describes our privacy practices related to Users. Keep in mind Users are also considered Visitors so we collect this data in addition to what was described for Visitors.

    What do we collect?

    Why do we collect it?

    Can you limit collection?

    Email, Username and Password

    • In order to establish your account and allow you to securely access it
    • Email you about service updates, maintenance activities, security notifications, weekly summaries and other account related information
    • No, these are required for us to contact you
    • You can opt out of marketing emails, see the Opt-Out section

    Phone Number

    • For 2-factor authentication
    • This is required to enable 2-factor authentication

    Payment Data

    • Credit card data
    • Address
    • We require the minimum amount of data to process your payment

    NOTE: We do not store any financial data, as we use Stripe and/or Shopify to process the payments.

    • This is required to process your payment

    How we use Personal Information

    Our Products and Services

    We use Personal Information to facilitate the business relationships we have with our Users, to comply with our financial regulatory and other legal obligations, and to pursue our legitimate interests where these are not overridden by the interests, rights or freedoms of Users . We also use Personal Information to complete payment transactions. We only collect and process your Personal Information to the extent it is necessary to fulfill these purposes and where we can rely on a legal basis for such processing

    How long do we keep your data?

    We only process and keep any Personal Information for as long as necessary. to achieve the purpose for which the information was originally collected. The exact length of time we keep Personal Information depends on our processing purposes and the statutory retention period for that type of information. After the statutory period of time passes, or if storage of Personal Information is not needed, Personal Information is deleted or anonymized.

    How do we use your information?

    We use Personal Information we collect to provide products and/or services to you, keep our Websites running smoothly, and protect us legally. We will not use or share your Personal Information in ways unrelated to those described below. We do not use automatic decision-making or profiling, and will not sell your Personal Information for any purpose.

    • Customer’s instructions. HashiCorp will only share and disclose Personal Information in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement, and in compliance with applicable law and legal process.
    • Customer access. Owners, administrators and other Customer representatives and personnel, as defined in the Customer Agreement, may be able to access, modify or restrict access to Personal Information.
    • Third party service providers and partners. We may engage third party companies or individuals as subprocessors or business partners to process Personal Information and support our business. We maintain a list of the subprocessors and/or partners we utilize here -https://www.hashicorp.com/subprocessors.
    • During a change to HashiCorp’s business.If HashiCorp is involved in a merger, acquisition, sale of all or a portion of our assets, or bankruptcy, your Personal Information would be an asset transferred to or acquired by the successor entity or third party. You acknowledge that such transfers may occur and that the transferee may process Personal Information in a manner different to that set out in this Privacy Policy.  You will be notified by email and/or a prominent notice on our Websites of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
    • Aggregated or de-identified information. We may disclose or use aggregated or de-identified Personal Information for any purpose. For example, we may share aggregated or de-identified information with prospects or partners for business or research purposes, such as showing a total count of active users accessing our products.
    • To comply with laws. If we receive a request for information, we may disclose Personal Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
    • To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of HashiCorp or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
    • With consent. HashiCorp may share Personal Information with third parties when we have consent to do so.

    Security

    HashiCorp takes appropriate administrative, technical, physical and organizational security measures to protect your Personal Information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once it is received, taking into account the nature of such information and the risks involved in processing, and comply with applicable laws and regulations. While we have taken reasonable steps to secure the Personal Information you provide to us, please be aware that despite our best efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide Personal Information via our Websites.

    If you have any questions about our security, or have reason to believe that your interaction with us is no longer secure, please contact us at security@hashicorp.com.

    Policy For Children

    We do not knowingly solicit information from or market to children under the age of thirteen (13). If you are under age 13, please do not give us any Personal Information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help us enforce our Privacy Policy by instructing them to never share Personal Information through our Websites without their permission. If you suspect or become aware of any data we have collected from children under age 13, please contact us immediately using the contact information provided below.

    Notice to All Non-U.S. Residents

    Our servers are located in the U.S.. If you are located outside of the U.S., please be aware that any information provided to us, including Personal Information, will be transferred from your country of origin to the U.S.. HashiCorp transfers and processes data, including the data transfers under the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield, and the General Data Protection Regulation (GDPR), in accordance with applicable laws and regulations.

    Notice for Residents of the European and Swiss Economic Areas

    In order to comply with European Union and Swiss data protection laws, HashiCorp, Inc. self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to enable companies to comply with data protection requirements when transferring Personal Information from the European Union and Switzerland to the United States. You can view our self-certification here.

    HashiCorp is responsible for the processing of Personal Information we receive, under Privacy Shield, and the subsequent transfers to a third-party acting as an agent on our behalf. With respect to Personal Information received or transferred pursuant to the Privacy Shield Framework, HashiCorp is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, HashiCorp may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    Notice for California Residents

    The California Consumer Privacy Act (CCPA) is a new data privacy law that applies to certain businesses which collect Personal Information from California residents. The law became effective on January 1, 2020. HashiCorp already offers data protection terms pursuant to the GDPR in Europe. We are now also offering the same terms under the CCPA. Your rights under the CCPA are described below.

    Please note that HashiCorp does not rent or sell any Personal Information.

    In addition, California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits California residents to request and obtain from us, once a year and free of charge, 1) information about categories of Personal Information (if any) we disclosed to third parties for direct marketing purposes, and, 2) the names and addresses of the third parties with which we shared Personal Information in the preceding calendar year.

    If you are under 18 years of age, reside in California, and have a registered account with our Websites, you have the right to request removal of unwanted data that you publicly post on our Websites. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on our Websites, but please be aware that the data may not be completely or comprehensively removed from our systems.

    If you are a California resident and would like to make a request, please submit your request in writing to us using the contact information provided below.

    Your Rights

    We recognize, under the EU-U.S. Privacy Shield, the Swiss-U.S. Privacy Shield, CCPA, and GDPR, that you have certain rights in regards to your Personal Information. We feel that your privacy and ability to preserve and exercise your rights is very important. You are encouraged to review and understand these rights as they pertain to you and your Personal Information. In certain circumstances, these rights include, but are not limited to:

    • Right to be Informed: This means we have to tell you why we process your Personal Information, our retention periods, and who it will be shared with.
    • Right of Access: This means we have to provide you with a copy of your Personal Information we process upon your request.
    • Right to Rectification: This allows you to have inaccurate Personal Information rectified, or completed if it is incomplete.
    • Right to Erasure: This allows you to have your Personal Information erased.
    • Right to Restrict Processing: This means you can limit the way we use their data.
    • Right to Data Portability: This allows you to receive a copy of your Personal Information in a structured, commonly used and machine-readable format and gives you the right to transmit those data to another controller without hindrance.
    • Right to Object: This allows you to object to the processing of your Personal Information at any time.
    • Right to Non-Discrimination: The CCPA prohibits covered businesses from discriminating against consumers for exercising their CCPA rights. This means we cannot charge a different price, deny access to our products, or impose penalties for exercising your rights under the CCPA.
    • Right to Withdraw Consent: This means you can withdraw your consent at any time.

    In support of these rights, you may exercise any of the above rights, with respect to your Personal Information. You may update, correct or delete your Personal Information; if you wish to delete or suspend your account, please note that we may retain certain information as required by law or for legitimate business purposes. If you have become aware that an account has been created about you without your knowledge or consent, you may contact us to request deletion of that said account. You may contact us by emailing privacy@hashicorp.com

    For your protection, we may only respond with the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will respond to your request within 30 days.

    Candidates

    We also provide the ability to submit job applications to our open job listings. To appropriately respond to your application, we need to collect and process your provided Personal Information, which may also be carried out electronically. If we begin an employment contract with you, your submitted application data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. We maintain your Personal Information for the period of time necessary to carry out our legitimate business interests and according to applicable laws. For information about specific retention periods, please contact us at privacy@hashicorp.com

    Changes to This Policy

    If we make material changes to this Policy, we will revise the “Last Updated” date at the top of this Policy, and in some cases, we may provide you with more prominent notice (such as adding a statement to our homepage or sending you an email notification). Any changes or modifications will be effective immediately upon posting of the updated Privacy Policy, and you waive the right to receive specific notice of such changes or modifications.

    We encourage you to review the Policy whenever you access the Websites to stay informed about our information practices and the ways you can help protect your privacy. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes to the Privacy Policy by your continued use of the Websites after the date such Policy is posted.

    Contact Us

    For any and all privacy-related matters, questions or comments, or to exercise a right under the GDPR, Privacy Shield, or the CCPA, you may contact us in writing or by email. Our contact information is as follow:

    HashiCorp, Inc.
    ℅ Security and Privacy Office
    101 Second Street, Suite 700
    San Francisco, CA 94105
    United States
    Phone: +1 (415) 301-3250
    Email: privacy@hashicorp.com

    EU or Swiss residents with inquiries or complaints regarding this Privacy Policy should first contact HashiCorp at privacy@hashicorp.com. Please allow a reasonable amount of time to respond to your request. If you do not receive timely acknowledgement of your complaint, or if your complaint is not addressed by HashiCorp, you may contact our U.S.-based alternative dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

    If these processes do not result in a resolution, you may then contact your local data protection authority, the U.S. Department of Commerce, and/or the Federal Trade Commission for assistance. Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may invoke binding arbitration when other dispute resolution procedures have been exhausted and upon written notice to HashiCorp at privacy@hashicorp.com.