Terms & Policies

We take privacy policies seriously and we value transparency.

Privacy Policy

Effective day 31 March 2018.

By using the LaunchDarkly.com website ("service"), or any services of Catamorphic, Co ("Catamorphic"), you are agreeing to be bound by the following privacy policy ("privacy policy"). If you are entering into this agreement on behalf of a company or other legal entity, you represent that you have the authority to bind such entity, its affiliates and all users who access our services through your account to these terms and conditions, in which case the terms "you" or "your" shall refer to such entity, its affiliates and users associated with it. If you do not have such authority, or if you do not agree with these terms and conditions, you must not accept this agreement and may not use the services.

This privacy policy is effective March 31st, 2018. All previous privacy policies are here. When we update our privacy policy, we will provide a changelog that describes the differences between the two.

Who Are We?

LaunchDarkly is a Software-as-a-Service (SaaS) platform provider that serves companies looking to implement feature flags in their overall software development lifecycle. Feature flags allow software developers to change application behavior from outside of the application without redeploying their code. This has a number of benefits including a separation of risks, ability to deliver different experiences in a targeted manner, and the lower administrative burden of software release. LaunchDarkly provides a turnkey robust feature management solution that offers high availability, scalability, and audit control.

Because LaunchDarkly customers themselves have customers, language can get very confusing. In this document, we refer to our customers (Companies who utilize our platform in their software) as members (team members). We refer to the customers of those members to be "users" or "end-users". When the generic pronoun "you" is used, it is meant to refer to anyone reading this policy and can generically mean anyone who interacts with our website, a member of our services, or a user of one of our members.

This policy largely deals with members, how we keep their data safe, and how we are allowed to use their data. If you are an end-user of one of our member's services, then you should consult their privacy policy instead, as the member policy applies to the information collected instead of this policy. LaunchDarkly collects data from our members about their user under their direction, but we do not have a direct relationship with users themselves. This policy applies to the data as long as we retain the data.

This policy does not cover third party websites, products, or services even if they link to our services—you should consider their own privacy policies carefully. If you disagree with the practices described in this policy, then you should (a) take necessary steps to remove cookies from your computer after leaving our website, and (b) discontinue your use of our services.

How Do We Use Data?

The data we collect depends on how our services are used. We receive some data directly, like when you visit one of our web properties, sign up for a trial, or send us email. Other times, we get data indirectly, like when we record that you visited one of our websites using technologies like cookies. We also get data from third parties, like from our members when they pass data to us to process.

The collection and use of data is essential to the value that we provide as a service, as well as improve on the services we provide; but we aim to do our best to keep data safe and secure.

Data We Collect

  1. Personal Data. We call data that identifies, or could be used to reasonably identify you as "Personal Data". We collect Personal Data in various ways, like when you register for trial accounts or interact with our sales team. Personal Data does not include data that has been anonymized, psuedonymised, or minimized such that it cannot be reasonably associated with a person.
  2. Service Data. We call data that our members send to us about their users "Service data". LaunchDarkly's core service allows our members to submit details about their end-users to enrich their experiences through our platform. Our members have a responsibility to understand the data they send to us and to take the appropriate disclosures, precautions, and responsibilities regarding the content of the service data they provide to us.
  3. Other Data. We call any other data that is not Personal Data or Service Data "Other Data". We collect Other Data through a variety of sources. One of those sources are cookies and other technologies that record data about the use of our website. Other data that we may collect include:
    • Browser and device data, such as IP address, device type, operating system and internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the version of the Services you are using;
    • Transaction data, such as purchases, purchase amount, date of purchase, and payment method that you have submitted to us as a course of ordering our services;
    • Cookie and tracking technology data, such as time spent on the Services, pages visited, language preferences, and other anonymous traffic data; and
    • Company data, such as a company's legal structure, product and service offerings, jurisdiction, company records, and information submitted to us by you in interacting with our sales team.

How We Use Data

We collect information about our customers for the following reasons and not for other reasons:

  1. Personal Data. We and our service providers use Personal Data to provide our Service. Examples of how we use personal data include:
    • Enumerating you and your team for the purposes of access to our platform
    • To deliver information to your subscribed applications in order to provide service
    • To respond to inquiries, send service notices, and provide customer support
    • For audits, regulatory purposes, and compliance with industry standards
    • To develop new products
    • To send marketing communications
    • To improve or modify our services
    • To conduct analysis and develop insights that enable us to operate, protect, make informed decisions and report on our business.
  2. Service Data. We utilize service data for no purpose except to deliver the functionality that our platform provides to our members.
  3. Other data. We utilize other data in a number of ways, but we comply with applicable law and contractual agreements. In some areas, like the European Economic Area Countries, we may be required to treat Other Data like Personal data. In areas where this is the case, we will process this data as if it were Personal data under our privacy policy.

How We Disclose Data

LaunchDarkly does not sell Personal Data or Service Data to marketers or unaffiliated third parties. Data collected by LaunchDarkly will only used for the purposes of furthering, improving, and expanding the LaunchDarkly business. We share Personal and Service Data with the following third parties:

  1. To LaunchDarkly Service Providers. In order to deliver the services that make up the LaunchDarkly Product, we rely on service providers (e.g. infrastructure providers, and affiliated) to provide key functionality both in the operation of our product as well as the operation of the LaunchDarkly company.
  2. To our members. We process and collate service data that is provided to us by our members in order to deliver the services to our members.
  3. To third parties. In the event of a reorganization, merger, sale, joint venture, assignment, transfer of any part of our business to third parties.
  4. Safety, Legal and Law Enforcement. We use and disclose data as we believe necessary under the applicable law, to enforce our own terms and conditions, to protect our rights, privacy, safety, or property, as well as to respond to requests from courts, law enforcement, regulatory agencies, and government authorities, which may include countries outside of your country of residence.

Security and Notification of Breaches

LaunchDarkly takes security very seriously, and if you have reason to believe that your data or someone elses data is no longer secure, please contact security@launchdarkly.com.

In the event of a security breach, we will take take necessary measures to ensure the continued safety of data and contact affected parties within a reasonable amount of time about the scope and scale of the unauthorized disclosure.

Retention Period

We retain data as necessary to provide the services as described in this policy unless a longer retention is required by law. For personal data, we retain information about you until are no longer a customer, though some data is retained for the purposes of audit. Service data is retained for a period of no more than 30 days, save for data that is required as a part of audit control.

The above principals of how we will manage the data, use the data, protect the data, and remove the data will apply for as long as we control the Personal data.

User of Service by Minors

LaunchDarkly's core services are not directed to minors and we request that minors do not provide to us any Personal Data. We rely on our members, when acting in the role of a Data controller, to take responsibility for making sure their users' privacy rights are respected and ensuring that the appropriate disclosures are made about third party collection and use.

Right to Access, View, or Remove Your Information

You have a right to access the personal information we hold about you. Whenever you use our site or LaunchDarkly Services, we strive to make sure that your Personal Information is correct. If that information is wrong, we give you tools and methods to update it quickly or delete it, unless that information is necessary for legal or business purposes. When updating your Personal Information, we may ask you to verify your identity before making changes. We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing new systems or fundamentally changing our existing practice), risk the privacy of others, or would be extremely impractical (e.g. requests concerning information on our backup systems). Because we protect information from accidental or malicious destruction, after data is removed from our servers, it can take some time for that data to be purged.

To request removal of your Personal Information from our site or services, contact us at privacy@launchdarkly.com. LaunchDarkly cares deeply about the sanctity of your data and our privacy team will manage each request on a case by case basis.

We totally understand your right to have us stop contacting you. We endeavor to give you the ability to control the way we contact you. You may use the the links at the bottom of each communication to opt-out of further communications.

If you are a user of one of our member's services and need to correct, amend, or delete inaccurate data about you, please contact the member—in this case, they are the data controllers. We will comply with the wishes of our members should they direct us to take action about the modification/removal of collected data.

Jurisdiction

Our services are global and Data (of all classifications) may be stored and processed anywhere where we or one of our service providers has services. We may transfer data to countries outside of your country of residence, which may have different rules applicable to your data. LaunchDarkly will take measures to ensure that any transfers comply with applicable laws and your data remains protected as per this policy.

How Do I contact the LaunchDarkly Data Privacy Officer?

LaunchDarkly's Data Privacy Officer is Tim Wong, and you can contact him at privacy@launchdarkly.com.

Does LaunchDarkly adhere to Privacy Shield?

We're committed to the Privacy Shield principles of notice, choice, accountability, security, data integrity and purpose limitation, access and recourse, and are certified by the U.S. Department of Commerce. LaunchDarkly's Privacy Shield notice can be found here, which means that we are deemed to provide "adequate" privacy protection which is a requirement for the transfer of personal data under the General Data Protection Regulation (GDPR).

Is LaunchDarkly compliant with the General Data Protection Regulation (GDPR)?

LaunchDarkly has taken steps to elect a Data Privacy Officer, to ensure that we have adequate data protection policies, procedures, and practices, and has completed Privacy Shield certification. As of April 2nd, 2018, we believe that we are fully in compliance with the provisions and principles of GDPR.

Of course, GDPR isn't just a line in the sand, but a continual journey—LaunchDarkly is committed to adapting to the changing landscape of privacy and renewing its practices as the landscape evolves.