---

Introduction

This Policy applies to TextExpander’s services, system, and software for creating, editing, and administering short abbreviations (“Snippets”) which expand into larger pieces of text, images, and/or scripts (collectively, the “Services”), as provided through the TextExpander applications, platforms, and websites, including https://textexpander.com (the “Sites”). If you do not agree with its terms, do not access or use the Services and Sites.

TextExpander, Inc., and its subsidiaries and affiliates (“us”, “we”, or “our”) collects, uses, and discloses certain information when providing the Services. If you have an individual account for the Services, when we use “you”, you are both the “Customer” and “User” of the account.

This Policy applies to: 

• personal information that either does or could be used to identify you, such as your name, email or device identifier (“Personal Data”); and
• all Users (defined below) within any business entity (“Organization”) or individual (each a “Customer”) who has contracted to use the Services. 

This Policy does not apply to:

• the processing, handling, and use of information which is not Personal Data (“Content”) through the Services, which is governed our Terms of Service, available at https://textexpander.com/terms as updated and modified from time to time (“Terms of Service” or “TOS”);

• any third-party applications or software that integrate with the Services through the TextExpander platform (“Third Party Services”), or any other third party products, services, business files or other information submitted through Service accounts (collectively, “Third Party Data”); and
• aggregated or de-identified data that cannot be used to identify any natural person, which we may use for any legitimate business purpose, such as showing a prospective customer aggregated data on the number of Snippets expanded.

Organizations use our Services by creating accounts for one or more Teams of Users which are linked to that Organization Customer, which may include Legacy Organizations and Types 1-3 Organizations, as such terms are defined in our Terms of Service. Teams enable collaboration and can include both Organization administrators (“Administrative Users”) and employees or other individuals authorized by our Organization Customer to access and use the Services (collectively, “User(s)”). For Organization Customers, when we use “you,” we mean both all Users within the Organization and our Organization Customers.

What Personal Data does TextExpander collect and receive? 

We collect and receive Personal Data in the following ways:

• Data you provide to us. When you use the Services or visit the Sites. For example, in response to our request for information needed to create, update or access your account, consisting of your email address, first and last name, date of birth, and password (“Subscriber Information”). You don’t need to provide us with Subscriber Information, but without it you will not be able to use the Services. For all paid subscriptions, Customers directly provide billing details, such as credit card data, banking information and billing address, to our PCI-compliant payment processors.  We do not store payment data.
• Data we automatically collect. When you visit our Sites or use the Services, our servers collect data, such as your Internet Protocol (IP) address, data on browser type and settings, your time zone, the web page visited immediately before using the Services, how and when you used the Services, links you clicked on while at our Sites, your mouse movements, session duration, scroll-to-page interactions, clicks, diagnostic events, layout details, number of users,  your purchase history and cookie data. This information helps us to better understand your use of the Services and personalize your use of the Sites and Services. We collect information about the device(s) you use to access the Sites and Services, such as their operating systems, application ID, and unique identifiers. How much information we collect will vary with the devices and their settings. We also use our own and third party cookies and similar tracking technologies in our Services and Sites. These technologies may collect Personal Data about you across other websites and online services. We do not collect location information using automatic means. For more information about automatic collection, please see our cookie policy. 
• Data we get from third parties. We may collect your Personal Data from trusted third parties, such as marketing or research partners, which helps us better understand your needs and personalize your experience with our Services and Sites.

In addition, there may be circumstances during the course of delivering the Services in which we may receive protected health information from our Customers as permitted under applicable law or our agreements with our Customers.

A word about Content: While Content isn’t Personal Data, we want to allay your potential concerns. We will not view your Content unless you consent or unless we must comply with a legal obligation or enforce our rights, such as identifying a potential violation of our TOS.

How do we use your Personal Data?

We may use Personal Data, including Subscriber Information, to operate our Services, to set up your account, to validate your access to the Services, to manage our business relationship, to perform our contractual obligations, and to further our legitimate interests in operating the Services and Sites, such as:

• To provide, maintain, enhance and protect the Services and Sites, such as trouble-shooting technical issues;
• To notify you of Services changes; 
• To respond to your questions, requests, or comments;
• To retain a trusted environment, such as by detecting and preventing security issues, abuses or violations of our TOS and notifying you about important security or fraud issues; 
• To handle billing or other matters, such as sending invoices or communications about account management;
• To comply with applicable law, legal processes, or regulations;
• To measure and improve our advertising and marketing activities;
• As part of the sale or transfer of our business. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or similar corporate event, then your Personal Data may be part of the transferred assets. We may disclose your Personal Data with an actual or potential buyer (and its advisors) who has offered, or will be offering to purchase, merge or acquire any part of our business, subject to standard confidentiality and nondisclosure provisions; and
• To develop new productivity tools, including new artificial intelligence or large learning model tools, and features by identifying organizational trends and best practices based on usage history or predictive models. You can learn more about our development and use of artificial intelligence technologies in our AI Policy, available at https://textexpander.com/ai-policy

The communications and actions directly above are part of the Services, and you cannot opt out of them at any time by contacting us via email at:  privacy@TextExpander.com.

We may also email you promotional materials about our Services, such as new Services features. These communications and actions are optional, and you may opt out of these at any time by contacting us via email at:  privacy@TextExpander.com.

How do we share Personal Data?

We may share your Personal Data as follows:

• Upon demand or lawful request from law enforcement agencies, lawyers, or others authorized to issue legal process, if we reasonably believe disclosure is required by applicable law, regulation or legal process. Please see our Data Request Policy;
• To protect and enforce TextExpander’s property, business, rights, agreements and policies or to investigate or prevent fraud or security matters;
• If and when our Customer has permitted Users to access Third-Party Services. Please check the privacy settings and policies of Third-Party Services to see how they may affect you;
• With our identified sub-processors (Subprocessor Page);
• With an actual or potential buyer (and its advisors) who has offered, or will be offering to purchase, merge or acquire any part of our business, subject to standard confidentiality and nondisclosure provisions; and 
• With others when you have consented.

TextExpander does not sell or rent your Personal Data. We don’t share it with third parties for their own or cross-contextual advertising purposes. 

We share your Personal Data with companies who process Personal Data on our behalf (“Subprocessors” or “Service Providers”). A list of our Subprocessors, including the purposes for which they are processing Personal Data, the legal bases for same, and the type of Personal Data we share with them, can be found on our Subprocessor Page, which is subject to change and which we encourage you to review. 

Our Service Providers are required to agree to strict data protection requirements in keeping with this Policy and the European Union’s General Data Protection Regulation (“GDPR”), as discussed in further detail below. 

Our Organization Customers may have their own policies for their sharing, processing and handling of Personal Data within or outside of their Organization and we cannot control how they or any third parties share Personal Data. For example, with Single Sign-On (SSO), your Organization controls your sign on identifier and its additional use may be subject to the Organization’s policies. When you access the Services, Administrative and other Organization Users may be able to access your Personal Data, for example your name as the editor of a group of Snippets.

Data Retention

We retain your Personal Data while you are a User of the Services, and after, as needed for the purposes described in this Policy and our Subprocessor page, including our legitimate business interests, to perform our contract, to comply with our legal obligations and to enforce our rights.  For example, Personal Data collected for purposes related to the performance of a contract between you and us will be retained until such contract has been fully performed, and Personal Data collected for the purposes of our legitimate interests will be retained as long as needed to fulfill any of these purposes.  When your Personal Data is no longer needed for these purposes, we delete or anonymize your Personal Data.

For more information about our retention or deletion of Content, check out our TOS.

Security – Personal Data

Protecting your Personal Data is important to us. TextExpander implements and maintains physical, administrative, technical and organizational measures designed to protect personal information, and we regularly adapt these controls to respond to changing requirements and advances in technology. Unfortunately, the transmission and storage of data comes with certain risks. Although we do our best to protect your Personal Data from unauthorized access through a variety of industry-standard protection measures, no system is 100% secure. While we strive to protect your Personal Data, we do not guarantee the security of Personal Data, and you provide your Personal Data to us at your own risk. If a breach of our systems occurs, we will notify you of the breach if and as required under applicable law.

What are your rights to Personal Data?

Statutory Rights of California Residents & Additional Information for Residents of Certain US States. 

Data privacy laws are rapidly evolving. Some US states have enacted privacy laws that grant their residents certain rights and require specific disclosures (“State Privacy Laws”). If you reside in California, Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Texas, Utah, Virginia or other US States with similar privacy laws, this section applies to you. This section also serves as our California notice at collection.

Effective January 1, 2023, and subject to exceptions, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”) give California residents rights to:

• Know what personal information is being collected about them; 
• Know whether their personal information is being sold, shared or disclosed and to whom;
• Say “no” to the sale and sharing of their personal information;
• Access and delete or port over their personal information;
• Request that we correct any inaccurate personal information we retain;
• Limit use and disclosure of sensitive personal information; and
• Non-discrimination, meaning receiving equal service and price for Services, even if they exercise their privacy rights.

The definition of “personal information” under the CCPA may differ from and be narrower than our broad definition of the term “Personal Data” as used in this Policy.  The categories of personal information we collect, the purposes for which they are used, and other pertinent information is stated in our Subprocessor page. For more detail, please read our CCPA page.

Non-Binding Notice to non-California US and Canadian residents. Many US states and Canadian provinces do not have data privacy laws. Even where not legally required to do so, we will attempt to provide the same notices and rights to residents of those states or provinces that do not have their own laws as are provided by the CCPA, including the right to opt-out of the processing of your Personal Data for targeted advertisement and profiling purposes. However, we will have no liability whatsoever to any non-California residents, whether under this Policy, contract, tort or other legal theory, if our attempts do not succeed. No such non-residents shall be third party beneficiaries of this section of our Policy. We expressly limit our liability under the CCPA, if any, to only those California residents who qualify for its protections. If you are a resident of Canada, or a state in the United States other than California, and you do not accept these terms, you must cease using the Services and Sites.

Statutory Rights of Non-US residents

Many countries outside the US have data privacy laws. If you are a resident of the EU, UK, Canada, Brazil, or other country with similar data privacy laws, this section applies to you.

Subject to the exemptions in the laws of these countries, including the General Protection Data Regulation (“GPDR”), UK GDPR, Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), or Brazil’s General Data Protection Law (Lei Geral de Proteção de Dado (“LGPD”), each non-US resident User may have rights to:

• learn what Personal Data we have about you and confirm it is accurate or to correct it, and ask us for a copy of your Personal Data;
• ask us to delete or restrict processing of your Personal Data; 
• object to our continued processing of your Personal Data when based upon our legitimate interests unless we demonstrate compelling legal grounds for overriding your interests;
• restrict our use of your Personal Data;
• when we collect Personal Data from you or others, and our data processing is based on your consent, withdraw your consent at any time by written notice; and/or
• when we collect your Personal Data from others, obtain sources from which the data originates.

You may exercise these rights at any time by sending an email to privacy@TextExpander.com.

To the extent that the GDPR, the UK GDPR, PIPEDA, LGPD, or other similar data privacy law is applicable to you:

• our lawful bases for processing your Personal Data are one or more of: to further our legitimate interests (as stated above); or to comply with our legal obligations; or to perform our contract with you; or when we have your consent; 
• when we process your Personal Data for our direct marketing purposes, you have the right to object to our use of same at any time; and 
• TextExpander, Inc., with its main office in San Francisco, California, is the processor of your Personal Data, and you are the controller of your Personal Data.

If you have any concerns over our processing of your Personal Data, please contact us via email at:  privacy@TextExpander.com. We’ll review and investigate your inquiry, and make reasonable efforts to respond to you within 30 days or such longer time as may be provided by the GDPR, the UK GDPR, PIPEDA, or the LGPD. 

For further information about the Subprocessors we use to process your Personal Data, please refer to our List of Subprocessors.

A note for Organization Users that our Organization Customers, and/or its Administrative or other Users, may be able to use the Services to modify or restrict access to that portion of any personal profile you may create which does not constitute Personal Data. As those rights can vary with the Organization, please check with our Organization Customer. Personal profiles are optional, and we limit them to first and last name, creation date and any Gravatar you may choose to use.

Data Privacy Framework

If you have any concerns over our processing of your Personal Data, please tell us by sending an email to:  privacy@TextExpander.com.

TextExpander complies with the EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework (collective, the “Data Privacy Framework”), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union, UK, and Switzerland, as applicable, to the United States.  TextExpander has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles with respect to such data.  If there is any conflict between the terms in this Privacy Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.  To learn more about the Data Privacy Framework program, and to view our certification, please visit:  https://www.dataprivacyframework.gov.

If you believe TextExpander maintains your Personal Data within the scope of our Data Privacy Framework certification, you may direct any inquiries or complaints concerning our Data Privacy Framework compliance to privacy@TextExpander.com.  TextExpander will respond within 45 days.  If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at JAMS.  You can always submit a complaint directly to your local data protection authority (i.e., EU/EEA Member State data protection authority ; UK Information Commissioner’s Office (ICO);  orSwiss Federal Data Protection and Information Commissioner.  Your data protection authority may refer your complaint directly to the U.S. Department of Commerce’s International Trade Administration (ITA) on your behalf.  If neither TextExpander nor our dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel.  For more information about this option, please see Annex I of the EU-U.S. Data Privacy Framework Principles.

EU, UK, and Swiss individuals have rights to access Personal Data we maintain about them, and to limit use and disclosure of their Personal Data.  With our Data Privacy Framework self-certification, TextExpander has committed to respect those rights.

TextExpander’s commitments under the Data Privacy Framework are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.  TextExpander may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

TextExpander uses a limited number of Subprocessors to assist us in providing our Services to our customers.  These Subprocessors provide database monitoring, customer support, technical operations, payment processing, cloud hosting, and data storage services.  These Subprocessors may access, process, or store Personal Data in the course of providing their services.  TextExpander maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions, and TextExpander remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.

International Data Transfers

We transfer to and process your Personal Data in the United States, the location of our data hosting provider’s servers. To the extent that Personal Data is transferred to the United States, TextExpander will ensure compliance with the requirements of the applicable laws in the respective jurisdiction in line with our obligations.  We offer the following safeguards if we transfer Personal Data from jurisdictions with differing data protection laws:

For Users located in the European Economic Area (“EEA”), the United Kingdom (the “UK”) or Switzerland, we transfer your Personal Data to a third party Subprocessor where we have approved transfer mechanisms, such as standard contractual clauses approved by the European Commission (and the equivalent standard contractual clauses for the UK where appropriate) to transfer your Personal Data from the EEA, the UK or Switzerland to the United States. 

As stated above, TextExpander complies with the EU-U.S. Data Privacy Framework, the UK-U.S. Data Privacy Framework, and the Swiss-US U.S. Data Privacy Framework, as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of Personal Data transferred from the European Union, UK and Switzerland, respectively, to the United States. TextExpander has self-certified to the Department of Commerce that it adheres to the Data Privacy Framework principles, although we do not rely solely on the Data Privacy Framework as a legal basis for transfers of personal data. 

Children’s Privacy.

Our Services and Sites are not directed to individuals under the age of thirteen (13). We do not intentionally collect information on our Sites from those we know are under 13, and we request that these individuals do not provide Personal Data through our Services. If we do provide any services that are intended to be used by individuals under the age of 13, it will have a separate privacy policy.

Changes to Privacy Policy 

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Policy from time to time. If we do, we’ll post any changes on this page. To the extent we are not relying on your consent to process or share your Personal Data, by your continued access to or use of the Services after those changes are in effect, you agree to the revised Policy. Please refer back to this Privacy Policy on a regular basis.

Governing Law

The Sites and Services are operated in the United States and your Personal Data or Personal Information is stored on servers in the United States. The laws of the State of Delaware, without regard to conflict of laws principles, shall govern in any and all disputes, including, but not limited to, privacy and defamation, except as otherwise provided in this Policy.

Contacting TextExpander

Please contact us at:

Email: privacy@TextExpander.com

TextExpander, Inc.
548 Market St # 37453
San Francisco, CA 94104

Version History

• Sixth version, adopted September 5, 2024
• Fifth version, adopted January 1, 2023
• Fourth version, adopted October 5, 2022
• Third version, adopted January 1, 2020
• Second version, adopted November 3, 2017
• First version, adopted October 9, 2015