Privacy Statement, effective as of May 25, 2018
At MuleSoft, Inc., a Salesforce company, trust is our #1 value. This MuleSoft Privacy Statement ("Privacy Statement") describes our privacy practices. Please read this Privacy Statement carefully to learn how we collect, use, share and otherwise process information relating to individuals ("Personal Data"), and your rights and choices regarding our processing of your Personal Data.
A reference to “MuleSoft,” “we,” “us,” “our,” or the “Company” is a reference to mulesoft.com, inc.
1. Processing activities covered
This Privacy Statement applies to the following processing activities:
When applications are provided by us and the application links to this Privacy Statement, this Privacy Statement applies. When applications are provided by third parties, the privacy statement of the third party applies, and this Privacy Statement does not apply.
Our websites may contain links to other websites, applications and services maintained by third parties. The information practices of such other services are governed by the third-party privacy statements, which we encourage you to review to better understand those third parties’ privacy practices.
2. Responsible MuleSoft entity
MuleSoft is the controller of your Personal Data and responsible for the collection, processing and disclosure of your Personal Data as described in this Privacy Statement, unless expressly specified otherwise.
This Privacy Statement does not apply to the extent we offer our customers the Anypoint Platform through which our customers may collect and process Personal Data from individuals.
3. What Personal Data do we collect?
The Personal Data that we collect directly from you may include the following:
We may collect information about you from other sources, including third parties from whom we have purchased Personal Data, and combine this information with Personal Data provided by you. This helps us to update, expand and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. In particular, we collect Personal Data from the following sources:
4. What device and usage data we process
We use common information-gathering tools, such as log files, cookies, web beacons and similar technologies to automatically collect information, which may contain Personal Data, from your computer or mobile device as you navigate our websites or interact with emails we have sent you.
As is true of most websites, we gather certain information automatically via log files. This collected information may include your Internet Protocol (IP) address (or proxy server), device and application identification numbers, your location, your browser type, your Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. This information is used to analyze overall trends, to help us provide and improve our websites and to guarantee their security and continued proper functioning. We also collect IP addresses from users when they log into the services as part of MuleSoft’s security features.
When you visit our websites, our servers or an authorized third party may place a cookie on your browser, which can collect information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track overall usage, determine areas that you prefer, make your usage easier by recognizing you and providing you with a customized experience.
We also use web beacons on our websites. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. Such tracking technologies are used to operate and improve our websites and email communications and track the clicking of links or opening of emails.
The following sets out how we use different categories of cookies and similar technologies, as well as information on your options for managing the settings for the data collection by these technologies:
Required cookies enable you to navigate our websites and use their features, such as accessing secure areas of the websites.
If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests.
Managing Required Cookies:
Required cookies are essential to operate the websites there is no option to opt out of these cookies. Please refrain from using our site if you do not consent to these cookies.
Functional cookies allow us to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features.
Functional cookies may also be used to improve how our websites function and to help us provide you with more relevant messages, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often.
We may use our own technology or third party technology to track and analyze usage and volume statistical information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements.
MuleSoft may also utilize HTML5 local storage or Flash cookies for these purposes. Flash cookies and HTML local storage are different from browser cookies because of the amount of, type of, and how data is stored.
Managing Functional Cookies
To manage the use of functional cookies on our websites, consult your individual browser settings for cookies. Note that opting out may impact the functionality you receive when using our websites.
To opt out from data collection by Google Analytics, you can download and install a browser add-on, which is available here.
To learn how to control functional cookies using your browser settings click here.
To learn how to manage privacy and storage settings for Flash cookies click here.
Targeting or Advertising Cookies
Managing Targeting or Advertising Cookies
See Section 4.3, below, to learn more about these and other advertising networks and your ability to opt out of collection by certain third parties.
All cookies placed by MuleSoft and listed above expire after 12 months.
As described above, we or third parties may place or recognize a unique cookie on your browser when you visit our websites for the purposes of serving you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising, advertising networks and your ability to opt out of collection by certain third parties, please visit the opt-out pages of the Network Advertising Initiative, here, and the Digital Advertising Alliance, here.
To manage the use of targeting or advertising cookies on this website, consult your individual browser settings for cookies. To learn how to manage privacy and storage settings for Flash cookies click here. Various browsers may offer their own management tools for removing HTML5 local storage.
You may opt-out from the collection of device and usage data (see "What device and usage data we process" section above) by managing your cookies at the individual browser level. In addition, if you wish to opt-out of interest-based advertising click here, or if located in the European Union click here). Please note, however, that by blocking or deleting cookies and similar technologies used on our websites, you may not be able to take full advantage of the website.
While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard that has been adopted by industry groups, technology companies or regulators. Therefore, we do not currently commit to responding to browsers' DNT signals with respect to our websites. MuleSoft takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
Our websites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third party social media network in order to share with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our website. To the extent the Social Media Features are hosted by the respective social media networks, the latter may receive information that you have visited our website from your IP address. If you are logged into your social media account, it is possible that the respective social media network can link your visit of our websites with your social media profile.
Our sites may allow you to log in using sign-in services such as Facebook Connect. These services will authenticate your identity and provide you the option to share certain Personal Data with us such as your name and email address to pre-populate our sign-up form.
Your interactions with Social Media Features are governed by the privacy policies of the companies providing the relevant Social Media Features.
5. Purposes for which we process Personal Data and the legal basis on which we rely
We collect and process your Personal Data for the purposes and on the legal bases identified in the following:
6. Who do we share Personal Data with?
We may share your Personal Data with the following recipients:
7. International transfer of information collected
Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates in other countries where we operate.
Therefore, your Personal Data may be processed outside the EEA, and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection in the EEA. In this event, we will ensure that such recipient offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers.
Our websites are not directed at children. We do not knowingly collect Personal Data from children under the age of 18. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us as described in the “Contacting Us” section below and we will take steps to delete such Personal Data from our systems.
9. How long do we keep your Personal Data?
We may retain your Personal Data for a period of time consistent with the original purpose of collection (see "Purposes for which we process Personal Data and on what legal basis" section above). We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of your Personal Data, the potential risk of harm from unauthorized use or disclosure, and whether we can achieve the purposes of the processing through other means, as well as the applicable legal requirements (such as applicable statutes of limitation).
After expiry of the retention periods, your Personal Data will be deleted. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of the data.
10. Your rights relating to your Personal Data
You have certain rights regarding your Personal Data, subject to local data protection laws. These may include the following rights:
To exercise your rights, please contact us in accordance with the “Contacting Us” section below. We try to respond to legitimate requests within one month and will contact you if we need additional information from you in order to honor your request. Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive. If you are an employee of a MuleSoft customer, we recommend you contact your company’s system administrator for assistance in correcting or updating your information.
In addition, if you have registered for an account with us, you may generally update your user settings, profile, organization’s settings or event registration by logging into the applicable website with your username and password and editing your settings or profile. To update your billing information, discontinue your account, and/or request return or deletion of your Personal Data and other information associated with your account, please contact us.
As described above, we may also process Personal Data in the role of a processor (see "Responsible MuleSoft entity" section above). If your data has been submitted to us by a MuleSoft customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with our customer directly. Because we may only access our customer’s data upon instruction from the respective customer, if you wish to make your request directly to us, please provide the name of the MuleSoft customer who submitted your data when you contact us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.
If we process your Personal Data for the purpose of sending you marketing communications, you may manage your receipt of marketing and non-transactional communications from us by clicking on the “unsubscribe” link located on the bottom of our marketing emails. Additionally, you may unsubscribe by contacting us using the information in the “Contacting Us" section below. Please note that opting-out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as information about your subscriptions or event registrations, service announcements or security information.
We take precautions including organizational, technical, and physical measures, to help safeguard against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the Personal Data we process or use.
While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions. If you have any questions about the security of our websites, please contact us via the “Contacting Us” section below.
12. Changes to this Privacy Statement
We will update this Privacy Statement from time to time to reflect changes in our practices, technology, legal requirements and other factors. If we do, we will update the “effective date” at the top of this Privacy Statement. If we make an update, we may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on our website or by contacting you using the email address you provided.
We encourage you to periodically review this Privacy Statement to stay informed about our collection, processing and sharing of your Personal Data.
13. Contacting us
To exercise your rights regarding your Personal Data, or if you have questions regarding this Privacy Statement or our privacy practices please contact us at:
Attn: Privacy Office
415 Mission Street
San Francisco, CA 94105
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the competent supervisory authority.