We, at Cloudinary Ltd., put great efforts in making sure that your personal information is safe and used properly.
This policy explains our privacy practices for processing personal information on our Cloudinary cloud-based image management solution (the "Service"). We process your personal information subject to the terms of this policy.
The summary of this policy will give you a quick and clear view of our practices. Please take the time to read our full policy.
A Summary of The Policy
The Identifiable Information That You Provide Us – If you register with the Service we will need your name, your company name, email address and password, for registration and notice purposes; your payment details (but not credit card details) to process your payment for the service and we will receive any personal information that you provide when contacting us. Read more.
The Identifiable Information That We Collect – We automatically log 'traffic/session' information including IP addresses and user agent. We collect session durations and additional activity information. Read more.
The Identifiable Information That You Upload – Your uploaded content may include personal information. Please use caution and do not upload personal information of others without their consent. Read more.
What Do We Do With Identifiable Information? – We maintain the Service, make it better and continue developing it, and protect us and the Service from misuse and law violations. Read more.
Sharing information with others – We use service providers, for example, to process payments and send email messages. We may transfer information as needed if we change our corporate structure, and we may share the information with our affiliate entities. Read more.
Disclosure of Information to Authorities – We may be required by law to disclose information to the authorities. Read more.
Aggregated and Analytical Information – Aggregated data is not identifiable. We use it for legitimate business purposes and may use standard analytical tools. Read more.
Your Choice – You may opt-out of our mailing lists and terminate your use of the Service. Our Service does not respond to Do Not Track (DNT) signals. If you are a California resident, you are entitled to your California privacy rights. Read more.
Accessing Your Personal Information - At any time you can request access to your identifiable information. Read more.
Data retention – We retain data as needed, to provide the service and for legitimate and lawful purposes. Read more.
Transfer of data outside your territory – We may store and process information in various sites throughout the globe, including in sites operated and maintained by cloud based service providers. Read more.
EU-US Privacy Shield – We are self-certified to the EU-US Privacy Shield Framework, in connection with processing personal information from EU member states. The Federal Trade Commission (FTC) has jurisdiction over our compliance. Read more.
Information Security – We implement systems, applications and procedures to secure your personal information, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. Read more.
Dispute Resolution – Contact us at: firstname.lastname@example.org or write us for every request and complaint. We will make good-faith efforts to resolve any existing or potential dispute with you. As an EU data subject, you may refer unresolved complaints to the BBB EU Privacy Shield and invoke arbitration in certain cases. Read more.
Contact Us – Please contact our Privacy Compliance Officer at: email@example.com for further information.
The Identifiable Information That You Provide
If you register with the Service through our website at: www.cloudinary.com, we will ask you to provide personal information, including your name, your company name, your email address and password.
As a paying user of the Service, we will receive your payment transaction details (for example, your name, the amount paid and the date of payment), from the payment service provider that processed your payment.
When you contact us, or when we contact you, we may receive and process any personal information that you provide us.
The Identifiable Information That We Collect
When you access the Service, our servers log certain 'traffic/session' information from your device, such as your user agent and the Internet Protocol (IP) address.
When you use the Service, we collect information about your Service activity, for example your log-in and log-out time, the duration of Service sessions, the content uploaded and downloaded, viewed web-pages or specific content on web-pages, activity measures and geo-location.
The Identifiable Information That You Upload
The content you upload to the Service, whether from your own device or from a cloud-based hosting service, including any data, text, graphic, audio and audio-visual files, may include personal information. Based on your preferences, the uploaded content may be accessible to others.
Please use caution when uploading the content, and avoid any involuntary disclosure of your personal information or disclosure of others' personal information without their consent.
What Do We Do With Identifiable Information?
We use the personal information we collect and receive to provide the Service to you and to other users, to enable the Service's tools and features, to study and analyze the functionality of the Service and users' activities, to provide support, to measure Service activity for pricing purposes, to maintain the Service, to make it better and to continue developing the Service.
We may use your email address to contact you when necessary, to send you reminders and to provide you information and notices about the Service. We may include commercial and marketing information.
We obey the law and expect you to do the same. If necessary, we may use your identifiable information to enforce our terms, policies and legal agreements, to comply with court orders and warrants, and assist law enforcement agencies, to collect debts, prevent fraud, misappropriation, infringements, identity thefts and any other misuse of the Service, and to take any action in any legal dispute and proceeding.
We commit to process personal information solely for the purposes described in this policy. To the extent relevant and possible, we will make efforts to maintain the information accurate, complete and up-to-date.
Sharing Identifiable information with others
We do not sell, rent or lease your personally identifiable information. We may share your identifiable information with service providers and other third parties, if necessary to fulfill the purposes for collecting the information, provided that any such third party will commit to protect your privacy as required under the applicable law and this policy.
For example, we will share your payment transaction details with the payment services providers, to process and verify your payments. We may use a service provider to manage our email messages transmission.
We may also share personally identifiable information with companies or organizations connected, or affiliated with us, such as subsidiaries, sister-companies and parent companies, with the express provision that their use of such information must comply with this policy.
We may report any Contributed Content and share user identifiable information, if we believe, in our sole discretion that such content is illegal or abusive or may violate any third party rights.
Additionally, a merger, acquisition or any other structural change may require us to transfer your personal information to another entity, provided that the receiving entity will comply with this policy.
We may be liable for onward transfers to third parties in violation of the Privacy Shield Principles. For further information, please below the EU-US Privacy Shield chapter of this policy.
Disclosure of Information to Authorities
We may need to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Aggregated and Analytical Information
We may use standard analytics tools. The privacy practices of these tools are subject to their own privacy policies and they may use their own cookies to provide their service (for further information about cookies, please see the 'Cookies' section in this policy).
We use anonymous, statistical or aggregated information and may share it with our partners for legitimate business purposes. It has no effect on your privacy, because there is no reasonable way to extract data from the aggregated information that can be associated with you. We will share your identifiable information only subject to the terms of this policy, or subject to your prior consent.
We will share your identifiable information only subject to the terms of this policy, or subject to your prior consent.
At any time, you may unsubscribe our mailing lists or newsletters, by sending us an opt-out request to: firstname.lastname@example.org.
At any time you may disable your account through your account page.
Note that if your personal information is included in content which was uploaded to our services by one of our customers, you may want to contact our customer who uploaded that content and request that your personal information is removed.
At any time, you may choose (opt out) whether your personal information is (i) to be disclosed to a third party, other than to third parties who act as our agents to perform tasks on our behalf and under our instructions, or (ii) to be used for a purpose that is materially different from the purposes for which it was originally collected, pursuant to this policy, or subsequently authorized by you. You may exercise your choice by contacting us at: email@example.com.
We request and collect minimal personal details that we need for the purposes described in this policy. At any time you may opt to terminate your use of the Service. Thereafter, we will stop collecting any personal information from you. However, we may store and continue using or making available certain personal information that is related to you. For further information, please read the Data Retention section in this policy.
Some web browsers offer a "Do Not Track" ("DNT") signal. A DNT signal is a HTTP header field indicating your preference for tracking your activities on the Service or through cross-site user tracking. Our Service does not respond to DNT signals.
Your California Privacy Rights
If you are a California resident, California Civil Code Section 1798.83 permits you to request in writing a list of the categories of personal information relating third parties to which We have disclosed certain categories of personal information during the preceding year for the third parties’ direct marketing purposes. To make such a request, please contact us at: firstname.lastname@example.org.
Accessing Your Personal Information
At any time you may contact us at: email@example.com and request to access the identifiable information that we keep about you. We may need to ask you to provide us certain credentials to make sure that you are who you claim you are. If you find that the information on your account is not accurate, complete or updated, then please provide us the necessary information to correct it.
At any time you may contact us at: firstname.lastname@example.org and request to access the identifiable information that we keep about you, and to verify the accuracy of the data.
Under your right of access, you may obtain confirmation from us of whether we are processing personal data related to you, receive a copy of that data, so that you could verify its accuracy and the lawfulness of its processing, request the correction, amendment or deletion of the data if it is inaccurate or processed in violation of the applicable law or the Privacy Shield Principles (as further explained below).
We will make good-faith efforts to locate the data that you request to access. Note that we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, and ask you questions to better understand the nature and scope of data that you request to access.
We may redact from the data which we will make available to you, any personal information related to others.
We retain different types of information for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements under the applicable law.
For example, we may need to keep the information about the payment transactions that you made for several years due to tax related requirements, for accounts settling, record keeping, archiving and legal issues.
We may keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable information, when we no longer need to process the information.
In any case, as long as you use the Service, we will keep information about you, unless we are required by law to delete it, or if we decide to remove it at our discretion.
Transfer of data outside your territory
Cloudinary is a web-based service. We may store and process information in various sites throughout the globe, including in sites operated and maintained by cloud based service providers. If you are a resident in a jurisdiction where transfer of your personal information to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer.
EU-US Privacy Shield
We comply with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.
We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.
Cookies are packets of information sent to your web browser and then sent back by the browser each time it accesses the server that sent the cookie.
Some cookies are removed when you close your browser session. These are the "Session Cookies". Some last for longer periods and called "Persistent Cookies".
We use both types. We use Persistent Cookies to remember your log-in details and make it easier for you to log-in the next time you access the Service. We may use this type of cookies and Session Cookies for additional purposes, to facilitate the use of the Service's features and tools.
Every browser allows you to manage your cookies preferences. Please bear in mind that disabling cookies may complicate or even prevent you from using the Service.
We and our hosting services implement systems, applications and procedures to secure your personal information, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information.
These measures provide sound industry standard security. However, although we make efforts to protect your privacy, we cannot guarantee that the Service will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
We do periodical assessments of our data processing and privacy practices, to make sure that we comply with this policy, to update the policy when needed, and to verify that the policy is displayed properly and accessible. If you have any concerns about the way we process your personal information, you are welcome to contact our privacy team at: email@example.com, or write to us at:
111 W Evelyn Ave, Suite 206
Sunnyvale, CA 94086
We will look into your query and make good-faith efforts to resolve any existing or potential dispute with you.
We have further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to the EU Data Protection Authorities. Please contact the EU Data Protection Authorities for more information and to file a complaint, at no charge. You may find the relevant contact details at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Additionally, if you are an EU data subject, you may invoke binding arbitration in certain cases, as further described in Annex I of the EU-U.S. Privacy Shield Agreement. For further information, please visit the Privacy Shield web site at: www.privacyshield.gov, or contact our privacy team.
From time to time, we may update this policy. If the updates have minor if any consequences, they will take effect 7 days after we post a notice on the Service's website. Substantial changes will be effective 30 days after our notice was initially posted.
Until the new policy takes effect, you can choose not to accept it and terminate your use of the Service. Continuing to use the Service after the new policy takes effect means that you agree to the new policy. Note that if we need to adapt the policy to legal requirements, the new policy will become effective immediately or as required.
Please contact our Privacy Compliance Officer at: firstname.lastname@example.org for further information.
Last updated: February 12, 2017.