Looking for our GDPR DPA? Find it here.
Platform.sh offers many services, products, software, and offerings on related Platform.sh websites (the “Services”), including but not limited to, all information, tools and services available from this site to you, the user, conditioned upon your acceptance of all terms, conditions, policies and notices stated herein (the “Privacy Policy”). The Services may also include the Blackfire service provided by Platform.sh. Through these Services, including software available for download, we obtain certain information from and about you. This Privacy Policy is specific to the Services that are run under the brand “Platform.sh” including but not limited to: https://platform.sh, https://docs.platform.sh, https://status.platform.sh, https://accounts.platform.sh, https://console.platform.sh/, and https://blackfire.io. Note that this Privacy Policy explicitly excludes customer sites. These sites are subdomains under .platform.sh and .platformsh.site.
We value your privacy and are committed to safeguarding and preserving the privacy of our users and visitors. This Privacy Policy explains what information we collect, how we use that information, and other policies regarding your information and privacy. We have tried to make it as simple as possible, but if you do not understand something, please contact us. This Privacy Policy was written in English (US) and may be translated to other languages solely for the convenience of our site visitors. In all cases and specifically if a potential conflict between versions arises, the English version of this Privacy Policy controls.
By using the Site, users and visitors agree to abide and be bound by this Privacy Policy, which may be modified or updated from time to time without notice, except for material changes or stipulations requiring users’ and/or visitors’ consent. We will notify you of material changes or updates through our Site or via email.
We collect information that you give us or that we get from your use of our sites and Services, including without limitation, the following categories:
We do not process any special categories of personal data or sensitive personal information.
Cookies are small pieces of data stored on your device (computer or mobile device). Cookies can be used to provide you with a tailored user experience and to make it easier for you to use a site upon a future visit. When used, cookies are downloaded and stored on your device. Such information, on its own, will not identify you personally. It is statistical data. You have the option to accept all cookies, accept some cookies while rejecting others, or reject them all. Rejecting functional cookies may prevent you from using certain portions or functionalities of our sites and Services. We may use such cookies to deliver and improve our Services. Some third-party services that we use to improve the Services (including usage, measuring performance, and advertising), such as Google Analytics, may also place cookies on your device.
Examples of Cookies we use:
Strictly Necessary Cookies. These cookies are necesary for the website to function and cannot be switched off in our systems.
Performance & Analytic Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site.
Functional Cookies. These cookies enable the website to provide enhanced functionality and personalisation.
Advertising Cookies. These cookies deliver and measure the effectiveness of our marketing campaigns and may be set through our site by our advertising partners.
Social Media Cookies. These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks.
The validity period of cookies for our sites and Services is 6 months. We will request a new prior consent after this period.
Urchin Tracking Module (“UTM”) tags are distinct from cookies as defined above. UTM works as a custom Uniform Resource Locator (“URL”) parameter for marketing campaigns and reports can be viewed in platforms like Google Analytics. UTM tags are appended as part of the visible URL in marketing programs to understand the specific instance of a link. UTM tag reports are observed in Google Analytics or Marketo to better understand how our visitors are getting to our websites, and as such, who our visitors are. Such data is collected at an aggregate level, and will not identify you personally. Customizing the URL with UTM tags allows us to better understand marketing activity, which then allows us to better serve our customers and audience.
As part of this process, non-identifying and non-profiling information (source, medium, campaign, and Click ID), will be stored in your browser in local storage. No Personally Identifiable Information (“PII”) or personal data will be stored. This information would only be used by Platform.sh if you sign up for and consent to our service. At that point in time, campaign attribution information would be made available to Platform.sh to gauge the effectiveness of the campaign. You may clear your browser cache prior to signing up for our service to opt-out.
For any questions or preferences on cookie or UTM opt-outs, or about our policy listed here, please contact us.
We use the information we collect from you to provide, maintain, protect, and improve our sites and Services, and to develop new ones.
In addition, we may use the information for one or more of the following purposes:
To provide information to you that you request from us relating to our products or services
To provide information to you related to products or services provided by us
To inform you of any changes, offers, updates, or other announcements about our Services
To allow you to participate in interactive features of our Services when you choose to do so
To provide customer support
To gather analysis or valuable information so that we can improve our services
To monitor the usage of our Services
To detect, prevent, and address technical issues
To provide you with new Services offers and relevant Services information and events unless you have opted not to receive such information. We will never send users or visitors commercial offers unrelated to our Services.
To detect, prevent, and address fraud and/or abuse of our products or services
Platform.sh provides tools to make your development workflow more productive, such as our command-line interface (CLI). Also, Platform.sh will occasionally provide application-specific modules or libraries, which you may opt into, for integration into your software project in order to make its configuration simpler. Such applications, libraries, or modules may report usage information to us, which we may collect. Information collected may contain the type of actions performed, log data of API activity, as well as configuration information. This information may be linked to you, and we may use this information to better provide technical support to you and to improve our Services.
If you are from the European Economic Area (EEA), our legal basis for collecting and using the personal information described in this Privacy Policy depends on the data we collect and the specific context in which we collect it. For purposes of this Privacy Policy and compliance with the GDPR, personal information is data which alone or in combination with other information in our possession, or likely to come into our possession, can be used to identify a living individual.
We may process your personal information because:
We need to perform a contract with you
You have given us permission to do so
The processing is in our legitimate interest and it’s not overridden by your rights
For payment processing purposes
To comply with applicable law
Your Rights Under GDPR: If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aims to take all reasonable steps to allow you to correct, amend, delete, or limit the use of your personal information and data. If you wish to be informed of what personal information and data we hold about you, and if you want it to be removed from our systems, please contact us. For existing customers, please file a support ticket.
In certain circumstances, you have the following data protection rights:
The right to access, update, or delete the information we have on you. Whenever made possible on your account settings, you can access, update, or request deletion of your personal information and data directly within your account settings section. Please also file a support ticket to confirm any account changes, or contact us to assist you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your personal information or data.
The right of restriction. You have the right to request that we restrict the processing of your personal information.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time when Platform.sh relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
Your Rights Under Canada’s PIPEDA (Privacy Rights): The Personal Information Protection and Electronic Documents Act (PIPEDA) is the Canadian federal privacy law that regulates how private-sector organizations handle personal information in the course of commercial activity.
Under the PIPEDA principles, individuals have the right to know why their personal information is being collected, how their personal information will be used, to whom their personal information will be disclosed, and to ask for access to, or correction of, their personal information. More details on the PIPEDA principles can be found on the Office of the Privacy Commissioner of Canada’s site.
Accountability and Openness. Platform.sh has a designated Security, Compliance, and Data Protection Officer who is accountable for the management of your personal information, including collection, usage, disclosure, retention, and transfer of personal information to third parties for processing. Contact us to be connected or email dpo@platform.sh. For existing customers, please file a support ticket.
Identifying Purposes. When your personal information is collected, it will be clearly identified what purpose it is being collected for (e.g. when you sign up for the Services and enter your contact information to have customer support).
Consent. Your individual consent or consent on behalf of the organization is required when we collect, use, or disclose any such personal information. In certain circumstances, we may disclose your personal information for legal, medical, or security reasons. If at any time you wish to withdraw your consent, you will be notified of any account implications.
Limiting Collection. We collect only the personal information which is necessary for the purposes identified at the time of collection (e.g. to provide you with technical support, and to improve your Services).
Limiting Use, Disclosure, and Retention. We do not use or disclose personal information for purposes other than those which it has identified and received consent for in line with this Privacy Policy and only retains personal information for as long as is necessary to fulfill such purposes.
Accuracy and Individual Access. Your personal information we collect may be deleted, updated, and/or completed in your account settings at any time, or you may contact us for assistance with making sure your information is accurate and up-to-date. Most changes will be reflected in your account immediately. Your request for account change or deleted information may be verified or retained if we have legal basis for doing so in accordance with this Privacy Policy.
Safeguards. Platform.sh uses physical, organizational, technological methods and policies to protect and safeguard your personal information. For more on our security, please visit platform.sh/security.
Challenging Compliance. Our procedures are in place to receive and respond to any complaints and inquiries you may have. Contact us or email our Security, Compliance, and Data Protection Officer at dpo@platform.sh. For existing customers, please file a support ticket.
The California Privacy Rights Act (CPRA) requires specific disclosures for California residents.
This Privacy Policy is designed to help you understand how Platform.sh handles your information:
We describe the choices you have to manage your privacy and data across Platform.sh’s Services in Section 10 of this Privacy Policy. You can exercise your rights by using controls discussed herein. If you have questions or requests related to your rights under the CPRA, you (or your authorized agent) can also contact Platform.sh as disclosed in Section 14 of this Privacy Policy.
The CPRA requirements can be summarized as follows:
If you have questions or requests related to the categories of personal information collected, categories of sources from which personal information is collected, business purposes for which information may be used, or parties with whom information may be shared, you (or your authorized agent) can contact Platform.sh as disclosed in Section 14 of this Privacy Policy.
Your Rights Under California’s Privacy Laws: The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), hereafter “CCPA”, give California Consumers/residents additional new privacy rights and impose corresponding, and independent, obligations on businesses processing California Consumers’ Personal Information (PI). Where applicable, we have added contractual requirements instructing our service providers to not further collect, sell, share, or use the Consumers’ Personal Information except as necessary to perform their respective business purpose.
Consumer Right No. 1: Abbreviated Disclosure Right Applicable to Businesses that Collect PI. A Consumer has the right to request that a business that collects a Consumer’s PI disclose to that Consumer the categories and specific pieces of PI the business has collected. The types of Consumer Personal Data to be Processed are:
The names, email addresses, and other contact details of Consumer with whom we need to liaise in the provision of Services.
We may also collect: (a) names; (b) addresses; (c) countries; (d) email addresses, (e) telephone numbers; (f) financial data relating to orders; (g) IP Addresses; and (h) log files; as may be necessary to perform the Services and/or bill for such Services.
Consumer Right No. 2: Expanded Disclosure Right Applicable to Businesses that Collect PI.
The names, email addresses, and other contact details of Consumer with whom we need to liaise in the provision of Services.
We may also collect: (a) names; (b) addresses; (c) countries; (d) email addresses, (e) telephone numbers; (f) financial data relating to orders; (g) IP Addresses; and (h) log files; as may be necessary to perform the Services and/or bill for such Services.
Consumer Right No. 3: Right to Request Information from Businesses that Sell or Share PI for a Business Purpose. We do not sell or share PI as defined under the CCPA.
Consumer Right No. 4: Right to Opt-out of Sale or Sharing of PI. We do not sell or share PI as defined under the CCPA.
Consumer Right No. 5: Right to Opt-in for Children: Business Obligation Not to Sell or Share Children’s PI unless there is Affirmative Authorization. We do not sell or share PI as defined under the CCPA.
Consumer Right No. 6: Deletion Rights. Whenever made possible on your account settings, you can access, update, or request deletion of your personal information and data directly within your account settings section. Please also file a support ticket to confirm any account changes, or contact us to assist you.
Consumer Right No. 7: Rights to Access and Portability. You have the right to be provided with a copy of the specific pieces of PI obtained from the consumer in a format that is easily understandable to the average consumer, and to the extent technically feasible, in a structured, commonly used, machine-readable format, which also may be transmitted to another entity at the consumer’s request without hindrance.
Consumer Right No. 8: Not to be Discriminated Against for Exercising Any of the Consumer’s Rights under the Title. We do not use financial incentive practices that are unjust, unreasonable, coercive, or usurious, and do not retaliate against those who choose to exercise their rights.
Consumer Right No. 9: Right to Correct Inaccurate PI. You have the right to request that we correct any inaccurate PI about you.
Consumer Right No. 10: Right to Limit Use and Disclosure of Sensitive PI. You have the right to direct that we limit the use of sensitive PI to the use that is reasonably necessary to perform the services expected by you. We do not collect sensitive PI as defined under the CCPA.
We only collect personal information that is relevant to the purposes set out in this Privacy Policy, and do not collect more personal information than what is necessary for those purposes. We also ensure that the information we collect is sufficient to properly fulfill those purposes. We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal information to the extent reasonably necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We retain usage data for a reasonable period of time to pursue legitimate business interests, or for internal analysis purposes. Usage data is generally retained for up to 14 months or less, except when this data requires a longer retention period due to a compliance reason, legal obligation, security purpose, or legitimate business reason that does not outweigh the user’s or visitor’s interests, such as improving the Services.
We take all reasonable measures to:
Protect your personal data and information, as well as our Services from, unauthorized access to, or unauthorized alteration, disclosure or destruction of, information we maintain.
Ensure that we are in compliance with the EU General Data Protection Regulation (GDPR), Canada’s PIPEDA, the California Consumer Privacy Act, the Australian Privacy Act, and other privacy regulations as described in this Privacy Policy.
We may transfer personal data outside the European Economic Area (EEA) to countries with and without an EU adequacy decision to enable customers to rapidly deploy projects in any geographical region. Customer name, email, and ssh keys may be transferred from the Platform.sh Accounts portal located in Ireland to clusters in France, Ireland, USA, Australia, Canada, the UK, and Germany using securely encrypted transfer channels (TLS) and encrypted at rest. We transfer this data to companies that are GDPR compliant. Platform.sh signs Data Processing Agreements (DPAs) or Standard Contractual Clauses (SCCs) with all processors, and has replaced vendors who fail security, compliance, or privacy assessments. We also conduct Supplementary Measures Assessments on vendors who store personal data in non-adequate countries.
If you are an EEA customer, and you have agreed to our online Terms of Service, our EU DPA is automatically part of your agreement. We have adopted the European Commission’s official, standardized, DPA clauses for controllers and processors in the EU, with minimal customizations that are listed out here.
If you are located in a country outside of the EEA or are bound strictly by paper terms, please Contact Us if you have any questions.
We will not disclose your personal information to any other party other than in accordance with this Privacy Policy and in the circumstances detailed below:
Consent:
Co-sponsored activities:
When you sign up for a webinar or other activity that is co-sponsored by another company, we may share your registration information with that company.
Integration Partners: We may receive personal data about users from companies (“Integration Parnters”) that grant access to our Services by way of a co-branded or private-labeled website, and technical integrations. Integration Partners may supply us with users’ personal data, such as name and e-mail and mailing address information, in order to help us establish an account or fulfill orders.
Third-party Services:
We use trusted third-party service providers, consultants, and other agents to help us provide, maintain, protect, and improve our Services. We may provide your personal information to such third-party service providers to perform certain tasks based on our instructions and in compliance with this Privacy Policy.
Examples of third-party services include data storage, maintenance services, database management, web analytics, and payment processing. For a list of all third-party services or providers using your personal information or data, or to opt-out at any time, please contact us. For existing customers, please file a support ticket.
Legal:
We will share personal information if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:
under certain circumstances, comply with legal obligations, meet applicable laws, regulations, or legal processes, or enforceable governmental requests (however, we will use reasonable efforts to provide notice to Platform.sh’s customers when we receive a request for customer personal data unless Platform.sh is explicitly prohibited from doing so by applicable laws)
enforce applicable Terms of Service or any of our other agreements with you, including investigation of potential breaches
detect, prevent, or otherwise address fraud, security, or technical issues in connection with the Services
protect against harm to the rights, property, liability, or safety of Platform.sh, our users and customers, or the general public, as required or permitted by law
prevent an emergency when a person is at risk of potential imminent death or serious physical injury, and Platform.sh may have personal data necessary to prevent such emergency
protect against apparent instances of child exploitation or missing children detected on Platform.sh’s services
Succession:
If you wish to withdraw your consent of having your personal information used for certain purposes, please contact us. For existing customers, please file a support ticket.
All information you disclose in your public profile, forum posts, blogs, comments, issue queues, or other public portions of our Services becomes public information. Please be careful about what you choose to disclose publicly.
We will report any unlawful data breaches to any and all relevant persons and authorities within 72 hours of the breach when such breach is likely to result in a high risk to the rights and freedoms of data subjects. Should you have any complaint about a breach, or the way in which we will handle a breach, please contact us.
You have the right to access your personal information that we hold, and correct, amend, or delete that information where it is inaccurate, except where the rights of persons other than you would be violated. Please contact us to assist you. Whenever made possible, you can access, update, or request deletion of your personal information and data directly within your account settings section. If you are unable to perform these actions yourself (e.g. you don’t have an account), please contact us using the various methods detailed below to assist you. For customers located in Australia, you may also email “dpo@platform.sh”.
Our Services may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third-party’s site. We do not endorse these sites, nor are we responsible for the content or accuracy of any information contained on them. We strongly advise you to review the privacy policies of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
To the extent prohibited by applicable law, our Service does not address anyone under the age of 16 (“Children”). By agreeing to our Terms of Service, you represent that you are the age of majority in your state, province, or country of residence, or 16 years of age, whichever is greater. We do not knowingly collect personally identifiable information from anyone under such age of majority. If you are a parent or guardian and you are aware that your Children have provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verifiable verification of parental consent, we will take steps to delete that information from our databases and servers.
Platform.sh is operated by Platform.sh SAS, a French company located at 131, Boulevard de Sébastopol, Paris, 75002 France which may include its affiliates, subsidiaries, directors, officers, employees, agents, partners, contractors, and/or licensors (together, referred to throughout this Privacy Policy as “Platform.sh”, “us”, or “we”). Our GDPR Supervisory Authority is the Commission Nationale de l’Informatique et des Libertés. Platform.sh is also registered with the Information Commissioner’s Office in the United Kingdom and the Office of the Australian Information Commissioner. All privacy issues, compliance requests, inquiries, and other requests will be handled by our French parent company, Platform.sh SAS.
Platform.sh has a designated Security, Compliance, and Data Protection Officer who is accountable for the management of your personal information, including collection, usage, disclosure, retention, and transfer of personal information to third parties for processing.
If you have any questions, requests, feedback, data rectification, or concerns regarding this Privacy Policy, please contact us. For Blackfire.io specific questions, please visit the support center. For existing Platform.sh customers, please create a support ticket through your account to allow for identity verification.
Visitors have the following options for correcting personal information or removing their information from our database in order to discontinue future communications from Platform.sh.
Click on the “Unsubscribe” link on any Platform.sh email
Contact us using our website contact form
Send a request by mail to: Attention Legal, Platform.sh, 131Boulevard de Sébastopol, Paris, 75002 France
Should you deem that we have not satisfactorily handled your complaint, you have the right to contact our Supervisory Authorities listed in the About Us section and file a complaint.
We may update this Privacy Policy from time to time. When we materially change this policy, a prominent notice will be posted on our website along with the updated Privacy Policy. In accordance with the Terms of Service, in some cases, we will notify you in advance, and your continued use of the Services after the changes have been made will constitute your acceptance of the changes.
| Version | Date | Changes |
|---|---|---|
| 1.0 | 2016-08-16 |
|
| 1.1 | 2017-10-25 |
|
| 1.2 | 2018-01-20 |
|
| 2.0 | 2018-06-16 |
|
| 2.1 | 2018-11-05 |
|
| 2.2 | 2019-04-23 |
|
| 2.3 | 2019-06-10 |
|
| 3.0 | 2019-12-04 |
|
| 3.1 | 2019-12-05 |
|
| 3.2 | 2019-12-20 |
|
| 3.3 | 2020-01-09 |
|
| 3.4 | 2020-01-09 |
|
| 3.4.1 | 2020-01-09 |
|
| 3.5 | 2020-01-09 |
|
| 3.6 | 2021-03-29 |
|
| 3.7 | 2021-04-26 |
|
| 3.7.1 | 2021-04-28 |
|
| 3.8 | 2021-06-17 |
|
| 3.9 | 2021-09-03 |
|
| 4.0 | 2021-09-09 |
|
| 5.0 | 2021-09-24 |
|
| 6.0 | 2022-02-16 |
|
| 7.0 | 2022-03-03 |
|
| 7.1 | 2022-03-11 |
|
| 7.2 | 2022-06-28 |
|
© 2022 Platform.sh. All rights reserved.
