Privacy Policy

Last Updated: Jun 5, 2019

Welcome, and thank you for your interest in Plotly (“Plotly”, “we,” or “us”) and our website at www.plot.ly (the “Site”), as well as all related websites, networks, and other services provided by us and on which a link to this Privacy Policy (this “Policy”) is displayed (collectively, together with the Site, our “Service”). This Policy describes the information that we gather from you on the Service, how we appropriately use such information, and the steps we take to protect such information. Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it.

If you do not agree with our policies and practices, your choice is not to use our website.

By using the Service, you consent to the privacy practices described in this Policy.

This Policy may change from time to time. Your continued use of this website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates. This Policy is incorporated into and is subject to the Plotly Terms of Use.

Capitalized terms used but not defined in this Policy have the meanings given to them in the Plotly Terms of Use.

The information we collect

User-provided Information

When you use the Service, you may provide and we may collect what is generally called “personally identifiable” information, or “personal information,” which is information that specifically identifies an individual. Examples of personal information include name, email address, mailing address, mobile phone number, and credit card or other billing information. Personal information also includes other information, such as date of birth, geographic area, or preferences, when any such information is linked to information that identifies a specific individual.

You may provide us with personal information in various ways on the Service. For example, you provide us with personal information when you register for an account, use the Service, post User Content, interact with other users of the Service through communication or messaging features, or send us customer service-related requests. While we are generally responsible for the processing of personal information described in this Privacy Policy, Plotly only acts as steward for the data available through Plotly. Users or data contributors are responsible for any data submitted to or shared between users through Plotly.

You may provide us information by filling in forms on our website. This includes information to complete a transaction, verify your credit card, place an order, and other information in order to request further services or information. While your credit card information is collected at the time of purchase, only the last four digits are stored on our servers. Credit card information is sent directly to Stripe.com, where it is safely held, in accordance with their privacy policy at https://stripe.com/ca/privacy and terms of services https://stripe.com/payment-terms/legal.

Data

Any registered user can share content with other registered users or create content accessible to other users by creating, uploading, editing and analyzing information into shared workspaces stored on Plotly. By doing so, users create a record of their data and content and such Users are identified as the author of such data and content. These interactions reveal a contributor’s chosen user name and possibly other personal information such as posts, comments, research details, as well as contact information.

“Cookies" Information

When you use the Service, we may send one or more cookies – small text files containing a string of alphanumeric characters – to your device. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Service. Please review your web browser “Help" file to learn the proper way to modify your cookie settings. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.

“Automatically Collected" Information

When you use the Service, we may automatically record certain information from your device by using various types of technology, including “clear gifs" or “web beacons.” This “automatically collected" information may include your IP address or other device address or ID, web browser and/or device type, the web pages or sites that you visit just before or just after you use the Service, the pages or other content you view or otherwise interact with on the Service, and the dates and times that you visit, access, or use the Service. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message.

Third-Party Web Beacons and Third-Party Buttons

We may also implement third-party content or advertising on the Service that may use clear gifs or other forms of web beacons, which allow the third-party content provider to read and write cookies to your browser in connection with your viewing of the third-party content on the Service. Additionally, we may implement third-party buttons (such as Facebook “like” or “share” buttons) that may allow third parties to collect information about you through such third parties’ browser cookies, even when you do not interact with the button.

Information collected through web beacons and buttons is collected directly by these third parties, and Plotly does not participate in that data transmission. Information collected by a third party in this manner is subject to that third party’s own data collection, use, and disclosure policies.

Integrated Services

You may be given the option to access or register for the Service through the use of your username and passwords for certain services provided by third parties (each, an “Integrated Service”), such as through the use of your Facebook credentials through Facebook Connect, or otherwise have the option to authorize an Integrated Service to provide personal information or other information to us. By authorizing us to connect with an Integrated Service, you authorize us to access and store your name, email address(es), date of birth, gender, current city, profile picture URL, and other information that the Integrated Service makes available to us, and to use and disclose it in accordance with this Policy.

You should check your privacy settings on each Integrated Service to understand and change the information sent to us through each Integrated Service. Please review each Integrated Service’s terms of use and privacy policies carefully before using their services and connecting to our Service.

Information from Other Sources

We may obtain information, including your personal information, from third parties and sources other than the Service, such as our partners, advertisers, and Integrated Services. If we combine or associate information from other sources with personal information that we collect through the Service, we will treat the combined information as personal information in accordance with this Policy.

Our Security Measures

Plotly uses the strictest security measures that are available for our cloud site. Plotly uses https, a protocol for secure network communication and Secure WebSockets to open interactive communication between a browser and a server.

We encrypt data in transmission with industry-standard SSL. Plotly uses Amazon Web Services (AWS) for our servers and data hosting—which has a robust security policy—so we use the same security measures AWS provides. Amazon’s data center operations have been accredited under: ISO 27001 SOC 1 and SOC 2/SSAE, 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).

We rely on best practices and extensive testing, both internally and externally--for example, using a Nessus Vulnerability Scan and Tenable Security to monitor vulnerabilities. All development is peer-reviewed and every engineer is trained on the OWASP Top 10.

We perform automated secure code reviews against the entire code base and correct issues prior to our releases. We continually test our applications, and monitor logs for exceptions and errors and remedy any irregularities. We perform a secure architecture design review for the applications provided. Our developers receive software security training (such as OWASP Top 1). Passwords are encrypted with PBKDF2.

The Plotly Cloud product and Plotly Enterprise product allow users to make a plot public, private, or secret. A public plot is accessible to other users on the web. Other users have the ability to fork their own version of a public plot, but cannot modify the original plot. A private plot can only be accessed by a logged-in user with whom the plot is shared. A secret plot has a shared key associated with the plot and plot URL. Only a user with the specific URL can access the plot. Secret plots can be embedded in other apps and websites and will only be accessible to an individual browsing that page. Users can share plots and files with other users to collaborate. Permission to edit and collaborate can also be revoked. For more information on sharing and permissions, see our privacy pages for R, Python, MATLAB, and Plotly Cloud.

An organizational account on Plotly cloud has an administrator who can add and remove users. Plotly Enterprise supports LDAP.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the website like message boards. The information you share in public areas may be viewed by any user of the website.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

How we use the information we collect

We use the information we collect on the Service in a variety of ways in providing the Service and operating our business, including the following:

We will use your email or mail address to send you information (as applicable) by email and post about new products and services, upcoming events or other promotions. You may opt-out of receiving such emails by following the instructions contained in each promotional email we send you. Our sales representatives may also use your phone number to contact you directly by phone, in connection with such new products and services, upcoming events or other promotions. Our Website also implements a variety of marketing automation technologies. Any information processed using these marketing tools will be processed and held in accordance with each marketing automation technology's privacy policies and terms of services.

We use the information that we collect on the Service to understand and analyze the usage trends and preferences of our users, to improve the Service, and to develop new products, services, features, and functionality.

We may use your email address or other information we collect on the Service (i) to contact you for administrative purposes such as customer service, to address intellectual property infringement, privacy violations or defamation issues related to your User Content posted on the Service or (ii) to send communications, including updates on promotions and events, relating to products and services offered by us and by third parties we work with.

We may use “cookies” information, and “automatically collected” information we collect on the Service to: (i) personalize our services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you visit the Service; (ii) provide customized advertisements, content, and information; (iii) monitor and analyze the effectiveness of Service and third-party marketing activities; (iv) monitor aggregate site usage metrics such as total number of visitors and pages viewed; and (v) track your entries, submissions, and status in any promotions or other activities on the Service.

We also may use your information as may be described in a notice to you at the time the information is collected, or in any other manner to which you consent.

When we disclose information

Except as described in this Policy, we will not disclose your information that we collect on the Service to third parties without your consent. We may disclose information to third parties in the following circumstances:

Any information that you voluntarily choose to include in a publicly accessible area of the Service, such as a public profile page, will be available to anyone who has access to that content, including other users.

We work with third-party service providers to provide website or application development, hosting, maintenance, and other services for us. These third parties may have access to or process your information as part of providing those services for us. Generally, we limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such information.

We may make certain automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Service.

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws (such as U.S. copyright law), in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.

We also reserve the right to disclose your information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others.

Information about our users, including personal information, may be disclosed and otherwise transferred to an actual or prospective acquirer, or successor or assignee or their agents, as part of any merger, acquisition, debt or equity financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.

We also may disclose your information as may be described in a notice to you at the time the information is collected, or in any other manner to which you consent.

We also may disclose your information as may be required to enforce or apply our terms of use and other agreements, including for billing and collection purposes.

We may disclose your information to our subsidiaries and/or affiliates.

How long will we retain your information

We will keep hold of your data for no longer than necessary. The length of time we retain it will depend on any legal obligations we have (such as tax recording purposes), the nature of any contracts we have in place with you, the existence of your consent and/or our legitimate interests as a business.

Your Choices

We must inform you how we are going to use your personal data. We achieve this through this privacy policy and by informing you how your data will be used each time we collect it.

You may, of course, decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of the Service. You may update, correct, or delete you profile information and preferences at any time by accessing your account preferences page on the Service. If you wish to access or amend any other personal information we hold about you, or to request that we delete any information about you that we have obtained from the Service, you may contact us at accounts@plot.ly. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial email from us, and any other promotional communications that we may send to you from time to time, by sending your request to us by email at accounts@plot.ly or by writing to us at the address given at the end of this policy. We may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us in user account functionality on the Service.

Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request, and you may receive promotional communications from us that you have opted-out from during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service.

We do not carry out any automated decision making or profiling on our website. Should this change we will update this policy accordingly.

We are committed to upholding your rights. If you think we have not done so, please contact accounts@plot.ly.

Data Content and Health Privacy

Plotly collects and stores user provided data and analyses that is submitted to the site as well as other information users contribute to the Service.

Users should be particularly aware of the obligations under the Health Insurance Portability and Accountability Act (“HIPAA”), in the use of the Service. Plotly does not have, and will not accept, any obligations of confidentiality with respect to any communications other than those expressly stated in this Privacy Policy and Plotly’s Terms of Use.

Content posted on Plotly is the responsibility of its Users. All health data must be fully de-identified by the User per the HIPAA privacy rule standards for de-identification set forth in 45 CFR 164.514(b), prior to being uploaded to Plotly. Users are required to remove any information that would enable Plotly or a third party to associate any health data with a specific individual or group of individuals.

Users assume responsibility for all data published or shared through Plotly and declares that (s)he has the right to communicate or broadcast them and that (s)he has obtained all necessary authorizations and, where legally required, prior specific, informed and freely given consent from the individuals from which the data is obtained or derived prior to submitting the data to Plotly.

Plotly does not guarantee the accuracy, integrity or quality of any content and is not liable for the content posted by non-Plotly staff, as described in the Plotly Terms and Conditions of Use https://plot.ly/terms-of-service/.

Third-Party Services

The Service may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service.

We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.

Children’s Privacy

Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under the age of 13 without obtaining parental consent. If you are under 13 years of age, then please do not use or access the Service or provide any information on this website or on or through any of its features/register on the website, make any purchases through the website, use any of the interactive or public comment features of this website or provide any information about yourself to us, including your name, address, telephone number, email address or any screen name or username you may use, at any time or in any manner.

If we learn that personally identifiable information has been collected on the Service from persons under 13 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 13 years of age has obtained an account on the Service, then you may alert us at accounts@plot.ly and request that we delete that child’s personally identifiable information from our systems.

Data Security

We use certain physical, managerial, and technical safeguards that are designed to improve the integrity and security of your personally identifiable information. We cannot, however, ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

If we learn of a security systems breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice through the Service if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach you should notify us at accounts@plot.ly.

Privacy Settings

Although we may allow you to adjust your privacy settings to limit access to certain personal information, please be aware that no security measures are perfect or impenetrable. We are not responsible for circumvention of any privacy settings or security measures on the Service. Additionally, we cannot control the actions of other users with whom you may choose to share your information. Further, even after information posted on the Service is removed, caching and archiving services may have saved that information, and other users or third parties may have copied or stored the information available on the Service.

We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons.

International Visitors

The Service is hosted in the United States and is intended for visitors located within the United States. If you choose to use the Service from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the United States for storage and processing. We are committed to upholding your rights. If you think we have not done so, please contact accounts@plot.ly. European users may also file a complaint with the Information Commissioner’s Office (ICO) or the European Data Protection Supervisor if they believe that their rights have not been upheld. The ICO is the data protection regulator of the United Kingdom and their website is: www.ico.org.uk. The European Data Protection Supervisor is the European Union’s (EU) independent data protection authority and their website is: https://edps.europa.eu/edps-homepage_en.

Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service. By providing any information, including personal information, on or to the Service, you consent to such transfer, storage, and processing.

Changes and Updates to this Policy

Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change.

For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Service for the first time after such material changes are made. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our website and this privacy policy to check for any changes. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.

Our Contact Information

Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at accounts@plot.ly.

Plotly, Inc

5555 avenue de Gaspé, Suite 201

Montréal, Québec H2T 2A3

Canada