Effective January 1, 2023.
See Previous Version (Effective October 5, 2022)
This Policy applies to the Service – TextExpander’s system for creating, editing, and administering short abbreviations (“Snippets”) which expand into larger pieces of text, images, and/or scripts, and TextExpander’s software used to perform expansion on specific platforms, including https://textexpander.com (the “Website”). If you do not agree with its terms, do not access or use the Service.
TextExpander, Inc. (“us” or “we”) collects, uses, and discloses certain information when providing the Service.
This Policy applies to:
- personal information that either does or could be used to identify you, such as name, email or device identifier (“Personal Data”).
- all users within any business entity (“Organization”) or individual (each a “Customer”) who has contracted to use the Service.
This Policy does not apply to:
- the processing and handling of all information which is not Personal Data (“Content”) through the Service, which is governed by a separate agreement (“Terms of Service” or “ TOS”).
- any third party applications or software that integrate with the Service through the TextExpander platform (“Third Party Services”), or any other third party products, services, business files or other information submitted through Service accounts (collectively, “Third Party Data”).
- aggregated or de-identified data that can’t be used to identify any natural person, which we may use for any legitimate business purpose, such as showing a prospective customer aggregated data on the number of Snippets expanded.
If you have an individual account for the Service, when we use “you”, you are both the Customer and User of the account.
Organizations use our Service by creating accounts for one or more Teams of Users which are linked to that Organization Customer. Teams enable collaboration and can include both Organization administrators (“Administrative Users”) and employees or other individuals authorized by our Organization Customer to access and use the Service (collectively, “User(s)”). For Organization Customers, when we use “you,” we mean both all Users within the Organization and our Organization Customer. All Organizations becoming Customers after January 1, 2023 are Type 3 Closed Organizations, as defined in our TOS. We will continue to make the Service available to legacy Type 1 and 2 Organization Customers per our TOS.
What Personal Data does TextExpander collect and receive?
We collect Personal Data in the following ways:
- Data you provide to us. When you use the Service or visit the Website. For example, we request information needed to create, update or access your account consisting of your email address, first and last name, and password (“Subscriber Information”). You don’t need to provide us with Subscriber Information, but without it you will not be able to use the Service. For all paid subscriptions, Customers directly provide our PCI-compliant payment processors billing details such as credit card data, banking information and billing address. We do not store payment data.
- Data we get from third parties. We may collect your Personal Data from trusted third parties such as marketing or research partners, which helps us better understand your needs and personalize your experience with the Service. For example, we show your image from Gravatar, if available.
A word about Content: While Content isn’t Personal Data and doesn’t apply to this Policy, we want to allay your potential concerns. We will not view your Content unless you freely consent or we must comply with a legal obligation, such as identifying a potential violation of our TOS.
How do we use your Personal Data?
We may or will use Personal Data, including Subscriber Information, to operate our Service, to set up your account, and to validate your access to the Service, to manage our business relationship, to perform our contract and to further our legitimate interests in operating the Service, such as:
- To provide, maintain, enhance and protect the Service, such as trouble-shooting technical issues
- To notify you of Service changes.
- To respond to your questions, requests, or comments.
- To retain a trusted environment by detecting and preventing security issues, abuse or violations of our TOS and notify you about important security or fraud issues.
- To handle billing or other matters, we may need to send invoices or communications about account management,
- To comply with applicable law, legal process, or regulation.
- To measure and improve advertising and marketing
- To develop new productivity tools and features by identifying organizational trends and best practices based on usage history or predictive models.
The communications and actions directly above are part of the Service, and you cannot opt out of them.
We may email you promotional materials, such as new product features.
The communications and actions directly above are optional, and you may opt out of these at any time.
How do we share Personal Data?
Our Organization Customers may have their own policies for their sharing of Personal Data within or outside of their Organization and we cannot control how they or any third parties share same. For example, with single sign on, your Organization controls your sign on identifier and its additional use may be subject to the Organization’s policies. When you access the Service, Administrative and other Organization Users may be able to access your Personal Data, for example your name as the editor of a group of snippets.
We will or may share your Personal Data as follows:
- Upon demand or lawful request from law enforcement agencies, lawyers, or others authorized to issue legal process, if we reasonably believe disclosure is required by applicable law, regulation or legal process. Please see our Data Request Policy.
- To protect and enforce TextExpander’s property, business, rights, agreements and policies or to investigate or prevent fraud or security matters.
- If and when our Customer has permitted Users to access Third Party Services. Please check the privacy settings and policies of Third Party Services to see how they may affect you.
- With our identified sub-processors
- With an actual or potential buyer (and its advisors) who has offered, or will be offering to purchase, merge or acquire any part of our business, subject to standard confidentiality and nondisclosure provisions.
- With others when you have consented.
TextExpander does not sell or rent your Personal Data. We don’t share it with third parties for their own advertising purposes.
We share your Personal Data with companies who process data on our behalf. Our service providers and business partners, the purposes for which they are processing Personal Data, the legal bases for same, and the type of Personal Data we share with them are listed on our Subprocessor page which we encourage you to review.
Our Service Providers are required to agree to strict data protection requirements in keeping with this Policy and the European Union’s General Data Protection Regulation (“GDPR”).
We’ll retain your Personal Data while you are a User of the Service, and after, as needed for the purposes described in this Policy and our Sub-processor page, including our legitimate business interests, to perform our contract, to comply with our legal obligations and to enforce our rights. When no longer needed for these purposes, we’ll delete or anonymize your Personal Data.
For information about our retention or deletion of Content, check out our TOS.
Security – Personal Data
TextExpander employs industry standard security practices and implements security-oriented technical and organizational measures, including regular third party reviews.
As fully as prohibited by applicable law, we do not allow use of the Service and Website by any persons less than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with Personal Data, please tell us and we’ll delete that information.
What are your rights to Personal Data?
Statutory Rights of EU and UK residents
Our Users located in certain parts of Europe are protected by the General Protection Data Regulation (“GPDR”) or, for Users located in the United Kingdom (the “UK”), the retained EU law version of the GDPR along with the UK’s Data Protection Act 2018 (collectively, the “UK GDPR”). Similarly, Brazil’s General Data Protection Law (Lei Geral de Proteção de Dado (“LGPD”) protects Users located in Brazil. Subject to GPDR’s, UK GDPR’s or LGPD’s exemptions, each such User may have rights to:
- learn what Personal Data we have about you and confirm it is accurate or to correct it ask us for a copy of your Personal Data
- ask us to delete or restrict processing of your Personal Data
- object to our continued processing of your Personal Data when based upon our legitimate interests unless we demonstrate compelling legal grounds for overriding your interests.
- restrict our use of your Personal Data
- when we collect Personal Data from you or others, and our data processing is based on your consent, you may withdraw your consent at any time by written notice
- when we collect your Personal Data from others, you may obtain sources from which the data originates
You may exercise these rights at any time by sending an email to privacy@TextExpander.com.
To the extent that the GDPR, the UK GDPR or the LGPD is applicable to you:
- our lawful bases for processing your Personal Data are one or more of: to further our legitimate interests (as stated above); or to comply with our legal obligations; or to perform our contract with you; or when we have your consent,
- when we process your Personal Data for our direct marketing purposes, you have the right to object to our use of same at any time.
- TextExpander, Inc., with its main office in San Francisco, California is the Controller of your Personal Data and the processor of Content. Customer is the controller of Content.
If you have any concerns over our processing of your Personal Data, please tell us. We’ll review and investigate your inquiry, and respond to you within 30 days or such longer time as may be provided by the GDPR, the UK GDPR or the LGPD.
For further information about the third parties we use to process your Personal Data, please refer to our List of Data Processors.
A note for Organization Users. Our Organization Customer, and/or its Administrative or other Users, may be able to use the Service to modify or restrict access to that portion of any personal profile you may create which does not constitute Personal Data. As those rights can vary with the Organization, please check with our Organization Customer. Personal profiles are optional, and we limit them to first and last name, creation date and any Gravatar you may choose to use.
Statutory Rights of California Residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
The CCPA and CPRA definition of “Personal Information” is similar to the GDPR definition of Personal Data.
Effective January 1. 2023, and subject to exceptions, the CCPA and CPRA give California residents rights to:
- Know what personal information is being collected about them
- Know whether their personal information is being sold or disclosed and to whom
- Say “no” to the sale of their personal information
- Access and delete or port over their personal information
- Equal service and price, even if they exercise their privacy rights.
The categories of personal information we collect, the purposes for which they are used and other pertinent information is stated in our Subprocessor page. For more detail, please read our CCPA page.
Non-Binding Notice to non-California US and Canadian residents. Data Privacy laws are rapidly evolving. Many US states and Canadian provinces have not yet passed such laws. Even where not legally required to do so, we will attempt to provide the same notices and rights to residents of those states or provinces as are provided by the CCPA and CPRA. However, we shall have no liability whatsoever to any non-California residents, whether under this Policy, contract, tort or other legal theory, if our attempts do not succeed. No such non-residents shall be third party beneficiaries of this paragraph. We expressly limit our liability under the CCPA and CPRA, if any, to only those California residents who qualify for its protections. If you are a resident of Canada, or a state in the United States other than California, and you do not accept these terms, you must cease using the Service.
Data Protection Authority
If you have any concerns over our processing of your Personal Data, please tell us by sending an email to privacy@TextExpander.com. TextExpander endeavors to resolve privacy inquiries within a reasonable time frame. EU DPAs should refer complaints to the designated Privacy Shield contact at the Department of Commerce.
To the extent we can do so without limiting Privacy Shield, TextExpander reserves the right to later appoint a data protection authority.
We may change this Policy from time to time to address new legal requirements relating to Personal Data or changes in product features or technology. If we do, we’ll post any changes on this page. To the extent we are not relying on your consent to process or share your Personal Data, by your continued access to or use of the Service after those changes are in effect, you agree to the revised Policy. If we deem the changes to be material, we will give you 30 days advance notice via email before the change goes into effect and, if required by applicable law, we will seek your consent.
The Site and Service are operated in the United States and your Personal Data or Personal Information is stored on servers in the United States. The laws of the State of Delaware, without regard to conflict of laws principles, shall govern in any and all disputes, including, but not limited to, privacy and defamation, except as otherwise provided by the GDPR, UK GDPR, LGPD, CCPA, CPRA, and other similar statutes.
International Data Transfers
We transfer your data to and process same in the United States, the location of our data hosting provider’s servers. To the extent that data is transferred abroad, TextExpander will ensure compliance with the requirements of the applicable laws in the respective jurisdiction in line with our obligations. In particular, we offer the following safeguards if we transfer data from jurisdictions with differing data protection laws:
For users located in the European Economic Area (“EEA”), the United Kingdom (the “UK”) or Switzerland, we transfer your personal data to a third party where we have approved transfer mechanisms, such as standard contractual clauses approved by the European Commission (and the equivalent standard contractual clauses for the UK where appropriate) to transfer your Personal Data from the EEA, the UK or Switzerland to the United States.
We comply with the EU-US Privacy Shield and the Swiss-US Privacy Shield frameworks (“Framework”) as stated by the U.S. Department of Commerce, regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland, respectively, to the United States. TextExpander has self-certified to the Department of Commerce that it adheres to the Framework and Privacy Shield principles, although we do not rely on the Framework as a legal basis for transfers of personal data in light of the judgment of the Court of Justice of the EU in Case C-311/18. To learn more about the Privacy Shield Program, and to view our certification, please visit this page.
Please contact us at:
548 Market St # 37453
San Francisco, CA 94104
Additional Privacy Shield Information
- Fifth version, adopted January 1, 2023
- Fourth version, adopted October 5, 2022
- Third version, adopted January 1, 2020
- Second version, adopted November 3, 2017
- First version, adopted October 9, 2015