TextExpander Privacy Policy for California Residents
Effective Date: January 1, 2023
Last Updated on: January 1, 2023
See Previous Version (effective January 1, 2020)
Table of Contents
- Information We Collect
- Use of Personal Information
- Sharing Personal Information
- Your Rights and Choices
- Right to Know and Data Portability
- Right to Delete
- Right to Correction
- Exercising Your Rights to Know, Delete, or Correct
- Response Timing and Format
- Personal Information Sales Opt-Out and Opt-In Rights
- Non-Discrimination
- Changes to Our Privacy Policy
- Contact Information
This Privacy Policy for California Residents supplements the information contained in TextExpander’s general Privacy Policy (https://textexpander.com/privacy) and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA). Any terms defined in the CCPA or CPRA have the same meaning when used in this Policy.
If you have an individual account for the Service, when we use “you,” you are both the Customer and User of the account.
Organizations use our Service by creating accounts for one or more Teams of Users which are linked to that Organization Customer. Teams enable collaboration and can include both Organization administrators (“Administrative Users”) and employees or other individuals authorized by our Organization Customer to access and use the Service (collectively, “User(s)”). For Organization Customers, when we use “you,” we mean both all Users within the Organization and our Organization Customer. All Organizations becoming Customers after June 13, 2019 are Closed Organizations, as defined in our TOS. At our discretion, and until further notice, we will continue to make the Service available to Legacy Organization Customers per our TOS.
The CCPA and CPRA only apply to certain businesses. To the extent it applies to us, this policy describes your rights and our online practices regarding personal information.
Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information“). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information (e.g., showing a prospective customer aggregated data on the number of Snippets expanded).
- The processing and handling of all information which is not personal information (“Content”) through the Service, which is governed by a separate agreement (“Terms of Service” or “TOS”).
- Any third party applications or software that integrate with the Service through the TextExpander platform (“Third Party Services”), or any other third party products, services, business files or other information submitted through Service accounts (collectively, “Third Party Data”).
- Personal information collected by an employer from job applicants and employees used solely within the employment context.
- Information excluded from the CCPA’s scope, like:
- personal information covered by certain sector-specific privacy laws, such as the Fair Credit Reporting Act (FCRA).
In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
Category | Examples | Collected |
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | YES |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | NO |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | NO |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | YES |
G. Geolocation data. | Physical location or movements. | NO |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | NO |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | YES |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
K. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO |
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete or products and services you purchase.
- Indirectly from you. For example, from observing your actions on our Website.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our Services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase Services, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide, support, personalize, and develop our Services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To help maintain the safety, security, and integrity of our Service, databases and other technology assets, and business.
- For testing, research, analysis, and development, including to develop and improve our Services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA and CPRA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about you is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, Company has disclosed personal information for a business purpose to the categories of third parties indicated in the chart below.
We do not sell personal information. In the preceding twelve (12) months, Company has not sold personal information. For more on your personal information sale rights, see Personal Information Sales Opt-Out and Opt-In Rights.
Personal Information Category | Category of Third-Party Recipients | |
Business Purpose Disclosures | Sales | |
A: Identifiers. | First and last name, email address, password used to identify Users on the Website | None |
B: California Customer Records personal information categories. | None | None |
C: Protected classification characteristics under California or federal law. | None | None |
D: Commercial information. | None | None |
E: Biometric information. | None | None |
F: Internet or other similar network activity. | Internet Protocol (IP) address, browser type/settings, web page visited immediately before visiting our Website, how and when Service is/was used | None |
G: Geolocation data. | None | None |
H: Sensory data. | None | None |
I: Professional or employment-related information. | Current job position and employer information | None |
J: Non-public education information. | None | None |
K: Inferences drawn from other personal information. | None | None |
We also use our own and third party cookies and other similar tracking technologies in our Website and Service. These technologies may collect personal information about you across other websites and online services. For further information, please refer to our cookie policy.
Details on the business purposes of our disclosing personal information, and third parties we disclose that information to, can be found on our List of Data Processors page.
Your Rights and Choices
The CCPA and CPRA provide consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA and CPRA rights and explains how to exercise those rights.
Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
- If we disclosed your personal information for a business purpose, a separate list disclosing:
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know, Delete, or Correct), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug the Services to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation. For more information, please refer to our Data Request Policy.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action. We will also disclose to you that we will maintain a record of this the request as required by the CCPA and CPRA. Please note that you may only submit a request to delete twice within a 12-month period.
Right to Correction
You have the right to request that we correct any errors in your personal information that we collected from you and retained, subject to certain exceptions (the “right to correction”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know, Delete, or Correct), we will review your request to see if a correction if necessary. We may deny your correction request if correcting such information is not possible, would involve disproportionate effort to correct, of if you are improperly seeking correction of accurate information.
Exercising Your Rights to Know, Delete, or Correct
To exercise your rights to know or delete described above, please submit a request by sending us a “verifiable consumer request” showing you are requesting your own personal information. If you have an account with us, you may submit the request through our interactive webform at https://textexpander.com/contact. We will verify your request by password and other information we use to authenticate your access to the Service. We will also require that you re-authenticate yourself before we disclose any of your personal information to you. Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
- Two to three pieces of personal information (depending on the circumstances) that we will attempt to match to information in our possession; and
- A signed declaration under penalty of perjury that the person making the request is requesting their own personal information.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You do not need to create an account with us to submit a request to know or delete. If you do not have an account with us, please submit your request to: Privacy@TextExpander.com.
We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.
Response Timing and Format
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact Privacy@TextExpander.com.
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
We do not and will not sell your personal information to any third parties. Additionally, as we prohibit the use of this Service by anyone under 16 years of age, we do not and will not sell the personal information of anyone under 16 years of age.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA or CPRA rights. Unless permitted by the CCPA or CPRA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Changes to Our Privacy Policy
We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated notice on the Website and update the notice’s effective date. To the extent we are not relying on your consent to process or share your personal information, your continued use of our Website and Services following the posting of changes constitutes your acceptance of such changes. If we deem the changes to be material, we will give you thirty (30) days’ advance notice via email before the changes takes effect and, if required by applicable law, will seek your consent.
Age Limitations
As fully as prohibited by applicable law, we do not allow use of the Service and Website by any persons less than 16 years of age. If you learn that anyone younger than 16 years of age has unlawfully provided us with personal information, please inform us immediately and we will delete such information as soon as practicable.
A note for Organization Users: our Organization Customer, and/or its Administrative or other Users, may be able to use the Service to modify or restrict access to that portion of any personal profile you may create which does not constitute personal information. As those rights can vary with the Organization, please check with our Organization Customer. Personal profiles are optional, and we limit the information in such personal profiles to first and last name, creation date, and any Gravatar you may choose to use.
Content
While Content is not Personal information and does not apply to this Policy, we want to dispel your potential any potential concerns you may have. Under no circumstances will we view your Content unless you freely give your consent, or we are otherwise under a legal obligation to do so, such as identifying a potential violation of our TOS.
Data Retention
We’ll retain your personal information while you are a User of the Service, and after, as needed for the purposes described in this Policy and our Sub-processor page, including our legitimate business interests, to perform our contract, to comply with our legal obligations and to enforce our rights. When no longer needed for these purposes, we will delete or deidentify your personal information. For further information about our policies governing the retention or deletion of Content, check outplease refer to our TOS.
Security – Personal Information
TextExpander employs industry standard security practices and implements security-oriented technical and organizational measures, including regular third party reviews. Our policies and practices are informed by guidance from the Cloud Security Alliance and other sources, and we require certifications from all of our primary processors.
Contact Information
If you have any questions or comments about this notice, the ways in which TextExpander collects and uses your information described here, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Website: TextExpander.com
Email: Privacy@TextExpander.com
Postal Address:
TextExpander, Inc.
Attn: Privacy
548 Market St, #37453
San Francisco, CA 94104
If you need to access this Policy in an alternative format due to having a disability, please contact Privacy@TextExpander.com.
Governing Law
The Website and Service are operated in the United States and your personal information is stored on servers in the United States. The internal laws of the State of Delaware, without regard to conflict of laws principles, and the federal laws of the United States law shall govern in any and all disputes, including, but not limited to, privacy and defamation, except as otherwise provided by the CCPA and CPRA.
This is our second privacy policy regarding the CCPA and CPRA, the latter of which goes into effect January 1, 2023.
Our initial privacy policy regarding the CCPA was in effect from January 1, 2020 through December 31, 2022.