Privacy Statement

January 20, 2023

The privacy and security of your personal information is important to us.

This Privacy Statement (“Statement”) describes what and how StackPath, LLC and Highwinds Network Group, Inc. (“StackPath”, “we”, “our”, and “us”) gathers and how we may use personal information. This Statement applies to: (i) users of the website www.stackpath.com (the “Site”); (ii) users of StackPath services and related offerings that reference or link to this privacy statement (the “Service(s)”); (iii) information gathered from visitors to websites using the Services; (iv) data subjects that interact with StackPath via offline methods (e.g. conference participants); and (v) website job applicants. (i), (ii), (iii), (iv) and (v) individually and collectively are referred to as “User(s)” or “you”. It also describes your choices regarding use, access and correction of your personal information. The use of personal information we collect shall be limited to the purposes of providing the StackPath services and related offerings for which the user has engaged StackPath.

1. EU – U.S. Privacy Shield and Swiss – U.S. Privacy Shield Participation

StackPath participates in and has certified its compliance with the EU – U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.  StackPath has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between any terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

StackPath transfers personal data collected and received from EEA member countries, United Kingdom and Switzerland to the U.S. StackPath is committed to subjecting all personal data received from the European Economic Area, United Kingdom and Switzerland, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, and to view our certification visit the U.S. Department of Commerce’s Privacy Shield List.

Under the Privacy Shield Framework, we are responsible for the processing of personal data we receive, under each Privacy Shield Framework, and subsequently transfer to a third-party acting as an agent on our behalf. StackPath complies with the Privacy Shield Principles for all onward transfers of personal data from European Economic Area, United Kingdom and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, StackPath is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

2. Inquiries and Complaints Process for Privacy Shield Data and Data Processed in the European Economic Area

If you reside in an EEA member state or Switzerland, and your personal data are transferred to the U.S. pursuant to the Privacy Shield: In compliance with the Privacy Shield Principles, StackPath commits to resolve complaints about our collection or use of Users’ personal information. Please direct questions or complaints regarding our Statement to us using the Contact Information provided below. We will communicate with you in reply. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

If you reside in an EEA member state or Switzerland, and we process your personal data in an EEA member state or Switzerland: If you have a question or complaint regarding the processing of your personal data, you may in the first instance contact the Company’s Privacy Office using the Contact Information provided below. If you are unsatisfied, then you have the right to lodge a complaint with an EEA Data Protection Authority.

Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Under the Privacy Shield Framework, we are responsible for the processing of personal data we receive and subsequently transfer to a third party acting as an agent on our behalf. StackPath complies with the Privacy Shield Principles for all onward transfers of personal data from the EEA and Switzerland, including the onward transfer liability provisions.

Where we are processing data received from or collected on behalf of our Clients: StackPath collects information under the direction of, and receives information from, its clients and has no direct relationship with the individuals whose personal data it processes under these circumstances. If you are a customer of one of our clients and would like to make an inquiry or complaint, please contact the client that you interact with directly.

3. Information We Collect or Receive

We only collect, use, share, store, or otherwise process your personal information when we have an appropriate legal basis. For example, we may process your personal information as necessary to provide services that are subject to the contract terms you have agreed to, such as our end user license agreements or service terms and conditions.

We may process your personal information when necessary to comply with legal obligations or for purposes of pursuing legitimate interests (such as providing products and services, preventing fraud, enforcing legal claims, and security purposes), if doing so is consistent with your rights and appropriate to the context, such as providing Services, the Site, performing internal analytics, and conducting reasonable monitoring of your use of our Site or Services to prevent misuse of our Site or Services and fraud. Additionally, we may, in certain cases, ask you for your consent for certain processing of your personal information.

We collect personal information through the Site and websites using the Services, such as name, address, postal code, email address, phone number, IP address, username, password, tax identification number, social security number, billing (e.g. financial account number, debit and credit card number), location data and other information a User provides. We collect the following information related to website job applicants: resume, citizenship/employment eligibility, confirmation that applicants are over 18 years old or older, information provided answering questions relevant to the posting (and if an applicant decides to voluntarily disclose it: gender, race/ethnicity, veteran status, self-identification of disability).

We may use this information for the following purposes:

  • operate, maintain, and improve the Site and Services.
  • respond to comments and questions and provide customer service.
  • send information including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
  • link or combine user information with other personal information.
  • process your website job application and verify your suitability to the applied position.
  • protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
  • business and product development.
  • customer service, relationship and/or account management.
  • payment processing.
  • social media campaigns.
  • market research and development.
  • direct marketing communications.

We will only use this information for the purposes for which we collected or received it, unless we reasonably consider that we need to use the information for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Our Customers use our Services to build and deploy their applications, services, and workloads at the edge with edge computing and generally use our Services to protect their edge. If you provide personal information through our Services, StackPath shall process this information as a data processor on behalf of its Customers. Unless StackPath uses some of this information for its own purposes (as described above). As a processor, StackPath may collect and process our Customers data, including sensitive personal information. Our Customers include but are not limited to companies from the Media, Entertainment, Advertising, Publishing and Technology industries.

We also use information as described in the section on Tracking Technologies, below.

Our Sites and Services are not for use by persons under 18 years of age. We do not knowing collect personal information from children under 18 years of age. We do not knowingly permit children under age 18 to register for any website, application, product or service.

4. Sharing of Personal Information

We do not sell your personal information for monetary consideration. We will only share personal information:

  • for legal, protection, and safety purposes. This includes: (i) as required by law, such as to comply with a subpoena or similar legal process, investigate fraud, or respond to a government request (ii) protecting the rights and property of StackPath, our clients, Users, and others, including enforcing our agreements, policies, and AUP; (iii) in an emergency, including for the safety of our employees, Users, or any person. If StackPath is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information.
  • with those who need it to do work for us (services providers and vendors). For example, third-party companies to process payments. We do not store full credit card numbers or personal account numbers. These companies are authorized to use your personal information only as necessary to provide these services to us, pursuant to written instructions. In such cases, these companies must abide by appropriate data privacy and security requirements, and are not allowed to use personal information they receive from us for any other purpose. Representative business processes that our service providers/vendors assist us with include: processing payments, fraud detection, marketing & sales efforts, and technical/billing support.
  • with consent.

5. California Residents

If you are a California resident, please see our California rights page for information. You may contact us with questions or requests using the Contact Information provided below.

6. Anonymous Aggregated Data

StackPath may aggregate and anonymize data from individual StackPath Services and utilize or disclose it to further secure other StackPath services and clients. We may utilize this anonymous data to build further security into each Service we deploy for our users. None of the data identifies any individual. For example, we monitor DDoS attacks at the network edge and utilize that data to protect other StackPath clients or Users from DDoS attacks. We may assemble this data and provide it to an external party in an anonymized format, maintaining that our Users’ and their visitors’ personal information will never be attached to or included in such data. We utilize this log data to detect and block new threats on the Internet.

7. Tracking Technologies

StackPath and its service providers use (persistent and session) cookies or similar technologies (e.g. JavaScript, web beacons, HTML5) to collect information such as internet protocol (IP) addresses. Such information helps us to authenticate users, or personalize the content on, the website or online service, ensure legal or regulatory compliance, recognize and may track the individual’s behavior across multiple online properties for ad-targeting purpose, to analyze trends, administer the website, track users’ movements around the website, provide fraud prevention and security services to our Clients, and to gather demographic information about our user base as a whole. Users can typically remove and reject cookies from our Site with its browser settings. Many browsers are set to accept cookies settings are changed. If you remove or reject the cookies, it could adversely affect how our Site and Services work.

“Cookies” do not tell us name, email address or passwords of a User. When a User visits the Site, we may use the computer’s cookies to provide a more personal and interactive experience. To improve and secure the Services we provide to Users, we may place cookies on websites of a User using the Services. One example is continually improving the identification of potential security threats to a User’s website. For further information about cookie preferences please see our Cookie Preferences page.

8. Log Files

As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, computer operating system type, browser type, browser language, the website a User visited before browsing to our Site, pages viewed, how long a User spent on a page, access times and information about use of and actions on our Site to analyze trends in the aggregate and administer the Site.

9. Interest Based Advertising

We have engaged third-party service providers to display advertising on our website or to manage our advertising on other sites. Our third-party service providers may use cookies or similar technologies in order to provide advertising based upon user browsing activities and interests. You can request to opt out of third-party interest-based advertising by clicking here [or if located in the European Union by clicking here]. Please note you will continue to receive generic ads.

10. Security

We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. We use Transport Layer Security (TLS), the industry standard, for encrypting all personal information, including name, address and credit card numbers. No system can be guaranteed to be 100% secure. If you have any questions about the security of your personal information, you can contact us at security@stackpath.com.

11. International Transfer of Personal Information

StackPath may, subject to applicable law, transfer your information outside the country where you are located and to where information protection standards may differ (e.g., your information may be stored on servers located in other jurisdictions). 

12. Information Choices and Access

If we send any marketing emails, we will tell you how to “opt-out.” If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or by contacting us using the Contact Information provided below. If you opt out, we may still send non-marketing emails including account-related or business communications.

Upon request StackPath will provide you with information about whether we hold any of your personal information. Under certain circumstances you may have the right to request access to, correction of, erasure of, or the transfer of your personal information, as well as the right to object to or restrict the processing of your personal data by contacting us using the Contact Information provided below. We will respond to your request within a reasonable timeframe.

Where we are processing your personal data pursuant to your consent, you may revoke your consent by contacting us using the Contact Information provided below.

Where we are processing data received from or collected on behalf of our Clients: StackPath collects and receives information under the direction of its clients and has no direct relationship with the individuals whose personal data it processes under these circumstances. If you are a customer of one of our clients and would no longer like to be contacted by one of our clients that use our service, please contact the client that you interact with directly.

An individual who seeks to exercise the rights described above for data that have been transferred to the U.S. pursuant to the Privacy Shield or that are being processed in an EEA member state or Switzerland, should submit their query to the StackPath client (the data controller). If requested to remove data, we will attempt to respond within 30 days. We retain personal information we process on behalf of our clients for as long as needed to provide services to our client, as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

13. Retention

We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Our website includes links to other websites whose privacy practices may differ from those of StackPath. If you submit personal information to any of those websites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.

15. Contact Information

For comments or questions about this Statement or requests please contact us at: privacy@stackpath.com. You may alternatively contact us via our Privacy Request Form or by leaving a message on our privacy voice mailbox at +1 (877) 629-2361 (US) or +1 (323) 313-1206 (International).

StackPath LLC Attention: Privacy 1950 N. Stemmons Freeway Suite 1001 Dallas TX 75207

16. Changes to the Privacy Statement

We may change or update this Statement at any time. If we do, we will change the Last Updated date and promptly post it on the Site. If we make any material changes, we will notify you or our Client by email (sent to the e-mail address specified in your account) or by means of a notice on this Website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

TRUSTe