Privacy Policy

Effective September 22, 2023.

See Previous Version (Effective September 1, 2023)

See Previous Version (Effective January 1, 2023)

See Previous Version (Effective October 5, 2022)


Introduction

TextExpander’s Privacy Policy

This Policy applies to the Service – TextExpander’s system for creating, editing, and administering short abbreviations (“Snippets”) which expand into larger pieces of text, images, and/or scripts, and TextExpander’s software used to perform expansion on specific platforms, including https://textexpander.com (the “Website”). If you do not agree with its terms, do not access or use the Service.

TextExpander, Inc. (“us” or “we”) collects, uses, and discloses certain information when providing the Service. 

This Policy applies to: 

  • personal information that either does or could be used to identify you, such as name, email or device identifier (“Personal Data”).
  • all users within any business entity (“Organization”) or individual (each a “Customer”) who has contracted to use the Service. 

This Policy does not apply to:

  • the processing and handling of all information which is not Personal Data (“Content”) through the Service, which is governed by a separate agreement (“Terms of Service” or “ TOS”).
  • any third party applications or software that integrate with the Service through the TextExpander platform (“Third Party Services”), or any other third party products, services, business files or other information submitted through Service accounts (collectively, “Third Party Data”). 
  • aggregated or de-identified data that can’t be used to identify any natural person, which we may use for any legitimate business purpose, such as showing a prospective customer aggregated data on the number of Snippets expanded. 

If you have an individual account for the Service, when we use “you”, you are both the Customer and User of the account.

Organizations use our Service by creating accounts for one or more Teams of Users which are linked to that Organization Customer. Teams enable collaboration and can include both Organization administrators (“Administrative Users”) and employees or other individuals authorized by our Organization Customer to access and use the Service (collectively, “User(s)”). For Organization Customers, when we use “you,” we mean both all Users within the Organization and our Organization Customer. All Organizations becoming Customers after January 1, 2023 are Type 3 Closed Organizations, as defined in our TOS. We will continue to make the Service available to legacy Type 1 and 2 Organization Customers per our TOS. 

What Personal Data does TextExpander collect and receive? 

We collect Personal Data in the following ways:

  • Data you provide to us. When you use the Service or visit the Website. For example, we request information needed to create, update or access your account consisting of your email address, first and last name, and password (“Subscriber Information”). You don’t need to provide us with Subscriber Information, but without it you will not be able to use the Service. For all paid subscriptions, Customers directly provide our PCI-compliant payment processors billing details such as credit card data, banking information and billing address. We do not store payment data.
  • Data we automatically collect. When you visit our Website or use the Service, our servers collect data such as your Internet Protocol (IP) address, data on browser type and settings, the web page visited immediately before using the Service, how and when you used the Service, links you clicked on while at our Website and cookie data. This information helps us to better understand your use of the Service and personalize its use. We collect information about the device(s) you use to access the Service, such as their operating systems, application ID, and unique identifiers. How much information we collect will vary with the devices and their settings. We also use our own and third party cookies and similar tracking technologies in our Website and Service. These technologies may collect Personal Data about you across other websites and online services. We do not collect location information using automatic means. For more information about automatic collection, please see our cookie policy
  • Data we get from third parties. We may collect your Personal Data from trusted third parties such as marketing or research partners, which helps us better understand your needs and personalize your experience with the Service. For example, we show your image from Gravatar, if available.

A word about Content: While Content isn’t Personal Data and doesn’t apply to this Policy, we want to allay your potential concerns. We will not view your Content unless you freely consent or we must comply with a legal obligation, such as identifying a potential violation of our TOS.

How do we use your Personal Data?

We may or will use Personal Data, including Subscriber Information, to operate our Service, to set up your account, and to validate your access to the Service, to manage our business relationship, to perform our contract and to further our legitimate interests in operating the Service, such as:

  • To provide, maintain, enhance and protect the Service, such as trouble-shooting technical issues
  • To notify you of Service changes. 
  • To respond to your questions, requests, or comments.
  • To retain a trusted environment by detecting and preventing security issues, abuse or violations of our TOS and notify you about important security or fraud issues. 
  • To handle billing or other matters, we may need to send invoices or communications about account management,
  • To comply with applicable law, legal process, or regulation.
  • To measure and improve advertising and marketing
  • To develop new productivity tools and features by identifying organizational trends and best practices based on usage history or predictive models. 

The communications and actions directly above are part of the Service, and you cannot opt out of them.

We may email you promotional materials, such as new product features. 

The communications and actions directly above are optional, and you may opt out of these at any time.

How do we share Personal Data?

Our Organization Customers may have their own policies for their sharing of Personal Data within or outside of their Organization and we cannot control how they or any third parties share same. For example, with single sign on, your Organization controls your sign on identifier and its additional use may be subject to the Organization’s policies. When you access the Service, Administrative and other Organization Users may be able to access your Personal Data, for example your name as the editor of a group of snippets.

 We will or may share your Personal Data as follows:

  • Upon demand or lawful request from law enforcement agencies, lawyers, or others authorized to issue legal process, if we reasonably believe disclosure is required by applicable law, regulation or legal process. Please see our Data Request Policy.
  • To protect and enforce TextExpander’s property, business, rights, agreements and policies or to investigate or prevent fraud or security matters.
  • If and when our Customer has permitted Users to access Third Party Services. Please check the privacy settings and policies of Third Party Services to see how they may affect you.
  • With our identified sub-processors
  • With an actual or potential buyer (and its advisors) who has offered, or will be offering to purchase, merge or acquire any part of our business, subject to standard confidentiality and nondisclosure provisions. 
  • With others when you have consented.

TextExpander does not sell or rent your Personal Data. We don’t share it with third parties for their own advertising purposes. 

We share your Personal Data with companies who process data on our behalf. Our service providers and business partners, the purposes for which they are processing Personal Data, the legal bases for same, and the type of Personal Data we share with them are listed on our Subprocessor page which we encourage you to review.

Our Service Providers are required to agree to strict data protection requirements in keeping with this Policy and the European Union’s General Data Protection Regulation (“GDPR”). 

Data Retention

We’ll retain your Personal Data while you are a User of the Service, and after, as needed for the purposes described in this Policy and our Sub-processor page, including our legitimate business interests, to perform our contract, to comply with our legal obligations and to enforce our rights. When no longer needed for these purposes, we’ll delete or anonymize your Personal Data.

For information about our retention or deletion of Content, check out our TOS.

Security – Personal Data

TextExpander employs industry standard security practices and implements security-oriented technical and organizational measures, including regular third party reviews. 

Age Limitations.

As fully as prohibited by applicable law, we do not allow use of the Service and Website by any persons less than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with Personal Data, please tell us and we’ll delete that information.

What are your rights to Personal Data?

Statutory Rights of EU and UK residents

Our Users located in certain parts of Europe are protected by the General Protection Data Regulation (“GPDR”) or, for Users located in the United Kingdom (the “UK”), the retained EU law version of the GDPR along with the UK’s Data Protection Act 2018 (collectively, the “UK GDPR”). Similarly, Subject to GPDR’s, UK GDPR’s exemptions, each such User may have rights to:

  • learn what Personal Data we have about you and confirm it is accurate or to correct it, and ask us for a copy of your Personal Data;
  • ask us to delete or restrict processing of your Personal Data; 
  • object to our continued processing of your Personal Data when based upon our legitimate interests unless we demonstrate compelling legal grounds for overriding your interests;
  • restrict our use of your Personal Data;
  • when we collect Personal Data from you or others, and our data processing is based on your consent, withdraw your consent at any time by written notice; and
  • when we collect your Personal Data from others, obtain sources from which the data originates.

You may exercise these rights at any time by sending an email to privacy@TextExpander.com

To the extent that the GDPR, the UK GDPR or the LGPD is applicable to you:

  • our lawful bases for processing your Personal Data are one or more of: to further our legitimate interests (as stated above); or to comply with our legal obligations; or to perform our contract with you; or when we have your consent; 
  • when we process your Personal Data for our direct marketing purposes, you have the right to object to our use of same at any time. 
  • TextExpander, Inc., with its main office in San Francisco, California is the controller of your Personal Data and the processor of Content. Customer is the controller of Content.

If you have any concerns over our processing of your Personal Data, please tell us. We’ll review and investigate your inquiry, and respond to you within 30 days or such longer time as may be provided by the GDPR, the UK GDPR or the LGPD.

For further information about the third parties we use to process your Personal Data, please refer to our List of Data Processors.

A note for Organization Users. Our Organization Customer, and/or its Administrative or other Users, may be able to use the Service to modify or restrict access to that portion of any personal profile you may create which does not constitute Personal Data. As those rights can vary with the Organization, please check with our Organization Customer. Personal profiles are optional, and we limit them to first and last name, creation date and any Gravatar you may choose to use.

Statutory Rights of California Residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). 

The CCPA and CPRA definition of “Personal Information” is similar to the GDPR definition of Personal Data.

Effective January 1. 2023, and subject to exceptions, the CCPA and CPRA give California residents rights to:

  • Know what personal information is being collected about them 
  • Know whether their personal information is being sold or disclosed and to whom
  • Say “no” to the sale of their personal information
  • Access and delete or port over their personal information
  • Equal service and price, even if they exercise their privacy rights.

The categories of personal information we collect, the purposes for which they are used and other pertinent information is stated in our Subprocessor page. For more detail, please read our CCPA page.

Non-Binding Notice to non-California US and Canadian residents. Data Privacy laws are rapidly evolving. Many US states and Canadian provinces have not yet passed such laws. Even where not legally required to do so, we will attempt to provide the same notices and rights to residents of those states or provinces as are provided by the CCPA and CPRA. However, we shall have no liability whatsoever to any non-California residents, whether under this Policy, contract, tort or other legal theory, if our attempts do not succeed. No such non-residents shall be third party beneficiaries of this paragraph. We expressly limit our liability under the CCPA and CPRA, if any, to only those California residents who qualify for its protections. If you are a resident of Canada, or a state in the United States other than California, and you do not accept these terms, you must cease using the Service.

Data Privacy Framework

TextExpander complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. TextExpander has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. TextExpander has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, TextExpander commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact TextExpander at:  privacy@textexpander.com.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, you have the right to refer unresolved complaints concerning TextExpander’s handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to  JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, you have the right to file a complaint with JAMS . The services of  JAMS are provided at no cost to you.  You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms.  Please see ANNEX-1-introduction for additional information regarding such possible conditions.

EU, UK, and Swiss residents have the right to access personal data about them that TextExpander holds, and to correct, amend, or delete your personal data that is inaccurate, or has been processed in violation of the terms of this Policy, except where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question or where the rights of other individuals would be violated.  EU, UK, and Swiss residents also have the right to limit use and disclosure of their personal data.  With our Data Privacy Framework self-certification, TextExpander has committed to respecting those rights.  If your personal data covered by this policy is to be used by TextExpander for a materially different purpose from what your personal data was originally collected for or subsequently authorized or is to be disclosed by TextExpander to a third party, TextExpander will provide you with an opportunity to choose whether to have your personal data so used or disclosed.  Requests to opt out of such uses or disclosures of your personal data should be sent to:  privacy@textexpander.com.  If sensitive personal data covered by this privacy policy is to be used by TextExpander for a different purpose from what your sensitive personal data was originally collected for or subsequently authorized, or is to be disclosed by TextExpander to a third party, TextExpander will obtain your explicit consent prior to such use or disclosure.

TextExpander’s commitments under the Data Privacy Framework are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.  TextExpander may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

TextExpander uses a limited number of third -party service providers to assist us in providing services to our customer.  These third-party providers provide billing, email, and data storage services.  These third parties may access, process, or store personal data in the course of providing their services.  TextExpander maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions, and TextExpander remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.

Changes to Privacy Policy 

We may change this Policy from time to time to address new legal requirements relating to Personal Data or changes in product features or technology. If we do, we’ll post any changes on this page. To the extent we are not relying on your consent to process or share your Personal Data, by your continued access to or use of the Service after those changes are in effect, you agree to the revised Policy. If we deem the changes to be material, we will give you 30 days advance notice via email before the change goes into effect and, if required by applicable law, we will seek your consent.

Governing Law

The Site and Service are operated in the United States and your Personal Data or Personal Information is stored on servers in the United States. The laws of the State of Delaware, without regard to conflict of laws principles, shall govern in any and all disputes, including, but not limited to, privacy and defamation, except as otherwise provided by the GDPR (EU/UK), LGPD, CCPA, CPRA, CPA, CTDPA, VDPA, UCPA and other similar statutes.

International Data Transfers

We transfer your data to and process same in the United States, the location of our data hosting provider’s servers. To the extent that data is transferred to the United States, TextExpander will ensure compliance with the requirements of the applicable laws in the respective jurisdiction in line with our obligations.  In particular, we offer the following safeguards if we transfer data from jurisdictions with differing data protection laws:

For users located in the European Economic Area (“EEA”), the United Kingdom (the “UK”) or Switzerland, we transfer your personal data to a third party where we have approved transfer mechanisms, such as standard contractual clauses approved by the European Commission (and the equivalent standard contractual clauses for the UK where appropriate) to transfer your Personal Data from the EEA, the UK or Switzerland to the United States. 

As stated above, TextExpander complies with the EU-U.S. Data Privacy Framework, the UK-U.S. Data Privacy Framework, and the Swiss-US U.S. Data Privacy Framework, as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of Personal Data transferred from the European Union, UK and Switzerland, respectively, to the United States. TextExpander has self-certified to the Department of Commerce that it adheres to the Data Privacy Framework principles, although we do not rely solely on the Data Privacy Framework as a legal basis for transfers of personal data. 

Contacting TextExpander

Please contact us at:
TextExpander, Inc.
548 Market St # 37453
San Francisco, CA 94104

Version History

  • Fifth version, adopted January 1, 2023
  • Fourth version, adopted October 5, 2022
  • Third version, adopted January 1, 2020
  • Second version, adopted November 3, 2017
  • First version, adopted October 9, 2015