Update Effective Date: July 20, 2020
2. Our Principles
- Privacy policies should be human readable and easy to find.
- We believe that data collection, storage, and processing should be simplified as much as possible to enhance security, ensure consistency, and make our data processing and privacy practices easy for users to understand.
- Data collection practices should always meet the reasonable expectations of users.
- We always endeavor to collect the least amount of personal data and information possible.
- We are complying with key data protection laws and privacy standards such as GDPR and CCPA.
- We do not sell your personal data or information.
- Any personal data or information we collect is protected using best practice security measures.
Our core “Opt-Out” practices are described here:
3. What personal information do we collect?
We collect any personal information that you give us.
For example, we collect personal information about you when you:
- sign up or register for one of our products or services;
- create an account;
- utilize interactive features of our Website or Products;
- fill out a Website form;
- give us feedback, ideas or submissions about any of our Products;
- communicate with us through third-party social media sites;
- request technical support;
- register for white papers, web seminars, and other events hosted by us, or
- otherwise communicate with us by way of our Websites, Netdata Products, or any other means.
4. How do we collect and use your personal information?
Netdata collects and uses personal information in the following ways:
Website and Analytics: When you visit our Websites or use our Products, Netdata collects some information about your activities through certain website analytics tools. The type of information that we collect includes general information such as the country or city where you are located, the pages visited, time spent on pages, heat-map of visitors’ activity on the Website, and information about the browser you are using. Netdata collects and uses this information to pursue to our legitimate interest of enhancing the security and utility of our Website and Products.
Netdata Registry: The Netdata Registry collects anonymous statistics about user visits to the Netdata user interface, counting both individual machines and the number of users associated with each machine. If providing us this type of information is against your policies, you can run your own registry.
By using the Netdata Cloud Products, you are agreeing to allow Netdata to send you communications about our Products, but you will have the ability to opt-out of receiving marketing emails. See: https://app.netdata.cloud/sign-in?cloudRoute=/spaces.
Anonymous Usage Statistics: On certain versions of Netdata Products every time our daemon (which is a computer program that runs as a background process, rather than being under the direct control of an interactive user) is started or stopped and every time a fatal condition is encountered, Netdata collects system information and sends this information to our Website analytics tools by way of an HTTP call. The types information collected for all of these events is:
- Netdata version
- OS name, version, id, id_like
- Kernel name, version, architecture
- Virtualization technology; and
- Containerization technology
Furthermore, we collect information about any fatal events detected by the Agent, including Netdata process and thread information, along with the relevant file, function and line entry describing the fatal error.
The statistics calculated from this information we collect are used for:
- Quality assurance, to help us better understand if Netdata Products are behaving as expected and help us identify repeating issues for certain distributions or environments.
- Usage statistics, to help us focus on the parts of Netdata Products that are used most often, or help us identify the extent to which our development decisions influence our user community.
To opt-out from this automated anonymous statistics feature, you can create a file called .opt-out-from-anonymous-statistics under the user configuration directory (usually /etc/netdata).
You can learn more about this opt-out function by reviewing the information on our Website here: https://learn.netdata.cloud/docs/agent/anonymous-statistics#opt-out
Emails and Newsletters: When you sign up to receive Product updates from Netdata, sign up for the Netdata Cloud Product, or otherwise voluntarily subscribe to one of our mailing lists, you will be asked to provide some very limited personal information. Netdata collects and uses this personal information for the sole purpose of providing you relevant Product news and updates. All bulk email communications from Netdata include links to unsubscribe from our mailing lists. If you opt out and continue to use Netdata Products, we may still send you non-promotional communications, including those relating to your current Netdata accounts or your use of the Netdata Products.
Email Analytics: When you receive communications from Netdata after signing up for and consenting to receiving the Netdata newsletter, campaign updates, or other ongoing email communications from Netdata, we may use analytics to track whether you open the mail, click on the links, and otherwise interact with the materials we send you. You may opt out of this tracking by indicating that you no longer wish to receive newsletter, campaign updates, or other ongoing email communications from Netdata and using this link: https://hs-4567453.s.hubspotemail.net/hs/manage-preferences/unsubscribe-all. Netdata collects and uses this personal information pursuant to its legitimate interest to understand the interests of its users, supporters and volunteer community in order to provide more relevant news and updates.
Opting-out of Netdata marketing communications does not mean we will discontinue sending you Netdata Product related emails, which include information about updates, new releases, support and other relevant information for Netdata Product users.
Other Voluntarily Provided Information: When you provide feedback to Netdata or otherwise submit personal information to Netdata, Netdata collects and uses this personal information pursuant to its legitimate interest to better understand our user community and in furtherance of the particular program or activity to which you provided your feedback or other input.
Third Party Sources. We may obtain personal information about you from other sources, and combine that with information we collect through your access and use of our Websites and Products. For example, if you create or log into your account through a site like Google.com or GitHub.com, we may have access to certain information about you from those sites, such as your name, log-in credentials, account information and other information in accordance with the authorization procedures and privacy policies determined by those third-party websites. We may add this information to the information we have already collected from you by way of our Website in order to improve the products and services we provide you and our user community. Through GitHub.com (https://github.com/netdata) in particular, we collect information provided by the GitHub API about people who have starred, follow or comment on our open source products.
5. How do we store your personal information?
We collect, process and store personal information (including user email addresses provided when you access the Netdata Cloud Product or when you provide us personal information on our Website) in secure systems hosted by reputable third parties that provide cloud services to Netdata, subject to specific written data processing obligations that are consistent with applicable regulations and law. These data processing obligations expressly prevent these third parties from using personal information we lawfully collect, process and store except to provide Netdata services we have requested, and for no other purpose.
Netdata stores this personal information in secure third-party cloud environments pursuant to its legitimate interest in being able to identify you when we provide you access to our Products and Website, and to enhance the security of the personal information we collect.
6. Access to Your Personal Information
You are generally entitled to access personal information that Netdata holds and to have inaccurate data corrected or removed to the extent Netdata still maintains it. In certain circumstances, you also may have the right to object for legitimate reasons to the processing or transfer of personal information. If you wish to exercise any of these rights, please write to email@example.com explaining your request.
See Sections 14 and 15 below entitled “CCPA Practices” and “GDPR Practices” respectively for additional information about exercising your rights to control your personal information and data.
7. Disclosure of Your Personal Information
Compelled Disclosures: We may disclose your personal information to government or law enforcement officials or to private parties as we, in our sole discretion, believe necessary or appropriate to:
- respond to claims and/or legal process (including subpoenas);
- to protect the property and/or rights of Netdata or any third party;
- to protect the safety of the public or any person;
- to prevent or stop any illegal, unethical, or legally actionable activity;
- to comply with applicable law or regulation; or
- in response to any lawful request by public authorities, including, without limitation, to meet national security or law enforcement requirements.
Finally, we may share personal information with your consent or at your direction, including if we notify you through any of our Website or Products that the information you provide will be shared in a particular manner, and you choose to provide such information.
8. How we secure your personal information.
Netdata has implemented reasonable physical, technical, and organizational security measures to protect and safeguard personal information that Netdata processes against accidental or unlawful destruction, or accidental loss, alteration, unauthorized disclosure or access, in compliance with applicable law. However, no product or service can fully eliminate security risks. If any data breach occurs, we will post a reasonably prominent notice to the Websites and comply with all other applicable data privacy requirements including, when required, personal notice to you if you have provided and we have maintained an email address for you.
Our Security Practices: Netdata maintains information security policies, procedures, and controls governing the processing, storage, transmission, and security of personal information processed by our Website and Netdata Products. Netdata has also implemented and will maintain appropriate technical security measures, internal controls, and information security routines designed to protect personal information processed by our Website and Netdata Products against unauthorized access, acquisition, use, disclosure, or destruction. Netdata has further implemented and will maintain appropriate physical security measures designed to protect the tangible items that comprise physical computer systems and networks that store and process personal data through our Website and Netdata Products, including servers and devices. Netdata has additionally implemented and will maintain appropriate organizational security measures designed to protect personal data processed by our Website and Netdata Products against unauthorized access, acquisition, use, disclosure, or destruction.
Netdata informs its employees about relevant security procedures and their respective roles, including an annual mandatory security awareness training that addresses such employees’ rights to access personal information (if any), and informing such employees of their obligations and the consequences of violating such obligations.
Our Websites and Netdata Products are not designed for use by or directed at children under the age of 13. Consistent with the U.S. Children’s Online Privacy Protection Act of 1998 (“COPPA”), we will never knowingly request personal information from anyone under the age of 13 without requiring parental consent. Our Terms specifically prohibit anyone using the Netdata Products or Websites from submitting any personally identifiable information about persons under 13 years of age.
Any person who provides their personal information to Netdata through the Netdata Products and Services represents that they are 13 years of age or older.
If you are under 13, please do not attempt to use the Netdata Products or Websites or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible.
10. Third Party Service Providers
11. Third Party Sites
12. Transferring Data to Other Countries
Personal data transferred from the EEA (including the European Union) to the United States or outside the European Union to locations that are not deemed to have maintained adequate levels of data protection, will be made on the grounds of a data processing agreement based on the EU Standard Contractual Clauses which are approved of by the European Commission, consistent with applicable data privacy requirements.
14. CCPA Practices
These additional disclosures for California residents (e.g. “consumers”) apply only to individuals who reside in California. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt out, and requires business collecting or disclosing Personal Information to provide notice of rights California residents have and can exercise.
California Notice of Collection. We have collected Personal Information corresponding to the following categories of information enumerated in the CCPA.
- Identifiers, including name, address, email address, account name, IP address – and an ID number assigned to Your account.
- Analytics and Advertising, including engagements with our Website and Products.
- Internet activity, including history of visiting and interacting with our Website and Products, browser type, browser language and other information collected automatically.
- Geolocation data, including location enabled services such as WiFi and GPS.
For more information on what we collect, please review Section 3 above. We collect and use these categories of Personal Information for the business purposes described in Section 4 above.
We do not sell information as the term “sell” is traditionally understood. However, to the extent “sale” under the CCPA is interpreted to include advertising technology activities such as those disclosed in Section 4 entitled “How do we collect and use your personal information?”, we will comply with applicable law as to such activities.
Netdata discloses the following categories of personal information for commercial purposes to its service providers and partners:
We use and partner with different types of entities to assist with our daily operations and manage the Netdata Products and Website. Please review Sections 4, 10 and 11 for more detail about the parties with whom we share information.
Right to Know and Delete. If You are a California resident, you have the right to know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:
- The categories of Personal Information we have collected about you;
- The categories of sources from which the Personal Information was collected;
- The categories of Personal Information about you that we disclosed for a business purpose or sold;
- The categories of third parties to whom the Personal Information was disclosed for a business person or sold;
- The business or commercial purpose for collecting or selling the Personal Information; and
- The specific pieces of Personal Information we have collected about you.
In addition, you have the right to delete the Personal Information we have collected from You. However, this is not an absolute right and we may have legal grounds for keeping such data.
To exercise any of these rights, please submit a request to firstname.lastname@example.org.
In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.
Authorized Agent. You can designate an authorized agent to submit requests on Your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
Right to Non-Discrimination. You have the right to non-discriminatory treatment by Netdata, should you exercise any of Your rights.
15. GDPR Practices
Data Sub-processor. If You are a Netdata Website or Cloud Product user, Netdata and Third Party Service Providers act as your data sub-processors. Netdata primarily processes and stores your personal data, on servers located and operated within the United States. If You reside or are located outside of the U.S., we may send to and store your personal data in the United States in order to provide and operate the Netdata Cloud platform. If Your personal data that is being processed by Netdata is subject to the EU General Data Protection Regulation (“GDPR”), we shall maintain an adequate level of protection of the personal data transferred outside the EEA, either by us and/or Third Party Service Providers, in accordance with applicable laws, in particular by way executed Standard Contractual Clauses approved by the European Commission.
If You wish to exercise any of your privacy rights under GDPR, or if You need further information regarding those privacy rights, please contact us at email@example.com.
Data Controller. In limited circumstances, where Netdata processes your personal information as a data controller, you are entitled to exercise certain privacy rights under specific circumstances. These rights include:
- Right of access
- Right to rectification
- Right to erasure (Right to be forgotten)
- Right of restriction of processing
- Right to data portability
- Right to object
- Automated individual decision-making, including profiling