COUCHBASE PRIVACY POLICY
Introduction
Your privacy and trust are important to us. This privacy policy (“Privacy Policy”) applies to websites, products, services, events and experiences (including the website www.couchbase.com) provided by Couchbase, Inc. and its subsidiaries (collectively, “Couchbase”, “we”, “us”, or “our”). This Privacy Policy describes how Couchbase collects, uses, shares and retains the personal data we collect. It also describes your choices and rights regarding your personal data. Please read this Privacy Policy carefully to understand our information practices.
This Privacy Policy does not apply to information collected, stored, shared, or distributed by our customers and for which Couchbase acts as a “processor” or “service provider”. This Privacy Policy does not apply to information collected about our employees, who are covered by our internal notices, policies, and procedures, or about any employment candidates, who are covered by our Candidate Privacy Notice. Additionally, this Privacy Policy does not apply to any websites, products, services, events, experience or any other content offered by third parties, which we do not review and for which we cannot be responsible. Please review this Privacy Policy together with any other privacy notice we may provide to you in special circumstances (for example, if you attend any event), as this Privacy Policy supplements any such notice.
Personal Data We Collect and Sources of Information
The personal data we collect depends on how you interact with us, including how you use our services. We collect information about you from different sources and in various ways when you use our services, including information you provide directly (such as through forms on our websites), information collected automatically (such as when you interact with our website) and information received from third-party data sources (such as from our business partners).
Information you provide directly: You may provide us with personal data through day-to-day interactions, including registering for an event, posting a comment on our website, requesting information on our products and services or requesting customer support. We collect the following types of personal data in order to develop or support our business relationship or develop our products and services.
• Identifiers, such as name, address, phone number, and email address.
• Credentials, such as user name and password when you create an account or in connection with any troubleshooting or support inquiry.
• Commercial information, such as records of services or products purchased and other payment details as needed when you make a purchase.
• Communications and content, such as information you enter as ‘free text’ content on our forms, forums, websites and in any communications with us.
Information we collect automatically: When you interact with us or use our services, we may collect certain information automatically via technology. For example:
• Identifiers and electronic network activity information: When you visit our websites, our web servers automatically log your Internet Protocol (IP) address and information about your device, including device identifiers (such as MAC address); device type; your device’s operating system, browser, and other software including type, version, language, settings and configuration; and information about which website elements you interact with and your activity on the website and our services. As further described in the Cookies and Similar Technologies section below and our Cookie Policy, we may collect certain technical information about your interaction with our services to help us improve our services, analyze usage, deliver advertising and improve your user experience.
• Geolocation information: We may collect information about the location of your device used to access our websites or our products and services, such as based on a browser or device’s IP address.
• Product usage data: Where available, to make our products and services more useful to you, we collect aggregated and individually identifiable product usage data, which includes product type, login date/time, pages and features used and other similar product metrics. We automatically log your activity on our website including the URL of the website from which you came to our site. Our emails may include links to open attachments, visit pages on our website, download content, launch surveys or take other actions. If you are in our customer or prospect contact database, or have previously interacted with us online, then we may be able to link this usage data to your identity.
• Audio and visual information: We may collect audio and visual information when you physically visit our physical offices or events. For example, we employ closed circuit video surveillance (CCTV) at our physical offices, for purposes of office access, safety and security. We may also take photographs or recordings at events for use in our community engagement and marketing operations.
• Inferences: We may collect inferences drawn from the other information described above.
Information we receive from other sources: Not all of the information that Couchbase holds about you will always come directly from you. For example, it may come from your employer if they are a customer using our products or services. We may also receive information about you from other sources, such as marketers, partners and service providers in order to offer services we think may be of interest to you. For example, we may obtain marketing data from other sources such as data brokers and combine that data with information we already have about you, to create more tailored advertising, products or services.
Children’s personal data: Couchbase is committed to providing excellent products and services for enterprise customers. Couchbase does not provide services for purchase by children, and this website is not intended for children. If you’re under 18, you may use Couchbase services only with the involvement of a parent or guardian. We do not knowingly sell the personal information of minors under 16 years of age without affirmative authorization.
How We Use Personal Data
We use, store and process personal data to provide, improve and develop our services and comply with our legal obligations. Accordingly, we may use such information for the following business purposes:
1. Customer communication and administration: We use personal data, such as contact information, to respond to general inquiries, provide technical and customer support and training, verify your identity and send important account, subscription and service information.
2. Marketing and events: We use personal data such as contact information and product usage data to provide you with news, promotions, marketing and event communications about our products and services which we think may be of interest to you. You can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications or changing your notification settings in our marketing preference center.
3. Community and event forums: Any personal data you choose to post, share, upload, or make available is public and visible to others. We may use information you provide to personalize your experience, to make recommendations in respect of information about our products and services and to improve our website, products and services.
4. Products and Services: We use personal data, such as product usage data and electronic network activity, to improve our business offerings, including our products and services and this website. Please see the Cookies and Similar Technologies section below for additional information.
5. Personalize, measure and improve our advertising: As further described in the Cookies and Similar Technologies section below, we may collect certain technical information about the computers or devices (including mobile devices) you use and your online activities to deliver targeted advertising.
6. Human resource management: We may use personal data for purposes of recruitment administration. Please refer to our Candidate Privacy Notice for information regarding personal information collected and used for recruitment.
7. Support for hosted services: Some of our service offerings may provide database management and data storage as an integral part of the product or solution offering. Data stored by our customers may contain personal data. Any information stored by or on behalf of such customer is controlled and managed by and only made available to such customer and our access is limited to Couchbase personnel with a critical business reason only, such as technical support.
8. Legal obligations: We may use and retain personal data as necessary for legal and compliance reasons, including the prevention, detection or investigation of fraud, abuse, security incidents and any harmful activity.
For personal data collected in the EU/EEA, the UK and other relevant jurisdictions, we will process personal data on the basis of our legitimate interest in undertaking the above business related activities where it is necessary for the adequate performance of any contract we may have with you or to comply with the law and/or on the basis of your clear and informed consent (as applicable).
Disclosing and Sharing Personal Data
When we disclose or share personal data, we do so in accordance with data privacy laws. We may disclose or share personal data as follows:
1. Affiliates: Our business is supported by a variety of teams and functions located around the world. Personal data will be made available to them if necessary, to provide, improve and develop our services and comply with our legal obligations. All our employees and contractors are required to process personal data in a manner consistent with this Privacy Policy.
2. Third party service providers: We partner with and are supported by service providers around the world (for example, information technology and related infrastructure providers, customer service providers, professional advisers and other similar service providers). Personal data will be made available to these service providers only when necessary to fulfill the services they provide to us, such as system and platform support, advertising and marketing services and recruiting services.
3. Advertising and analytics partners: We may share your personal data with third-party companies, including if you have followed our instructions to allow such disclosure, such as through registration for our events with notice that we share attendee information with third-party event sponsors. Third party analytics and advertising companies also collect personal data through our website identifiers and device information (such as cookie IDs, device IDs, and IP address) and usage data described in the Cookies and Similar Technologies section below.
4. Safety, security and compliance with law: We may disclose personal data when we believe in good faith that such sharing is reasonably necessary to investigate, prevent, or take action regarding possible illegal activities or to comply with legal process. We may also share personal data in situations involving potential threats to the physical safety of any person, violations of this Privacy Policy or our customer agreements, or to respond to claims of violation of the rights of third parties and/or to protect the rights, property and safety of Couchbase, our employees, customers or the public. This may involve the sharing of personal data with law enforcement, government agencies, courts and/or other organizations.
5. Third-Party Services: We may provide you with the ability to log into our websites, products, services, events and experiences using your account credentials with a third-party service, such as GitHub or Google. If you choose to use such features, we disclose your personal data with the relevant third-party service to verify your identity and account. We do not control the activities of such third-party services and have no control over the data they collect or their privacy practices. Please review the privacy policy and practices of any such third-party service.
6. Business transactions: We may disclose your personal data to any prospective seller or buyer of any business or assets. Additionally, if Couchbase is involved in a merger, acquisition, or sale of all or a portion of its assets, personal data may be among the transferred assets. If Couchbase or our assets are acquired by another company, that company would possess your personal data and that company would assume the rights and obligations regarding your personal data as described herein. If this happens, we will notify you via email and/or a prominent notice on our website, of any change in ownership, use of personal data and choices you may have regarding personal data.
Where We Store and Process Personal Data
To facilitate our global operations, Couchbase may transfer, store and process personal data within our group of companies or with service providers in any country or region they maintain facilities, including the United States, Europe, India, Asia and Australia. Laws in these countries may differ from the laws applicable to your country of residence. We take steps to ensure that personal data is processed, secured and transferred in accordance with this Privacy Policy and applicable law.
Where we transfer personal data from the European Economic Area to other countries in which applicable laws do not offer the same level of data privacy protection, we rely on appropriate safeguards to help ensure an adequate level of data protection, such as ensuring any such transfer is subject to the terms of the applicable model clauses or other required and adequate transfer mechanism.
Additionally, Couchbase (and our subsidiary companies) participates in the EU-U.S. and Swiss Data Privacy Frameworks (DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from the EEA, Switzerland and UK, respectively, as described in our Data Privacy Framework certification here. Couchbase complies with the DPF Principles for personal data transferred under the DPF. Among other things, this means that Couchbase remains liable in situations where we transfer personal data onward to third parties. Please note that we may be required to disclose personal data that we receive under the DPF in response to lawful requests by public authorities, as further described under “How We Use Personal Data” above.
If you have any questions regarding our privacy practices in relation to our commitment to the DPF Principles, you may contact us through one of the methods listed under “Submitting Requests” with the subject “Data Privacy Framework”. For any complaints related to the DPF that cannot be resolved with us directly, you may contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/dpf-dispute-resolution. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted, as described here. Couchbase is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. To learn more about the DPF, please visit the DPF website.
European Privacy Rights
If you are a resident of the EU, EEA or UK, you have the following rights under the General Data Protection Regulation and relevant implementing legislation with respect to our processing of personal data about you:
1. Right to access and rectification. You can request access to the personal data about you that we hold. For personal data that is inaccurate or incomplete, you have a right to request that we correct or amend such data. If any automated processing of personal data is based on your consent or a contract with you, you have a right to transfer or receive a copy of the personal data in a usable and portable format.
2. Right of erasure. Under certain circumstances, and subject to several exceptions, you have a right to request that we delete personal information about you.
3. Right to withdraw consent. If the processing of personal data is based on your consent, you can withdraw consent at any time for future processing.
4. Right to object. You can object to, or obtain a restriction of, the processing of personal data under certain circumstances.
You may make such requests by contacting us through one of the methods listed under “Submitting Requests”.
U.S. State Law Privacy Rights
A number of U.S. state privacy laws require additional disclosure for residents of those states.
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (“CCPA”), or if your personal information is subject to other data privacy laws that provide for additional rights, you may have certain rights with respect to that information, including:
1. The right to know: You have a right to request that we disclose to you certain information regarding the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sales or sharing of such personal information. Note that we have provided much of this information in this Privacy Policy.
2. The right to request deletion: You have a right to request that we delete personal information under certain circumstances, subject to a number of exceptions.
3. The right to request correction: You have a right to request that we correct inaccurate personal information, under certain circumstances.
4. The right to access: You have a right to request a copy of the personal information that we collected in a portable format, under certain circumstances.
5. The right to opt-out: You have a right to opt-out from future “sales” or sharing of personal information. Note that although we do not sell personal information in the commonly-understood sense, the CCPA defines “sell” and “personal information” very broadly, and some of our data sharing described in this privacy statement may be considered a “sale” under those definitions. In particular, we let advertising and analytics providers collect IP addresses, cookie IDs, and mobile IDs through our website, and in some cases making that information available to our advertising and analytics partners could be a “sale” under the CCPA. For more information, including how to opt-out and for more information about how Couchbase responds to opt-out preference signals, please see our Cookie Policy.
Finally, under California law, you have a right to not be discriminated against for exercising these rights set out in the CCPA.
Submitting Requests
You may make a request under the data privacy laws applicable to you by contacting us through the methods provided in this Privacy Policy. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under certain data privacy laws, such as California law. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us. Further, to action requests, we will need to verify your identity to the degree of certainty required by law. We may verify your identity by requesting information from you to compare to personal information we have in our records relating to you, but the specific process will depend on the scope of your request.
You or your authorized agent may exercise your rights under the applicable data privacy laws by calling us at +1-855-925-1356 or by submitting our webform available here.
Where we may process data on behalf of another party that is the “data controller,” (such as a Couchbase customer), we may not have any ability to know to whom it relates, thus, you should direct any request to access, correct, amend, or delete such data to that party. You also have the right to lodge a complaint with the relevant supervisory authority, but we encourage you to first contact us with any questions or concerns.
In certain circumstances, we may be required by law to retain personal data or may need to retain personal data in order to continue providing a service.
Your Role in Securing Personal Data
To help us protect your personal data, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.
How Long We Keep Personal Data
We retain personal data for as long as we reasonably require it for legal or business purposes, taking into consideration local laws, contractual obligations, and the expectations and requirements of our customers. These considerations include the nature of the personal information collected and the purposes for which it was collected.
Anonymous Data
We may create and use De-Identified Data from personal data about you by excluding elements of information that identify you from such data. We use this De-Identified Data to improve our website and our product offerings and for marketing and analytics purposes by analyzing search, traffic and usage. We may disclose De-Identified Data to third-party companies in our sole discretion. “De-Identified Data” means data that has been rendered anonymous in such a way that you are not or are no longer identifiable based on that data.
Cookies and Similar Technologies
We and our partners use cookies, web beacons, unique identifiers and other similar technologies to provide our services and help collect data. We do this to understand your use of our websites, emails, mobile applications and services, improve your user experience and enable personalized features and content, optimize our advertisements and marketing, and to enable third party advertising companies to assist us in serving advertising specific to your interests across the internet. For example, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”), to collect and prepare information about the traffic on our websites. You can find more information about the use of Google Analytics in Google’s privacy policy, and about the currently available opt-out options provided by Google here. We also use Pendo to collect information about how our users engage with our products and websites, in order to assist with product development and technical support activities. In the process of collecting information about users’ experiences, we may collect and share personal information such as identifiers with Pendo. To prevent Couchbase from sending your information to Pendo, please send an email to privacy@couchbase.com.
For more information about our use of cookies and related technologies and how you can control or opt-out of interest-based advertising on your browser or device usage and manage them, please see our Cookie Policy.
Couchbase currently does not respond to Do Not Track (DNT) signals from browser or mobile application settings due to lack of standardization regarding how such signals should be interpreted. Couchbase will continue to monitor industry activity in this area and reassess our DNT practices as necessary.
Changes to this Privacy Policy
We will update this Privacy Policy as needed to reflect changes in our services or the applicable legal requirements. If we make changes to this Privacy Policy, we will post the revised Privacy Policy on this website, and in the case of any material changes we shall notify you before such material changes take effect. Your continued use of the services after the date the changes take effect shall be subject to the revised Privacy Policy.
How to Contact Us
If you have any questions regarding our Privacy Policy, you may contact us in one of the following ways, or by submitting a request through one of the methods listed under “Submitting Requests”.
Email:
privacy@couchbase.com
Post:
Couchbase, Inc.
Attn: Legal Department
3250 Olcott St.
Santa Clara, CA 95054
USA
Last updated: September 14, 2024