Confluent Privacy Statement

Effective: September 12, 2018 (view archived versions)

Confluent, Inc. and its subsidiaries (“Confluent,” “we,” “our,” or “us”) understand that privacy is important to visitors to our websites (our “Sites”) and users of our products and services (our “Products”). This Privacy Statement explains how we collect, use, and share your personal information when you use the Sites and Products that link to this Privacy Statement.

This Privacy Statement does not apply to Sites or Products that display or link to different privacy statements. This Statement also does not apply where Confluent processes the data of our customers on their behalf; our collection and processing of such data is governed by our agreements with those customers.

Click on the links below to jump to each section:

  1. PERSONAL INFORMATION WE COLLECT
  2. OUR USE OF COOKIES AND SIMILAR TECHNOLOGIES
  3. OUR USE OF PERSONAL INFORMATION
  4. SHARING OF PERSONAL INFORMATION
  5. YOUR CHOICES ABOUT PERSONAL INFORMATION
  6. HOW WE STORE AND PROTECT PERSONAL INFORMATION
  7. EUROPEAN DATA PROTECTION RIGHTS
  8. CHANGES TO OUR PRIVACY STATEMENT
  9. HOW TO CONTACT US

 

PERSONAL INFORMATION WE COLLECT

Information you provide directly. We collect and store personal information that you directly provide us through our Site, when using our Products, and other ways, such as through a customer support request, through interactions on social media, participation in a survey or promotion, application for a job, when downloading white papers on our Sites, and at events. Information we collect includes, for example, your name, job title, company name, email address, phone number, mailing address, billing address, city and country, and any data you enter into any ‘free text’ boxes on our forms. We may collect credit card numbers and other payment information if you purchase Products, such as online training, cloud services, or software subscriptions.

Information collected automatically. As further described in the “Our Use of Cookies and Other Technologies” and “Product telemetry data” sections below, we and our third-party partners automatically collect certain types of usage information when you use our Sites or Products. For example, when you visit our Site, your device’s operating system, device identifier and other device information, user agent string, Internet Protocol (IP) address, access times, browser type, and log data detailing your interactions with our Site (e.g., number of clicks, pages viewed, information searched for), and the website you visited before and after coming to our Site (i.e., referrer header) are logged automatically. When you submit a support ticket, we receive data from the user agent string of your browser, which includes device information, browser information, OS information, city, state, country, and IP address.

Product telemetry data. When you use our Products, we may also collect certain telemetry data and other data about your usage, including your IP Address and other unique identifiers in combination with information about the version of our software you are running and how it is configured, to collect and aggregate certain diagnostic and analytics information. We may combine this information with information you provide when you download our Products or provide to customer support, including the name of your organization or company. You can turn off the collection of telemetry data as described in the “Choices” section below and as described further in the applicable product documentation.

When we collect IP addresses through Control Center, KSQL, or Proactive Support, we take appropriate steps to pseudonymise the IP addresses before it is stored. We employ technical and organizational measures to prevent the reconstitution of IP addresses or reversal of pseudonymization that would allow attribution of the data to a specific individual, including segregating or not collecting any additional information that may be used for attribution. We store the pseudonymized data for 2 years.
The resulting pseudonymised data is used by us on behalf of our customers to (i) maintain and improve Control Center, Confluent Enterprise, and KSQL, and (ii) inform users whether they are running the latest version of KSQL.

Confluent Enterprise customers may choose to enable collection of more information about the Kafka broker and report it to Confluent by setting `confluent.support.customer.id’ to their assigned customer ID in the broker configuration and restarting the broker. The additional information includes bytes written to the broker, bytes read from the broker, incoming and outgoing bytes rate, number of topics and partitions in the cluster, broker configuration with some fields filtered out (such as SSL related configs, host name, etc.). This additional data is used by us to improve customer support and reduce time to support ticket resolution.

To find out more detailed information about our collection practices with respect to Control Center, KSQL, and Proactive Support please click here.

Information collected through social media and other platforms. We receive information about you when you engage with us through various third-party platforms, for example, by joining our Slack community or Google group, liking us on Facebook, connecting on LinkedIn, GitHub, or Meetup, following us on Twitter or Instagram, registering for training through WooCommerce, or sharing content from our Site on Facebook, Twitter, or LinkedIn. The data we exchange with these third-party platforms may depend upon your privacy settings with these platforms. You should review and consider adjusting your privacy settings on third-party websites and services before engaging. Do not provide us with any sensitive personal data through these platforms. We are not responsible for the data protection and use practices of these third-party platforms. Please see their privacy statements to learn how they use your information.

Third-party sources. We may occasionally receive your personal information from third party sources including our affiliates, marketing and research partners, and companies such as DiscoverOrg (contact database), Hootsuite (social media management platform), Kickfire (company database), and LinkedIn. Users of our Products may also provide your personal information when they identify you as a billing, support, or technical contact, or when inviting you to use our Products or attend our events. If you integrate or link a third-party service with our Sites or Products we may receive personal information about you from that third-party service based upon the settings and permissions you’ve established with such third party service, and that third party service’s privacy practices.

The types of information we collect from third parties may include name, company name, title, role, zip code, city, country, telephone number, and social media engagement. We use this information to maintain and improve the accuracy of the records we hold about you, identify new customers, and provide a more tailored advertising experience. We may combine this information with other information we collect about you through our Sites and Products.

When you are asked to provide personal information, you may decline. But if you choose not to provide information that is necessary to provide certain Products, those Products may not be available or function correctly.

OUR USE OF COOKIES AND SIMILAR TECHNOLOGIES

Our Sites and related online services use cookies and similar technologies to enable certain functionality and help collect information about your visit. “Cookies” are small text files, typically containing a unique string of letters and numbers, stored on your hard drive by a Site. When you return to the Site using the same browser, the Site can read the cookie and thereby gather information about your usage over time. Among other things, we use cookies and other technology to see which areas and features are popular and to count visits, which helps us to improve our Site, our Products, and your experience.

Web Beacons. We may collect information using Web beacons. Web beacons are electronic images that may be used on our Site, Products, or in our emails.  We use Web beacons to deliver cookies, count visits, understand usage and campaign effectiveness, and to tell if an email has been opened and acted upon.

Analytics and Advertising. We work with third parties to provide analytics and advertising services in connection with our Sites and Products. These third parties use cookies, web beacons, or similar technologies to automatically collect some of the information described above from visitors of our Sites and Products over time and across third party Web sites and mobile applications for purposes of analytics and advertising. We use the analytics information to analyze and improve our services. Our advertising partners use the information to try to understand your interests and show you relevant advertising about products and services from and on behalf of us and others. For more information about online interest-based advertising, and how you can opt-out of having your information used for this purpose by many of these third parties, you can visit the Network Advertising Initiative and/or the Digital Advertising Alliance. Or you can visit the websites of our advertising and analytics partners, including Adobe, Google, Kickfire (VisiStat)KwanzooMarketoVidyard, and Vimeo.

For additional information about our use of cookies and other similar tracking technologies, please see our Cookie Notice.

OUR USE OF PERSONAL INFORMATION

In general, we collect and process personal information about you with your consent, as necessary to provide the Products you use, operate our Sites and business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests as described in this Privacy Statement and in our notices to you.

For example, we may use your information to:

  • Operate, maintain and improve our internal operations, systems, Sites, and Products
  • Understand you and your preferences to enhance your experience and enjoyment using our Sites and Products, to provide recommendations, and to better market and advertise to you
  • Monitor and analyze user interactions with our Sites and Products to identify trends, usage, and activity patterns
  • Respond to your comments and questions and provide technical support or customer service
  • Provide and deliver the Products you request
  • Comply with applicable laws, rules, or regulations and cooperate and defend legal claims and audits
  • Communicate with you about promotions, upcoming events, and other news about products and services offered by Confluent and our partners
  • Plan and host corporate events
  • Protect the Site and Products, and investigate and deter against fraudulent, unauthorized, or illegal activity.

SHARING OF PERSONAL INFORMATION

We may share your personal information with your consent.  We may also share your personal information:

  • Among our affiliates, which include companies owned by or under common ownership of Confluent such as Confluent Europe Ltd., Confluent Germany GmbH, and Confluent Australia Pty Limited, all of which will be required to use your personal information as described in this Privacy Statement
  • With our partners and other third parties, such as our sponsors and co-sponsors of events, whose information we believe may be relevant to you or research and advisory firms whose reports are offered through our Sites (subject to applicable laws)
  • With third-party vendors and other service providers that we use to provide payment processing, reselling services, support ticket portals, secure transfer software, cloud hosting, video conference services, marketing automation platforms, project management tools, registration services, learning management services, collaboration and communication tools, data backup services, and professional services
  • With third-party vendors and other service providers that we use to provide payment processing, reselling services, support ticket portals, secure transfer software, cloud hosting, video conference services, marketing automation platforms, project management tools, registration services, learning management services, collaboration and communication tools, data backup services, and professional services
  • With other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business or assets by another company or third party, or in the event of a bankruptcy, dissolution, or related or similar proceedings
  • As required by law or subpoena or if we reasonably believe that such action is necessary to comply with the law or the reasonable requests of law enforcement, to enforce our Terms of Use or other agreements or to protect the security or integrity of our Sites and Products, and/or to exercise or protect the rights, property, or personal safety of Confluent, our customers, users, or others.

We may also share aggregated or deidentified data with third parties (subject to applicable laws).

YOUR CHOICES ABOUT PERSONAL INFORMATION

Access, correction, or deletion. If you wish to request access, correction, or deletion of any of your personal information held by us or a change in the way we use your information (for which we reserve the right to charge you a fee, as permitted by applicable law), please contact us at the information below. However, we may decline requests that are unreasonable, prohibited by law, or are not required to be honored by applicable law.

How to control your communications preferences. You can stop receiving promotional emails from us by clicking on the “unsubscribe link” provided in such emails or by contacting us at the contact details set forth below. In addition, you can make changes to your preferences in our Preference Center. We make every effort to promptly process all unsubscribe requests. If you opt out, we may still send you transactional communications (e.g., non-promotional emails such as emails about training and events you registered to attend and technical or security notices).

Cookies.  Most Web browsers are set to accept cookies by default.  If you prefer, you can usually set your browser to remove cookies and to reject cookies. If you choose to remove reject cookies, this could affect certain features or services of our Site or other Products.  Other choices related to information collected through the use of cookies and similar technologies are described in the “Cookies” section above. For specific opt-out links and to manage your preferences in relation to first and third party cookies please see our Cookie Notice.

Analytics and online advertising. Our third-party analytics and advertising partners may provide you with options to opt-out of certain information collection. For more information about the applicable choices they provide you, please see the “Cookies” section above and our Cookie Notice.

How to control collection of telemetry data. If you prefer that we do not collect certain telemetry data, including IP Address, through Control Center, KSQL, or Proactive Support, you can turn off the collection of this data as follows:

Control Center

  • Customers may choose to disable transmission of this data to Confluent at any time by setting ‘confluent.support.metrics.enable=false’ in the Control Center configuration and restarting Control Center. See the Confluent Enterprise documentation for further information.

KSQL

  • Customers may choose to disable transmission of this data to Confluent at any time by setting ‘confluent.support.metrics.enable=false’ in the KSQL configuration and restarting KSQL. See the Confluent Enterprise documentation for further information.

Proactive Support

  • Customers may choose to disable transmission of this data to Confluent at any time by setting ‘confluent.support.metrics.enable=false’ in the broker configuration and restarting the broker. See the Confluent Enterprise documentation for further information.

Please note that if you initiate a support request, you may be required to provide us with certain log information or other data about your systems, servers, and clients to allow us to provide such support services.

Do Not Track. There are many ways through which web browser signals and other similar mechanisms (for example, “Do Not Track”) can indicate your choice to disable tracking, and, while we and others give you choices described in this Privacy Statement, we do not currently honor these mechanisms.

HOW WE STORE AND PROTECT PERSONAL INFORMATION

Storage and processing. Your information collected through the Sites and our Products may be stored and processed in any country in which Confluent or its subsidiaries, affiliates, or service providers maintain facilities including your region, the United States, Australia, Canada, and the European Economic Area (including the United Kingdom). Our processing locations are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem. We take steps designed to ensure that the data we collect under this Privacy Statement is processed according to the provisions of this Privacy Statement and applicable law wherever the data is located.

International data transfers. When we transfer personal information from the European Economic Area (including the United Kingdom) and from Switzerland to the United States or other countries which have not been determined by the European Commission to have laws that provide an adequate level of data protection, we use legal mechanisms, including contracts, designed to help ensure your rights and protections. Specifically, our website servers are located in the United States and our affiliates, partners, third parties and service providers operate in the United States, European Economic Area, Canada, and Australia. This means when we collect your personal information we may process it in any of these countries. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Statement. The safeguard Confluent primarily relies upon is the European Commission-approved standard contractual data protection clauses. For more information about these mechanisms, please contact us using the contact details provided in the “How to contact us” section below.

Keeping your information safe. Confluent cares about the security of your information and takes reasonable and appropriate technical and organizational measures designed to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction of personal information. However, no security system is impenetrable, and we cannot guarantee the security of our systems or your information.

Lawful basis for processing personal information (EEA only). If you are located in the European Economic Area (EEA), Confluent, Inc, is the data controller of your information.

Our legal basis for collecting and using the personal information above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will indicate this at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences, if any, if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of a third party), we will indicate to you at the relevant time what those legitimate interests are.

If you have questions about the legal basis for processing or want to find out more please contact us using the details at the end of this Privacy Statement.

Retention. We retain personal information for as long as we have an ongoing legitimate business need to do so. For example, we retain your account information for as long as your account is active or as needed to provide you with Products you have requested or authorized, including maintaining and improving the performance of the Products and protecting system security. We also retain personal data as needed to maintain appropriate business and financial records, protect our legal interests, resolve disputes, or comply with legal or regulatory requirements. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will store your personal information using appropriate security measures and take appropriate steps designed to isolate it from any further processing until deletion is possible.

EUROPEAN DATA PROTECTION RIGHTS

If the processing of personal data about you is subject to European Union data protection law, you have certain rights with respect to that data:

  • You may request access to, and correction or erasure of, personal information.
  • If automated processing of your personal data is based on a contract with you or your consent, you have certain rights to data portability.
  • If the processing of personal information is based on your consent, you have a right to withdraw consent at any time for future processing.
  • You have a right to object to, or obtain a restriction of, the processing of personal information under certain circumstances.

To make such requests, contact us by email at the address below.  You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.

CHANGES TO OUR PRIVACY STATEMENT

Confluent may modify or update this Privacy Statement from time to time to reflect the changes in our business and practices, and so you should review this page periodically.  If we make any changes to this Privacy Statement, we will notify you by changing the “Last Updated” date above.  If we make any material changes, we will provide you with additional notice or obtain consent as may be required by applicable law.

HOW TO CONTACT US

If you have any questions, complaints, or concerns about how your information is handled, please email us at privacy@confluent.io.  Our main address is Confluent, Inc., 101 University Ave, Suite 111, Palo Alto, CA 94301, USA.  Our EU representative’s contact information is Confluent Europe Ltd. – EMEA, 52-54 Rosebery Avenue, Clerkenwell, London, EC1R 4RP and may be reached at privacy@confluent.io.

We use cookies to understand how you use our site and to improve your experience. Click here to learn more or change your cookie settings. By continuing to browse, you agree to our use of cookies.