Effective Date: November 24, 2016
Thank you for trusting Cloudsmith to be responsible for your packages and your personal information. Your private information is extremely important to us, and we want you to know that we’re handling it appropriately.
Cloudsmith complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Cloudsmith has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.
Cloudsmith collects and analyzes traffic by keeping track of the IP addresses of our visitors and by collecting log file information. Your IP address is a number that is automatically assigned to the computer that you are using by your Internet service provider (ISP) or by another organization. An IP address, by itself, cannot identify you personally. However, when combined with other information, your IP address can be used to identify the computer you are using. In addition, Cloudsmith may use your IP address to estimate your geographic location.
If you register or make a purchase while on the Website, Cloudsmith may ask for Personally Identifiable Information such as your name, email address, or physical address.
Cloudsmith may also use web beacons, small graphic images or other web programming code (also known as "1x1 GIFs" or "clear GIFs"), which may be included in our web pages and email messages. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a web page or e-mail can act as a web beacon. Web beacons or similar technologies may be used for a number of purposes, including, without limitation, to count visitors to the Website, to monitor how users navigate the Website, to count how many e-mails that were sent were actually opened or to count how many particular articles or links were actually viewed.
Cloudsmith may also use embedded scripts on the Website and in connection with the provision of its Services. “Embedded scripts” are programming code designed to collect information about your interactions with a website, such as the links you click on, and may assist our customers in providing us with information used to provide the Services. The code is temporarily downloaded onto your device from our web server, our customer's web server, or a third party service provider, is active only while you are connected to the website containing the embedded script, and is deactivated or deleted thereafter.
Your web browser automatically sends information to every website you visit, including ours. For example, our server logs may receive and record information such as the pages you access on the Website, referring URLs, your browser type, your operating system, the date and time of your visit, and the duration of your visit to each page.
Log file information may also include a user agent string, a series of characters automatically sent with your Internet requests that provide information necessary for smooth Internet communications such as the operating system and browser you used. Similar to an IP address, a user agent string, by itself, does not identify you personally. However, when combined with other information, a user agent string might be used to identify the computer originating a message.
Cloudsmith may also request access to or otherwise receive information about your device location when you access the Website. Your location data may be based on your IP address. We use location data in connection with providing the Services and to help improve the Services.
Cloudsmith may assign your computer or mobile device a unique identification number ("Unique ID") based on log file information when you access the Website Cloudsmith may set a cookie on your device containing, amongst other things, the device's Unique ID. Cloudsmith uses information generated from the Unique ID for purposes of improving our Services, primarily our ability to detect fraud. Cloudsmith does not share the Unique ID or any associated data with unaffiliated third parties.
Cloudsmith may collect additional information from or about you in other ways, including responses to customer surveys or your communications with our customer service team. Cloudsmith may retain all information it collects for an indefinite period of time.
As stated above, Cloudsmith may use Personally Identifiable Information such as your name, address, telephone number, e-mail address, or other contact information we obtain from you, our customers, or our business partners, for the purposes of providing, enhancing, or improving our IP geolocation, fraud detection, demographic targeting, and other services and products.
Cloudsmith maintains one or more contact lists (with email addresses and other information) to allow Cloudsmith to communicate with individuals who do business with Cloudsmith or who have expressed an interest in the Services. We may contact you to confirm your purchases or respond to requests that you make, notify you of changes to your account or the Services, for marketing purposes, or to otherwise inform you of information related to our business or your account with us.
Cloudsmith may use the information we collect about you for a variety of website administration and customization purposes. For example, we use your information to process your registration request, provide you with services and communications that you have requested, send you email updates and other communications, customize features and advertising that appear on the Website, deliver the Website content to you, measure Website traffic, measure user interests and traffic patterns, and improve the Website and the services and features offered via the Website.
Non-identifying information includes information collected from or about you that does not personally identify you. Cloudsmith treats IP addresses, log file information, user agent strings, computer IDs, and related information as non-identifying information, except if applicable law or the Privacy Shield principles suggest us to do otherwise. Cloudsmith may use non-identifying information for any purpose. We may also combine your non-identifying information with third party data sources (including data obtained from offline sources and data obtained from our customers using the Services) in our effort to improve our Services. Unless you opt-out, Cloudsmith may share such non-identifying information with customers, affiliates, and other third parties, for any purpose.
We do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information. Although Cloudsmith does not request or intentionally collect any sensitive personal information, we realize that you might store this kind of information in your account, such as in a package repository. If you store any sensitive personal information on our servers, you are consenting to our storage of that information on our servers, which are in the United States and the European Union.
We do not intentionally collect information that is stored in your package repositories or other free-form content inputs. Information in your package repositories belongs to you, and you are responsible for it, as well as for making sure that your content complies with our Terms of Service. Cloudsmith employees do not access private package repositories unless required to for security or maintenance, or for support reasons, with the consent of the package repository owner.
If your package repository is public, anyone (including us) may view its contents. If you have included private or sensitive information in your public package repository, such as email addresses, that information may be indexed by search engines or used by third parties. In addition, while we do not generally search for content in your package repositories, we may scan our servers for certain tokens or security signatures.
If you're a child under the age of 13, you may not have an account on Cloudsmith. Cloudsmith does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will unfortunately have to close your account. Please see our Terms of Service for information about account termination.
We do not share, sell, rent, or trade Personally Identifiable Information with third parties for their commercial purposes.
We do not disclose Personally Identifiable Information outside Cloudsmith, except in the situations listed in this section or in the section below on Compelled Disclosure.
We do share certain aggregated, non-personally identifying information with others about how our users, collectively, use Cloudsmith, or how our users respond to our other offerings, such as our conferences or events. For example, we may compile statistics on the usage of particularly package formats on Cloudsmith. However, we do not sell this information to advertisers or marketers.
We do not host advertising on Cloudsmith. We may occasionally embed content from third party sites, such as YouTube, and that content may include ads. While we try to minimize the amount of ads our embedded content contains, we can't always control what third parties show.
We may share Personally Identifiable Information with your permission, so we can perform services you have requested.
Much of Cloudsmith is public-facing. If your content is public-facing, third parties may access and use it in compliance with our Terms of Service. We do not sell that content; it is yours. However, we do allow third parties, such as research organizations or archives, to compile public-facing Cloudsmith information.
Your Personal Information, associated with your content, may be gathered by third parties in these compilations of Cloudsmith data. If you do not want your Personal Information to appear in third parties’ compilations of Cloudsmith data, please do not make your Personal Information publicly available.
If you would like to compile Cloudsmith data, you may only use any public-facing Personal Information you gather for the purpose for which our user has authorized it. For example, where a Cloudsmith user has made an email address public-facing for the purpose of identification and attribution, do not use that email address for commercial advertising. We expect you to reasonably secure any Personal Information you have gathered from Cloudsmith, and to respond promptly to complaints, removal requests, and "do not contact" requests from Cloudsmith or Cloudsmith users.
Similarly, package repositories on Cloudsmith may include publicly available Personal Information collected as part of the collaborative process. In the event that a Cloudsmith project contains publicly available Personal Information that does not belong to Cloudsmith users, we will only use that Personal Information for the limited purpose for which it was collected, and we will secure that Personal Information as we would secure any Personally Identifiable Information. If you have a complaint about any Personal Information on Cloudsmith, please see our section on resolving complaints.
A cookie is a small piece of text that our web server stores on your computer or mobile device, which your browser sends to us when you return to our site. Cookies do not necessarily identify you if you are merely visiting Cloudsmith; however, a cookie may store a unique identifier for each logged in user. The cookies Cloudsmith sets are essential for the operation of the website, or are used for performance or functionality. By using our website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept cookies, you will not be able to log in or use Cloudsmith’s services.
We use Google Analytics as a third party tracking service, but we don’t use it to track you individually or collect your Personally Identifiable Information. We use Google Analytics to collect information about how our website performs and how our users, in general, navigate through and use Cloudsmith. This helps us evaluate our users' use of Cloudsmith; compile statistical reports on activity; and improve our content and website performance.
Google Analytics gathers certain simple, non-personally identifying information over time, such as your IP address, browser type, internet service provider, referring and exit pages, time stamp, and similar data about your use of Cloudsmith. We do not link this information to any of your personal information such as your user name.
Cloudsmith will not, nor will we allow any third party to, use the Google Analytics tool to track our users individually; collect any Personally Identifiable Information other than IP address; or correlate your IP address with your identity. Google provides further information about its own privacy practices and offers a browser add-on to opt out of Google Analytics tracking.
Certain pages on our site may set other third party cookies. For example, we may embed content, such as videos, from another site that sets a cookie. While we try to minimize these third party cookies, we can’t always control what cookies this third party content sets.
We use Intercom as a customer engagement platform, and each visitor and user is tracked in order to associate conversation history with your visit, your account (if logged in) and any Cloudsmith organizations you may belong to. Cloudsmith will not share any Personally Identifiable Information gathered and utilised via Intercom with third party services.
"Do Not Track" is a privacy preference you can set in your browser if you do not want online services to collect and share certain kinds of information about your online activity from third party tracking services. We do not track your online browsing activity on other online services over time and we do not permit third-party services to track your activity on our site beyond our basic Google Analytics tracking, which you may opt out of. Because we do not share this kind of data with third party services or permit this kind of third party data collection on Cloudsmith for any of our users, and we do not track our users on third-party websites ourselves, we do not need to respond differently to an individual browser's Do Not Track setting.
If you are interested in turning on your browser’s privacy and Do Not Track settings, the Do Not Track website has browser-specific instructions.
Please see our section on email communication to learn about our use of pixel tags in marketing emails.
Cloudsmith takes all measures reasonably necessary to protect Personally Identifiable Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of Personally Identifiable Information. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.
No method of transmission, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. For more information, see our Security Policy.
We provide the same standard of privacy protection to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide. We work hard to comply with the applicable data privacy laws wherever we do business. Additionally, we require that if our vendors or affiliates have access to Personally Identifiable Information, they must comply with our privacy policies and with applicable data privacy laws, including signing data transfer agreements such as Standard Contractual Clause agreements.
- Cloudsmith provides clear methods of unambiguous, informed consent at the time of data collection, when we do collect your personal data.
- We collect only the minimum amount of personal data necessary, unless you choose to provide more. We encourage you to only give us the amount of data you are comfortable sharing.
- We offer you simple methods of accessing, correcting, or deleting the data we have collected.
- We provide our users notice, choice, accountability, security, and access, and we limit the purpose for processing. We also provide our users a method of recourse and enforcement. These are the Privacy Shield Principles, but they are also just good practices.
- Cloudsmith adheres to the Privacy Shield Framework. In addition to providing our users methods of unambiguous, informed consent and control over their data, we participate in and comply with the Privacy Shield framework, and we are committed to subject any Personal Information we receive from the EU and EEA to the Privacy Shield Principles. Please read more about Cloudsmith's Privacy Shield commitments.
If you have concerns about the way Cloudsmith is handling your Personally Identifiable Information, please let us know immediately. We want to help and there are several ways available that you can contact us. You may also email us directly at firstname.lastname@example.org with the subject line "Privacy Concerns." We will respond within 45 days at the latest.
In the unlikely event that a dispute arises between you and Cloudsmith regarding our handling of your Personally Identifiable Information, we will do our best to resolve it. If we cannot, we offer an independent dispute resolution provider at no cost to you.
If we are unable to resolve your concerns after a good faith effort to address them, you may contact JAMS and submit a Privacy Shield claim. JAMS is a US-based private alternate dispute resolution provider, and we have contracted with JAMS to provide an independent recourse mechanism for any of our users for privacy concerns at no cost to you. You do not need to appear in court; you may conduct binding arbitration via telephone or video conference. If you are not based in the EU or EEA, but you would still like to use the JAMS arbitration process to resolve your dispute, please let us know and we will provide access to you.
We are subject to the jurisdiction of the Federal Trade Commission.
Cloudsmith may disclose personally-identifying information or other information we collect about you to law enforcement in response to a valid subpoena, court order, warrant, or similar governmental order, or when we believe in good faith that disclosure is reasonably necessary to protect our property or rights, or those of third parties or the public at large.
In complying with court orders and similar legal processes, Cloudsmith strives for transparency. When permitted, we will make a reasonable effort to notify users of any disclosure of their information, unless we are prohibited by law or court order from doing so, or in rare, exigent circumstances.
If you're already a Cloudsmith user, you may access, update, alter, or delete your basic user profile information by editing your user profile or contacting Cloudsmith Support via email, our contact form or via Intercom.
Cloudsmith will retain Personally Identifiable Information for as long as your account is active or as needed to provide you services.
We may retain certain Personally Identifiable Information indefinitely, unless you delete it or request its deletion. For example, we don’t automatically delete inactive user accounts, so unless you choose to delete your account, we will retain your account information indefinitely.
If you would like to cancel your account or delete your Personally Identifiable Information, you may do so in your user profile. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 30 days.
We will use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. Emails by default are not disclosed with other users, even if you belong to the same organization. This will not change how we contact you, as we always utilise your primary email address.
Depending on your email settings, Cloudsmith may occasionally send notification emails about changes in a package repository you’re watching, new features, requests for feedback, important policy changes, or offer customer support. We also send marketing emails, but only with your consent. There's an unsubscribe link located at the bottom of each of the emails we send you.
Our emails might contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email. If you prefer not to receive pixel tags, please opt out of marketing emails.