Sign In SIGN UP UPGRADE

Privacy policy

Last updated: July 24, 2015

Welcome, and thank you for your interest in Plotly (“Plotly”, “we,” or “us”) and our Website at www.plot.ly (the “Site”), as well as all related web sites, networks, and other services provided by us and on which a link to this Privacy Policy (this “Policy”) is displayed (collectively, together with the Site, our “Service”). This Policy describes the information that we gather from you on the Service, how we appropriately use such information, and the steps we take to protect such information. By using the Service, you consent to the privacy practices described in this Policy.

This Policy is incorporated into and is subject to the Plotly Terms of Use. Capitalized terms used but not defined in this Policy have the meaning given to them in the Plotly Terms of Use.

The information we collect

  • User-provided Information

    When you use the Service, you may provide and we may collect what is generally called “personally identifiable” information, or “personal information,” which is information that specifically identifies an individual. Examples of personal information include name, email address, mailing address, mobile phone number, and credit card or other billing information. Personal information also includes other information, such as date of birth, geographic area, or preferences, when any such information is linked to information that identifies a specific individual.

    You may provide us with personal information in various ways on the Service. For example, you provide us with personal information when you register for an account, use the Service, post User Content, interact with other users of the Service through communication or messaging features, or send us customer service-related requests. While we are generally responsible for the processing of personal information described in this Privacy Policy, Plotly only acts as steward for the data available through Plotly. Users or data contributors are responsible for any data submitted to or shared between users through Plotly.

  • Data

    Any registered user can share content with other registered users or create content accessible to other users by creating, uploading, editing and analyzing information into shared workspaces stored on Plotly. By doing so, users create a record of their data and content and such Users are identified as the author of such data and content. These interactions reveal a contributor’s chosen user name and possibly other personal information such as posts, comments, research details, as well as contact information.

  • “Cookies" Information

    When you use the Service, we may send one or more cookies – small text files containing a string of alphanumeric characters – to your device. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Service. Please review your web browser “Help" file to learn the proper way to modify your cookie settings.

  • “Automatically Collected" Information

    When you use the Service, we may automatically record certain information from your device by using various types of technology, including “clear gifs" or “web beacons.” This “automatically collected" information may include your IP address or other device address or ID, web browser and/or device type, the web pages or sites that you visit just before or just after you use the Service, the pages or other content you view or otherwise interact with on the Service, and the dates and times that you visit, access, or use the Service. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message.

  • Third-Party Web Beacons and Third-Party Buttons

    We may also implement third-party content or advertising on the Service that may use clear gifs or other forms of web beacons, which allow the third-party content provider to read and write cookies to your browser in connection with your viewing of the third party content on the Service. Additionally, we may implement third party buttons (such as Facebook “like” or “share” buttons) that may allow third parties to collect information about you through such third parties’ browser cookies, even when you do not interact with the button.

    Information collected through web beacons and buttons is collected directly by these third parties, and Plotly does not participate in that data transmission. Information collected by a third party in this manner is subject to that third party’s own data collection, use, and disclosure policies.

  • Integrated Services

    You may be given the option to access or register for the Service through the use of your user name and passwords for certain services provided by third parties (each, an “Integrated Service”), such as through the use of your Facebook credentials through Facebook Connect, or otherwise have the option to authorize an Integrated Service to provide personal information or other information to us. By authorizing us to connect with an Integrated Service, you authorize us to access and store your name, email address(es), date of birth, gender, current city, profile picture URL, and other information that the Integrated Service makes available to us, and to use and disclose it in accordance with this Policy.

    You should check your privacy settings on each Integrated Service to understand and change the information sent to us through each Integrated Service. Please review each Integrated Service’s terms of use and privacy policies carefully before using their services and connecting to our Service.

  • Information from Other Sources

    We may obtain information, including your personal information, from third parties and sources other than the Service, such as our partners, advertisers, and Integrated Services. If we combine or associate information from other sources with personal information that we collect through the Service, we will treat the combined information as personal information in accordance with this Policy.

  • Our Security Measures

    Plotly uses the strictest security measures that are available for our cloud site. Plotly uses https, a protocol for secure network communication and Secure WebSockets to open interactive communication between a browser and a server.

    We encrypt data in transmission with industry-standard SSL. Plotly uses Amazon Web Services (AWS) for our servers and data hosting—which has a robust security policy—so we use the same security measures AWS provides. Amazon’s data center operations have been accredited under: ISO 27001 SOC 1 and SOC 2/SSAE, 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).

    We rely on best practices and extensive testing, both internally and externally--for example, using a Nessus Vulnerability Scan and Tenable Security to monitor vulnerabilities. All development is peer-reviewed and every engineer is trained on the OWASP Top 10.

    We perform automated secure code reviews against the entire code base and correct issues prior to our releases. We continually test our applications, and monitor logs for exceptions and errors and remedy any irregularities. We perform a secure architecture design review for the applications provided. Our developers receive software security training (such as OWASP Top 1). Passwords are encrypted with PBKDF2.

    The Plotly Cloud product and Plotly Enterprise product allow users to make a plot public, private, or secret. A public plot is accessible to other users on the web. Other users have the ability to fork their own version of a public plot, but cannot modify the original plot. A private plot can only be accessed by a logged-in user with whom the plot is shared. A secret plot has a shared key associated with the plot and plot URL. Only a user with the specific URL can access the plot. Secret plots can be embedded in other apps and websites and will only be accessible to an individual browsing that page. Users can share plots and files with other users to collaborate. Permission to edit and collaborate can also be revoked. For more information on sharing and permissions, see our privacy pages for R, Python, MATLAB, and Plotly Cloud.

    An organizational account on Plotly cloud has an administrator who can add and remove users. Plotly Enterprise supports LDAP.

How we use the information we collect

We use information we collect on the Service in a variety of ways in providing the Service and operating our business, including the following:

  • We use the information that we collect on the Service to operate, maintain, enhance and provide all features of the Service, to provide services and information that you request, to respond to comments and questions and otherwise to provide support to users.
  • We use the information that we collect on the Service to understand and analyze the usage trends and preferences of our users, to improve the Service, and to develop new products, services, feature, and functionality.
  • We may use your email address or other information we collect on the Service (i) to contact you for administrative purposes such as customer service, to address intellectual property infringement, privacy violations or defamation issues related to your User Content posted on the Service or (ii) to send communications, including updates on promotions and events, relating to products and services offered by us and by third parties we work with.
  • We may use “cookies” information and “automatically collected” information we collect on the Service to: (i) personalize our services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you visit the Service; (ii) provide customized advertisements, content, and information; (iii) monitor and analyze the effectiveness of Service and third-party marketing activities; (iv) monitor aggregate site usage metrics such as total number of visitors and pages viewed; and (v) track your entries, submissions, and status in any promotions or other activities on the Service.
  • We also may use your information as may be described in a notice to you at the time the information is collected, or in any other manner to which you consent.

When we disclose information

Except as described in this Policy, we will not disclose your information that we collect on the Service to third parties without your consent. We may disclose information to third parties in the following circumstances:

  • Any information that you voluntarily choose to include in a publicly accessible area of the Service, such as a public profile page, will be available to anyone who has access to that content, including other users.
  • We work with third party service providers to provide website or application development, hosting, maintenance, and other services for us. These third parties may have access to or process your information as part of providing those services for us. Generally, we limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such information.
  • We may make certain automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Service.
  • We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws (such as U.S. copyright law), in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
  • We also reserve the right to disclose your information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others.
  • Information about our users, including personal information, may be disclosed and otherwise transferred to an actual or prospective acquirer, or successor or assignee or their agents, as part of any merger, acquisition, debt or equity financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
  • We also may disclose your information as may be described in a notice to you at the time the information is collected, or in any other manner to which you consent.

Your Choices

You may, of course, decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of the Service. You may update, correct, or delete you profile information and preferences at any time by accessing your account preferences page on the Service. If you wish to access or amend any other personal information we hold about you, or to request that we delete any information about you that we have obtained from the Service, you may contact us at accounts@plot.ly. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial email from us, and any other promotional communications that we may send to you from time to time, by sending your request to us by email at accounts@plot.ly or by writing to us at the address given at the end of this policy. We may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us in user account functionality on the Service.

Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days for us to process your request, and you may receive promotional communications from us that you have opted-out from during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service.

Data Content and Health Privacy

Plotly collects and stores user provided data and analyses that is submitted to the site as well as other information users contribute to the Service.

Users should be particularly aware of the obligations under the Health Insurance Portability and Accountability Act (“HIPAA”), in use of the Service. Plotly does not have, and will not accept, any obligations of confidentiality with respect to any communications other than those expressly stated in this Privacy Policy and Plotly’s Terms of Use.

Content posted on Plotly is the responsibility of its Users. All health data must be fully de-identified by the User per the HIPAA privacy rule standards for de-identification set forth in 45 CFR 164.514(b), prior to being uploaded to Plotly. Users are required to remove any information that would enable Plotly or a third party to associate any health data with a specific individual or group of individuals.

Users assume responsibility for all data published or shared through Plotly and declares that (s)he has the right to communicate or broadcast them and that (s)he has obtained all necessary authorizations and, where legally required, prior specific, informed and freely given consents from the individuals from which the data is obtained or derived prior to submitting the data to Plotly.

Plotly does not guarantee the accuracy, integrity or quality of any content and is not liable for the content posted by non-Plotly staff, as described in the Plotly Terms and Conditions of Use plot.ly/tou.

Third-Party Services

The Service may contain features or links to Web sites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service.

We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.

Children’s Privacy

Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under the age of 13 without obtaining parental consent. If you are under 13 years of age, then please do not use or access the Service at any time or in any manner.

If we learn that personally identifiable information has been collected on the Service from persons under 13 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 13 years of age has obtained an account on the Service, then you may alert us at accounts@plot.ly and request that we delete that child’s personally identifiable information from our systems.

Data Security

We use certain physical, managerial, and technical safeguards that are designed to improve the integrity and security of your personally identifiable information. We cannot, however, ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

If we learn of a security systems breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice through the Service if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free written notice of a security breach you should notify us at accounts@plot.ly.

Privacy Settings

Although we may allow you to adjust your privacy settings to limit access to certain personal information, please be aware that no security measures are perfect or impenetrable. We are not responsible for circumvention of any privacy settings or security measures on the Service. Additionally, we cannot control the actions of other users with whom you may choose to share your information. Further, even after information posted on the Service is removed, caching and archiving services may have saved that information, and other users or third parties may have copied or stored the information available on the Service.

We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons.

International Visitors

The Service is hosted in the United States and is intended for visitors located within the United States. If you choose to use the Service from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the United States for storage and processing.

Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service. By providing any information, including personal information, on or to the Service, you consent to such transfer, storage, and processing.

Changes and Updates to this Policy

Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change.

For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Service for the first time after such material changes are made. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.

Our Contact Information

Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at accounts@plot.ly.

Plotly, Inc
5555 avenue de Gaspé, Suite 201
Montréal, Québec H2T 2A3
Canada