Privacy Policy

Please see our Privacy Snapshot for a high-level overview of our privacy practices.

This Privacy Policy describes the privacy practices of PlanetScale Inc. (“we”, “us”, or “our”) and how we handle personal information that we collect through our website, https://planetscale.com, our platform, and any other sites or services that link to this Privacy Policy (collectively, the “Service” or “Services”).

We treat all personal information covered by this Privacy Policy as pertaining to individuals acting as business representatives, and not in their individual or household capacity. This Privacy Policy does not apply to our handling of personal information that we process on behalf of our enterprise customers as a service provider or processor.

Personal Information We Collect

Information that you provide to us:

• Contact details, such as your first and last name, email and mailing addresses, phone number, professional title, and company affiliation.
• Account information, such as the username and password you use to access our Services.
• Payment information needed to complete your transactions with us, including name, payment card information, and billing information. This information is processed by our payment service provider, Stripe, which may handle your payment information in accordance with its own privacy policy (https://stripe.com/privacy). We do not have access to your full payment card information.
• Communications that we exchange with you, including when you contact us with questions, feedback or otherwise.
• Survey information that you provide when you participate in one of our surveys.
• Usage information, such as information about how you use the Services and interact with us, including information associated with any content you upload to the Services or otherwise submit to us, and information you provide when you use any interactive features of the Services.
• Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
• Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Automatic data collection. We, our service providers and our advertising partners may automatically log and combine information about you, your computer or mobile device, and your interaction over time with the Services, online resources and our communications, such as:

• Device data such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings and general location information such as city, state or geographic area.
• Online activity data such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access and whether you have opened or otherwise engage with our communications, such as our marketing emails or clicked links or files within them.

We use the following tools for automatic data collection:

• Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns.
• Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

Information we obtain from other sources:

• Third-party accounts and services. When you log into the Services through a third-party platform, such as Google and Github, we may collect certain information from your account, depending on the privacy permissions you have configured within that account. We do not, however, have access to login information you use to connect your account to the Services. Further, we may maintain pages on social media platforms, such as Facebook, Twitter, and LinkedIn. When you visit or interact with our pages on those platforms, you or the platforms may provide us with information through the platform.
• Other sources. We may obtain personal information from other third parties, such as marketing partners, publicly-available sources and data providers.

How We Use Personal Information

We use personal information for the following purposes or as otherwise described at the time of collection:

• Provide our Services. We use personal information to operate, maintain, and provide you with our Services. In particular, we use personal information to perform our contractual obligations under our terms of use.
• Communicate with you about our Services. It is in our legitimate business interests to use personal information to respond to your requests, provide customer support, and communicate with you about our Services, including by sending announcements, updates, security alerts and support and administrative messages.
• Improve, monitor, personalize, and protect our Services. It is in our legitimate business interests to improve and keep our Services safe for our users, which includes:
  • understanding your needs and interests, and personalize your experience with the Services and our communications;
  • troubleshooting, testing and research and to keep the Services secure; and
  • investigating and protecting against fraudulent, harmful, unauthorized or illegal activity.

Research and development. We may use personal information for research and development purposes in our legitimate business interests, including to analyze and improve the Services and our business. As part of these activities, we may create or use aggregated, de-identified or other anonymized data from personal information we collect. We make personal information into anonymized data by removing information that makes the data personally identifiable to you. We may use this anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.

Marketing and advertising. We, our service providers, and our third-party advertising partners may collect and use personal information for the following marketing and advertising purposes:

• Direct marketing. We may send you direct marketing communications as permitted by law, including by email. You may opt out of our marketing communications as described in the “Opt-out of marketing communications” section below.
• Interest-based advertising. We may engage third-party advertising companies, such as Google, to display our ads on their online services. We may also share information about our users with these companies to facilitate advertising for our Services to them or similar users on other online platforms.

Except where consent is required, we undertake such marketing and advertising on the basis of our legitimate business interests. Where we seek your consent, you may withdraw your consent at any time.

Compliance and protection. We may use personal information to comply with legal obligations, and to defend us against legal claims or disputes, including to:

• protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
• audit our internal processes for compliance with legal and contractual requirements and internal policies;
• enforce the terms and conditions that govern the Services;
• prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft; and
• comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

How We Share Personal Information

We may share personal information with the following entities:

• Service providers. Companies and individuals that provide services on our behalf or help us operate the Services or our business (such as hosting, information technology, customer support, email delivery and website analytics services).
• Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
• Authorities and others. Law enforcement, government authorities and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
• Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests (including, in connection with a bankruptcy or similar proceedings).
• Advertising partners. Third-party advertising companies, including for the interest-based advertising purposes described above.
• Testimonials. We may display personal testimonials of satisfied customers and users on our website in addition to other endorsements. With your consent, we may post your personal testimonial with your name and/or with your bio picture. If you wish to update or delete your testimonial, you can contact us at privacy@planetscale.com.

Privacy Rights and Choices

Opt-out of marketing communications. You may opt out of marketing-related emails and other communications by following the opt-out or unsubscribe instructions in the communications you receive from us or by contacting us as provided in the “How to Contact Us” section below. You may continue to receive Services-related and other non-marketing emails.

Online tracking opt-out. You can opt out of third-party cookies as described in our Cookie Policy.

Personal information requests. We offer you choices that affect how we handle the personal information that we control. Depending on your location and the nature of your interactions with our Services, you may request the following in relation to your personal information:

• Information about how we have collected and used personal information. We have made this information available to you without having to request it by including it in this Privacy Policy.
• Access to a copy of the personal information that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
• Correction of personal information that is inaccurate or out of date.
• Deletion of personal information that we no longer need to provide the Services or for other lawful purposes.
• Opt out of sharing your personal information for interest-based advertising. We share personal information with advertising partners that display targeted advertisements to users around the web. You can limit online tracking as described in our Cookie Policy or by clicking Do Not Share My Personal Information on the footer of our website. We do not sell personal information.
• Additional rights, such as to object to and request that we restrict our use of personal information.

To make a request, please email us or write to us as provided in the “How to Contact Us” section below. We may ask for specific information from you to help us confirm your identity. Depending on where you reside, you may be entitled to empower an authorized agent to submit requests on your behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.

Limits on your privacy rights and choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the “How to Contact Us” section below. Depending on where you reside, you may have the right to complain to a data protection regulator where you live or work, or where you feel a violation has occurred.

Do Not Track. Some Internet browsers can be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about “Do Not Track,” please visit allaboutdnt.com.

Invitations

If you use our invitation service to invite a third party to the Services we may ask you for that person's name, user ID, email address or other contact information and automatically send an invitation to the invitee. We store this information to send this invitation and to track the success of our invitation service. Unless the invitee becomes a user of the Services, we do not use the invitee's contact information for marketing purposes, and we do not share the invitee’s contact information with third parties other than our service providers in accordance with this Privacy Policy. The invitee may contact us at privacy@planetscale.com at any time to request that we remove his or her information from our database. If you submit any personal information about other people to us or to our service providers, you represent that you have the authority to do so and to allow us to use their Personal Information in accordance with this Privacy Policy (for example, by asking for their consent).

Other Sites and Services

Our Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions. This Privacy Policy does not apply to such third-party sites or services. Security

We use reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information.

Children

Our Services are not intended for use by children under 16 years of age. If we learn that we have collected personal information through the Services from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.

International Data Transfers

You will provide personal information directly to our website in the United States. We may also transfer personal information to our partners and service providers in the United States and other jurisdictions. Please note that such jurisdictions may not provide the same protections as the data protection laws in your home country.

When we engage in cross-border data transfers, we will ensure that relevant safeguards are in place to afford adequate protection for personal information and we will comply with applicable data protection laws, in particular by relying on an EU Commission or UK government adequacy decision or on contractual protections for the transfer of personal information.

Retention of Personal Information

Where required under applicable laws, we retain personal information only for as long as is necessary to fulfill the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws and regulatory obligations or until you withdraw your consent (where applicable).

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we use personal information and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.

Job Applicants

When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. We use this information on the basis of our legitimate business interests to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, to monitor recruitment statistics and to respond to surveys. We may also use this information to provide improved administration of the Services and as otherwise necessary (i) to comply with relevant laws or to respond to subpoenas or warrants served on us, (ii) to protect and defend our or others’ rights or property, (iii) in connection with a legal investigation and (iv) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy or our terms of use.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the website.

How to Contact Us

Responsible entity. PlanetScale is the entity responsible for the processing of personal information under this Privacy Policy (as a controller, where provided under applicable law).

Contact us. If you have any questions or comments about this Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information, please contact us by email at privacy@planetscale.com or write to us at:

Copyright Agent
Care of PlanetScale, Inc.
535 Mission St.
San Francisco, CA, 94015 United States

EEA and UK Representative Contact Information. For users in the EEA, we have appointed Verasafe Ireland Ltd., at Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland as our EU data representative, and Verasafe United Kingdom Ltd., at 37 Albert Embankment, London SE1 7TL, United Kingdom as our UK data representative. You can contact our EU representative at the address above or alternatively via this contact form or telephone at +420 228 881 031. You can contact our UK representative at the address above or alternatively via this contact form or telephone at +44 (20) 4532 2003.

Data Privacy Framework

PlanetScale Inc. participates in the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework for the collection, use, and retention of personal information from the European Union and European Economic Area member countries, the United Kingdom and Switzerland. We have certified with the Department of Commerce that we adhere to the Data Privacy Framework Principles. To learn more about the Data Privacy Framework Principles, visit here.

If you have any inquiries or complaints about our handling of your personal information under the Data Privacy Framework or about our privacy practices generally, please contact us at: privacy@planetscale.com. We will respond to your inquiry promptly. If a privacy complaint or dispute relating to personal information received by PlanetScale in reliance on the Data Privacy Framework cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/. If neither PlanetScale nor our third-party dispute resolution provider resolves your complaint, you may pursue binding arbitration through the Data Privacy Framework Panel. To learn more about the Data Privacy Framework Panel, visit here.

As explained herein, we sometimes provide personal information to third parties to perform services on our behalf. If we transfer personal information received under the Data Privacy Framework to a third party, the third party's access, use, and disclosure of the personal information must also be in compliance with our Data Privacy Framework obligations, and we will remain liable under the Data Privacy Framework for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.

Please review our Data Privacy Framework registration. PlanetScale is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We may be required to disclose personal information that we handle under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Privacy Snapshot

The chart below provides a high-level snapshot of our privacy practices. You need to read the entire Privacy Policy for complete information.