DEFANG SOFTWARE LABS INC PRIVACY POLICY

Updated Oct 31, 2024

This Privacy Policy (“Privacy Policy”) is intended to give you notice of the practices of Defang Software Labs Inc., doing business as Defang, (“Defang”, “we”, “our” or “us”) regarding the collection, use, disclosure of information we collect through your use of and access to (a) defang.io, its subdomains and any other website where these Terms are posted or made available to you, (b) our online hosted services, including but not limited to, the Defang “back-end”, the Defang Portal, the Defang “Playground”, the Defang AI Assistant and (c) our “Software”, meaning, collectively, the Defang Command Line Interface (CLI) and associated installers, the Defang Pulumi Provider, our samples, and all integrations, application programming interfaces (APIs), tools and documentation ((a) through (c) are collectively referred to as the “Services”).

Capitalized terms used but not defined in this Privacy Policy have the meanings assigned to them in our Terms of Service.

1. What Information We Collect and How

As part of its commercial activity, Defang collects, uses and processes information from you when you:

1. create or register an Account with us or administer your Account;

2. input, post or upload Contributions or other information, data or other content through the Services;

3. submit questions, requests or other communications to us via various communication channels;

4. contact us for customer support or technical support;

5. visit any of our websites or download any of our Software;

6. participate in promotions, user conferences, webinars, demonstrations, contests, sweepstakes, surveys or other marketing events;

7. participate in research activities;

8. interact with other users of the Services and guests on our community forums; and

9. integrate Third Party Platforms and other third-party products and services with your Account on our Services.

We also collect information about you from our business partners, including operators of Third Party Platforms and resellers and third parties that help us with sales and marketing efforts, such as prospecting. We may also obtain publicly-available business contact information.

Below is additional information about what we collect, depending on how you interact with the Services:

Your Content

In this Privacy Policy, “Content” includes all information, data and other content, in any form or medium, that is collected, uploaded, downloaded or otherwise received, directly or indirectly, from you (or on your behalf) by or through the Services. Content also includes information you provide when connecting a Third Party Platform or other third-party account, product or service to the Services. For clarity, Content does not include your Contributions.

You (and anyone who can interact with your use of the Services) own and control the nature of any Content, subject to any applicable terms and conditions including our Terms of Service and this Privacy Policy. Our collection, use and disclosure practices with respect to Content are distinct from those with respect to other sorts of information, as explained below.

We may upload Content automatically with your authorization from Third Party Platforms.

Contributions

You (and anyone who can interact with your use of the Services) own and control the nature of your Contributions, subject to any applicable terms and conditions including our Terms of Service and this Privacy Policy. Our collection, use and disclosure practices with respect to Contributions are distinct from those with respect to other sorts of information, as explained below.

Customer Information

“Customer Information” consists of information related to your access or use of our Services, the creation of Accounts, or that otherwise identifies you as a customer or end user of the Services. Customer Information includes:

1. Identifiers. This includes your name, mailing address, email address, postal code, telephone number and other similar identifiers.

2. Customer Records. This includes username and password, payment information, company name, job title, business email address and department.

3. Protected Classification Characteristics. This includes age and gender.

4. Commercial Information. This includes information about products or services purchased, obtained or considered.

5. Internet/Network Activity Information. This includes your browsing history, log and analytics data, information about the device(s) used to access the Services, domain server, search history and information regarding your interaction with our Services and other usage data.

6. Audio/Visual Information. This includes pictures you provide or upload in connection with our Services, and the content and audio or video recordings of phone or video calls between you and us that we record where permitted by law.

7. Profession/Employment Information. This includes your current employer, title and location.

8. Other Personal Information. This includes personal information you provide to us in relation to a survey, comment, question, request or inquiry, and information you provide when you connect a third-party account, product or service to the Services.

9. Inferences. This includes inferring your location using your IP address, or using data from your use of our Services to make predictions about your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

If you are an end user using the Services through an Account created on your behalf by an Organization, then we may collect and process Customer Information about you on behalf of that Organization.

Third-Party Platforms

If you create your Account using a service provided by a Third Party Platform (such as Amazon Web Services or GitHub), we may collect Customer Information about you from that Third Party Platform (such as your username, email address or user ID (if it is not also your email address) associated with that service). If you create your Account using a Third Party Platform, or if you give us permission by changing the settings on your Account, we may also collect, and you authorize us to collect, information about your personal contacts as may be stored within that Third Party Platform. By choosing to create an Account using a Third Party Platform, you also authorize us to collect Customer Information necessary to authenticate your account with the third party.

Certain aspects of the Services allow you to link or integrate products and services from Third Party Platforms to enable certain features and functionalities with the Services. For example, you can connect your GitHub account to create or upload Contributions in the Services from information and data contained in Third Party Platforms or integrate with third-party services using our applications or extensions. If you choose to use these features or functionalities, then you may be asked to create an account with a third party that provides such features or functionalities or link your existing third-party service account with the Services (and, by doing so, agree to the privacy policy and/or terms and conditions of that third party). You may also be asked to authorize the Services to collect information from the third party on your behalf. We will then collect information (such as your username or user ID associated with that third-party service) from you and/or that third party as necessary to enable the Services to access your data and content stored with that third-party service. Once the authentication is complete, we have the ability to access information you provided to us or was otherwise collected by the third-party service in accordance with the privacy practices of that third party. We will store the information and data we collect and associate it with your Account, and we will use that information and data to enable the integration of the Services with the third-party service and to perform actions requested or initiated by you or that are reasonably necessary to carry out instructions provided by you.

Automatically-Collected Information

We may collect information about how you use the Services and your actions on the Services, including your IP addresses, browser types, operating systems, ISPs, platform types, device types and mobile device identifiers such as make and model and mobile carrier. We may also use tools, including third-party tools, to collect analytics data. If we collect any of those types of information, some of it would be collected through the use of cookies and other tracking technologies, such as web beacons, pixels, session replay scripts and similar technologies. Please see our Cookie Policy for more information about our use of cookies and similar tracking technologies.

2. How We Use the Information We Collect

Use of Content

Notwithstanding anything to the contrary in this Privacy Policy, we will not use or access your Content except: (a) to provide, maintain, improve or optimize use of the Services, where you (or the Organization through which you have an Account) explicitly approve access (e.g., during a customer support inquiry or when participating in beta testing), (b) in response to lawful requests by law enforcement or government authorities, (c) in response to subpoenas, court orders or other legal process or requests, as required by Applicable Law as determined in our discretion, where necessary (in our sole discretion) to ensure the stability and security of the Services and our systems (e.g., where we have reason to believe specific Content is degrading server stability) and (d) where necessary (in our sole discretion) to protect the rights, privacy, safety or property of you, us or others. Notwithstanding the foregoing, you acknowledge and agree that we may retain, take possession of, delete or deny you access to your Content if we believe, in our sole discretion, that some or all of your Content, or your use of the Services, violates our Terms of Service. We also may analyze metadata related to Content (such as total number of records, file size, API volume, access logs, etc.).

Use of Contributions

Notwithstanding anything to the contrary in this Privacy Policy, we will not use or access your Contributions except: (a) to provide, maintain, improve or optimize use of the Services, where you (or the Organization through which you have an Account) explicitly approve access (e.g., during a customer support inquiry or when participating in beta testing), (b) in response to lawful requests by law enforcement or government authorities, (c) in response to subpoenas, court orders or other legal process or requests, as required by Applicable Law as determined in our discretion, where necessary (in our sole discretion) to ensure the stability and security of the Services and our systems (e.g., where we have reason to believe specific Contributions are degrading server stability) and (d) where necessary (in our sole discretion) to protect the rights, privacy, safety or property of you, us or others. Notwithstanding the foregoing, you acknowledge and agree that we may retain, take possession of, delete or deny you access to your Contributions if we believe, in our sole discretion, that some or all of your Contributions, or your use of the Services, violates our Terms of Service.

Use of Other Information

We use the information we collect for a variety of purposes, and how we use it depends on what we collect and which Services (or features of the Services) you use. These purposes may include:

1. Providing the Services to You. This includes use for the purposes of: (i) responding to requests or inquiries from you, (ii) providing customer support or technical assistance, (iii) contacting you to provide product updates or information about products you have requested or purchased, (iv) creating, managing or administering your information and account, including identifying you with your Account or the account of another Defang customer and (v) auditing relating to interactions, transactions and other compliance activities.

2. Analyzing and Improving our Services Pursuant to our Legitimate Interest. This includes use for the purposes of: (i) deriving market insights, ways to improve the Services and performing other business analysis or research, (ii) customizing existing and future product offerings and other aspects of the Services to you and other users, (iii) securing the Services and our systems and protecting your information and data, (iv) detecting security incidents and protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity and (v) measuring interest in and engagement with our Services and short-term, transient use. 

3. Marketing Our Products and Services. This includes use for the purpose of: (i) tailoring and providing you with information about our products, services or events that you may be interested in, including by email or phone, (ii) monitoring the performance of our advertisements and marketing efforts and (iii) communicating with you about your engagement with our Services.

4. Legal Obligations and Rights. This includes use for the purpose of: (i) establishing, exercising, investigating, prosecuting or defending against legal claims, (ii) complying with laws or responding to lawful requests and legal process, (iii) protecting our rights and property, and the rights and property of our agents, customers and others, including to enforce our agreements, policies or Terms of Service, (iv) detecting, suppressing or preventing fraud, (v) reducing credit risk and collecting debts owed to us, (vi) protecting our health and safety or the health and safety of our Services, our customers or any person or (vii) fulfilling other requirements under Applicable Law.

5. Participation in any Defang partner program. This includes use for the purpose of enabling or supporting participation in any such program, which may involve the provision by Defang partners of implementation, training, app-building, base-building or other similar services.

6. Consent. This includes use for other purposes that are clearly disclosed to you at the time you provide personal information, or with your consent.

7. Aggregated or De-Identified Data. This includes use of aggregated or de-identified information for a wide variety of statistical, analytical and service improvement purposes. The aggregation or de-identification process prevents the information from being reassociated or identified with any one customer account, user or individual.

8. Other Purposes. This includes use for our other, legitimate business purposes or as permitted by Applicable Laws.

3. How We Disclose Information

We disclose information we collect for specific purposes, including:

1. when you ask us to, or otherwise give your specific consent (for example, by posting Content or Contributions), you consent to our making that Content or those Contributions visible to users of our Services or website guests;

2. with affiliates and subsidiaries to provide you with aspects of the Services, such as customer support;

3. to Third Party Platforms and with other vendors that help us provide you with aspects of the Services, such as data storage, hosting, customer support and payment processing, or that help us with marketing and email campaigns, to advertise, gain insights and perform analytics into how the Services are used and how they might be improved;

4. with third parties who enable certain features or functionalities of the Services that you’ve requested (for example, by installing extensions in the Services);

5. with an employer or other Organization (or employees or other users of the Services associated with such an employer or other Organization) on whose behalf you use the Services, that created an Account on your behalf, or that owns, manages or is associated with the email domain for an email address on your account;

6. with the owner or collaborator of a workspace on the Services to which you have access or on which you are a collaborator as necessary to identify you to such owner or collaborator or enable you to collaborate as intended;

7. with partners in any Defang partner program, when you elect to work with one of our partners for implementation, training, app-building, base-building or other similar services;

8. as necessary to comply with Applicable Laws, including governmental requests and law enforcement requests, and otherwise to protect the rights, privacy, safety or property of you, us or others;

9. as necessary in the event of a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer, financing or other disposition of all or any portion of our business, assets or stock; and

10. with others for any legitimate business purpose that does not conflict with the statements made in this Privacy Policy.

4. Transfers of Information

We may transfer to and process your personal information in countries outside of the jurisdiction where you are located for the various purposes described above. When required by Applicable Laws, we will ensure that we rely on an appropriate legal mechanism for the transfer, such as your consent, standard contractual clauses (or their equivalent) or adequacy decisions. You may ask us, using the contact information below in this Privacy Policy, for more information about the specific basis we use for transferring your data.

5. Retention of Information

We store your personal information for no longer than necessary for the purposes for which it was collected, including for the purposes of satisfying any legal or reporting requirements, and in accordance with our legal obligations and legitimate business interests. To determine the appropriate retention period for personal data, we consider: (a) the amount, nature and sensitivity of the personal data, (b) the potential risk of harm from unauthorized use or disclosure of your personal data, (c) the purposes for which we process your personal data and (d) the applicable legal requirements.

6. Managing Your Information

Content

You own all Content you upload provided you have lawful title thereto. You can update or correct certain aspects of your Account via the Defang Portal. Content you delete (including Content containing personal information) may be retained in archived or backup copies for a certain period of time in order to enable you to use certain features like revision history and base snapshots. You can permanently delete Content from your Account via the Defang Portal. Please note that permanent deletion of Content through this process may impair or disable some features of the Services (such as revision history and base snapshots) with respect to that Content.

Contributions

You may access, correct, update or delete your Contributions within the Services or through your connected account on a Third Party Platform. Your proprietary rights with respect to your Contribution, including the limited license(s) you grant to us with respect thereto, are as set out in our Terms of Service. Contributions you delete (including Contributions containing personal information) may be retained in archived or backup copies in order to enable you to use certain features like revision history and base snapshots.

Other Information

We may use some of the information we collect for marketing purposes, including to send you promotional communications about new Services features, products, events or other opportunities. If you wish to stop receiving these communications or to opt out of use of your information for these purposes, please follow the opt-out instructions by clicking "Unsubscribe" (or similar opt-out language) in those communications. You may also contact us at support@defang.io to opt out.

You also may have certain rights with respect to your data depending on the jurisdiction in which you live. Please see the jurisdiction-specific sections below for a description of those rights.

7. Information from Children

Our Services are not intended for use by children under the age of 13 (or other age as required by local law) and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take reasonable steps to delete such information from our files as soon as is practicable. If you learn that your child has provided us with personal information without your consent, you may contact us atsupport@defang.io.

8. Changes to Privacy Policy

Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected. However, we may revise this Privacy Policy from time to time. If a revision is material, as determined solely by us, we will notify you via email. The current version will always be posted to our Privacy Policy page.

9. Contact Us

If you have any questions about our privacy practices, including this policy, you may contact us by email at support@defang.io or by mail at Defang Software Labs Inc., 111 W Broadway, Suite 218, Vancouver, BC V5Y 1P4, Canada.

10. EEA, UK and Swiss-Specific Disclosures

The disclosures in this Section apply solely to residents of the European Economic Area (“EEA”), Switzerland and the United Kingdom (“UK”), and describe how we collect, use, disclose and otherwise process personal data about you. Unless otherwise expressly stated, all terms in this Section have the same meanings as defined in the General Data Protection Regulation (“GDPR”). We are the controller of the personal data we hold about you in connection with your use of the Services.

Lawful Basis of Processing

We collect and process your personal data for purposes described in this Privacy Policy. Where required by Applicable Laws, we obtain your consent to use and process your personal data for these purposes. Otherwise, we rely on another authorized legal basis (including but not limited to the performance of a contract or legitimate interest) to collect and process your personal data.

Marketing and Advertising

From time to time, we may contact you with information about our products and services, including sending you marketing or advertising messages and asking for your feedback on our products and services. For some marketing or advertising messages, we may use personal data we collect about you to help us determine the most relevant marketing or advertising information to share with you. You can unsubscribe at any time from our marketing or advertising emails by clicking on the unsubscribe link (or similar opt-out language) at the bottom of the email or by contacting us at support@defang.io.

In addition, when you give us your consent, we may provide your information to third parties for targeted advertising or we may allow our advertising partners to collect data about you for that purpose using cookies or similar technologies. For more information, please see our Cookie Policy.

Your Privacy Rights

You have the following rights in respect of your personal data that we hold: (a) right of access, (b) right of portability, (c) right to rectification, (d) right to erasure, (e) right to restriction, (f) right to withdraw consent and (g) right to object.

You also have the right to lodge a complaint to your local data protection authority. Information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you wish to exercise one of these rights, please submit a request to us by email at support@defang.io with the subject line “European Rights Request”.

Due to the confidential nature of data processing, we may ask you to provide proof of identity when exercising the above rights.

11. California-Specific Disclosures

The disclosures in this section apply solely to individual residents of the State of California and provide additional information about how we collect, use, disclose and otherwise process personal information within the scope of the California Consumer Privacy Act of 2018, as amended, including its implementing regulations, (“CCPA”). Unless otherwise expressly stated, all terms in this Section have the same meaning as defined in the CCPA.

Sensitive Personal Information

Certain data elements we collect and use to provide the Services may be deemed “sensitive personal information” under CCPA. These include your username and password to access your Account. We do not use or disclose such sensitive personal information to “infer” characteristics as defined under the CCPA or for any purpose other than that which is necessary to provide the Services as specified in the CCPA.

Sales and Sharing of Personal Information (Targeted Advertising)

We may use cookies and similar tracking technologies that enable certain advertising networks, social media companies, analytics services and other third-party businesses to collect and disclose your personal information directly from your browser or device when you visit or interact with our Services or otherwise engage with us online. In some cases, we may upload personal information to certain of these partners for advertising or analytics purposes.

To opt out of these “sales” or “sharing” of personal information (as these terms are defined under the CCPA or other applicable US state privacy laws), you must:

1. toggle cookies off in our cookie preference center or enable Global Privacy Control (“GPC”) on your browser; and

2. submit a request to us by email at support@defang.io.

Note that the above opt-out right does not apply where we have appropriately limited our partners to be our “service providers” or “processors” (as these terms are defined under the CCPA or other applicable US state privacy laws).

California Privacy Rights

As a California resident, you may be able to exercise the following rights in relation to the personal information about you that we have collected (subject to certain limitations at law):

1. the Right to Know any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon verification of your identity:

   1. the specific pieces of personal information we have collected about you;

   2. the categories of personal information we have collected about you;

   3. the categories of sources of the personal information;

   4. the categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;

   5. the categories of personal information we have sold or shared and the categories of third parties to whom the information was sold or shared; and

   6. the business or commercial purposes for collecting, selling or sharing the personal information.

2. The Right to Request Deletion of personal information we have collected from you, subject to certain exceptions.

3. The Right to Request Correction of inaccurate personal information.

4. The Right to Opt Out of Personal Information Sales or Sharing to third parties now or in the future.

You also have the right to be free of discrimination for exercising these rights. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our Services or engage with you in the same manner.

How to Exercise Your California Privacy Rights

Please see the instructions above on how to exercise your right to opt out of personal information sales or sharing.

To exercise your rights to know, correct or delete, please submit a request to us by email at support@defang.io with the subject line "California Rights Request.

We will need to verify your identity before processing your request. In order to verify your identity, we will generally require either the successful login to your Account (if applicable) and/or the matching of sufficient information you provide us to the information we maintain about you in our systems. Although we try to limit the personal information collected in connection with a request to know, correct or delete, certain requests may require us to obtain additional personal information from you. In certain circumstances, we may decline a request to exercise the right to know, correct or delete, particularly where we are unable to verify your identity or locate your information in our systems, or as permitted by law.

Minors Under Age 16

We do not sell or share the personal information of consumers we know to be less than 16 years of age. Please contact us at support@defang.io to inform us if you, or your minor child, are under the age of 16.

California’s “Shine the Light” Law

In addition to the rights described above, California’s “Shine the Light” law (Civil Code Section §1798.83) permits California residents that have an established business relationship with us to request certain information regarding our disclosure of certain types of personal information to third parties for their direct marketing purposes during the immediately preceding calendar year.

To make such a request, please send an email to us at support@defang.io.

12. Disclosures to Residents of Colorado, Connecticut, Montana, Oregon, Texas, Utah and Virginia

The disclosures in this section apply solely to individual residents of the States of Colorado, Connecticut, Montana, Oregon, Texas, Utah and Virginia. Privacy laws in Colorado, Connecticut, Utah and Virginia give residents certain rights with respect to their personal data, and privacy laws in Montana, Oregon and Texas will give residents certain rights with respect to their personal data when they take effect over the course of 2024. Those rights include:

1. Right to Access Information. You have the right to access and obtain a copy of your personal data.

2. Right to Request Deletion. You have the right to request that we delete personal data provided by or obtained about you.

3. Right to Correct. You have the right to correct inaccuracies in your personal data.

4. Right to Opt-Out of Targeted Advertising. You may ask us not to use or disclose your information for the purposes of targeting advertising to you based on your personal data obtained from your activity across different businesses, services, websites, etc.

5. Right to Opt Out of Personal Information Sales to third parties.

To submit a request to exercise your access, deletion or correction privacy rights, please email us at support@defang.io with the subject line “Privacy Rights Request” and let us know in which state you live. Please see the instructions above for how to exercise your right to opt-out of targeted advertising or sales.

Residents of Colorado, Connecticut, Montana, Oregon, Texas and Virginia may appeal a refusal to take action on a request by contacting us by email at support@defang.io.

Residents of Oregon may request that we provide a list of third parties to whom we have disclosed personal data. To make such a request, please follow the instructions above for submitting an access, deletion or correction request.

13. Nevada-Specific Disclosures

For residents of the State of Nevada, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Although we do not currently sell covered information, please contact us at support@defang.io to submit such a request.

14. Canada-Specific Disclosures

If you live in Canada, you have the following rights:

1. Right to Access. You can ask us to: (i) confirm that we have personal information about you and (ii) provide you a copy of that information.

2. Right to Correct. You can ask us to correct any inaccurate or incomplete personal information that we have about you.

You may submit a request by contacting us at support@defang.io with the subject line “Canadian Privacy Rights Request”. Before we honor your request, we will need to verify your identity.

4888-9553-2261, v. 1