Logfire Privacy Statement
Welcome to the Logfire Privacy Statement. This is where we describe how we handle your "Personal Data", which is information that is directly linked or can be linked to you. It applies to the Personal Data that Pydantic Services Inc. ("PSI") processes as the "Data Controller" when you interact with our websites, our applications, and our online services that display this Statement (collectively, "Services").
Personal Data We Collect
Personal Data is collected from and about you directly, automatically from your device when you use our Services, and also from third parties. The Personal Data PSI processes when you use the Services depends on variables like how you interact with our Services (such as through web interfaces, command line applications), the features you use and your method of accessing the Services. Below, we detail the information we collect through each of these channels:
From You
- Account Data: We collect certain information when you open an account such as your GitHub handle, name, email address, password, payment information and transaction information.
- User Content and Files: When you use our Services, we collect Personal Data included as part of the information you provide such as code, inputs, text, documents, images, or feedback.
- Sensitive Personal Data: In some cases, you provide us with ethnicity, gender, photographic, or similar demographic details.
- Feedback Data: This consists of information you submit through surveys, reviews, or interactive features.
- Payment Information: For paid subscriptions, we collect details like name, billing address, and payment specifics such as card and banking details.
- Profile Information: We collect information to create a user profile, which might include a photo, additional email addresses, job title, or biography.
- Sales and Marketing Data: This includes information provided for promotional communications, such as name, email address, and company name.
- Support Data: When you seek customer support, we collect details like code, text, or multimedia files.
Automatically
- Buttons, Tools, and Content from Other Companies: Our Services might contain links or buttons that lead to third-party services like Twitter or LinkedIn. Use of these features might result in data collection. Engaging with these buttons, tools, or content might automatically send certain browser information to these companies. Please review the privacy statements of these companies for more information.
- Essential Cookies and Similar Tracking Technologies: We use cookies and similar technologies to provide essential functionality like storing settings and recognizing you while using our Services.
- Non-essential Cookies: Depending on your jurisdiction, we might use online analytics products that use cookies to help us analyze how de-identified users use our Services and to enhance your experience when you use the Services. In some jurisdictions, we only use non-essential cookies after obtaining your consent. See "What are your cookie choices and controls?" for more details and control options.
- Email Marketing Interactions: Our emails might have web beacons that collect information on your device type, email client, email reception, opens, and link clicks.
- Geolocation Information: Depending on the Service's functionality, we collect regional geolocation data
- Service Usage Information: We collect data about your interactions with the Services, such as IP address, device information, session details, date and time of requests, device type and ID, operating system and application version, information related to your contributions, and performance of specific features or Services.
- Website Usage Data: We automatically log data about your Website interactions, including the referring site, date and time of visit, pages viewed, and links clicked.
From Third Parties
- Information from Other Users of the Services: Other users might share information about you when they create comments. We might also receive information about you if you are identified as a representative or administrator on your company's account, such as contact details and affiliation with your organisation.
- Services you linked to your PSI account: When you or your administrator integrate third-party apps or services with our Services, we receive information based on your settings with those services. This can include details like your name and email from services like GitHub or Google for authentication. The information we receive depends on the third-party's settings and privacy policies. Always review these to understand what data is shared with our Services.
- Vendors, Partners, and Affiliates: We may receive information about you from third parties, like vendors, resellers, partners, or affiliates for the purposes outlined in this statement.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Processing Purposes: How We Use Your Personal Data
The Personal Data we process depends on your interaction and access methods with our Services, including the interfaces, features used, and your preferred access tools. This section details all the potential ways PSI may process your Personal Data:
- Business Operations: We use Personal Data for activities like billing, accounting, and compensation. This includes creating aggregated statistical data for internal reporting, financial reporting, revenue planning, capacity planning, and forecast modeling (including product strategy).
- Marketing and communication: We use Personal Data to inform you about new Services, features, offers, promotions, and other pertinent information. This also includes sending confirmations, invoices, technical notices, updates, security alerts, and administrative messages.
- Inference: We generate new information from other data we collect to derive likely preferences or other characteristics. For instance, we infer your general geographic location based on your IP address.
- Personalization: We use Personal Data to customize the Service to your preferences, to evaluate the effectiveness of enterprise business ads and promotional communications, and to ensure a seamless and consistent user experience.
- Safety and Security: To promote safety, integrity, and security across our Services, we process Personal Data, using both automated and, at times, manual techniques for abuse detection, prevention, and violations of terms of service.
- Service Provision: We use Personal Data to deliver and update our Services as configured and used by You, and to make ongoing personalized experiences and recommendations.
- Troubleshooting: We use Personal Data to identify and resolve technical issues.
- Ongoing Service Performance: Personal Data helps us keep the Services up to date and performant, and meet user productivity, reliability, efficacy, quality, privacy, accessibility and security needs.
- Complying with and resolving legal obligations: including responding to Data Subject Requests for Personal Data processed by PSI as Controller (for example website data), tax requirements, agreements and disputes.
- Delivering Professional Services: We use Personal Data to deliver training, consulting or implementation ("Professional Services"). This includes providing technical support, professional planning, advice, guidance, data migration, deployment, and solution/software development services.
- Improving Professional Services: Enhancing delivery, efficacy, quality, and security of Professional Services and the underlying product(s) based on issues identified while providing Professional Services, including fixing software defects, and otherwise keeping the Professional Services up to date and performant.
When carrying out these activities, PSI practices data minimization and uses the minimum amount of Personal Data required.
Personal Data: PSI Access
You control the access to your PSI account. PSI personnel do not access Personal Data without your consent except as provided in this Privacy Statement and for:
- security purposes
- automated scanning or manual review for known vulnerabilities, active malware, or other content known to violate our Terms of Service
- to assist the repository owner with a support matter
- to maintain the integrity of the Services, or
- to comply with our legal obligations if we have reason to believe the contents are in violation of the law.
- understanding usage patterns and platform behavior of the Logfire platform
PSI will provide you with notice regarding Personal Data access unless:
- doing so is prohibited by law
- PSI acted in response to a security threat or other risk to security, or
Lawful Bases for Processing Personal Data (Applicable to EEA and UK End Users)
PSI processes Personal Data in compliance with the GDPR, ensuring a lawful basis for each processing activity as set out above in the section Personal Data We Collect. The basis varies depending on the data type and the context, including how you access the services. Our processing activities typically fall under these lawful bases:
- Contractual Necessity: Processing is required to fulfill our contractual duties to you, in accordance with the PSI Terms of Service.
- Legal Obligation: We process data when it's necessary to comply with applicable laws or to protect the rights, safety, and property of PSI, our affiliates, users, or third parties.
- Legitimate Interests: We process data for purposes that are in our legitimate interests, such as securing our Services, communicating with you, and improving our Services. This is done only when these interests are not overridden by your data protection rights or your fundamental rights and freedoms.
- Consent: We process data when you have explicitly consented to such processing. When we rely on consent as the legal basis, you have the right to withdraw your consent for data processing at any time. The procedures for withdrawal are detailed in this Statement and available on our website.
Your Privacy Rights of EEA and UK based individuals
Depending on your residence location, you may have specific legal rights regarding your Personal Data:
- The right to access the data collected about you
- The right to request detailed information about the specific types of Personal Data we've collected over the past 12 months, including data disclosed for business purposes
- The right to rectify or update inaccurate or incomplete Personal Data under certain circumstances
- The right to erase or limit the processing of your Personal Data under specific conditions
- The right to object to the processing of your Personal Data, as allowed by applicable law
- The right to withdraw consent, where processing is based on your consent
- The right to receive your collected Personal Data in a structured, commonly used, and machine-readable format to facilitate its transfer to another company, where technically feasible
To exercise these rights, please contact us and follow the instructions provided. To verify your identity for security, we might request extra information before addressing your data-related request. Please contact our Data Protection Officer for any feedback or concerns. Depending on your region, you have the right to complain to your local Data Protection Authority. European users can find authority contacts on the European Data Protection Board website, and UK users on the Information Commissioner's Office website.
We aim to promptly respond to requests in compliance with legal requirements. Please note that we might retain certain Personal Data as necessary for legal obligations or for establishing, exercising, or defending legal claims.
International data transfers
PSI stores and processes Personal Data in a variety of locations, including your local region, the United States, and other countries where PSI, its affiliates, subsidiaries, or subprocessors have operations. We transfer Personal Data from the European Union, the United Kingdom, and Switzerland to countries that the European Commission has not recognized as having an adequate level of data protection. When we engage in such transfers, we generally rely on the Standard Contractual Clauses (SCCs) published by the European Commission under Commission Implementing Decision 2021/914, help protect your rights and enable these protections to travel with your Personal Data. To learn more about the European Commission's decisions on the adequacy of the protection of personal data in the countries where PSI processes Personal Data, see this article on the European Commission website.
When transferring personal data outside the UK, we use the or the Addendum to the SCCs published by the UK’s Information Commissioner’s Office (the “ICO").
We may use specific standard contractual terms approved for use in the UK published by the UK’s Information Commissioner’s Office (the “ICO") which give the transferred personal data the same protection as it has in the UK, namely the International Data Transfer Agreement or use the ICO’s International Data Transfer Addendum to the European Commission’s standard contractual clauses.
To obtain a copy of these contractual safeguards, please contact us.
Retention
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Security
PSI uses administrative, technical, and physical security controls where appropriate to protect your Personal Data.
Information for Minors
Our Services are not intended for individuals under the age of 18. We do not intentionally gather Personal Data from such individuals. If you become aware that a minor has provided us with Personal Data, please contact us.
Changes to Our Privacy Statement
PSI might periodically revise this Privacy Statement. If there are material changes to the statement, we will provide at least 30 days prior notice. We might add a notification on our website, insert a pop-up that the statement has been updated, or send an email to your primary email address associated with your PSI account. We will also update the copy of this statement available on our website.
US State Specific Information
This section provides extra information specifically for residents of certain US states that have distinct data privacy laws and regulations. These laws may grant specific rights to residents of these states when the laws come into effect. This section uses the term "personal information" as an equivalent to the term "Personal Data."
Privacy Rights
The US State privacy laws grant individuals the following rights:
(Last updated 2024-02-21)
Right to access | Right to correct | Right to delete | Right to opt out of certain processing | Right of portability | Right to opt out of sales | Right to opt in for sensitive data processing | Right against automated decision making | Private right of action | |
---|---|---|---|---|---|---|---|---|---|
California | X | X | X | S | X | X | X | L | |
Colorado | X | X | X | P | X | X | X | X~ | |
Connecticut | X | X | X | P | X | X | X | X~ | |
Delaware | X | X | X | P | X | X | X | X~ | |
Indiana | X | X | X | P | X | X | X | X~ | |
Iowa | X | X | X | X | |||||
Montana | X | X | X | P | X | X | X | X~ | |
New Jersey | X | X | X | P | X | X | X | X~ | |
Oregon | X | X | X | P | X | X | X | X~ | |
Tennessee | X | X | X | P | X | X | X | X~ | |
Texas | X | X | X | P | X | X | X | X~ | |
Utah | X | X | P | X | X | ||||
Virginia | X | X | X | P | X | X | X | X~ |
Code:
- L - private right of action limited to certain violations only
- P - right to opt-out of processing or profiling/targeted advertising purposes
- S - sensitive data
- X - right or obligation exists
- ~ - right to opt out of certain automated decision-making.
Notice of Collection of Personal Information
We may collect various categories of personal information about our website visitors and users of "Services" which includes PSI applications, software, products, or services. That information includes identifiers/contact information, demographic information, payment information, commercial information, internet or electronic network activity information, geolocation data, audio, electronic, visual, or similar information, and inferences drawn from such information.
We collect this information for various purposes. This includes identifying accessibility gaps and offering targeted support, fostering diversity and representation, providing services, troubleshooting, conducting business operations such as billing and security, improving products and supporting research, communicating important information, ensuring personalized experiences, and promoting safety and security.
Exercising your Privacy Rights
To make an access, deletion, correction, or opt-out request, please contact us and follow the instructions provided. We may need to verify your identity before processing your request. If you choose to use an authorized agent to submit a request on your behalf, please ensure they have your signed permission or power of attorney as required.
To opt out of the sharing of your personal information, you can click on the "Do Not Share My Personal Information" link on the footer of our Websites or use the Global Privacy Control ("GPC") if available. Authorized agents can also submit opt-out requests on your behalf.
California
Mandatory Disclosures
Pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”), we provide this California Consumer Privacy Act Notice (the “CCPA Notice”) to California residents (“consumer” or “you”). This CCPA Notice supplements the information provided in our Privacy Statement.
CATEGORIES OF PERSONAL INFORMATION COLLECTED AND DISCLOSED
Under the CCPA, “Personal Information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular consumer or household. “Personal Information” does not include publicly-available information, deidentified or aggregated information, or information covered by certain sector-specific privacy laws. “Sensitive Personal Information” refers to information that reveals a consumer’s social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; contents of mail, email, and text messages unless PSI is the intended recipient of the communication; genetic data; and biometric information.
Below, we identify (1) the categories of Personal Information and Sensitive Personal Information (as listed in the CCPA) that we plan to collect and use, and have collected and used within the preceding 12 months; (2) the categories of recipients to which we have disclosed each category of Personal Information or Sensitive Personal Information for our operational business purposes within the preceding 12 months; and (3) the criteria we use to determine the retention period for each category of Personal Information or Sensitive Personal Information.
We collected the following categories of personal information in the last 12 months: identifiers/contact information, country, and information about your job title and organization.
We disclosed no personal information in the last 12 months.
Category of Personal Information Collected | Disclosed to Which Categories of Recipients for Operational Business Purposes | Retention Period Criteria |
---|---|---|
Identifiers such as name, postal address, online identifier, IP address, and email address |
|
We use the following criteria to determine the period of time for which we retain each category of Personal Information:
|
Personal information such as name and contact information |
|
|
Commercial information, including records of services obtained, financial details and payment information. |
|
|
Internet or other electronic network activity information, such as browsing history on our website and other interactions with our website, applications, and email communications |
|
|
Geolocation data, such as approximate location derived from IP address |
|
|
Audio, electronic, visual, or similar information, such as recordings of select events, conferences, or meetings |
|
|
Professional or employment-related information |
|
|
Below, we provide this information related to Sensitive Personal Information:
Category of Sensitive Personal Information Collected | Disclosed to Which Categories of Recipients for Operational Business Purposes | Retention Period Criteria |
---|---|---|
We also may receive additional types of personal information in the course of providing our Services, which might include:
|
|
We use the following criteria to determine the period of time for which we retain each category of Sensitive Personal Information:
|
In addition, we may disclose Personal Information (including Sensitive Personal Information) to government authorities or other parties to enforce our rights and comply with our obligations under applicable law, legal process, or government regulation.
We did not “sell,” and have not “sold,” personal information in the preceding 12 months, within the meaning of “sale” under the CCPA.
The sources of personal information and sensitive personal information from whom we collected personal data are: directly from you as a survey respondent.
The business or commercial purposes of collecting personal information are as summarized above and in our Privacy Statement under Processing Purposes.
We may use Personal Information to generate deidentified data sets. To the extent we treat data as deidentified under the CCPA, we will maintain and use that data solely in deidentified form and will not attempt to reidentify that data with any individuals, other than to assess whether the deidentification process complies with applicable law or as otherwise permitted by applicable law.
The business or commercial purpose of sharing personal information is to assist us with marketing, advertising, and audience measurement.
We do not "sell" or "share" the personal information of known minors under 18 years of age.
UPDATES TO THIS CCPA NOTICE
We may periodically update this CCPA Notice. Please reference the “Last Updated” date at the top of this page to see when it was last revised and posted. Any changes to this CCPA Notice will become effective when posted.
Shine the Light Act
Under California Civil Code section 1798.83, also known as the "Shine the Light" law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes ("California Customers") might request information about whether the business has disclosed personal information to any third parties for the third parties' direct marketing purposes. Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law. California Customers might request further information about our compliance with this law by contacting us. Please note that businesses are required to respond to one request per California Customer each year and might not be required to respond to requests made by means other than through the designated email address.
Removal of Content
California residents under the age of 18 who are registered users of online sites, services, or applications have a right under California Business and Professions Code Section 22581 to remove, or request and obtain removal of, content or information they have publicly posted.
To request that we remove such content or information, please send a detailed description of the specific content or information you wish to have removed via the Email provided in the Contact Us section. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law might not permit or require removal in certain circumstances. If you have any questions about our privacy practices with respect to California residents, please contact us.
We value the trust you place in us and are committed to handling your personal information with care and respect. If you have any questions or concerns about our privacy practices, please email our Data Protection Officer as described below in the Contact Us section.
Colorado/Connecticut/Virginia
If you live in Colorado, Connecticut, or Virginia you have some additional rights:
- If we deny your rights request, you have the right to appeal that decision. We will provide you with the necessary information to submit an appeal at that time.
- You have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. PSI does not engage in such profiling as defined by Colorado law, so there's no need to opt out.
Nevada
We do not sell your covered information, as defined under Chapter 603A of the Nevada Revised Statutes. If you still have questions about your covered information or anything else in our Privacy Statement, please contact us.
Contact Us
If you would like to contact us about our privacy practices, related matters referenced in this document, please email us at [email protected].
Attribution
This document is based on the GitHub Privacy Statement which is open source under the Creative Commons Attribution 4.0 International License.
If you spot a mistake, please contact us.
Explore Logfire.
Explore our open source packages