Last Updated October 8, 2020
Version 2.0

Cribl is committed to the privacy of its users. This Privacy Policy explains the information that Cribl collects from users through Cribl’s interaction with users, as well as why we collect that information, what we do with it, and how we protect it. Users are visitors to Cribl’s website, users of Cribl’s products and services, and Cribl’s other customers and business partners (individually “>a User” and collectively “Users”).

This Privacy Notice also explains Cribl’s commitments under laws and regulations that protect personal data, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable laws and regulations. Personal data means information relating to a User who can be directly or indirectly identified through the information, as well as information related to, or that could reasonably be linked to, a User or a User’s household (“Personal Data”).

The GDPR applies to companies that operate in the European Union (EU) and collect or use Personal Data, as well as companies operating outside of the EU that have customers in the EU or collect any Personal Data of anyone in the EU. The GDPR can be found at https://gdpr-info.eu/. The CCPA applies to certain businesses that collect Personal Data from California residents. The CCPA can be found at https://oag.ca.gov/privacy/ccpa. Other applicable laws and regulations are described below.

1. Cribl Services Covered by this Privacy Policy

This Privacy Policy covers Cribl’s website, products and services, and normal business operations, as well as third-party services or websites used by or in the operation of Cribl’s website, products and services, or normal business operations (collectively, “Cribl Services”). Cribl Services include services, software, data, information, documentation, or materials provided to Users by Cribl related to, or through, Cribl Services. 

This Privacy Policy does not apply to any third-party services or websites to which Cribl Services may link except to the extent such services or websites are part of Cribl Services and exchange data with Cribl Services. Cribl does not control or have any responsibility for the privacy practices of third-party services or websites that are not part of Cribl Services. Cribl Services do not include social media features such as “Share” and “Like” buttons that are provided by third-party social media platforms such as Facebook, LinkedIn, and Twitter. Users should review the privacy policies of all third-party services and websites.

2. Information Collected and Methods of Information Collection.

A. Generally.

Cribl may collect data, including Personal Data, provided by Users to Cribl or through Cribl Services, as well as information collected regarding Users (collectively, “User Data”). Such collections include without limitation Users inputting or uploading information to Cribl Services, causing information to be provided to Cribl or Cribl Services by or through third-party providers or services, visiting or otherwise accessing Cribl Services, filling out forms on or through Cribl Services, and downloading software, documents, or other resources from or through Cribl Services, as as information collected from third parties, including publicly available information from third-party websites like Facebook, LinkedIn, and Twitter.

• Visit Data. User Data does include information automatically obtained by visiting or otherwise accessing Cribl Services that is Personal Data (“Visit Data”). Specifically, Visit Data includes a User’s IP address, the date and time of the User’s visit, the User’s browser and device information, information contained in cookies and tracking technologies, what parts of Cribl Services the User accessed or visited, Internet traffic information, and information from third parties, but all only to the extent to which such data is Personal Data. 
• Cookies. The cookies used by Cribl Services include cookies collected through Cribl’s use of Hubspot. These cookies collect User Data, as well as opt-in information for this Privacy Policy, Visit Data, and other information that allows Cribl Services to recognize Users on return visits, track Users’ use of Cribl Services, save settings for Users, and otherwise deliver a consistent experience for Users.
• Operational Data. User Data does not include non-identifiable information that is automatically collected by accessing Cribl Services and is not Personal Data (“Operational Data”). Specifically, operational data includes telemetric data, statistical data, or other information generated by Cribl Services related to the operation or performance of Cribl Services where the information does not include Personal Data.
• Personal Data of Children. Cribl does not knowingly receive, process, store, or otherwise use the Personal Data of children under sixteen years of age, nor may children under sixteen years of age use Cribl Services. If a User provides Personal Data of such children to Cribl or Cribl Services, the User must immediately contact Cribl by email at privacy@cribl.io; Cribl will delete all such Personal Data from Cribl Services to the extent identifiable by Cribl. If Cribl becomes aware that it has received Personal Data of a child, Cribl will notify affected Users and delete all Personal Data of the child from Cribl Services, each to the extent identifiable by Cribl.

B. Information Collected through Normal Business Operations.

Cribl may collect User Data, including Personal Data, as part of its normal business operations, including its business operations with Users. Business operations include the management of business relationships, customer support activities, billing, and marketing activities, as well as contracting and marketing activities and events, and correspondence with Cribl through phone, email, or other methods. Such information includes company name, contact information of company employees and agents, financial information, payment information, purchase orders and licensing agreements, usage information for Cribl Services, and information related to Users’ users and administrators, each of which may include Personal Data. Cribl maintains support tickets and related records for all customer support requests and issues.

3. Use of User Data.

A. Generally

Cribl receives, processes, stores, and otherwise uses certain information through Cribl Services and normal business operations. Cribl may use User Data without restriction to the extent it does not include Personal Data and is not otherwise subject to contractual or legal restrictions that would prevent such use. Beyond the use described in this Privacy Policy, Cribl will process Personal Data only to the extent to which the applicable User or Users has or have granted express consent. Cribl does not use Operational Data to identify Users personally without collecting additional consent from the affected Users. The processing and other of User Data collected using social media features is governed by the given social media platform’s privacy policies.

• Lawful Basis for Processing and Normal Business Operations. Cribl may use User Data, including Personal Data, for processing with Cribl Services and normal business operations with Users and other persons and entities. Cribl’s use has at least one lawful basis for using User Data for these purposes, including the Users’ consent to process User Data for the purposes of performing the given User’s contract or agreement with Cribl, the necessity of processing the information to enter into a contract or agreement with a User at the User’s request, the necessity of processing the information to perform the User’s contract or agreement with Cribl, the necessity of processing for Cribl to comply with a relevant legal obligation, a User’s clear consent to the processing, and Cribl’s legitimate interests in operating Cribl Services subject to Users’ rights, interests, and revocations of consent.
• Lawful Bases for Protection and Other Grounds. Cribl may use User Data, including Personal Data, to protect Cribl Services, Cribl’s confidential and proprietary information, and Cribl’s employees, equipment, and premises, or other persons or entities and the employees, equipment, and premises of such persons or entities. Cribl may also use User Data, including Personal Data, to manage and investigate suspected illegal activities, risk exposure, violations of contracts or legal requirements, fraud, and claims or other liabilities, and to cooperate with public authorities for law enforcement or national security purposes, if Cribl receives a lawful request, and as otherwise required by law or regulation.

B. Use of User Data Through Cribl’s Website.

Cribl may receive, process, store, or otherwise use Personal Data through Cribl’s website. Cribl is a data processor and data controller for the purposes of the GDPR and other applicable data protection laws and regulations relative to Cribl’s website insofar as it receives, processes, stores, or otherwise uses Personal Data, but is not a data processor or data controller relative to other Cribl services that receive, process, store, or otherwise use only Operational Data. Currently, Cribl’s website receives, processes, stores, or otherwise uses Personal Data and Operational Data.

Cribl’s use of User Data for processing through Cribl’s website includes operating, evaluating, maintaining, improving, developing, and monitoring Cribl Services, and providing Users with requested Cribl Services and customizing Cribl Services to Users’ needs and requests. Cribl may use User Data to monitor performance, access, usage, log, and transactional information related to the operation of Cribl’s website, and may use User Data to improve and develop Cribl Services, including as to the security of Cribl Services and the operation of services provided by Cribl’s business partners as part of Cribl Services.

C. Use Through Cribl’s Products and Services.

Cribl does not receive, process, store, or otherwise use Personal Data through Cribl’s products and services. Cribl is not a data processor or data controller for the purposes of the GDPR and other applicable data protection relative to Cribl’s products and services because Cribl’s products and services do not send Personal Data to Cribl. Users are the data processors and data controllers for Personal Data processed through Cribl’s products and services because only Users process and control all such Personal Data.

D. Use Through Cribl’s Normal Business Operations.

Cribl may receive, process, store, or otherwise use User Data, including Personal Data, through Cribl’s normal business operations. Cribl is a data processor and data controller for the purposes of the GDPR and other applicable data protection laws and regulations relative to Cribl’s normal business operations insofar as its normal business operations receive, process, store, or otherwise use Personal Data.

Cribl’s use of User Data for its business operations with Users and other persons or entities includes contacting Users, processing payments and other financial transactions with Users, contracting with Users, providing customer support to Users, billing Users, and marketing to Users when it is lawful for Cribl to do so. If a User wishes to unsubscribe from receiving certain email communications, the User may unsubscribe by opting out of email notifications or emailing privacy@cribl.io.

4. Disclosure of User Data.

Cribl does not disclose Personal Data to third parties except as provided in this Privacy Policy. Cribl does not sell or rent Personal Data to third parties. Cribl may disclose User Data without restriction to the extent it does not include Personal Data and is not otherwise subject to contractual restrictions that would prevent such disclosure. 

Cribl may disclose User Data with affiliated businesses and third-party service providers to assist Cribl in the operation of Cribl Services and conducting Cribl’s normal business operations, each subject to applicable contractual restrictions involving those affiliates and applicable Users. Cribl does not disclose User Data with affiliated businesses or third-party service providers for an affiliate’s own use, but may disclose User Data with third parties in connection with a potential or actual sale of Cribl or the assets of Cribl or affiliate where User Data may be one of the transferred assets.

Cribl may disclose User Data, including Personal Data, to protect Cribl Services, Cribl’s confidential and proprietary information, and Cribl’s employees, equipment, and premises, or other persons or entities and the employees, equipment, and premises of such persons or entities. Cribl may also disclose User Data, including Personal Data, to manage and investigate suspected illegal activities, risk exposure, violations of contracts or legal requirements, fraud, and claims or other liabilities, and to cooperate with public authorities for law enforcement or national security purposes, if Cribl receives a lawful request or is otherwise required by law or regulation.

5. Protection of User Data.

Cribl takes reasonable steps to secure User Data from unauthorized access, improper use or disclosure, unauthorized modification or destruction, and accidental loss, including through encryption and pseudonymization, maximizing Cribl’s stability and uptime, using reasonable backup and disaster recovery procedures, and regular security testing. Cribl protects User Data with the same level protection no matter where Cribl stores its data.

Cribl contractually requires affiliated businesses and third-party service providers to provide the level of protection for Personal Data that is required by the GDPR and will remain liable under the GDPR if one of its affiliated businesses or third-party service providers processes Personal Data in violation of the GDPR. However, no service can be completely secure, error free, or always available and Cribl Services and Cribl’s infrastructure may be compromised. Cribl is not responsible for unauthorized or unintended access, improper use or disclosure, unauthorized modification or destruction, or accidental loss that is beyond Cribl’s control or that occurs despite Cribl’s reasonable protections.

6. Disposition of User Data.

Cribl will keep User Data, including Personal Data, for only as long as required to fulfill the purposes for which it was collected or processed. In some circumstances Cribl, may retain User Data, including Personal Data, for a longer period than required to fulfill the purposes for which it was collected or processed. Such circumstances include when Cribl is required to do so to comply with a legal, tax, or accounting requirement, or when required to do so by a governmental authority. Cribl may also retain User Data, including Personal Data, for a longer period corresponding to a statute of limitations in order to have an accurate record of Users’ dealings with Cribl in the event of any complaints or other issues.

7. User Rights.

Subject to applicable law and regulations, a User may have rights involving his or her own Personal Data. A User’s rights may impose obligations on Cribl, but certain obligations may fall to the data controller for the User’s Personal Data instead of Cribl if Cribl is not the data controller.

A User’s rights may include the right to access, including the right to receive (1) a free copy every year of his or her Personal Data that Cribl has received, processed, stored, or otherwise used to the extent identifiable and stored by Cribl, the categories of such Personal Data, the purpose or purposes of Cribl’s use of such data, and whether automated decisions or profiling occurs and, if so, the  logic involved, significance, and likely consequences of such Cribl’s receipt, processing, storage, or other use of such data; (2) a list of any third-party recipients of Personal Data and what safeguards are in place to protect the data being transferred; (3) a list of third-party data sources of a User’s Personal Data not collected from the User directly; and (4) a description of how long Cribl will store Personal Data or, if such a period is not determinable, how the length of the period would be determined. Cribl may charge a reasonable fee for subsequent requests for, and copies of, Personal Data.

A User’s rights may include the right to correct, without any undue delay, any inaccurate Personal Data to the extent identifiable and stored by Cribl, including the right to have incomplete Personal Data completed where appropriate given the purposes of Cribl’s receipt, processing, storage, or other use of such data.

A User’s rights may include the right to erase, without any undue delay, Personal Data if (1) the Personal Data is no longer necessary for the purpose or purposes for which it was received, processed, stored, or otherwise used; (2) the User withdraws his or her consent regarding his or her Personal Data and there is no other legal basis for receiving, processing, storing, or otherwise using that Personal Data; (3) the User objects to the receipt, processing, storage, or other use of his or her Personal Data and there are no legitimate grounds for processing that Personal Data; (4) the Personal Data have been unlawfully received, processed, stored, or otherwise used; (5) the Personal Data are required to be erased to comply with a legal obligation, (6) the Personal Data have been collected in relation to the offer of information society services, or (7) the Personal Data must otherwise be erased from Cribl’s Services as required by the GDPR, the CCPA, or other applicable law or regulation.

A User’s rights may include the right to data portability where the User has the right to receive his or her Personal Data in a structured, commonly used, and machine-readable format, and the obligation for the data controller of the Personal Data to transmit those data to another data controller, without undue hindrance, to the extent such transfer is technically feasible.

A User’s rights may include the right to complain to a supervisory authority for data protection, including the User’s local supervisory authority. Cribl will not discriminate against any User who exercises his or her rights under applicable data protection laws and regulations. 

8. Contacts for Privacy and User Data Issues.

Please contact Cribl at privacy@cribl.io for any questions and requests related to this Privacy Policy, including regarding Users’ rights and Personal Data. 

Please note that if you contact Cribl regarding Personal Data for which Cribl is a data processor, Cribl will refer your request to the applicable data controller for the User’s Personal Data to the extent that the applicable data controller can be identified. 

Cribl requires proof of identity and may charge a fee where permitted by law, especially if a User’s request is manifestly unfounded or excessive. Cribl will not use Personal Data obtained to establish a User’s identity for any purpose other than the verification of the User’s identity. 

Cribl will attempt to respond to all questions and requests within applicable timeframes.

9. Updates.

Cribl reserves the right to update this Privacy Policy at any time without prior notice. Cribl will process User Data in accordance with the Privacy Policy that a User consented to at the time of the User’s consent. 

Upon any change to this Privacy Policy, Cribl will notify Users with a conspicuous website notice; Users’ continued use of Cribl Services constitutes consent to the updated Privacy Policy.

Past Versions: v1.0