Privacy Policy
Last Changes to Privacy Policy: March 17, 2022
This Privacy Policy (“Policy”) describes how DataRobot (“we,” “us” or “our”) collects, uses, and discloses personal data, and the choices you have related to this.
Please review this Policy carefully to understand our practices regarding your personal data. If you do not agree with the practices described in this Policy, please do not access or use our Websites or Services (defined below).
Privacy Policy Applicability
This Policy is applicable to data collected through datarobot.com, DataRobot Community, and other websites managed by DataRobot (collectively, the “Websites”), through our software products (the “Solution”) and through any other interactions you might have with us, such as through email newsletters, online and in person events, and other interactive features and communications.
This Policy does not apply to any third party websites, applications or businesses to which we link or who may link to us. You should review the privacy policies of those third parties to understand how they may collect and use your personal data.
DataRobot’s Master Subscription Agreement (“MSA”) governs delivery and use of the Solution, including any data imported into the Solution by a customer or provided by a customer to import into the Solution on a customer’s behalf (“Customer Data”). If you are applying to work with DataRobot, please see our Applicant Privacy Policy for additional information on how we handle your personal data during and after the application process.
Privacy Policy Updates
We may update the terms of this Policy at our discretion. We encourage visitors to frequently check this page for any changes.
How We Collect
We may collect your personal data when you:
- Visit our Websites, through automated cookies
- Use our Websites or Solution
- Interact with us by communicating through the Solution, Websites, by email, by social media, or by telephone
- Participate in our online communities, blogs or other forums
- Register for or attend an online or in person event sponsored by us
- Submit an application to work for us
What We Collect
The types of information we collect from you may differ depending on how you interact with us.
Personal Data We May Collect from You
- Your name, username, email address, postal address, phone number, and other contact information
- Your employer, job title and other employment related information
- Records of your correspondence with us or on our forums
- Information you provide through other types of interactions, such as surveys, events, social media, or other communication with us
Personal Data You May Provide to Us
- Device and connection information, including IP address, unique device identifiers, browser type, browser language, and other transactional information
- Approximate location information based on your IP address
- Cookies and tracking technologies that analyze your interaction with our emails, use of the Websites, show traffic data, and log files such as time of access, date of access, software crash reports, session identification number, access times, and referring website addresses (see our Cookie Policy for more information)
- User Metrics: When you use the SaaS version of the Solution, we may automatically collect and analyze data about your usage of the Solution using our User Activity Monitor. This data includes technical logs, frequency of logins, number of models deployed, and feature usage and engagement. For a full list of data points collected through the User Activity Monitor, please see User Activity Monitor Report Types (collectively “User Metrics”). When you use the on-premise version of the Solution, we can only analyze User Metrics if you provide those to us or the organisation that you work for provides those to us. The User Activity Monitor is also accessible to your admin user so that customers may review their own User Metrics. For SaaS users, in addition to the data points collected through our User Activity Monitor, we may collect user interaction and navigation data, including clickstream and mouse tracking. When we use User Metrics for any purposes other than those described below, it is anonymized of personal data and Customer Data in accordance with applicable law.
- Metadata: When you use the SaaS version of the Solution, we may automatically collect and analyze data that describes your Customer Data, models and projects. This includes data points such as dataset summary statistics, dataset size, project type, model accuracy metrics, run times, project and model flags or errors, specific models and blueprints run, and the parameters of such models and blueprints (collectively “Metadata”). When you use the on premise version of the Solution, we can only analyze Metadata if you provide it to us or the organisation you work for provides it to us. Metadata is always anonymized of personal data and Customer Data.
Personal Data We May Receive from Third Parties
- Business contact information from third party providers, such as event co-hosts, B2B intelligence platforms, or your company, if the Solution is provided to you via your company
- Publically available data from third party sources, like social media
Personal Data Required by Contract
When you sign up for a DataRobot account to access the Solution, we require certain minimum personal information from you. This includes your name and email address. This personal data is contractually required under our MSA, which you must agree to in order to access the Solution. If you do not provide this data, you will not be granted access.
How We Use Your Data and Legal Basis for Processing
How we use your personal data depends on how you interact with us. The specific purposes for which we use the data we collect about you are listed below. In some jurisdictions, including those subject to the EU General Data Protection Regulation (“GDPR”) or UK General Data Protection Regulation (“UK GDPR”), we may only process your personal data when we have a legal basis to do so. Our legal basis for processing your personal data is listed with each purpose for processing below.
- To provide and support the Solution and Websites. We use your personal data to provide and support the Solution and Websites. As part of doing so, we may send you service announcements, technical notices, security alerts, billing and support-related messages related to your account or transactions with us, through the Solution or by email. You may not opt out of these messages, as they are considered part of the Solution.
Legal Basis for Processing: We may have a contractual obligation to you, or to your company, to provide you with access to and support for the Solution, which requires the processing of your personal contact data. Otherwise, we have a legitimate interest in providing you access to and support for our Websites.
- To provide an individualized experience on the Solution and Websites. We use the information we collect to personalize content and experiences on our Solution and Websites, to better understand your interests and make personalized recommendations based on your interests, and tailor your experience with us to your preferences.
Legal Basis for Processing: We have a legitimate interest in processing your personal data to improve your experience with us.
- To understand and manage our relationship with you. We use your personal data to understand your use of the Solution and Websites so that we can monitor the health of our relationship with you, and for our enterprise users, identify usage trends and suggest new services or features based on your company’s usage of the Solution. We also report this data back to our enterprise customers, so that you can maximize your company’s use of our Solution.
Legal Basis for Processing: We have a legitimate interest in making sure that you are getting the full value out of your use of the Solution and Websites, identifying product champions, and making suggestions to optimize your usage or subscriptions.
- To communicate with you. We will send you emails or otherwise communicate with you in response to your questions, feedback or comments. For example, we will respond to comments on our Community boards, and answer questions sent to us through the Websites. We may also contact you with personalized messages via email, telephone, or on social media if we identify that because of your experience or background that our Solution might be of particular interest to you. You can also opt into receiving emails about new product features and services. You can always opt out of these communications by following the opt out instructions in the message or by contacting us through the contact information listed below.
Legal Basis for Processing: We have a legitimate interest in corresponding with you when you have contacted us, or when we have identified you may have a particular interest in the Solution (when not prohibited by law). Otherwise, when processing your personal data for marketing communications, we rely on your consent.
- To create anonymous data for use in product development. We may remove personal identifiers from data containing personal information so that it cannot be traced back to an individual, and aggregate it by combining it with the data from multiple sources and/or individuals. We may use this data to understand feature adoption and feature gaps, make product depreciation decisions, and make product development decisions. When using collected data for product development, we will always remove all personal data and Customer Data.
Legal Basis for Processing: We have a legitimate interest in creating anonymized data so that we can use that data to improve the Solution.
- For security, compliance, fraud prevention and safety. We may use your personal data as we believe appropriate to investigate or prevent violation of the law, our MSA, our Terms of Service, to secure the Solution, to protect our, your or others’ rights, privacy, safety or property; and to protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. We may also use the information we collect about your device to detect users violating our MSA or Terms of Service and prevent further violations.
Legal Basis for Processing: We have a legitimate interest in protecting ourselves and our users against unauthorized use of our Solution and Websites to ensure the security of the data processed within them. We are also obligated to process certain personal data to monitor compliance with our MSA and performance of other agreements we may have with you.
- For compliance with law or to investigate legal claims. We may use your personal data to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities. We may also use your personal data where permitted by law in connection with any legal investigation and to prosecute or defend legal claims.
Legal Basis for Processing: In certain rare circumstances, we may rely on compliance with a legal obligation or protection of vital interests in the event of a legal investigation or request from a law enforcement or governmental entity. As a global company, there are a wide variety of laws that might compel processing of your data under this legal basis, but they may include the following types of laws: civil and commercial laws, criminal laws, consumer laws, and corporate and taxation laws.
- With your consent. In some cases we may ask for your consent to collect, use or share your personal data in ways we have not described here. When we do that, we will always record your consent and you may change your mind and opt out by contacting us via the methods listed in the Contact Us section
How We Share Your Data
Except for as mentioned below, we do not share your personal data with any other companies. We will not sell or rent your personal data as part of a customer list or similar transaction.
We may share your personal data as follows:
- With Affiliates. We may share your personal data with our subsidiaries, joint ventures, or other companies under common control, in which case we will require those entities to honor this Privacy Policy. As a global company, we have employees employed by subsidiary companies across the world. We may share any of the data listed above with any of these affiliated companies.
- With Business Partners. We may share your personal data with our business partners with whom we develop product integrations for our users, or partners who help us host our events. For our event partners, we will only share your contact data, and only if you have consented to it at the time of registration. If you would like to withdraw your consent you can contact us as provided in the Contact Us section.
- With Third Party Agents and Service Providers. We have third party agents and service providers that perform functions on our behalf, such as hosting, billing, push notifications, storage, bandwidth, content management tools, analytics, customer service, fraud protection, etc. These entities may have access to your personal data to the extent needed to perform their services. All such third parties are contractually obligated to maintain the confidentiality and security of your personal data, and are restricted from using your personal data other than to provide their services.
- With Social Media Widgets. Our Websites may include social media features, such as Facebook, Twitter, Instagram and Tumblr widgets. These features may collect your IP address, the pages you visit on the Websites, and set cookies to enable the features. They are either hosted by a third party or directly on our Websites. Your interactions with these features are governed by the privacy policy of the company providing them, not this Policy.
- By Linking to Third Party Sites. Our Websites may link to other websites or services operated by third parties, whose privacy practices may differ from ours and are governed by their own privacy policies, not this Policy. We do not control or endorse any of these third party websites or services, and we encourage you to carefully review the privacy policy of any website you visit.
- With Law Enforcement, Government Entities, and Other Companies and Organizations. In rare circumstances, we may share your personal data with law enforcement or governmental entities for compliance with the law or to investigate legal claims. In the event of confirmed fraudulent activity, we may also exchange information with other companies and organizations for fraud protection.
- Through Business Transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal data, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization, sale of assets or in the event of bankruptcy.
Our Products
The Solution may be used to process personal data on behalf of you, our customer. We may not have any direct relationship with the individuals to whom the data belongs. Individuals who would like to access, correct or delete personal data processed by us on behalf of our customers should direct their questions to our customers, who are the data controllers. We use and disclose this personal data as permitted by our customer agreements and as required by law.
Data Retention
We will retain your personal data as needed to fulfill the purposes for which it was collected. We may retain your information as needed to provide you services, comply with our business requirements and legal obligations, resolve disputes and enforce our rights and agreements.
Following termination or deactivation of your account, we will delete your Customer Data, and anonymize your User Metrics, but may retain your contact information, user profile, and other personal data in our records. When the purpose for which your personal data was collected no longer exists and there is not a business or legal reason to retain your personal data, DataRobot will securely delete or anonymize your data. To request deletion of your personal data before the expiry of our retention period, please see the Contact Us section.
Data Security
We take security very seriously. We take appropriate measures, including organizational, technical, and physical precautions to help protect against unauthorized access to, alteration of, or destruction of your personal data.
While we follow industry standards and best practices to protect your data, no transmission of data over the Internet or any public network can be guaranteed to be 100% secure.
Payment Information
Any payment card information you use to make a purchase with us is collected and processed directly by our payment processor, Stripe, Inc. We will never receive or store your full payment card information. You should review Stripe’s privacy policy prior to making a purchase.
Children’s Data
The Services and Websites are not directed to anyone under the age of 18. A parent or guardian who becomes aware that his or her child under the age of 18 has provided us with personal data may Contact Us and we will attempt to delete the child’s data as soon as possible.
Your Data Rights
We respect your control over your personal data and, upon request, we will confirm whether we hold or are processing data that we have collected from you. You also have the right to amend or update inaccurate or incomplete personal data, request deletion of your personal data, or request that we no longer use it. Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or fulfillment involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe and provide you an explanation.
You can always contact us as provided in the Contact Us section to exercise these rights. You may also be able to take action yourself through the methods listed below.
- View, correct and delete your account information. If you use the Solution or have an account through our Websites, you can view, update and delete certain information directly through your account.
- Opt out of communications. You can opt out of receiving future marketing communications from us by clicking the unsubscribe link within a marketing email, by responding to our emails with the subject line “Opt Out,” or by updating your profile settings. Please note that you generally can’t opt out of service related communications.
- Deactivate your account. If you would like to stop using our Solution, you or your administrator may be able to deactivate your account. Please be aware that depending on how you use our Solution and Websites, this may not delete all of your information.
- Turn off cookies. See our Cookie Policy to learn how to control browser based cookie controls.
International Transfers of Data
We are a global company headquartered in the United States, with entities, operations and service providers situated around the world. Your personal data may be transferred outside of your local jurisdiction, to countries without an adequacy decision by the European Commission. We have put appropriate safeguards in place to ensure that your personal data receives an adequate level of security regardless of the country in which it is processed. This includes entering into agreements with written assurances from our services providers, including, as required, standard contractual clauses for the transfer of personal data as approved by the European Commission and the British Information Commissioner’s Office. Depending on the particular circumstances of the transfer, we may use the GDPR Standard Contractual Clauses Controller – Controller, Controller – Processor, or Processor – Processor, and/or the UK Standard Contractual Clauses Controller – Controller or Controller to Processor. Our standard contractual clauses can be provided upon request.
European Residents
If you are located in the European Economic Area, Switzerland, or United Kingdom, you have additional data privacy rights that include the right to:
- Access, correct update or request deletion of your personal information
- Object to the processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information
- Opt out of marketing communications we send you at any time
- Withdraw your consent for processing, if we are processing your personal data based on consent. Note that withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal; and
- Make a complaint to a data protection authority about or collection and use of your personal data.
To exercise these rights, please contact us as provided in the Contact Us section below.
California Residents
This Policy contains a list of the categories of personal data we collect, and have collected for the past twelve months.
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”) that include the right to:
- Request access, correction and deletion of your personal information;
- Opt out of the sale of your personal information; and
- Not be discriminated against for exercising one of your CCPA/CPRA privacy rights.
Please note that we do not sell the personal data that we collect.
To exercise your rights, please contact us as provided in the Contact Us section. You will not be discriminated against for exercising your privacy rights under the CCPA and CPRA. In order to protect your personal data from unauthorized access or deletion, we may require you to provide additional information for verification. If we can’t verify your identity, we will not provide or delete your data.
Contact Us
If you have any questions about this Policy, or to exercise any of your data privacy rights, please email us at privacy@datarobot.com. You can also contact us at our mailing address below:
225 Franklin Street, Floor 13
Boston, Massachusetts 02110
USA
Attn: Data Protection Officer
We’ve updated the terms of the DataRobot Privacy Policy. By continuing you confirm that you’ve read and understood the Policy. Read Policy