Revision Date: 2021-05-19
Chargify, LLC provides online application services for subscription billing and related services. Our customers use our services to bill for their subscription products and services. Most of our customers are business entities or other organizations.
Chargify’s main office is in San Antonio, Texas. Chargify offers its services to customers worldwide.
122 East Houston St. Ste 105
San Antonio, TX 78205
account user means an individual who interacts with us as a representative of our customer;
subscriber means an individual who our customer bills for the customer’s subscription product or service using our services;
customer means the business or other organization that establishes an account with for the use of our services, or a reseller who sells our services to end-customers;
services means our online recurring billing services, analytics services, and related services;
"visitor" means an individual who visits our website, our social media pages, visits our offices, applies for employment, interacts with us at a trade show or other industry event, or communicates with us in some other way other than as an account user or subscriber;
"we", "our" and "us" refers to Chargify;
"you" and "your" refer to visitors, account users, and subscribers as indicated by the context.
The term “personal data” refers generally to data about an individual.
We collect personal data for our business purposes:
to operate our website;
to provide our online services to our customers;
to improve our website and service offerings;
to market our services;
to manage our relationship with our customers, including account administration;
to provide customer support;
to manage our vendors; and
to identify and hire personnel.
We allow third party advertisers, such as GoogleAds, Facebook, Twitter and LinkedIn to collect personal data on our site for the purpose of selling targeted advertisement services. See Advertising Ecosystem below. We allow some of our service providers, such as Intercom, G2, and Capterra to use information about visitors that they collect on our site for the purpose of improving their services generally.
There is more detailed information below about how we use the data we collect for these purposes.
When you visit our site or use our online services, our servers capture data that may be used to identify you and your device, such as your IP address, device identifier, and information about your device such as the operating system, time zone setting, language setting, browser settings, and browser plug ins. Our servers may also capture information about your visit to our site or services platform, such as the time and duration of your visit on each page on the site, and your navigation path from page to page (i.e., what you click on). We may also capture the site you visited immediately prior to and after visiting our site. We use third-party service providers such as Google Analytics to help us capture and analyze this data.
We and our third-party analytics providers may place a cookie on your browser so that we may identify you as a return visitor if you visit our site more than once. Please see How to Opt Out of Online Data Collection below for information on how to block cookies.
If you arrive at our site by clicking on a link that is part of an advertisement on another site (including an advertisement on a social media platform), the advertising service will identify the link, enabling us to associate you with the advertising parameters we provided to the advertising service. For example, we may ask an advertising service to target our ad to individuals that the ad service has identified as having a high interest in e-commerce. If you arrive at our site by means of the link in that ad, we will be able to identify you as having a high interest in e-commerce. Advertising services are responsible for the collection, use and disclosure of the data they provide to us in accordance with their published privacy policies. See the section below captioned Advertising Ecosystem and How to Opt Out of Online Data Collection.
We collect personal data that you submit to us as part of a communication with us as a visitor, employment candidate, account user, or subscriber, such as via chat on our site, email, submission of a web form, telephone, request to receive our newsletters or other communications, participation in a Webinar or in person (such as at a meeting, trade show or other event). For example, you may communicate with us as a visitor to obtain more information about our services or as an account user to request technical support or resolve a billing question. The communication may include information that can be used to identify you such as your name, job title, job function, the organization you represent, email address, phone number as well as information about your interest in our company or our services. We do not solicit information from you as part of these communications other than information that is useful to us in light of the purposes described above, but if you choose to volunteer more personal information than we ask for we will collect that as part of the communication.
Our customers are required to name billing, administrative, technical and other types of service and account users who have authority to use our services and manage the customer’s account. We collect the name and business contact information of these account representatives, and will require each individual account representative to establish their own set of account credentials (user name and password). If the customer asks us to integrate our services with other online services, we will require the customer to provide the sufficient credentials to create an authorized connection to those services on the customer’s behalf.
If you use a personal payment card or other financial account to make payment arrangements, then we may collect information relevant to the processing of the payment transaction.
We have relationships with other companies that help us market, sell and deliver our services. They may collect personal data of the type described above using the methods described above and provide that data to us. For example, we have relationships with companies who refer customers to us and resellers who offer our services under the reseller’s own brand name, and we use a service that helps us find providers interested in selling services to you that are complimentary to ours. We will treat personal information we receive from our marketing partners and resellers the same as the personal information we collect directly.
We may place buttons on our website that allow you to publish information about your site visit to a social media platform. For example, we may have a “like” or “tweet” or similar button that, when clicked on, will generate a social media posting by you on Facebook, LinkedIn, Twitter or other platform that highlights or points back to the content on our site that you liked, tweeted, etc. If you use the social media features on our website we will capture the information that is generally available to users of the social media platform you use. You should review the privacy policies of the social media providers as well since your visit to their platform by means of our social media button may allow them to collect information about your activity on our site.
We use service providers such as Clearbit and Hubspot to help us associate the personal data we capture about you as part of visitor interactions with personal data we collect about you as an account user.
We do not associate data about visitors or account users (alone or combined) with personal information we may have about you as a social media user or content user.
This sections describes more specifically how our use of the data relates to the purposes for which we collected the data.
Visitors: We use data collected about visitors:
to operate our website – web servers, by their nature, must capture your IP address and information about your browser and device to display our site to you;
to develop our website and help us develop of product offerings – we use the information to help us understand what part of our website and products offerings is of interest to different kinds of visitors so that we can modify and improve our site content and other marketing materials to be more appealing to prospective customers; we may also use the information about your site visits and other visitor interactions to help us measure interest in our services or various features of our services;
to show you personalized content when you visit our site – we use information about your prior visit to our site to customize your subsequent visits; for example, we may make information about products or services that appear to be of interest to you based on your prior visit more visible to you as part of your navigation of our site;
to measure the success of our advertising efforts – we use visitor information to verify whether the ad services we purchase from third parties are actually resulting in visits to our site or other visitor interactions;
to register you for webinars, office visits, or other online or off-line events we may host; and
to communicate with you as part of our marketing efforts – if you provide us with contact information we may use it to send you communications about our company, our products or services, or related topics that we think you may find of interest.
Account Users: we use data collected about accounts users (alone or as combined with data collected as part of an account user’s visits (such as pre-login activity on the Site):
to provide our online services – we use login credentials to authenticate individuals as authorized users of our services; we use data collected by our servers as necessary to provide the services
we use contact information to send invoices and other account communications, authenticate individuals who request information or support on the customer’s behalf, and administer your account, such as processing billing information to complete your purchases; we may also use your contact information to communicate with you about service issues, provide support
to review compliance with usage terms in our services agreements; for example if the customer’s use of our services is limited to a certain number of individuals we may use personal data to help us monitor compliance with the usage restrictions;
to help us develop our service offerings – we use information about your use of our services to measure interest in various features and plan enhancements or new features, and to improve user experience;
to communicate with you as part of our marketing efforts – we use contact information and information about your use of our services to send you communications about our products or services, or related topics that we think you may find of interest; and
to market our services - if you provide a customer testimonial or other content for marketing purposes we will publish the content with your name or other identifying information that you authorize us to use; if you agree that we may use you as a reference, we may provide your name and contact information to prospective customers for our services so that they may contact you to discuss your experience with our services.
Please note that if you participate in a Webinar or other open forum on our site your communications in that forum will be available to all other participants.
We will not use your data for a purpose other than the purpose for which we collected it unless we ask for your consent for that specific use and you provide it. We may be required to disclose your data to third parties for their use other than as described above – please see the Section below captioned “Disclosure.”
Please send us a request at email@example.com if you would like to know what personal data we have about you, or would like us to correct inaccurate data, delete your personal data, or restrict the use of your personal data. We commit to responding to your request promptly and honoring your reasonable requests. We will comply with all applicable legal requirements related to your requests, but please note that we are not required by law to delete or restrict the use of your data in a way that prevents us from complying with our legal obligations to our customer or that interferes with our reasonable record keeping as necessary to demonstrate compliance with our contracts and applicable law.
In addition to our commitments stated above, if our collection of personal information about you for our business purposes is covered by the California Consumer Privacy Act you have the have certain rights under that law.
You may request disclosure of the following specific information:
the categories of personal information as well as the specific pieces of personal information that we have collected about you for our business purposes over the prior 12 months:
the categories of sources from which we have collected that personal information,
our purpose(s) for collecting that personal information,
the categories of third parties with whom we have shared the personal information, such as our service providers, and
whether we have sold the personal information to third parties or disclosed the information to third parties for a business purpose, and if so the categories of personal information and third parties.
In addition, you have the right to ask Chargify to delete your personal information. We will comply with your deletion request and require our service providers to do the same, unless we plan to retain the personal information on a legally permitted basis and we give you notice of this fact and the legal basis on which we rely.
You may make a request by calling our toll-free number 1-800-401-2414, submitting the request via our website, or by sending an email or physical mail request to the addresses above.
You may also use an agent to make a request described in this section by giving them a written instruction that clearly states that they have authority to make a request on your behalf under the California privacy law.
Before responding to your request or your agent’s request we may ask you to provide information needed to verify that you are the consumer whose personal information is covered by the request. If you ask us to delete your data, we will ask you to confirm your request after we receive the request. If you are an account user we will verity your identity by communicating with you at the email address we have for you in our system.
We may not discriminate against you because you make a request described in this Section by denying you our services or providing a different quality or price for our services, unless the different service or price is reasonably related to the value provided to you by your data.
If you are under 16 years of age, you are not authorized to use our website or our services and we don’t want your personal data.
We process personal data about our customers’ subscribers that our customer inputs to the service or creates as part of its use of our service, or that the subscribers communicate to our customers as part of their use of our services. For example, our customers may enter the name, email address, payment details, and physical address to establish an invoicing record for each of their subscribers. The invoices and other billing communications our customers send using our service will describe the products and services that their subscribers `purchased from them. Our customers will use our service to track whether their subscribers have paid for their products and services and whether the payments are late or on time. Our service includes an email feature to facilitate our customers’ communications with their subscribers. If our customers or their subscribers include personal data in those emails then we will transmit that data for our customer as part of our services, using our third party email services provider.
Our service includes a feature that allows subscribers to enter full payment details in a frame we host. We do not process or store full payment details other than to pass it, in encrypted form, to the payment card processor selected by our customer.
Some of our customers are subject to special data privacy laws, such as the General Data Protection Regulation adopted by the European Union in May 2018 (the “GDPR”), the UK’s Data Protection Act 2018 and other UK privacy legislation including their retained version of GDPR, and the California Consumer Privacy Act. (the “CCPA”). We make appropriate contractual commitments to our customers in support of their obligations under the GDPR, CCPA or other data privacy and protection laws applicable to them. If you are based in the UK or EEA, please see further information below “Additional Information for Certain Jurisdictions” including information regarding our Art 27 Representatives in each of these jurisdictions.
Please contact us at the address above if you have questions or concerns regarding our processing of the personal data described in this Section. We ask, however, that your first contact our customer if you have a request to access, block, erase or take other action with respect to data that we have solely processed as a data processor for our customer.
We have not sold or leased personal data, and will not sell or lease your personal data unless you give us your consent to do so. The California Consumer Privacy Act includes a definition of “sale” that may include permitting third party advertisers to collect data about our Site visitor for use as part of their advertising services generally. During the prior 12 months we have permitted Google Ads, Facebook, Twitter, and LinkedIn to collect data on our site by means of advertising cookies. See the section below captioned Advertising Ecosystem for information on how you block these cookies.
We will not disclose your personal data to third parties except as follows:
This may include exchanging information with government regulatory or law enforcement agencies, or with other companies and organizations for fraud protection and legal compliance.
As part of a sale of a sales of business assets where the purchaser needs the personal data to use the assets.
We may in the future sell all or part of our assets or be involved in a merger. We may provide the company that is seeking to acquire our business with access to personal data as part of their evaluation of our business, but will require them to maintain the personal data in confidence and use it only to evaluate our business. If we complete a transaction, it is customary to transfer personal data that is related to the purchased business assets to the purchaser.
We use the services of companies like the ones listed below to collect data on our behalf or to help us analyze, store, manage and otherwise process your personal data. Each of these companies commits in its contract with us to use the personal data only according to our contract with them or our other instructions as necessary to support our business. They are not authorized to use your personal data for any other purpose. They are not authorized to disclose your personal data to others except with our permission, and only if they require the others to comply with the same restrictions that apply to them.
Amazon Web Services – cloud infrastructure https://aws.amazon.com/compliance/gdpr-center/
Autopilot – marketing automation https://blog.autopilothq.com/what-is-gdpr/
Avalara – managed sales tax integration - https://www1.avalara.com/us/en/legal/terms.html
BigMarker – webinar services https://www.bigmarker.com/
Crossbeam – marketing services https://www.crossbeam.com/
Google Cloud – cloud infrastructure https://cloud.google.com/security/gdpr/
Heroku – cloud infrastructure and platform https://help.heroku.com/RXPQ7FOV/eu-general-data-protection-regulations-gdpr
Honeybadger – monitoring https://www.honeybadger.io/gdpr/
Keen – data analytics https://keen.io/blog/keen-and-gdpr/
Mailchimp – email and other communications management https://blog.mailchimp.com/gdpr-forms-and-more-tools/
Salesforce – customer relationship management https://www.salesforce.com/eu/campaign/gdpr/
Segment – data management https://segment.com/product/gdpr
SendGrid – email communication from the Chargify application - https://sendgrid.com/resource/general-data-protection-regulation/
SumoLogic – log management and analytics https://www.sumologic.com/compliance/what-is-gdpr/
Twilio – customer communications management https://www.twilio.com/gdpr
Zapier – web application integration https://zapier.com/help/gdpr/
Zendesk – customer support management https://www.zendesk.com/company/customers-partners/eu-data-protection/
Zoho – office software suite https://www.zoho.com/lp/gdpr.html
We may disclose your personal data as necessary to protect our information and systems from unauthorized actions that compromise their security or availability, such as disclosures as part of industry initiatives to identify and block malicious actors.
We use online advertising services that enable a practice referred to as “online behavioral advertising.” These services aggregate data about an individual’s behavior on many different sites and online services, and use that data to sell targeted advertising services. For example, we permit Google’s advertising services to collect data about your behavior on the Chargify Site, as do many other website operators who use Google’s ad services. Google combines the data about an individual that it collects from different sources, and uses this aggregate data to sell advertising services that target the display of ads to web users who meet certain behavioral criteria. Google does not disclose this aggregate data to Chargify, but we are able to infer that users who interact with our ad meet the advertising criteria we provided. Google collects this data using cookies, web server logs (its own and its advertising customers), clear gifs and other online data collection techniques. See Online Data Collection Techniques and How to Opt Out of Online Data Collection.
Recognizing you when you sign in to use our website or services;
Keeping track of your specified preferences. This allows us to honor your likes and dislikes, such as your language and configuration preferences;
Conducting research and diagnostics to improve our offerings;
Preventing fraudulent activity;
Measure and analyze the performance of our Site or other services.
You can manage your cookie preferences at any time using our cookie management tool here.
You can also manage browser cookies through your browser settings. The 'Help' feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, how to disable cookies, and when cookies will expire. If you disable all cookies on your browser, neither we nor third parties will transfer cookies to your browser. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some features and services may not work.
Our servers do not recognize or respond to any “do not track” setting you may have in your browser.
The third parties who we permit to collect data on our site have features that allow you to block their data collection via cookies. See their privacy policies and cookie policies.
If you do not wish to receive our email or other communications, please send your request to firstname.lastname@example.org Please note that it may take up to ten days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request.
Children are not permitted to use our site or services. We do not knowingly collect personal information from anyone under 16. If you are under 16, do not use or provide any information on our Sites unless you have involved your parent or guardian. If we discover that we have information about a child we will delete that information. If you are the parent or guardian of a child and you believe we have personal data about the child without your consent, please contact us at the address appearing at the top of this page and we will delete that information.
Chargify protects personal data from accidental loss, unauthorized access, use, or disclosure, corruption, alteration, and destruction using appropriate technical and organizational measures.
We will retain your personal data only for as long as reasonably necessary to fulfill the purpose for which it was collected, and to comply with our legal obligations, and will use secure means to destroy the data after that time. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Chargify is located in the United States and your personal data will be transferred to, stored in, and accessed from the United States.
Chargify will comply with laws applicable to the transfer of personal data across international borders. We provide appropriate contractual commitments to our customers in the European Union that require protections around transfer of personal data to the United States.
The policies in this section are applicable to individuals covered by data privacy laws in the European Economic Area and the United Kingdom
We provide additional information about the privacy, collection, and use of personal data of website users, prospective and current customers located in certain jurisdictions as follows:
We are only permitted to collect and process your personal data if we have a lawful basis to do so, and as we are based in the United States, which is not currently deemed to have adequate data privacy laws for the purposes of European privacy laws, we also need to ensure that the transfer of your personal data to us from outside of the EEA or UK (as applicable) is adequately safeguarded.
We collect and process your personal information in the United States on one or more of the following lawful bases:
Where we need to operate and provide our Site and service offerings to you, including the performance of the contract we are about to enter into or have entered into with you;
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental privacy rights do not override those interests;
Where we need to comply with a legal obligation; or
With your explicit, express consent.
Please note that when you consent to our processing of your personal data for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose (see below re: Your Rights).
Please note that by voluntarily providing your personal data to us, you acknowledge and give your express consent to the transfer of your personal information to the United States and understand that the federal and/or state laws of the United States may not offer the same level of privacy protection as your home country, which is outside of Chargify’s control.
Please also note that if you are an employee or agent of our customer, your limited business contact information is processed by us only for the purposes of administering your organisation’s account with us, the terms of which (including the incorporation of the EU’s Controller-to-Controller Standard Contractual Clauses if required) are governed by our service agreement with our customer. Please speak with your organization if you have any concerns regarding the use of your limited business contact information for these purposes in the first instance. Upon request, we will work with your organization as required in order to attempt to overcome any such concerns.
Please contact us at email@example.com should you require further information about the specific lawful basis that is utilised dependent upon the purposes of the processing or for any other queries that you may have regarding our privacy practices.
Subject to applicable law, and dependent on the lawful basis for which we are processing your personal data, you have the right to:
ask whether we hold personal data about you and request copies of such personal data and information about how it is processed;
request that inaccurate personal data is corrected;
request deletion of personal data that is no longer necessary for the purposes underlying the processing, which is collected with your consent that you wish to withdraw;
request us to restrict the processing of personal data where you believe that the processing is inappropriate;
object to the processing of personal data; and
request portability of personal data that you have provided to us (which does not include information derived from the collected information), where the processing of such personal data is based on consent or a contract with you and is carried out by automated means.
If you would like to take any of the actions set out above, please contact either our UK or EU Art 27 Representative below (as applicable) who is available to help and support your privacy requests and concerns:
VeraSafe has been appointed as Chargify’s representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation as amended by Schedules 1 and 2 to the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419). If you are located within the United Kingdom, VeraSafe can be contacted only on matters relating to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 20 4532 2003.
Alternatively, VeraSafe can be contacted at: VeraSafe United Kingdom Ltd., 37 Albert Embankment, London, SE1 7TL, United Kingdom.
VeraSafe has been appointed as Chargify’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are located within the European Economic Area, VeraSafe can be contacted only on matters relating to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031
Alternatively, VeraSafe can be contacted at: VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork, T23AT2P Ireland.