CircleCI Privacy Policy

This Privacy Policy is effective as of May 1, 2018.

Circle Internet Services, Inc. dba CircleCI, a Delaware corporation (“CircleCI”, “we” or “us”) provides this Privacy Policy to inform users of our website at http://circleci.com (including all subdomains, the “Website”) and our software-as-a-service platform (the “Service”) of our policies and procedures regarding the collection, use and disclosure of personal data and other information. This Privacy Policy explains what data we collect when you use the Website and/or the Service, why we collect the data, how it is used and your rights and choices.

While providing our Service, we may collect information about our customers’ Users on behalf of our customers. Our use of information on behalf of our customers is governed by our agreement with the applicable customer and the customer’s own privacy policies. We cannot control and are not responsible for the privacy policies or privacy practices of our customers or any other third parties.

CircleCI complies with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (“Frameworks”) as set forth by the U.S. Department of Commerce regarding the processing of personal data transferred from the EU and Switzerland to the U.S., respectively (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway). CircleCI has certified that it adheres to the Privacy Shield Principles (described below). If there is any conflict between the policies in this Privacy Policy and the EU or Swiss Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Frameworks and to view our certification page, please visit https://www.privacyshield.gov/. Please go to the “Privacy Shield” section below for more information on how we comply with the Privacy Shield Frameworks.

By using or accessing the Website or the Service and providing us with your Personal Data, you are accepting the practices described in this Privacy Policy, and you are consenting to our processing of your data as set forth in this Privacy Policy now and as amended by us (for information on how we may change our Privacy Policy, please read the “Privacy Policy Changes” section below). If you have any questions or comments about this Privacy Policy or our use of your Personal Data, please contact us.

Information We Collect And How We Use It

I. Personal Data That You Provide To Us

When you interact with the Website or the Service, CircleCI may gather information that, alone or in combination with other information, could be used to identify you (“Personal Data”), as described below. If you are an EU data subject, please see the “EU Data Subject” section below for information on your rights in relation to the Personal Data we hold about you.

a) Personal Data used to provide the Service and respond to requests

When users sign up for the Service, users are required to authenticate with their version control system identity (GitHub or Bitbucket). When users log in to the Service using sign-in services such as OAuth (for example, login with a GitHub account), these services will authenticate a user’s identity and provide the user with the option to share certain Personal Data, such as name and email address(es), with us. If you purchase one of our paid plans, we will also collect payment and billing information such as credit card details and billing address. We use this data to provide you with access to the Service and/or the Website, contact you regarding your access and use of the Service and/or the Website or to notify you of important changes to the Service. For EU data subjects, such use is necessary for the performance of the contract between you and us.

On some sections of the Website, you may complete a web form to give your Personal Data to us directly, such as on our “Contact Us” page. We also collect Personal Data (such as your name and contact details, phone number) when you request information, including a product demo, ask to download content (such as white papers), register for a webinar or other event, or subscribe to email lists. We will use your contact information to respond to your request. For EU data subjects, such use is necessary to respond to or implement your request. If you send us a request or question regarding the use of the Service (for example via a support email or via one of our feedback mechanisms), we may publish it (in anonymous form only) in order to help us clarify or respond to your request or to help us support other users.

CircleCI collects Personal Data that you provide through the Service only insofar as is necessary or appropriate to fulfill the purpose of your interaction with CircleCI, such as providing you with the Service and/or answering any requests regarding the Service as described above. You can always refuse to supply Personal Data, however doing so may prevent you from accessing the Service or engaging in certain activities on the Website or the Service.

b) Personal Data used to process applications for employment

When you submit a job application through the Website, we will collect your resume and any additional information that you elect to provide to us, including but not limited to employment history and education. We will use your contact details and data about your employment history and education to conduct job interviews, evaluate your application, and as is otherwise needed for recruitment. For EU data subjects, this use is necessary to respond to your request to process your application for employment.

c) Personal Data used for marketing

We will use your email to tell you about your Service usage, new features, solicit your feedback, or just keep you up to date with what’s going on with CircleCI and our products, upcoming events or other promotions. If you change your mind about receiving information from us or about the use of information volunteered by you, please send us a request specifying your new choice. Please contact us as specified under the “Contact Us” section. You may also choose to opt out of receiving such emails by following the unsubscribe instructions included in these emails, or by accessing the email preferences in your account settings page. If you download content from the Website, we may also use your phone number to contact you directly by phone, in connection with such new products and services, upcoming events or other promotions.

Where required by applicable law (for example, if you are an EU data subject), we will only send you marketing information by email or mail, or contact you by phone, if you consent to us doing so. When you provide us with your consent to be contacted for marketing purposes, you have the right to withdraw your consent at any time by following the instructions to “opt-out” of receiving marketing communication in each marketing email we send you. In addition, if at any time you do not wish to receive future marketing communications or wish to have your name deleted from our mailing or calling lists, please contact us at privacy@circleci.com. Please note that if you opt out from marketing communications, we may still contact you regarding issues related to our Service and to respond to your requests.

II. Automatically Collected Information

Like most hosted service operators, CircleCI collects information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site and the date and time of each visitor request and store it in log files. CircleCI also collects Internet Protocol (“IP”) addresses, which can be used to identify the location from which your computer is connecting to the Website, for providing the Service and for support purposes.

CircleCI also collects statistics about the behavior of visitors to the Website and the Service through cookies and similar technologies. We also allow some others to use cookies as described in the “Cookies” section below. CircleCI’s purpose in collecting such information is to better understand how CircleCI’s visitors use the Website and the Service and to improve your access to and use of the Website and the Service.

Use of such automatically collected information is necessary for the performance of the contract between you and us, to the extent we process information that is needed for providing the Service and for support purposes, or is in our legitimate interest in understanding how the Service is being used by you and enhancing your experience on our Website and on the Service.

III. Information We Process On Behalf Of Our Customers

In providing the Service to our customers, we process on behalf of customers certain information that may include Personal Data, relating to customers’ employees, contractors or other users (“Users”) they transmit or otherwise submit to our Service. While our customers or Users decide what data to submit, this information typically includes email address and information relating to tests results.

CircleCI collects, aggregates, and stores metrics and data relating to, generated by, provided in connection with, or derived from customers’ use of the Service (“Usage Data”) in order to provide, maintain, support, enhance, develop and improve the Service and CircleCI’s service offerings. CircleCI will not disclose individual metric or usage data other than in an aggregated and de-identified form. For EU data subjects, this use of your Personal Data is necessary for our legitimate interests in understanding how the Service is being used by you and to improve your experience on it.

Data Retention

We will retain Personal Data that our customers provide to us through the Service for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. We will retain Personal Data that we process on behalf of our customers for the duration set forth in the applicable customer contract or as otherwise instructed by the customer.

Bulletin Boards/Chat Rooms

If you submit a post or participate in a discussion on a bulletin board or chat room on the Website or the Service, you should be aware that any Personal Data you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the Personal Data you choose to submit in these forums.

Disclosure Of Personal Data

CircleCI discloses Personal Data only to those of its employees, contractors, and service providers that (1) need to know that data in order to perform certain services and functions on CircleCI’s behalf and (2) have agreed to data protection and confidentiality obligations requiring to protect data. Third-party service providers include: (i) providers of payment processing, customer support services and hosting (which support us in the provision of the Service and maintenance of the Website), (ii) web analytics service providers (which help us collect statistics and other information, including through cookies, about the behavior of users of the Website and the Service - for more details, please see the “Use of cookies” section below); (iii) marketing and sales automation tools that allow us to manage marketing and sales processes; (iv) phone and chat communication tools that allow us to communicate with prospects and customers; (v) integration tools that allow us to capture data in one platform and send it to another; (vi) survey and poll tools that allows us to capture information about our Service or Website; and (vii) event and meeting platforms that allow us to host and manage virtual and in-person events. Pursuant to our instructions, these parties may access, process or store Personal Data in the course of performing their duties to us and only as necessary to provide the services we request.

CircleCI may also disclose Personal Data when required to do so by law, such as to comply with a subpoena, bankruptcy proceedings, or similar legal process, or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or when CircleCI believes in good faith that disclosure is reasonably necessary to protect the property or rights of CircleCI, third parties, or the public at large.

CircleCI may disclose Personal Data in connection with a merger, acquisition, or sale of all or a portion of its assets (a “Corporate Transaction”). If CircleCI is involved in a Corporate Transaction, you will be notified either via email and/or a prominent notice through the Service of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data or we will require any such buyer to agree to treat your Personal Data in accordance with this Privacy Policy.

EU Data Subjects

Scope: This section applies if you are an EU data subject (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein, Norway and, where applicable, Switzerland).

Data Controller: CircleCI is the data controller of Personal Data provided to, or collected by or for, our Website and the Service, but we may act as data processor on behalf of our customers for Personal Data that we process on their behalf when providing the Service.

Your Rights: Subject to applicable law, you have the following rights in relation to your Personal Data:

  • Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies of the data, we may need to charge a reasonable fee.
  • Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
  • Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
  • Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
  • Right to data portability: Effective 25 May 2018, you have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  • Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so if we are processing your Personal Data for direct marketing and otherwise. However, if we are relying on a legitimate interest to process your Personal Data and we demonstrate compelling legitimate grounds for the processing we may continue.
  • Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, that produce a significant legal effect on you, unless such profiling in necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent.
  • Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to unsubscribe.
  • Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

You may exercise your rights by contacting us as indicated under “Contact Us” section below.

Legitimate Interest. “Legitimate interests” means the interests of CircleCI in conducting and managing our organization. For example, we have a legitimate interest in processing your Personal Data to analyze how the Website and the Service are being used by you, and to ensure network and information security, as described in this Privacy Policy. When we process your Personal Data for our legitimate interests, we make sure to consider and balance any potential impact on you, and your rights under data protection laws. Our legitimate interests do not automatically override your interests. We will not use your Personal Data for activities where our interests are overridden by the impact on you, unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests. For more information on your rights, please see “Your Rights” section above.

Data Transfers. We rely on the EU-U.S. and Swiss-U.S. Privacy Shield certification to transfer Personal Data and other information that we receive from the EU and Switzerland to CircleCI in the U.S. (for more information, please read the “Privacy Shield” section below).

Data Retention: We will keep your Personal Data only for as long as is reasonably necessary for the purposes outlined in this Privacy Policy, or for the duration required by law, whichever is the longer.

Privacy Shield

We rely on our Privacy Shield certification to transfer Personal Data and other information that we receive from the EU and Switzerland to CircleCI in the U.S. and we process this data in accordance with the Privacy Shield Principles of Notice and Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability (“Privacy Shield Principles”), as described below.

Notice And Choice: This Privacy Policy provides notice of the Personal Data collected and transferred under the Privacy Shield and the choice that you have with respect to such Personal Data. It also provides information about other Privacy Shield Principles that are set forth below. When we process Personal Data collected through the Service on behalf of our customers, the customer will be responsible for providing appropriate notice and choice to its Users, as the customer controls the Personal Data it has submitted to our Service. Except as required or permitted by applicable law, we honor all customers’ requests from their Users to limit use or disclosure of Users’ Personal Data.

Accountability for Onward Transfers: We may be accountable for the Personal Data we receive under the Privacy Shield that we may transfer to third-party service providers (as described in the “Disclosure of Personal Data” section above) if they process Personal Data in a manner inconsistent with the Privacy Shield Principles and we are responsible if they do so and for the harm caused.

Security: We maintain security measures to protect Personal Data as described in the “Security” section of this Privacy Policy.

Data Integrity and Purpose Limitation: We will take reasonable steps to ensure that Personal Data is reliable for its intended use, and that it is accurate, complete and current for as long as long as we retain it. We will keep your Personal Data only for as long as is reasonably necessary for the purposes described in this Privacy Policy, or for the duration required by law or our customer agreement, whichever is the longer.

Access: You have certain rights to access, correct, amend, or delete Personal Data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles. When we process Personal Data on behalf of our customers, the customer will be responsible to respond to requests for exercising your rights. We honor all customers’ requests from their Users to access, correct, amend, or delete Personal Data.

Recourse, Enforcement, Liability: In compliance with the EU-US and Swiss-US Privacy Shield Principles, CircleCI commits to resolve complaints about your privacy and our collection or use of your Personal Data. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact CircleCI as follows:

  • Email: privacy@circleci.com
  • Phone: +1-800-585-7075
  • Postal Mail:
    Circle Internet Services, Inc.
    Attention: Privacy
    201 Spear Street, Ste 1200
    San Francisco, CA, 94105

CircleCI has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

If your complaint is not resolved through these channels, under certain conditions a binding arbitration option may be available before a Privacy Shield Panel. For additional information, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to Personal Data received or transferred pursuant to the Frameworks.

Cookies

We and our partners use cookies or similar technologies to optimize the functionality of the Website, help us understand how the Website is used and provide you with interest-based advertising based upon a user’s browsing activities and interests. For more information about the cookies and similar technologies used on our Website, please refer to our Security page.

Links to Other Websites

This Privacy Policy applies only to the Website and the Service and not to any third-party sites or hosted services you may find or access through our Website. If you submit Personal Data to any of those sites or services, your information will be governed by their privacy policies. We encourage you to carefully read the privacy policy of any site you visit or hosted service you use.

Social Media Widgets

The Website and the Service may include social media features, such as the Twitter button, and widgets, such as the Share this button or interactive mini-programs. These features may collect your IP address, which page you are visiting on the Website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Website or the Service. Your interactions with these features are governed by the privacy policy of the company providing it.

Do Not Track

Currently, various browsers - including Internet Explorer, Firefox, and Safari - offer a “do not track” or “DNT” option that relies on technology known as a DNT header, which sends a signal to the websites visited by the user about the user’s browsers DNT preference setting. CircleCI does not currently commit to responding to browser’s DNT preference across its Sites and Services, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent. CircleCI takes privacy and choices regarding privacy seriously and will make efforts to continue to monitor the development around DNT browser technology and the implementation of a standard for DNT.

Security

We take precautions to ensure the security of your Personal Data. We follow generally accepted standards to protect the Personal Data submitted to us, both during transmission and once we receive it. When you enter your login information on the Service, all information to and from the service is encrypted using Transport Layer Security (TLS). For more information on our data security policies, please check here.

That said, like any hosted service provider, we cannot guarantee that unauthorized third parties or unauthorized personnel will not gain access to your Personal Data despite our efforts. You should note that in using the Website and the Service, your information will travel through third-party infrastructures which are not under our control.

We cannot protect, nor does this Privacy Policy apply to, any information that you transmit to other users of the Website or the Service. You should never transmit personal or identifying information to other users.

If you have any questions about security on the Website or the Service, you can contact us.

Privacy Policy Changes

Although most changes are likely to be minor, CircleCI may change its Privacy Policy from time to time, and in CircleCI’s sole discretion. If we make any material changes to this Privacy Policy, we will either notify you by email (sent to the email address specified in your account) or by means of a notice on the Website and/or within the Service prior to the change becoming effective, or as otherwise required by the applicable law. We encourage you to periodically review the Website for the latest information on our privacy practices. Your continued use of the Website and the Service after any change in this Privacy Policy takes effect will constitute your acceptance of such change.

Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

Circle Internet Services, Inc.
201 Spear Street, Ste 1200
San Francisco, CA, 94105
Phone: +1-800-585-7075
Fax: +1-415-358-4017
Email: privacy@circleci.com

Thank You for Submitting Your Info


You should receive an automated response notifying you that we received your info. Someone from our Enterprise team will be reaching out to you shortly.


CircleCI Success Logo