Cribl has closed our Series B funding from Sequoia Capital! Learn More

Cribl.io Privacy Policy

Last Updated August 24, 2018

Version 1.00

TakTak, Inc. d/b/a Cribl.io, a Delaware corporation having a principal place of business at 156 2nd Street, San Francisco, California 94105 (“Cribl”), is committed to the privacy of visitors to the Cribl website, users of the Cribl log preprocessing software and Cribl’s other products and services, and Cribl’s customers and business partners (“Users”). This Privacy Policy explains the data that Cribl collects from Users through Cribl’s interaction with Users, including through Users’ interactions with Cribl’s employees and agents, as well as why we collect the data and what we do with it.

This Privacy Notice also explains Cribl’s commitment to the European Union’s General Data Protection Regulation (GDPR), which went into effect on May 25, 2018, and Cribl’s role and compliance with the GDPR’s requirements. The GDPR applies to companies that operate in the European Union (EU) and collect or use personal data, as well as companies operating outside of the EU that have any customers in the EU or collect any personal data of anyone in the EU. Personal data includes any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (“personal data”). The GDPR can be found at: https://www.eugdpr.org/

 

1. Cribl Services Covered by this Privacy Policy.

 

The Cribl services covered by this Privacy Policy include its website, log preprocessing software, normal business operations, and other products and services, as well as third-party services or websites used by or in the operation of Cribl’s website, the Cribl log preprocessing software, Cribl’s normal business operations, and Cribl’s other products and services (together “Cribl Services”). Cribl Services include services, software, data, information, documentation, or materials provided to Users by Cribl related to, or through, Cribl Services.

Current Cribl Services. Cribl Services currently include only Cribl’s website, Cribl’s log preprocessing software, and Cribl’s normal business operations. This Privacy Policy will only address these services; Cribl will update this Privacy Policy as Cribl releases additional products and services.

Third-party Services or Website. This Privacy Policy does not apply to any third-party services or websites to which Cribl Services may link except to the extent such services or websites are part of Cribl Services and exchange data with Cribl Services. Cribl does not control or have any responsibility for the privacy practices of third-party services or websites that are not part of Cribl Services. Cribl Services do not include social media features such as “Share” and “Like” buttons that are provided by third-party social media platforms such as LinkedIn, Twitter, and Facebook. Users should review the privacy policies of all third-party services and websites.

 

2. Information Collected and Methods of Information Collection.

 

 

A. Generally.

 

Cribl may collect data, including personal data, provided by Users to Cribl or through Cribl Services, as well as information collected regarding Users (collectively, “User Data”). Such collections include collections through Users inputting or uploading information to Cribl Services, causing information to be provided to Cribl or Cribl Services by or through third-party providers, visiting or otherwise accessing Cribl Services, filling out forms on or through Cribl Services, and downloading software, documents, or other resources from or through Cribl Services, as as information collected from third parties, including publicly available information from third-party websites like LinkedIn, Twitter, and Facebook.

Visit Data. User Data does include information automatically obtained by visiting or otherwise accessing Cribl Services that is personal data (“visit data”). Specifically, visit data includes a User’s IP address, the date and time of the User’s visit, the User’s browser and device information, information contained in cookies and tracking technologies, what parts of Cribl Services the User accessed or visited, Internet traffic information, and information from third parties, but all only to the extent to which such data is personal data. 

Cookies. The cookies used by Cribl Services include COOKIES. These cookies collect User Data such as INFORMATION.

Operational Data. User Data does not include non-identifiable information that is automatically collected by accessing Cribl Services and is not personal data (“operational data”). Specifically, operational data includes telemetric data, statistical data, or other information generated by the Cribl log preprocessing software related to the operation or performance of the Cribl log preprocessing software.

Personal Data of Children. Cribl does not knowingly receive, process, store, or otherwise use the personal data of children under sixteen years of age, nor may children under sixteen years of age use Cribl Services. If a User provides personal data of such children to Cribl or Cribl Services, the User must immediately contact Cribl, which will delete all such personal data from Cribl Services to the extent identifiable by Cribl. If the User is a child under the age of sixteen, the User must ask his or her parent or guardian to contact Cribl.

 

3. Information Collected through Normal Business Operations.

 

Cribl may collect User Data, including personal data, as part of its normal business operations, including its business operations with Users. Business operations include the management of business relationships, customer support activities, billing, and marketing activities, as well as contracting and marketing activities, and correspondence with Cribl through phone, email, or other methods. Such information includes company name, contact information of company employees and agents, financial information, payment information, purchase orders and licensing agreements, usage information for Cribl Services, and information related to Users’ users and administrators, each of which may include personal data. Cribl maintains support tickets and related records for all customer support requests and issues.

 

4. Use of User Data.

 

 

A. Generally

 

Cribl receives, processes, stores, and otherwise uses certain information through Cribl Services and normal business operations. Cribl may use User Data without restriction to the extent it does not include personal data and is not otherwise subject to contractual or legal restrictions that would prevent such use. Beyond the use described in this Privacy Policy, Cribl will process personal data only to the extent to which the applicable User or Users has or have granted express consent. Cribl does not use automatically collected User Data to identify Users personally without collecting additional consent from the affected Users. The processing and other of User Data collected using social media features is governed by the given social media platform’s privacy policies.

Lawful Basis for Processing and Normal Business Operations. Cribl may use User Data, including personal data, for processing with Cribl Services and normal business operations with Users and other persons and entities. Cribl’s use has at least one lawful basis for using User Data for these purposes, including the Users’ consent to process User Data for the purposes of performing the given User’s contract or agreement with Cribl, the necessity of processing the information to enter into a contract or agreement with a User at the User’s request, the necessity of processing the information to perform the User’s contract or agreement with Cribl, the necessity of processing for Cribl to comply with a relevant legal obligation, a User’s clear consent to the processing, and Cribl’s legitimate interests in operating Cribl Services subject to Users’ rights, interests, and revocations of consent.

Lawful Bases for Protection and Other Grounds. Cribl may use User Data, including personal data, to protect Cribl Services, Cribl’s confidential and proprietary information, and Cribl’s employees, equipment, and premises, or other persons or entities and the employees, equipment, and premises of such persons or entities. Cribl may also use User Data, including personal data, to manage and investigate suspected illegal activities, risk exposure, violations of contracts or legal requirements, fraud, and claims or other liabilities, and to cooperate with public authorities for law enforcement or national security purposes, if Cribl receives a lawful request, and as otherwise required by law.

 

B. Use of User Data Through Cribl’s Website.

 

Cribl may receive, process, store, or otherwise use personal data through Cribl’s website. Cribl is a data processor and data controller for the purposes of the GDPR and other applicable data protection laws relative to Cribl’s website insofar as it receives, processes, stores, or otherwise uses personal data, but is not a data processor or data controller relative to other Cribl services that receive, process, store, or otherwise use only operational data. Currently, Cribl’s website receives, processes, stores, or otherwise uses personal data and operational data.

Cribl’s use of User Data for processing through Cribl’s website includes operating, evaluating, maintaining, improving, developing, and monitoring Cribl Services, and providing Users with requested Cribl Services and customizing Cribl Services to Users’ needs and requests. Cribl may use User Data to monitor performance, access, usage, log, and transactional information related to the operation of Cribl’s website, and may use User Data to improve and develop Cribl Services, including as to the security of Cribl Services and the operation of services provided by Cribl’s business partners as part of Cribl Services.

 

C. Use Through the Cribl Log Preprocessing Software.

 

Cribl does not receive, process, store, or otherwise use personal data through the Cribl log preprocessing software. Cribl is not a data processor or data controller for the purposes of the GDPR and other applicable data protection relative to the Cribl log preprocessing software because the Cribl log preprocessing software does not send personal data to Cribl. Users are the data processors and data controllers for personal data processed through the Cribl log preprocessing software because only Users process and control all such personal data.

 

D. Use Through Cribl’s Normal Business Operations.

 

Cribl may receive, process, store, or otherwise use User Data, including personal data, through Cribl’s normal business operations. Cribl is a data processor and data controller for the purposes of the GDPR and other applicable data protection laws relative to Cribl’s normal business operations insofar as its normal business operations receive, process, store, or otherwise use personal data.

Cribl’s use of User Data for its business operations with Users and other persons or entities includes contacting Users, processing payments and other financial transactions with Users, contracting with Users, providing customer support to Users, billing Users, and marketing to Users when it is lawful for Cribl to do so. If a User wishes to unsubscribe from receiving marketing communications, the User may UNSUBSCRIBE PROCESS.

4. Disclosure of User Data.

Cribl does not disclose personal data to third parties except as provided in this Privacy Policy. Cribl does not sell or rent personal data to third parties. Cribl may disclose User Data without restriction to the extent it does not include personal data and is not otherwise subject to contractual restrictions that would prevent such disclosure. 

Cribl may disclose User Data with affiliated businesses and third-party service providers to assist Cribl in the operation of Cribl Services and conducting Cribl’s normal business operations, each subject to applicable contractual restrictions involving those affiliates andapplicable Users. Cribl does not disclose User Data with affiliated businesses or third-party service providers for an affiliate’s own use, but may disclose User Data with third parties in connection with a potential or actual sale of Cribl or the assets of Cribl or affiliate where User Data may be one of the transferred assets.

Cribl may disclose User Data, including personal data, to protect Cribl Services, Cribl’s confidential and proprietary information, and Cribl’s employees, equipment, and premises, or other persons or entities and the employees, equipment, and premises of such persons or entities. Cribl may also disclose User Data, including personal data, to manage and investigate suspected illegal activities, risk exposure, violations of contracts or legal requirements, fraud, and claims or other liabilities, and to cooperate with public authorities for law enforcement or national security purposes, if Cribl receives a lawful request or is otherwise required by law.

5. Protection of User Data.

Cribl takes reasonable steps to secure User Data from unauthorized access, improper use or disclosure, unauthorized modification or destruction, and accidental loss, including through encryption and pseudonymization, maximizing Cribl’s stability and uptime, using reasonable backup and disaster recovery procedures, and regular security testing. Cribl protects User Data with the same level protection whether the information is physically located inside or outside of the EU.

Cribl contractually requires affiliated businesses and third-party service providers to provide the level of protection for personal data that is required by the GDPR and will remain liable under the GDPR if one of its affiliated businesses or third-party service providers processes personal data in violation of the GDPR. However, no service can be completely secure, error free, or always available and Cribl Services and Cribl’s infrastructure may be compromised. Cribl is not responsible for unauthorized or unintended access, improper use or disclosure, unauthorized modification or destruction, or accidental loss that is beyond Cribl’s control or that occurs despite Cribl’s reasonable protections.

6. Disposition of User Data.

Cribl will generally keep User Data, including personal data, for only as long as required to fulfill the purposes for which it was collected or processed. In some circumstances Cribl, may retain User Data, including personal data, for a longer period than required to fulfill the purposes for which it was collected or processed. Such circumstances include when Cribl is required to do so to comply with a legal, tax, or accounting requirement, or when required to do so by a governmental authority. Cribl may also retain User Data, including personal data, for a longer period corresponding to a statute of limitations in order to have an accurate record of Users’ dealings with Cribl in the event of any complaints or other issues.

7. User Rights.

Subject to applicable law and regulations, a User may have rights involving his or her own personal data. A User’s rights may impose obligations on Cribl, but certain obligations may fall to the data controller for the User’s personal data instead of Cribl if Cribl is not the data controller.

A User’s rights may include the right to access, including the right to receive (1) a free copy of his or her personal data that Cribl has received, processed, stored, or otherwise used to the extent identifiable and stored by Cribl, the categories of such personal data, the purpose or purposes of Cribl’s use of such data, and whether automated decisions or profiling occurs and, if so, the  logic involved, significance, and likely consequences of such Cribl’s receipt, processing, storage, or other use of such data; (2) a list of any third-party recipients of personal data and what safeguards are in place to protect the data being transferred; (3) a list of third-party data sources of a User’s personal data not collected from the User directly; and (4) a description of how long Cribl will store personal data or, if such a period is not determinable, how the length of the period would be determined. Cribl may charge a reasonable fee for subsequent requests for, and copies of, personal data.

A User’s rights may include the right to correct, without any undue delay, any inaccurate personal data to the extent identifiable and stored by Cribl, including the right to have incomplete personal data completed where appropriate given the purposes of Cribl’s receipt, processing, storage, or other use of such data.

A User’s rights may include the right to erase, without any undue delay, personal data where the personal data (1) is no longer necessary for the purpose or purposes for which it was received, processed, stored, or otherwise used; (2) the User withdraws his or her consent regarding his or her personal data and there is no other legal basis for receiving, processing, storing, or otherwise using that personal data; (3) the User objects to the receipt, processing, storage, or other use of his or her personal data and there are no legitimate grounds for processing that personal data; (4) the personal data have been unlawfully received, processed, stored, or otherwise used; (5) the personal data are required to be erased to comply with a legal obligation, or (6) the personal data have been collected in relation to the offer of information society services.

A User’s rights may include the right to data portability where the User has the right to receive his or her personal data in a structured, commonly used, and machine-readable format, and the obligation for the data controller of the personal data to transmit those data to another data controller, without undue hindrance, to the extent such transfer is technically feasible.

A User’s rights may include the right to complain to a supervisory authority for data protection, including the User’s local supervisory authority.

8. Contacts for Privacy and User Data Issues.

Please contact Cribl at privacy@cribl.io for any questions and requests related to this Privacy Policy, including regarding Users’ rights and personal data. Please note that if you contact Cribl regarding personal data for which Cribl is a data processor, Cribl will refer your request to the applicable data controller for the User’s personal data to the extent that the applicable data controller can be identified. Cribl requires proof of identity and may charge a fee where permitted by law, especially if a User’s request is manifestly unfounded or excessive. Cribl will attempt to respond to all questions and requests within applicable timeframes.

9. Updates.

Cribl reserves the right to update this Privacy Policy at any time without prior notice. Cribl will process User Data in accordance with the Privacy Policy that a User consented to at the time of the User’s consent. Upon any change to this Privacy Policy, Cribl will notify Users with a conspicuous website banner notice; Users’ continued use Cribl Services constitutes consent to the updated Privacy Policy.