/legal

Logfire Privacy Statement

Last updated:

Welcome to the Logfire Privacy Statement. This is where we describe how we handle your "Personal Data", which is information that is directly linked or can be linked to you. It applies to the Personal Data that Pydantic Services Inc. ("PSI") processes as the "Data Controller" when you interact with our websites, our applications, and our online services that display this Statement (collectively, "Services").

Personal Data is collected from and about you directly, automatically from your device when you use our Services, and also from third parties. The Personal Data PSI processes when you use the Services depends on variables like how you interact with our Services (such as through web interfaces, command line applications), the features you use and your method of accessing the Services. Below, we detail the information we collect through each of these channels:

  • Account Data: We collect certain information when you open an account such as your GitHub handle, name, email address, password, payment information and transaction information.
  • User Content and Files: When you use our Services, we collect Personal Data included as part of the information you provide such as code, inputs, text, documents, images, or feedback.
  • Sensitive Personal Data: In some cases, you provide us with ethnicity, gender, photographic, or similar demographic details.
  • Feedback Data: This consists of information you submit through surveys, reviews, or interactive features.
  • Payment Information: For paid subscriptions, we collect details like name, billing address, and payment specifics such as card and banking details.
  • Profile Information: We collect information to create a user profile, which might include a photo, additional email addresses, job title, or biography.
  • Sales and Marketing Data: This includes information provided for promotional communications, such as name, email address, and company name.
  • Support Data: When you seek customer support, we collect details like code, text, or multimedia files.
  • Buttons, Tools, and Content from Other Companies: Our Services might contain links or buttons that lead to third-party services like Twitter or LinkedIn. Use of these features might result in data collection. Engaging with these buttons, tools, or content might automatically send certain browser information to these companies. Please review the privacy statements of these companies for more information.
  • Essential Cookies and Similar Tracking Technologies: We use cookies and similar technologies to provide essential functionality like storing settings and recognizing you while using our Services.
  • Non-essential Cookies: Depending on your jurisdiction, we might use online analytics products that use cookies to help us analyze how de-identified users use our Services and to enhance your experience when you use the Services. In some jurisdictions, we only use non-essential cookies after obtaining your consent. See "What are your cookie choices and controls?" for more details and control options.
  • Email Marketing Interactions: Our emails might have web beacons that collect information on your device type, email client, email reception, opens, and link clicks.
  • Geolocation Information: Depending on the Service's functionality, we collect regional geolocation data
  • Service Usage Information: We collect data about your interactions with the Services, such as IP address, device information, session details, date and time of requests, device type and ID, operating system and application version, information related to your contributions, and performance of specific features or Services.
  • Website Usage Data: We automatically log data about your Website interactions, including the referring site, date and time of visit, pages viewed, and links clicked.
  • Information from Other Users of the Services: Other users might share information about you when they create comments. We might also receive information about you if you are identified as a representative or administrator on your company's account, such as contact details and affiliation with your organisation.
  • Services you linked to your PSI account: When you or your administrator integrate third-party apps or services with our Services, we receive information based on your settings with those services. This can include details like your name and email from services like GitHub or Google for authentication. The information we receive depends on the third-party's settings and privacy policies. Always review these to understand what data is shared with our Services.
  • Vendors, Partners, and Affiliates: We may receive information about you from third parties, like vendors, resellers, partners, or affiliates for the purposes outlined in this statement.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

The Personal Data we process depends on your interaction and access methods with our Services, including the interfaces, features used, and your preferred access tools. This section details all the potential ways PSI may process your Personal Data:

  • Business Operations: We use Personal Data for activities like billing, accounting, and compensation. This includes creating aggregated statistical data for internal reporting, financial reporting, revenue planning, capacity planning, and forecast modeling (including product strategy).
  • Marketing and communication: We use Personal Data to inform you about new Services, features, offers, promotions, and other pertinent information. This also includes sending confirmations, invoices, technical notices, updates, security alerts, and administrative messages.
  • Inference: We generate new information from other data we collect to derive likely preferences or other characteristics. For instance, we infer your general geographic location based on your IP address.
  • Personalization: We use Personal Data to customize the Service to your preferences, to evaluate the effectiveness of enterprise business ads and promotional communications, and to ensure a seamless and consistent user experience.
  • Safety and Security: To promote safety, integrity, and security across our Services, we process Personal Data, using both automated and, at times, manual techniques for abuse detection, prevention, and violations of terms of service.
  • Service Provision: We use Personal Data to deliver and update our Services as configured and used by You, and to make ongoing personalized experiences and recommendations.
  • Troubleshooting: We use Personal Data to identify and resolve technical issues.
  • Ongoing Service Performance: Personal Data helps us keep the Services up to date and performant, and meet user productivity, reliability, efficacy, quality, privacy, accessibility and security needs.
  • Complying with and resolving legal obligations: including responding to Data Subject Requests for Personal Data processed by PSI as Controller (for example website data), tax requirements, agreements and disputes.
  • Delivering Professional Services: We use Personal Data to deliver training, consulting or implementation ("Professional Services"). This includes providing technical support, professional planning, advice, guidance, data migration, deployment, and solution/software development services.
  • Improving Professional Services: Enhancing delivery, efficacy, quality, and security of Professional Services and the underlying product(s) based on issues identified while providing Professional Services, including fixing software defects, and otherwise keeping the Professional Services up to date and performant.

When carrying out these activities, PSI practices data minimization and uses the minimum amount of Personal Data required.

We might share Personal Data with the following recipients:

  • Abuse and Fraud Prevention Entities: We might disclose Personal Data based on a good faith belief it is needed to prevent fraud, abuse, or attacks on our Services, or to protect the safety of PSI and our users.
  • Affiliates: Personal Data might be shared with PSI affiliates, to facilitate customer service, marketing and advertising, order fulfillment, billing, technical support, and legal and compliance obligations. Our affiliates may only use the Personal Data in a manner consistent with this Privacy Statement.
  • Logfire Organization Accounts: If an organization adds you to their Logfire account, we might share Personal Data with that organization to fulfill the commercial relationship. In such a case, your use of the Services is protected by a data protection agreement and terms between your organization and PSI
  • Competent Authorities: We might disclose Personal Data to authorized law enforcement, regulators, courts, or other public authorities in response to lawful requests or to protect our rights and safety.
  • Corporate Transaction Entities: We might disclose Personal Data within the limits of the law and in accordance with this Privacy Statement for strategic business transactions such as sales or a merger.
  • Partners and Resellers: We cooperate with third-parties that offer sales, consulting, support, and technical services for our Services. We might share your data with these partners and resellers where allowed, and with your consent when required.
  • Subprocessors and Service Providers: We might use vendors to provide services on our behalf, including hosting, marketing, advertising, social, analytics, support ticketing, credit card processing, or security services. They are bound by contractual obligations to ensure the security, privacy, and confidentiality of your information. Please see our list of sub-processors.
  • Other Third-party Applications: Upon your instruction, we might share Personal Data with third-party applications. You are responsible for the data you instruct us to share with these applications.

You control the access to your PSI account. PSI personnel do not access Personal Data without your consent except as provided in this Privacy Statement and for:

  • security purposes
  • automated scanning or manual review for known vulnerabilities, active malware, or other content known to violate our Terms of Service
  • to assist the repository owner with a support matter
  • to maintain the integrity of the Services, or
  • to comply with our legal obligations if we have reason to believe the contents are in violation of the law.
  • understanding usage patterns and platform behavior of the Logfire platform

PSI will provide you with notice regarding Personal Data access unless:

  • doing so is prohibited by law
  • PSI acted in response to a security threat or other risk to security, or

PSI processes Personal Data in compliance with the GDPR, ensuring a lawful basis for each processing activity as set out above in the section Personal Data We Collect. The basis varies depending on the data type and the context, including how you access the services. Our processing activities typically fall under these lawful bases:

  • Contractual Necessity: Processing is required to fulfill our contractual duties to you, in accordance with the PSI Terms of Service.
  • Legal Obligation: We process data when it's necessary to comply with applicable laws or to protect the rights, safety, and property of PSI, our affiliates, users, or third parties.
  • Legitimate Interests: We process data for purposes that are in our legitimate interests, such as securing our Services, communicating with you, and improving our Services. This is done only when these interests are not overridden by your data protection rights or your fundamental rights and freedoms.
  • Consent: We process data when you have explicitly consented to such processing. When we rely on consent as the legal basis, you have the right to withdraw your consent for data processing at any time. The procedures for withdrawal are detailed in this Statement and available on our website.

Depending on your residence location, you may have specific legal rights regarding your Personal Data:

  • The right to access the data collected about you
  • The right to request detailed information about the specific types of Personal Data we've collected over the past 12 months, including data disclosed for business purposes
  • The right to rectify or update inaccurate or incomplete Personal Data under certain circumstances
  • The right to erase or limit the processing of your Personal Data under specific conditions
  • The right to object to the processing of your Personal Data, as allowed by applicable law
  • The right to withdraw consent, where processing is based on your consent
  • The right to receive your collected Personal Data in a structured, commonly used, and machine-readable format to facilitate its transfer to another company, where technically feasible

To exercise these rights, please contact us and follow the instructions provided. To verify your identity for security, we might request extra information before addressing your data-related request. Please contact our Data Protection Officer for any feedback or concerns. Depending on your region, you have the right to complain to your local Data Protection Authority. European users can find authority contacts on the European Data Protection Board website, and UK users on the Information Commissioner's Office website.

We aim to promptly respond to requests in compliance with legal requirements. Please note that we might retain certain Personal Data as necessary for legal obligations or for establishing, exercising, or defending legal claims.

PSI stores and processes Personal Data in a variety of locations, including your local region, the United States, and other countries where PSI, its affiliates, subsidiaries, or subprocessors have operations. We transfer Personal Data from the European Union, the United Kingdom, and Switzerland to countries that the European Commission has not recognized as having an adequate level of data protection. When we engage in such transfers, we generally rely on the Standard Contractual Clauses (SCCs) published by the European Commission under Commission Implementing Decision 2021/914, help protect your rights and enable these protections to travel with your Personal Data. To learn more about the European Commission's decisions on the adequacy of the protection of personal data in the countries where PSI processes Personal Data, see this article on the European Commission website.

When transferring personal data outside the UK, we use the or the Addendum to the SCCs published by the UK’s Information Commissioner’s Office (the “ICO").

We may use specific standard contractual terms approved for use in the UK published by the UK’s Information Commissioner’s Office (the “ICO") which give the transferred personal data the same protection as it has in the UK, namely the International Data Transfer Agreement or use the ICO’s International Data Transfer Addendum to the European Commission’s standard contractual clauses.

To obtain a copy of these contractual safeguards, please contact us.

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

PSI uses administrative, technical, and physical security controls where appropriate to protect your Personal Data.

Our Services are not intended for individuals under the age of 18. We do not intentionally gather Personal Data from such individuals. If you become aware that a minor has provided us with Personal Data, please contact us.

PSI might periodically revise this Privacy Statement. If there are material changes to the statement, we will provide at least 30 days prior notice. We might add a notification on our website, insert a pop-up that the statement has been updated, or send an email to your primary email address associated with your PSI account. We will also update the copy of this statement available on our website.

PSI uses cookies to provide, secure and improve our Service or to develop new features and functionality of our Service. For example, we use them to (i) keep you logged in, (ii) remember your preferences, (iii) identify your device for security and fraud purposes, including as needed to maintain the integrity of our Service, (iv) compile statistical reports, and (v) provide information and insight for future development of PSI.

Our emails to users might contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email communications more effective and to make sure we are not sending you unwanted email.

The length of time a cookie will stay on your browser or device depends on whether it is a "persistent" or "session" cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay until they expire or are deleted. The expiration time or retention period applicable to persistent cookies depends on the purpose of the cookie collection and tool used. You might be able to delete cookie data. For more information, see "What are your cookie choices and controls?".

What are cookies and similar technologies?

We use cookies and similar technologies, such as web beacons, local storage, and mobile analytics, to operate and provide our Services.

Cookies are small text files stored by your browser on your device. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that might uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.

Web beacons are electronic images (also called "single-pixel" or "clear GIFs") that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos, plug-ins, or ads) results in your browser connecting to the third-party web server that hosts that content.

How do we and our partners use cookies and similar technologies?

The PSI Services use cookies and similar technologies for a variety of purposes, including to store your preferences and settings, enable you to sign-in, analyze how our Services perform, track your interaction with the Services, develop inferences, combat fraud, and fulfill other legitimate purposes. Some of these cookies and technologies might be provided by third parties.

We and/or our partners also share the information we collect or infer with third parties for these purposes.

The points below provides additional information about how we use different types of cookies:

Required Cookies

PSI uses required cookies to perform essential website functions and to provide the services. For example, cookies are used to log you in, save your language preferences, provide a shopping cart experience, improve performance, route traffic between web servers, detect the size of your screen, determine page load times, improve user experience, and for audience measurement. These cookies are necessary for our websites to work.

Analytics

We might use third party services which use analytics cookies to understand how you use our websites so we can make them better. For example, cookies might be used to gather information about the pages you visit and how many clicks you need to accomplish a task.

You have several options to disable non-essential cookies:

Any PSI page that serves non-essential cookies will have a link in the page's footer to cookie settings. You can express your preferences at any time by clicking on that linking and updating your settings.

You can control the cookies you encounter on the web using a variety of widely-available tools. For example:

  • If your browser sends a Do Not Track (DNT) signal, PSI will not set non-essential cookies and will not load third party resources which set non-essential cookies.
  • Many browsers provide cookie controls which might limit the types of cookies you encounter online. Check out the documentation for your browser to learn more.
  • If you enable a browser extension designed to block tracking, such as Privacy Badger, non-essential cookies set by a website or third parties might be disabled.
  • If you enable a browser extension designed to block unwanted content, such as uBlock Origin, non-essential cookies will be disabled to the extent that content that sets non-essential cookies will be blocked.
  • You might use the Global Privacy Control (GPC) to communicate your privacy preferences. If PSI detects the GPC signal from your device, PSI will not share your data (we do not sell your data). To learn more, visit Global Privacy Control — Take Control Of Your Privacy
  • Advertising controls. Our advertising partners might participate in associations that provide simple ways to opt out of ad targeting, which you can access at:
  • United States: NAI and DAA
  • Canada: Digital Advertising Alliance of Canada
  • Europe: European Digital Advertising Alliance

These choices are specific to the browser you are using. If you access our Services from other devices or browsers, take these actions from those systems to ensure your choices apply to the data collected when you use those systems.

This section provides extra information specifically for residents of certain US states that have distinct data privacy laws and regulations. These laws may grant specific rights to residents of these states when the laws come into effect. This section uses the term "personal information" as an equivalent to the term "Personal Data."

The US State privacy laws grant individuals the following rights:

(Last updated 2024-02-21)

Right to access Right to correct Right to delete Right to opt out of certain processing Right of portability Right to opt out of sales Right to opt in for sensitive data processing Right against automated decision making Private right of action
California X X X S X X X L
Colorado X X X P X X X X~
Connecticut X X X P X X X X~
Delaware X X X P X X X X~
Indiana X X X P X X X X~
Iowa X X X X
Montana X X X P X X X X~
New Jersey X X X P X X X X~
Oregon X X X P X X X X~
Tennessee X X X P X X X X~
Texas X X X P X X X X~
Utah X X P X X
Virginia X X X P X X X X~

Code:

  • L - private right of action limited to certain violations only
  • P - right to opt-out of processing or profiling/targeted advertising purposes
  • S - sensitive data
  • X - right or obligation exists
  • ~ - right to opt out of certain automated decision-making.

We may collect various categories of personal information about our website visitors and users of "Services" which includes PSI applications, software, products, or services. That information includes identifiers/contact information, demographic information, payment information, commercial information, internet or electronic network activity information, geolocation data, audio, electronic, visual, or similar information, and inferences drawn from such information.

We collect this information for various purposes. This includes identifying accessibility gaps and offering targeted support, fostering diversity and representation, providing services, troubleshooting, conducting business operations such as billing and security, improving products and supporting research, communicating important information, ensuring personalized experiences, and promoting safety and security.

To make an access, deletion, correction, or opt-out request, please contact us and follow the instructions provided. We may need to verify your identity before processing your request. If you choose to use an authorized agent to submit a request on your behalf, please ensure they have your signed permission or power of attorney as required.

To opt out of the sharing of your personal information, you can click on the "Do Not Share My Personal Information" link on the footer of our Websites or use the Global Privacy Control ("GPC") if available. Authorized agents can also submit opt-out requests on your behalf.

Mandatory Disclosures

Pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”), we provide this California Consumer Privacy Act Notice (the “CCPA Notice”) to California residents (“consumer” or “you”). This CCPA Notice supplements the information provided in our Privacy Statement.

CATEGORIES OF PERSONAL INFORMATION COLLECTED AND DISCLOSED

Under the CCPA, “Personal Information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular consumer or household. “Personal Information” does not include publicly-available information, deidentified or aggregated information, or information covered by certain sector-specific privacy laws. “Sensitive Personal Information” refers to information that reveals a consumer’s social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of mail, email, and text messages unless PSI is the intended recipient of the communication; genetic data; and biometric information.

Below, we identify (1) the categories of Personal Information and Sensitive Personal Information (as listed in the CCPA) that we plan to collect and use, and have collected and used within the preceding 12 months; (2) the categories of recipients to which we have disclosed each category of Personal Information or Sensitive Personal Information for our operational business purposes within the preceding 12 months; and (3) the criteria we use to determine the retention period for each category of Personal Information or Sensitive Personal Information.

We collected the following categories of personal information in the last 12 months: identifiers/contact information, country, and information about your job title and organization.

We disclosed no personal information in the last 12 months.

Category of Personal Information Collected Disclosed to Which Categories of Recipients for Operational Business Purposes Retention Period Criteria
Identifiers such as name, postal address, online identifier, IP address, and email address
  • Our affiliates
  • Professional advisors such as accountants, insurers and advisors
  • Service providers and other vendors that provide services to us, such as IT support and marketing
We use the following criteria to determine the period of time for which we retain each category of Personal Information:
  • The length of time we have an ongoing relationship with you (for example, for as long as you use our services);
  • For as long as reasonably necessary for business purposes related to providing you with services (for example, for internal reporting and reconciliation purposes, or to provide you with feedback on information you might request);
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of our engagement for a certain period of time before we can delete them or where we have agreed to retain these records due to our client’s legal or other obligations).
Personal information such as name and contact information
  • As above
  • As above
Commercial information, including records of services obtained, financial details and payment information.
  • As above
  • As above
Internet or other electronic network activity information, such as browsing history on our website and other interactions with our website, applications, and email communications
  • As above
  • As above
Geolocation data, such as approximate location derived from IP address
  • Our affiliates
  • As above
Audio, electronic, visual, or similar information, such as recordings of select events, conferences, or meetings
  • Our affiliates
  • Service providers and other vendors that provide services to us, such as IT support
  • As above
Professional or employment-related information
  • Our affiliates
  • Service providers and other vendors that provide services to us, such as IT support and marketing
  • As above

Below, we provide this information related to Sensitive Personal Information:

Category of Sensitive Personal Information Collected Disclosed to Which Categories of Recipients for Operational Business Purposes Retention Period Criteria
We also may receive additional types of personal information in the course of providing our Services, which might include:
  • Account log-in, financial account, debit card, or credit card number in connection with any required security or access codes, password, or credentials allowing access to an account
  • Precise geolocation
  • Our affiliates
  • Professional advisors such as accountants, insurers and advisors
  • Service providers and other vendors that provide services to us, such as IT support and marketing
We use the following criteria to determine the period of time for which we retain each category of Sensitive Personal Information:
  • The length of time we have an ongoing relationship with you or your company;
  • For as long as reasonably necessary for business purposes related to providing you with services;
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to retain records for a certain period of time before we can delete them or where we have agreed to retain these records due to our client’s legal or other obligations).

In addition, we may disclose Personal Information (including Sensitive Personal Information) to government authorities or other parties to enforce our rights and comply with our obligations under applicable law, legal process, or government regulation.

We did not “sell,” and have not “sold,” personal information in the preceding 12 months, within the meaning of “sale” under the CCPA.

The sources of personal information and sensitive personal information from whom we collected personal data are: directly from you as a survey respondent.

The business or commercial purposes of collecting personal information are as summarized above and in our Privacy Statement under Processing Purposes.

We may use Personal Information to generate deidentified data sets. To the extent we treat data as deidentified under the CCPA, we will maintain and use that data solely in deidentified form and will not attempt to reidentify that data with any individuals, other than to assess whether the deidentification process complies with applicable law or as otherwise permitted by applicable law.

The business or commercial purpose of sharing personal information is to assist us with marketing, advertising, and audience measurement.

We do not "sell" or "share" the personal information of known minors under 18 years of age.

UPDATES TO THIS CCPA NOTICE

We may periodically update this CCPA Notice. Please reference the “Last Updated” date at the top of this page to see when it was last revised and posted. Any changes to this CCPA Notice will become effective when posted.

Shine the Light Act

Under California Civil Code section 1798.83, also known as the "Shine the Light" law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes ("California Customers") might request information about whether the business has disclosed personal information to any third parties for the third parties' direct marketing purposes. Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law. California Customers might request further information about our compliance with this law by contacting us. Please note that businesses are required to respond to one request per California Customer each year and might not be required to respond to requests made by means other than through the designated email address.

Removal of Content

California residents under the age of 18 who are registered users of online sites, services, or applications have a right under California Business and Professions Code Section 22581 to remove, or request and obtain removal of, content or information they have publicly posted.

To request that we remove such content or information, please send a detailed description of the specific content or information you wish to have removed via the Email provided in the Contact Us section. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law might not permit or require removal in certain circumstances. If you have any questions about our privacy practices with respect to California residents, please contact us.

We value the trust you place in us and are committed to handling your personal information with care and respect. If you have any questions or concerns about our privacy practices, please email our Data Protection Officer as described below in the Contact Us section.

If you live in Colorado, Connecticut, or Virginia you have some additional rights:

  • If we deny your rights request, you have the right to appeal that decision. We will provide you with the necessary information to submit an appeal at that time.
  • You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. PSI does not engage in such profiling as defined by Colorado law, so there's no need to opt out.

We do not sell your covered information, as defined under Chapter 603A of the Nevada Revised Statutes. If you still have questions about your covered information or anything else in our Privacy Statement, please contact us.

If you would like to contact us about our privacy practices, related matters referenced in this document, please email us at [email protected].

This document is based on the GitHub Privacy Statement which is open source under the Creative Commons Attribution 4.0 International License.

If you spot a mistake, please contact us.