Cribl.io Privacy Policy

Last Updated May 18, 2021 

Version 2.1

Cribl is committed to the privacy of its users. This Privacy Policy explains the information that Cribl collects from users through Cribl’s interaction with users, as well as why we collect that information, what we do with it, and how we protect it. Users are visitors to Cribl’s website, users of Cribl’s products and services, and Cribl’s other customers and business partners (individually “a User” and collectively “Users”).

This Privacy Notice also explains Cribl’s commitments under laws and regulations that protect personal data, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable laws and regulations. Personal data means information relating to a User who can be directly or indirectly identified through the information, as well as information related to, or that could reasonably be linked to, a User or a User’s household (“Personal Data”).

1. Cribl Services Covered by this Privacy Policy

This Privacy Policy covers Cribl’s website, products and services, and normal business operations, as well as third-party services or websites used by or in the operation of Cribl’s website, products and services, or normal business operations (collectively, “Cribl Services”). Cribl Services includes Cribl.Cloud, LogStream Cloud, and other Cribl Services that require Users to log in to use, such as Slack and Cribl’s support platform (“Cribl Online Services”), as well as all other versions of LogStream and all versions of AppScope. Cribl Services also include services, software, data, information, documentation, or materials provided to Users by Cribl related to, or through, Cribl Services.

This Privacy Policy does not apply to any third-party services, Packs or other extensions to Cribl Services not created and provided by Cribl, or websites to which Cribl Services may link except to the extent such services, extensions, or websites are part of Cribl Services and exchange data directly with Cribl Services. Cribl does not control or have any responsibility for the privacy practices of third-party services or websites that are not part of Cribl Services. Cribl Services do not include social media features such as “Share” and “Like” buttons that are provided by third-party social media platforms such as Facebook, LinkedIn, and Twitter. Users should review the privacy policies of all third-party services, software, files, and websites.

2. Information Collected and Methods of Information Collection.

     A. Generally.

Cribl may collect data, including Personal Data, provided by Users to Cribl or through Cribl Services, as well as information collected regarding Users, except as described by this Privacy Policy (collectively, “User Data”). Such collections include without limitation Users inputting or uploading information to Cribl Services, causing information to be provided to Cribl or Cribl Services by or through third-party providers or services, visiting or otherwise accessing Cribl Services, filling out forms on or through Cribl Services, and downloading software, documents, or other resources from or through Cribl Services, as well as information collected from third parties, including publicly available information from third-party websites like Facebook, LinkedIn, and Twitter.

     (1) Limitations on Personal Data Provided by Users.

A User cannot send Personal Data to Cribl unless the User is allowed to do so by applicable law and only then to the extent allowed by applicable law and this Privacy Policy. Users must obtain all consents or other legal basis necessary to send Personal Data to Cribl and for Cribl’s use of that personal data under this Privacy Policy. Users must remove Personal Data from data sent to Cribl for customer support except for Personal Data related to the User or the User’s employees or other agents involved in seeking support and for whom the User has obtained the consent or other legal basis necessary to send that Personal Data to Cribl and for Cribl’s use of that Personal Data under this Privacy Policy.

If a User provides Personal Data that it is not allowed to send to Cribl, the User must immediately contact Cribl by email at privacy@cribl.io; Cribl will delete all such Personal Data from Cribl Services to the extent identifiable by Cribl. If Cribl becomes aware that it has received such Personal Data, Cribl will notify affected Users and delete the Personal Data from Cribl Services, each to the extent identifiable by Cribl.

     (2) Visit Data.

User Data does include information automatically obtained by visiting or otherwise accessing Cribl Services that is Personal Data (“Visit Data”). Specifically, Visit Data includes a User’s IP address, the date and time of the User’s visit, the User’s browser and device information, information contained in cookies and tracking technologies, what parts of Cribl Services the User accessed or visited, Internet traffic information, and information from third parties, but all only to the extent to which such data is Personal Data.

     (3) Cookies.

Cribl’s website and some Cribl Services use cookies to collect data, include cookies described here. These cookies may collect User Data, as well as opt-in information for this Privacy Policy, Visit Data, and other information that allows Cribl Services to recognize Users on return visits, track Users’ use of Cribl Services, save settings for Users, and otherwise deliver a consistent experience for Users. Cookie settings are separated into categories, Necessary, Analytics, Advertisement, and Functionality. Necessary cookies are required to use the Cribl’s website and store cookie settings; Users can manage cookie settings for Analytics, Advertisement, and Functionality cookies.

     (4) Operational Data.

User Data does not include non-identifiable information that is automatically collected by accessing Cribl Services and is not Personal Data (“Operational Data”). Specifically, Operational Data includes telemetry data received by Cribl through Cribl Services, statistical data, aggregate summary data, and other information generated by Cribl Services related to the operation or performance of Cribl Services where the information does not include Personal Data. This includes information on the version, instance, and license identifier of the Cribl Services being used, as well as log in dates and times, the number of events used, data volume used, and the number of resources or features such as connections, sources, destinations, and pipelines that are created or used.

     (5) Personal Data of Children. 

Cribl does not knowingly receive, process, store, or otherwise use the Personal Data of children under sixteen years of age, nor may children under sixteen years of age use Cribl Services. If a User provides Personal Data of such children to Cribl or Cribl Services, the User must immediately contact Cribl by email at privacy@cribl.io; Cribl will delete all such Personal Data from Cribl Services to the extent identifiable by Cribl. If Cribl becomes aware that it has received Personal Data of a child, Cribl will notify affected Users and delete all Personal Data of the child from Cribl Services, each to the extent identifiable by Cribl.

     B. Information Collected through Cribl Services.

Cribl may collect User Data, including Personal Data, through the use of the following Cribl Services: Cribl Online Services. Cribl may collect the following User Data through Cribl Online Services: first name, last name, email address, company name, phone number, and country.

In addition, Cribl may also collect Visit Data, Cookies, Operational Data, and information related to Cribl’s normal business operations.

     C. Information Collected through Normal Business Operations.

Cribl may collect User Data, including Personal Data, as part of its normal business operations, including its business operations with Users. Business operations include the management of business relationships, customer support activities, billing, and marketing activities, as well as contracting and marketing activities and events, and correspondence with Cribl through phone, email, or other methods. Such information includes company name, contact information of company employees and agents, financial information, payment information, purchase orders and licensing agreements, usage information for Cribl Services, and information related to Users’ users and administrators, each of which may include Personal Data. Cribl maintains support tickets and related records for all customer support requests and issues.

3. Use of User Data.

     A. Generally

Cribl receives, processes, stores, and otherwise uses certain information through Cribl Services and normal business operations. Cribl may use User Data without restriction to the extent it does not include Personal Data and is not otherwise subject to contractual or legal restrictions that would prevent such use.

Beyond the use described in this Privacy Policy, Cribl will process Personal Data only to the extent to which the applicable User or Users has or have granted express consent. Cribl does not use Operational Data to identify Users without collecting additional consent from the affected Users. The processing and other of User Data collected using social media features is governed by the given social media platform’s privacy policies.

Cribl may use User Data, including Personal Data, for processing with Cribl Services and normal business operations with Users and other persons and entities. Cribl’s use has at least one lawful basis for using User Data for these purposes, including the Users’ consent to process User Data for the purposes of performing the given User’s contract or agreement with Cribl, the necessity of processing the information to enter into a contract or agreement with a User at the User’s request, the necessity of processing the information to perform the User’s contract or agreement with Cribl, the necessity of processing for Cribl to comply with a relevant legal obligation, a User’s clear consent to the processing, and Cribl’s legitimate interests in operating Cribl Services subject to Users’ rights, interests, and revocations of consent.

     B. Lawful Bases for Use of User Data

Cribl may use User Data, including Personal Data, to protect Cribl Services, Cribl’s confidential and proprietary information, and Cribl’s employees, equipment, and premises, or other persons or entities and the employees, equipment, and premises of such persons or entities. Cribl may also use User Data, including Personal Data, to manage and investigate suspected illegal activities, risk exposure, violations of contracts or legal requirements, fraud, and claims or other liabilities, and to cooperate with public authorities for law enforcement or national security purposes, if Cribl receives a lawful request, and as otherwise required by law or regulation.

     C. Use of User Data Through Cribl’s Website.

Cribl may receive, process, store, or otherwise use Personal Data through Cribl’s website. Cribl is a data processor and data controller for the purposes of the GDPR and other applicable data protection laws and regulations relative to Cribl’s website insofar as it receives, processes, stores, or otherwise uses Personal Data. Cribl is not a data processor or data controller relative to other Cribl Services that receive, process, store, or otherwise use only Operational Data. Currently, Cribl’s website receives, processes, stores, or otherwise uses Personal Data and Operational Data.

Cribl’s use of User Data for processing through Cribl’s website includes operating, evaluating, maintaining, improving, developing, and monitoring Cribl Services, and providing Users with requested Cribl Services and customizing Cribl Services to Users’ needs and requests. Cribl may use User Data to monitor performance, access, usage, log, and transactional information related to the operation of Cribl’s website and may use User Data to improve and develop Cribl Services, including as to the security of Cribl Services and the operation of services provided by Cribl’s business partners as part of Cribl Services.

     D. Use Through Cribl’s Products and Services.

     (1) Cribl Services other than Cribl Online Services.

Cribl does not receive, process, store, or otherwise use Personal Data through Cribl Services other than Cribl Online Services. Cribl is not a data processor or data controller for the purposes of the GDPR and other applicable data protection laws relative to such Cribl Services because those products and services do not send Personal Data to Cribl. Users are the data processors and data controllers for Personal Data processed through Cribl Services because only Users process and control all such Personal Data.

Cribl uses information collected through forms in Cribl Services such as “Contact Sales” to contact Users who requested contact about sales or other requested activities.

     (2) Cribl Online Services

Cribl may receive, process, and transmit User Data containing Personal Data through Cribl Online Services only if a User sends Personal Data into Cribl Online Services. Cribl does not store any data processed through LogStream Cloud, but may store data involving other Cribl Online Services. Cribl is a data processor for the purposes of the GDPR and other applicable data protection laws relative to the use of Cribl Online Services by Users unless LogStream Cloud is installed in a User’s private cloud, in which case the applicable User is the data processor for data processed through LogStream Cloud. Users are data controllers for Personal Data processed through Cribl Online Services.

Cribl uses information collected through Cribl Online Services to create and manage accounts, verify accounts, and associate Users to accounts, as well as to manage access to, availability of, and security for Cribl Online Services, including as to information on what Users have logged in to Cribl Online Services, the availability of resources related to the operation of Cribl Online Services, and other security-related information. Cribl also uses information collected through Cribl Online Services to conduct its business operations described below.

Cribl uses information collected through Cribl Online Services by forms such as “Contact Sales” to contact Users who requested contact about sales or other requested activities.

     E. Use Through Cribl’s Normal Business Operations.

Cribl may receive, process, store, or otherwise use User Data, including Personal Data, through Cribl’s normal business operations. Cribl is a data processor and data controller for the purposes of the GDPR and other applicable data protection laws and regulations relative to Cribl’s normal business operations insofar as its normal business operations receive, process, store, or otherwise use Personal Data.

Cribl’s use of User Data for its business operations with Users and other persons or entities includes contacting Users, processing payments and other financial transactions with Users, contracting with Users, providing customer support to Users, billing Users, and marketing to Users when it is lawful for Cribl to do so.

Cribl also uses information collected through Cribl’s normal business operations to send information about Cribl Services to Users through email for Users who opt-in to receiving those communications.

If a User wishes to unsubscribe from receiving certain email communications, the User may unsubscribe by opting out of email notifications or emailing privacy@cribl.io.

     F. Use by Sub-processors.

Cribl uses the following sub-processors to process certain User Data:

  • Amazon Web Services hosts Cribl Online Services and processes User Data related to hosting Cribl Online Services based on Cribl’s legitimate business needs, including Cribl’s normal business operations, and the express consent provided by Users with subscriptions for Cribl Online Services.
  • HubSpot manages the collection of cookies used in Cribl Services and processes User Data from information collected through cookies based on Cribl’s legitimate business needs, including Cribl’s normal business operations, and the express consent provided by Users to use cookies.
  • Intercom provides communication functionality used in Cribl Services and processes User Data related to Cribl’s business relationships with Users and Cribl’s customer support activities based on Cribl’s legitimate business needs, including Cribl’s normal business operations, and the express consent provided by Users.
  • Metronome provides billing services for LogStream Cloud and processes User Data related to those services based on Cribl’s legitimate business needs, including Cribl’s normal business operations, and the express consent provided by Users with subscriptions for LogStream Cloud.
  • SalesForce provides customer management services for Cribl and processes User Data related to Cribl’s business relationships with Users and Cribl’s customer support activities based on Cribl’s legitimate business needs, including Cribl’s normal business operations, and the express consent provided by Users.
  • Slack provides customer support and communication services for Cribl and processes User Data related to Cribl’s business relationships with Users based on Cribl’s legitimate business needs, including Cribl’s normal business operations, and the express consent provided by Users.
  • Zoom provides webinar and meeting services for Cribl and processes User Data related to those services based on Cribl’s legitimate business needs, including Cribl’s normal business operations, and the express consent provided by Users who register for webinars and other meetings.

Cribl will communicate changes to its sub-processors through updates to this Privacy Policy and Cribl’s website.

4. Disclosure of User Data.

Cribl does not disclose Personal Data to third parties except as provided in this Privacy Policy. Cribl does not sell or rent Personal Data to third parties. Cribl may disclose User Data without restriction to the extent it does not include Personal Data and is not otherwise subject to contractual restrictions that would prevent such disclosure.

Cribl may disclose User Data with affiliated businesses and third-party service providers to assist Cribl in the operation of Cribl Services and conducting Cribl’s normal business operations, each subject to applicable contractual restrictions involving those affiliates and applicable Users. Cribl does not disclose User Data with affiliated businesses or third-party service providers for an affiliate’s own use but may disclose User Data with third parties in connection with a potential or actual sale of Cribl or the assets of Cribl or affiliate where User Data may be one of the transferred assets.

Cribl may disclose User Data, including Personal Data, to protect Cribl Services, Cribl’s confidential and proprietary information, and Cribl’s employees, equipment, and premises, or other persons or entities and the employees, equipment, and premises of such persons or entities. Cribl may also disclose User Data, including Personal Data, to manage and investigate suspected illegal activities, risk exposure, violations of contracts or legal requirements, fraud, and claims or other liabilities, and to cooperate with public authorities for law enforcement or national security purposes, if Cribl receives a lawful request or is otherwise required by law or regulation. 

5. Protection of User Data.

Cribl takes reasonable steps to secure User Data from unauthorized access, improper use or disclosure, unauthorized modification or destruction, and accidental loss, including through encryption and pseudonymization, maximizing Cribl’s stability and uptime, using reasonable backup and disaster recovery procedures, security policies and procedures, security services, role-based access for Cribl Services and Cribl’s systems, endpoint protection and intrusion detection technologies, and regular security and vulnerability testing. Cribl protects User Data with the same level protection no matter where Cribl stores its data.

Cribl contractually requires affiliated businesses and third-party service providers to provide the level of protection for Personal Data that is required by applicable laws and will remain liable if one of its affiliated businesses or third-party service providers processes Personal Data in violation of applicable law. However, no service can be completely secure, error free, or always available and Cribl Services and Cribl’s infrastructure may be compromised. Cribl is not responsible for unauthorized or unintended access, improper use or disclosure, unauthorized modification or destruction, or accidental loss that is beyond Cribl’s control or that occurs despite Cribl’s reasonable protections.

6. Disposition of User Data.

Cribl will keep User Data, including Personal Data, for only as long as required to fulfill the purposes for which it was collected or processed. In some circumstances Cribl, may retain User Data, including Personal Data, for a longer period than required to fulfill the purposes for which it was collected or processed. Such circumstances include when Cribl is required to do so to comply with a legal, tax, or accounting requirement, or when required to do so by a governmental authority. Cribl may also retain User Data, including Personal Data, for a longer period corresponding to a statute of limitations in order to have an accurate record of Users’ dealings with Cribl in the event of any complaints or other issues.

7. User Rights.

Subject to applicable law and regulations, a User may have rights involving his or her own Personal Data. A User’s rights may impose obligations on Cribl, but certain obligations may fall to the data controller for the User’s Personal Data instead of Cribl if Cribl is not the data controller.

A User’s rights may include the right to access, including the right to receive (1) a free copy every year of his or her Personal Data that Cribl has received, processed, stored, or otherwise used to the extent identifiable and stored by Cribl, the categories of such Personal Data, the purpose or purposes of Cribl’s use of such data, and whether automated decisions or profiling occurs and, if so, the logic involved, significance, and likely consequences of such Cribl’s receipt, processing, storage, or other use of such data; (2) a list of any third-party recipients of Personal Data and what safeguards are in place to protect the data being transferred; (3) a list of third-party data sources of a User’s Personal Data not collected from the User directly; and (4) a description of how long Cribl will store Personal Data or, if such a period is not determinable, how the length of the period would be determined. Cribl may charge a reasonable fee for subsequent requests for, and copies of, Personal Data.

A User’s rights may include the right to correct, without any undue delay, any inaccurate Personal Data to the extent identifiable and stored by Cribl, including the right to have incomplete Personal Data completed where appropriate given the purposes of Cribl’s receipt, processing, storage, or other use of such data.

A User’s rights may include the right to erase, without any undue delay, Personal Data if (1) the Personal Data is no longer necessary for the purpose or purposes for which it was received, processed, stored, or otherwise used; (2) the User withdraws his or her consent regarding his or her Personal Data and there is no other legal basis for receiving, processing, storing, or otherwise using that Personal Data; (3) the User objects to the receipt, processing, storage, or other use of his or her Personal Data and there are no legitimate grounds for processing, storing, or other use of that Personal Data; (4) the Personal Data have been unlawfully received, processed, stored, or otherwise used; (5) the Personal Data are required to be erased to comply with a legal obligation, (6) the Personal Data have been collected in relation to the offer of information society services, or (7) the Personal Data must otherwise be erased from Cribl’s Services as required by the GDPR, the CCPA, or other applicable law or regulation.

A User’s rights may include the right to data portability where the User has the right to receive his or her Personal Data in a structured, commonly used, and machine-readable format, and the obligation for the data controller of the Personal Data to transmit those data to another data controller, without undue hindrance, to the extent such transfer is technically feasible.

A User’s rights may include the right to complain to a supervisory authority for data protection, including the User’s local supervisory authority. Cribl will not discriminate against any User who exercises his or her rights under applicable data protection laws and regulations.

8. Contacts for Privacy and User Data Issues.

Please contact Cribl at privacy@cribl.io for any questions and requests related to this Privacy Policy, including regarding Users’ rights and Personal Data.

Please note that if you contact Cribl regarding Personal Data for which Cribl is a data processor, Cribl will refer your request to the applicable data controller for the User’s Personal Data to the extent that the applicable data controller can be identified.

Cribl requires proof of identity and may charge a fee where permitted by law, especially if a User’s request is manifestly unfounded or excessive. Cribl will not use Personal Data obtained to establish a User’s identity for any purpose other than the verification of the User’s identity.

Cribl will attempt to respond to all questions and requests within applicable timeframes.

9. Updates.

Cribl reserves the right to update this Privacy Policy at any time without prior notice. Cribl will process User Data in accordance with the Privacy Policy that a User consented to at the time of the User’s consent.

Upon any change to this Privacy Policy, Cribl will notify Users with a conspicuous website notice; Users’ continued use of Cribl Services constitutes consent to the updated Privacy Policy.

Copy of V2 Privacy Policy

Copy of V1 Privacy Policy