Privacy Notice

This Privacy Notice applies to personal information processed by us, including on our websites and other online or offline marketing or promotional campaigns. To make this Privacy Notice easier to read, our websites and other marketing campaigns are collectively called the “Services.”

We may provide additional privacy notices in writing to individuals at the time we collect their personal information. Any additional privacy notices may supplement this Privacy Notice or may apply in lieu of this Privacy Notice.

Important Note. This Privacy Notice does not apply to any of the personal information that we process on behalf of our customers through their use of our Services (“Customer Data”). Our customers’ respective privacy policies govern their collection and use of Customer Data. Our processing of Customer Data is governed by the contracts that we have in place with our customers, not this Privacy Notice. Any questions or requests relating to Customer Data should be directed to our customer.

Changes to our Privacy Notice. We may revise this Privacy Notice from time to time in our sole discretion. If there are any material changes to this Privacy Notice, we will notify you if required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Notice if you continue to participate in our Services after the new Privacy Notice takes effect.

The categories of personal information we collect depend on how you interact with us, our Services, and the requirements of applicable law. We collect information that:

• you provide to us;

• we obtain as you participate in our Services; or

• we obtain from other sources (i.e., third-party services as defined below).

A. Personal Information You Provide to Us Directly

We may collect personal information that you provide to us.

• Engagement. We may collect personal information when you engage with your account, such as your name, email address, and username. (Depending on the service you use, you may also be asked to provide your phone number.)

• Purchases. We may collect personal information and details associated with your purchases, including payment information (e.g., your billing details).

• Your Communications with Us. We may collect personal information, such as name, company name, email address, phone number, or mailing address when you request information about our Services, register for regular information updates (e.g., newsletter, webinar, advertising), request customer or technical support, or otherwise communicate with us.

• Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.

• Interactive Features. We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., messaging and chat features, commenting functionalities, forums, blogs, and social media pages). Any information you provide using the public sharing features of the Services will be considered “public,” unless otherwise required by applicable law and these privacy disclosures do not apply to public information unless required by applicable law. Please exercise caution before revealing any information that may identify you in the real world to other users.

• Conferences, Trade Shows, Webinars and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, webinars, and other events.

• Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.

• Job Applications. We may post job openings and opportunities on our Services. If you respond to one of these postings, we may collect your personal information, such as your application, CV, cover letter, and/or any other information you provide to us.

B. Personal Information Collected Automatically

We may collect personal information automatically when you use our Services.

• Automatic Collection of Personal Information. We may collect certain information automatically when you use our Services, such as your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser or device information, location information (including approximate location derived from IP address), and Internet service provider. We may also automatically collect information regarding your use of our Services, pages you visit, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our Services. In addition, we may collect information on diagnostic information, including metadata based on information above, regarding the performance of the Services.

• Cookies and Other Technologies. We, as well as third parties that provide content, advertising, or other functionalities on our Services, may use cookies, pixel tags or web beacons, and other technologies (“Technologies”) to automatically collect information through your use of our Services. Such use of Technologies may be subject to your consent as required by applicable law. See section 5 below to understand your choices regarding these Technologies. More information about our Cookies and Similar Technologies is available in our Cookies Notice.

• Analytics. We may use Technologies and other third-party tools to process analytics information on our Services. These Technologies allow us to better understand how our Services are used and to continually improve and personalize our Services.

• Social Media Platforms. Our Services may contain social media buttons, such as Twitter, Facebook and LinkedIn, which might include widgets such as the “share this” button or other interactive mini programs. These features may collect personal information such as your IP address and which page you are visiting on our Services, and may set a cookie to enable the feature to function properly. Your interactions (including your engagement with us on these platforms) with these platforms are governed by the privacy notice of the company providing it.

C. Personal Information Collected from Other Sources

Third-Party Services and Sources. We may obtain personal information about you from other sources, including through third-party services and organizations. For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect personal information about you from that third-party application that you have made available via your privacy settings.

Referrals and Sharing Features. Our Services may offer various tools and functionalities that allow you to provide personal information about your friends through our referral service. Third parties may also use the Services to upload personal information about you, including when they tag you. Our referral services may also allow you to forward or disclose certain content with a friend or colleague, such as an email inviting your friend to use our Services. Please only disclose with us contact information of people with whom you have a relationship (e.g., relative, friend, neighbor, or co-worker).

We use your personal information for a variety of business purposes, including to provide our Services, for administrative purposes, and to market our products and Services, as described below.

A. Provide Our Services

We use your information to fulfil our contract with you and provide you with our Services, such as:

• Managing your information (including opting-in and out of communications);

• Providing access to certain areas, functionalities, and features of our Services;

• Answering requests for information or technical support;

• Communicating with your activities on our Services, and Notice changes;

• Processing applications if you apply for a job we post on our Services; and

• Allowing you to register for events.

B. Administrative Purposes

We use your information for various administrative purposes, such as:

• Direct marketing;

• Research and development (including marketing research);

• Network and information security;

• Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;

• Measuring interest and engagement in our Services;

• Short-term, transient use, such as contextual customization of ads;

• Improving, upgrading, or enhancing our Services;

• Developing new products and services; and

• Ensuring internal quality control and safety:

  • Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Notice

  • Debugging to identify and repair errors with our Services

  • Auditing relating to interactions, transactions, and other compliance activities

  • Sharing personal information with third parties as needed to provide the Services

  • Enforcing our agreements and policies

  • Carrying out activities that are required to comply with our legal obligations.

C. Marketing and Advertising our Products and Services

We may use personal information to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law. Some of the ways we market to you include email campaigns, custom audiences advertising, and “interest-based” or “personalized advertising.” If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us at any time as set forth in “Contact us” below.

D. With Your Consent

We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.

E. Other Purposes

We may use your personal information for other purposes as requested by you or as permitted by applicable law.

• De-identified and Aggregated Information. We may use personal information to create de-identified and/or aggregated information, such as demographic information, information about the device from which you access our Services, or other analyses we create. If we create or receive de-identified information, we will not attempt to reidentify such information, except to comply with applicable law. In addition, we have implemented commercially reasonable technical safeguards and business processes to prohibit the reidentification of information.

We disclose your personal information to third parties for a variety of business purposes, as follows.

A. Disclosures to Provide our Services

The categories of third parties with whom we may disclose your personal information are described below.

• Service Providers. We may disclose your personal information with our third-party service providers and vendors that assist us with the provision of our Services. This includes service providers that provide us with IT support, hosting, payment processing, customer service, and related services.

• Business Partners. We may disclose your personal information with business partners to provide you with a product or service you have requested. We may also disclose your personal information with business partners with whom we jointly offer products or services.

• Affiliates. We may disclose your personal information with our company affiliates for our administrative purposes, including activities such as IT management, for them to provide services to you or support and supplement the Services we provide.

• Other Users or Third Parties. As described above in Section 2, our Services may allow you to disclose personal information or interact with other users and/or third parties (including individuals and third parties who do not use our Services and the general public).

• Advertising Partners. Except for mobile information as explained below, we may disclose your personal information to third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners collect personal information over time and across other websites and may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.” No mobile information, which is any data we collect from you in the context of a marketing campaign such as your phone number, will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent records; this information will not be shared with any third parties.

For more details about our subprocessors and third-party service providers, including the countries in which they operate and the purposes for which personal information is transferred to them, please refer to our Subprocessor List at https://sendbird.com/sub-processors.

• APIs/SDKs. We may use third-party application program interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of our Services. For more information about our use of APIs and SDKs, please contact us as set forth in “Contact us” below.

B. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

A. Your Privacy Choices

The privacy choices you may have about your personal information are determined by applicable law and are described below.

• Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms or this Privacy Notice).

• Cookies and Personalized Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits by setting the options in the Tools>Internet Options>Personal Information menu at the top of the web browser. However, if you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS, and others. We do not recognize the “Do Not Track Signal.”

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.

Please note you must separately opt out in each browser and on each device.

B. Your Privacy Rights

In accordance with applicable law, you may have the right to:

• Access Personal Information about you, including: (i) confirming whether we are processing your personal information; and (ii) obtaining access to or a copy of your personal information (*If access is denied, you will receive a written notice explaining the reasons for the denial, in accordance with applicable law.)

• Request Correction of your personal information where it is inaccurate, incomplete or outdated. In some cases, we may provide self-service tools that enable you to update your personal information

• Request Deletion, Anonymization or Blocking of your personal information when processing is based on your consent or when processing is unnecessary, excessive, or noncompliant

• Request Restriction of or Object to our processing of your personal information when processing is noncompliant

• Withdraw your Consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing, and will not affect the lawfulness of processing before the withdrawal. If you refrain from providing personal information or withdraw your consent to processing, some features of our Service may not be available

• Request data portability and receive an electronic copy of personal information that you have provided to us

• Be informed about third parties to which your personal information has been disclosed

If you would like to exercise any of these rights, please contact us as set forth in “Contact us” below. We will process such requests in accordance with applicable laws.

We take steps to protect your information. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of personal information.

By using our Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services, by mail, or by sending an email to you.

All information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. While transferring your personal information internationally, we will comply with the applicable requirements governing processing of your personal information in a specific location – for example, your country of residence. We endeavor to safeguard your information consistent with the requirements of applicable laws. For personal information transferred from the United Kingdom, Switzerland, or European Union, to the United States, Sendbird has self-certified its compliance with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF"), and the UK Extension to the EU-U.S. DPF ("UK Extension"), collectively (the "DPF"). Further information can be found on Sendbird's Data Privacy Framework Notice.

Your personal information will be retained for as long as necessary for the purposes for which it was collected, which in most cases do not exceed 5 years. When Sendbird no longer needs to use your personal information to comply with contractual or statutory obligations, we will remove it from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it, unless we need to keep your information, including personal information, to comply with statutory retention periods, such as for tax, audit, or legal compliance purposes, for a legally prescribed time period thereafter, or if we need it to preserve evidence within statutes of limitation.

For residents of California, please find our California Consumer Privacy Act Disclosures [here].

California Shine the Light. The California “Shine the Light” law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties.

For individuals in the EEA+, please find our EEA+ Supplemental Data Protection Law Disclosures [here].

For residents of the Republic of Korea, the following disclosures apply in accordance with the Personal Information Protection Act (“PIPA”). In the event of any conflict between this Supplemental Notice and the other sections of this Privacy Notice, this Supplemental Notice shall prevail.

A. Period of Retention and Use of Personal Information

In principle, we retain your personal information until the purpose of collection and use is achieved, or for the retention periods specified in this Privacy Notice. However, the following information is retained for the specified period under relevant Korean laws:

Act on the Consumer Protection in Electronic Commerce:

• Records on contract or subscription withdrawal: 5 years
• Records on payment settlement and supply of goods: 5 years
• Records on consumer complaints or dispute handling: 3 years

Protection of Communications Secrets Act:

• Computer communications login records: 3 months

B. Procedure and Method of Destruction

Sendbird destroys personal information immediately after the purpose of collection is achieved or the retention period expires, unless further retention is required by law.

Destruction Procedure: Information selected for destruction is separated into a different database (or a separate file for paper documents) and stored for a certain period in accordance with internal policies and applicable laws before being destroyed.

Destruction Method: Personal information stored in electronic file formats is permanently deleted using technical methods that make the records unrecoverable (e.g., low-level format). Personal information printed on paper is destroyed by shredding or incineration.

C. Rights of Users and Legal Representatives

You may exercise your rights to access, correct, delete, or suspend the processing of your personal information at any time.

How to Exercise: You may exercise these rights by contacting us via written notice, email, or facsimile in accordance with Form No. 8 of the Enforcement Rules of the Personal Information Protection Act. We will take action without delay upon receipt of such a request.

Legal Representatives: If you wish to exercise your rights through a legal representative or an authorized agent, you must submit a Power of Attorney in accordance with Form No. 11 of the Enforcement Rules of the Personal Information Protection Act.

Children: For children under the age of 14, the legal representative has the right to exercise all rights regarding the child’s personal information.

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

To help our customers adhere to Apple's latest privacy updates, we are publishing an exhaustive list of data sets your application may collect based on how you use Sendbird SDK within your iOS application.