Learn from Figma, Amplitude, Twilio, and other leading product teams on October 26-27.
Last Updated: October 2021
We may provide “just-in-time” disclosures or additional information about our data collection, use and sharing practices of specific services. These notices may supplement or clarify ProductBoard’s privacy practices or may provide you with additional choices about how ProductBoard processes your personal information.
If you do not feel comfortable with any part of this Policy, you should cease using our Websites and Services.
The ProductBoard Group is committed to protecting the privacy of individuals who interact with us. This Policy applies to the personal information we collect and use for our own purposes (i.e., as a “data controller”).
We provide this Policy to explain the ways in which we collect, use, and share personal information about individuals who:
For purposes of this Policy “Websites”, shall refer collectively to www.productboard.com, portal.productboard.com as well as the other websites that the ProductBoard Group operates and that link to this Policy, the term “Services” shall refer to our on-demand product excellence system, and tools and services made available from the Websites. The term “Subscriber” refers to an individual that has agreed to our Terms of Service, available at: https://legal.productboard.com/terms, or such other applicable agreement between you and any member of the ProductBoard Group relating to access and use of our Services (“Services Agreement”), including an individual representing the Subscribing company. The term “Account” refers to a ProductBoard account or instance created by or on behalf of a Subscriber within the Services. The term “Users” shall refer to the individuals authorized to use our Services through a Subscriber’s Account.
In this Policy, “personal information” means information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, including by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity.
Account and Registration Information. If you are Subscriber, we must process certain personal information about you such as name, address, phone number, email address, instant messaging ID, and credit card information to provide our Services (collectively “Account Information”), and name or alias for each of your Users. By voluntarily providing us with this information, you represent that you are the owner of such personal information or are otherwise authorized to provide it to us, specifically, if you as a Subscriber provide us information related to the User, you represent that the User has not objected to such processing. We use a third-party intermediary is used to manage credit card processing.
User Information. We collect certain information automatically from Users through cookies and other tracking technologies when they use a Subscriber’s Account, subject to the applicable law’s consent requirements. We use this information to improve our services. In relation to all of the information that Users voluntarily provides when working in a Subscriber’s Account, the Subscriber is the data controller and we are a data processor.
We partner with third parties to either display advertising on the Websites or to manage our advertising on other sites. Our third-party partners may use technologies such as cookies to gather information about your activities on our Websites and other sites in order to suggest advertisements based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the EEA or the United Kingdom click here). Please note this does not opt you out of being served ads and you will continue to receive generic ads.
Logs. As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and Services. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information. Occasionally, we connect personal information to other information gathered in our log files as necessary to improve our Websites and Services. In such a case, we would treat the combined information in accordance with this Policy.
Session Replay Scripts. On our Services we may also use session replay scripts provided by third-party analytics service providers to better understand our users’ needs and to optimize our Services and user experience. These website analytics tools provide us heatmaps, session recordings of your activities on the Services, form analytics, feedback campaigns, and similar features and functionalities, including to assist in website debugging and customer service matters. Our session replay script providers may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, and other metadata such as IP address or device type. If you would like to opt-out of the use of session replay technologies on our websites, you may do so at any time by visiting FullStory at https://www.fullstory.com/optout/ or Hotjar at https://www.hotjar.com/legal/policies/do-not-track/.
Do Not Track. Some Internet browsers, like Internet Explorer, Firefox, and Safari, include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT” signals have not been adopted, our Websites do not process or respond to “DNT” signals.
Single Sign-On. You can log into certain Services using sign-in services such as Google Authentication or SAML. These services will authenticate your identity, without the need to sign in with a username and password combination.
We process your personal information to:
For individuals who are located in the European Economic Area, the United Kingdom or Switzerland or Brazil) at the time their personal information is collected, our legal basis for processing your information under the applicable laws will depend on the personal information at issue, the specific context in the which the personal information is collected and the purposes for which it is used. We generally only process your personal information where we are legally required to, where processing is necessary to perform any contracts we entered with you (or to take steps at your request prior to entering into a contract with you), where processing is in our legitimate interests to operate our business and not overridden by your data protection interests or fundamental rights and freedoms, or where we have obtained your consent to do so. In some rare instances, we may need to process your personal information to protect your vital interests or those of another person.
We process your information for the purposes described in this Policy, based on the following legal grounds:
(i) When we are pursuing legitimate interests.
(ii) When we are providing a service pursuant to a contract.
(iii) When we are complying with legal obligations
(iv) With your consent.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to Contact Us” heading below.
We take care to allow your personal information to be accessed only by those who really need access in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. We may share personal information about you with third parties in the following circumstances.
We maintain (and require service providers to maintain) generally accepted, reasonable, and appropriate standards to protect your personal information, both during transmission and once it is received. For example, we employ physical access controls, encryption, Internet firewalls, intrusion detection and network monitoring depending on the nature of the information and the scope of processing. In deciding what is reasonable and appropriate we take into account the risks involved and the nature of the information. However, no security procedures or protocols are ever guaranteed to be 100% secure. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
If you have any questions about the security of your personal information, you can contact us at email@example.com.
We primarily store personal information about Website Visitors and Subscribers within the European Economic Area (the “EEA”) and in the United States. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which the ProductBoard Group has operations. If and when transferring your personal data from the EEA, United Kingdom or Switzerland, or via an onward transfer we rely on the Standard Contractual Clauses adopted by the EU Commission as appropriate safeguards.
We will protect your personal information in accordance with this Policy wherever it is processed and will take appropriate contractual or other steps to protect the relevant personal information in accordance with applicable laws. We contractually obligate recipients of your personal information to agree to at least the same level of privacy safeguards as required under applicable data protection laws.
For residual Privacy Shield disputes that cannot be resolved by the methods above, you may be able to invoke a binding arbitration process under certain conditions. To find out more about the Privacy Shield’s binding arbitration scheme, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
If we have received your personal information under the Privacy Shield and subsequently transfer it to a third party service provider for processing, we will remain responsible if they process your personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
The Federal Trade Commission has investigation and enforcement authority over our compliance with the Privacy Shield.
Productboard maintains its participation in the Privacy Shield framework and continues to adhere to all core Privacy Shield privacy principles that support any approach to data transfers.
Marketing Communications. If you do not want to receive marketing email communications from us, you can opt-out by clicking on the “unsubscribe” link located on the bottom of our marketing emails or you may send a request to firstname.lastname@example.org.
Right to Correct or Update Your Information. You may request that we correct or update any inaccurate or incomplete personal information by contacting email@example.com. Subscribers to our Services may update or change their Account Information at any time by editing their profile or organization record or by contacting firstname.lastname@example.org for more detailed instructions.
Additional Rights for Certain Territories: If you reside in certain territories (such as the European Economic Area, Switzerland, the United Kingdom. Japan or Brazil), you may have the right to exercise certain privacy rights available to you under applicable law. If any of the rights listed below are not provided under law for your jurisdiction, we have the absolute discretion in providing you with those rights.
Your personal information rights are not absolute. Depending upon the applicable law, access to your rights under the applicable law may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another’s privacy; (c) to protect our rights and properties; (d) where the request is frivolous or vexatious, or for other reasons.
To assert your privacy rights, please email email@example.com. Please note that to protect your privacy and security, we must be able to verify your identity before we can process your request to exercise any of the privacy rights that you may be entitled to under the applicable law. We may conduct the verification process by email or phone, and we may ask you to provide information such as your name, contact information, and any additional relevant information based on your relationship with us. You may also use an authorized agent to submit a request to opt out on your behalf if you provide the authorized agent signed written permission to do so.
You may have other privacy rights if you are a California Residents, see our “Notice to California Residents” section below for more information.
Rights and Choices where ProductBoard Acts as a Processor: An individual who seeks access to, or who seeks to correct, amend, or delete inaccuracies in personal information stored or processed by us on behalf of a Subscriber should direct his/her query to the Subscriber (the data controller).
Social Media Accounts
This notice to California residents is provided under California law, including the California Consumer Privacy Act (“CCPA”), Cal. Civ. Code 1798.100, et seq.. The information provided below relates to the personal information, the ProductBoard Groups process as a data controller, which is known as a “business” under the CCPA. If you are a California resident, this Section applies to you in addition to the rest of this Policy.
Categories of Personal Information Collected. In the preceding 12 months, we have collected the following categories of personal information: identifiers (such as your name and contact information); commercial information (such as information about products or services you have purchased); internet or other electronic network activity information (such as your IP address, device identifier, and other information captured by online tracking technologies); and inferences drawn from the information collected about you. When you purchase a product or service from us, we may also collect information described in Section 1798.80(e) of the California Civil Code (such as signature and credit/debit card number). For examples of the precise data points we collect and the categories of sources of such collection, please see Sections 3, 4, and 5 of this Policy.
Business or Commercial Purpose for Collecting and Using Personal Information. We collect the categories of personal information described in this Section for the business or commercial purposes described in Section 6 of this Policy.
Categories of Personal Information Disclosed and Categories of Recipients. In the preceding 12 months, we have disclosed the following categories of personal information for business or commercial purposes to the following recipients:
We may also share the above categories of information with government entities as may be needed to comply with our legal obligations or prevent illegal or fraudulent activity.
Your Rights. For personal information collected by us during the preceding 12 months preceding your request that is not otherwise subject to an exception, California residents have the right to access and delete their personal information. We will not discriminate against those who exercise their rights. You have the right to (a) opt out of any sales of personal information that may be occurring; and (b) not be discriminated against for exercising these rights.
Sale of Personal Information. If you are a California resident, you have the right to “opt out” of the “sale” of your “personal information” to “third parties” (as those terms are defined in the CCPA). To submit a request to opt out of the sale of your personal information, you may visit our “Do Not Sell My Personal Information” page or send an email to firstname.lastname@example.org with the subject line “Do Not Sell My Info.”
If you are a California resident and you would like to exercise your rights described in this Policy, you can submit your request by emailing us at: email@example.com with the subject line “CCPA Rights.”
We do not knowingly collect any personal information from children under the age of 16. If you are under the age of 16, please do not use or submit any personal information through our Websites or Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the Websites or Services without parental permission. If you have reason to believe that a child under the age of 16 has provided personal information to us through the Websites or Services, please contact us at firstname.lastname@example.org, and we will use commercially reasonable efforts to delete that information.
If you have questions regarding this Policy or about the privacy practices of ProductBoard, please contact us by email at email@example.com, or at: ProductBoard, Inc., Attn: Privacy Officer, 612 Howard Street, 4th floor, San Francisco, CA 94105, United States of America.
If you are located in the EU, you may contact us at: ProductBoard s.r.o., Czech company with Id. No. 07323301, or via email at firstname.lastname@example.org.