MoEngage, Inc. (“MoEngage,” or “Us” or “We”) provides SaaS (software as a service) (the “Service”) that enables the providers of mobile applications and websites (the “App Providers”) to understand how end users who download, access and/or interact with App Providers’ services (the “End Users”) interact with their services. Your privacy is important to us, and we are committed to protect your privacy.
This Policy (the “Privacy Policy”) informs you about what information (“Personal Data” or “Personal Information”) we may collect directly or indirectly from you through the MoEngage platform (the “Platform”), as a part of our Service. It describes how we create, store, transfer, share, collect, organize, use, return or delete (“Process”) personal data with the privacy and security practices we have implemented on the MoEngage Platform. The European Union website visitors should be sure to read the important information provided under the section – “Additional Information for European Union Users” in this Privacy Policy.
If the Use of Your information changes, We will provide You (“Website Visitors, Customers, End Users, Job Applicants/Candidates, Employees (current and former), Contractors, sub-contractors, third-party vendors, visitors to MoEngage office) with more information when we are in contact with You, via different modes of communications, through our website or via email. You can check for any updates or amendments to this Policy when You visit our website on – https://devenv.moengage.com/. Any information that we process is subject to the privacy policy in effect at the time such information is collected.
This Privacy Policy only applies to MoEngage and does not apply to the practices of companies that MoEngage does not own or control, or to people that MoEngage does not employ or manage. This policy applies to all website visitors, end users of our customers, employees, permanent or temporary, and all contractors, interns working on behalf of MoEngage.
If MoEngage is collecting information directly from You, then MoEngage will act as the Data Controller (defined hereunder). If MoEngage is receiving information from its Customer, MoEngage will act as a Data Processor (defined hereunder) and shall process data as per the instructions received by the Data Controller. If you have any questions related to handling Your Personal Data by MoEngage or to exercise Your rights to privacy You can contact us at [email protected].
This is a global Policy and shall apply wherever You reside. In this section, We describe our legal justifications (commonly referred to as “legal basis”) for the Use of Your Personal Information related to each of our main processing activities.
Please note: depending on the country where You reside, the law of Your country may not require that We use a specific legal basis to justify Using Your Personal Information, including transfers of Your Personal Information outside Your country of residence (Example : GDPR). If Your jurisdiction requires consent to Process Your Personal Information when You interact with Us, We will obtain Your consent prior to the Use of such Personal Information.
Below, We explain to You the MoEngage’s legal basis when processing Your Personal Information:
1. Based on our contract with You –
2. Based on Your prior consent (where permitted or required by law upon)
3. Based on your legitimate interest shared during the referral of your job application by employees of MoEngage as part of the ‘Talent Ambassador Program’ and also during sharing your details with recruiters reaching out on phone calls, LinkedIn or email.
4. To comply with applicable data protection laws and other legal statutes – In some limited instances, We may have to keep some limited Personal Information about You longer than needed such as for tax or accounting purposes.
As per global privacy laws and regulations, MoEngage gives its data subjects the right to withdraw their consent at any time.The process of withdrawing consent is as easy as it was to obtain consent and it is an easily accessible one-step process. MoEngage entities have a consent withdrawal mechanism in place to ensure the effective exercise of this right of the data subject.
Data Subjects can withdraw their consent by filling the ‘Data Subject Rights’ form available on the cookie banner or in the ‘Privacy Settings’ section at the footer of the website. The Data Subject will then be shared with a ‘Consent Withdrawal Form’ Template which needs to be filled and shared to [email protected].
We collect only the information needed for legitimate business purposes.
As a Data Controller, MoEngage collects such data from employees, contractors, vendors, interns and customers for various reasons, such as, product demonstrations, marketing purposes or for job vacancies/ career applications or for other purpose(s).
MoEngage collects Personal Data about employees through application, forms, intranet applications, physical copies, government authorities, vendors, emails and interviews as a part of their employment. Personal information with supporting documents is also collected during the MoEngage onboarding process and during the course of your employment. We may collect personal information directly from publicly available databases, social media sites or in collaboration with our partners from time to time.
When other entities of MoEngage or other third-parties give us Personal Information about you, we make sure they have complied with the relevant privacy laws and regulations. This may include, for example, that we have informed You of the personal data processing as per your legitimate interests, and that we have obtained any applicable and necessary permission from you to process that information as described in this Privacy Policy.
This information would be collected by us in a number of ways through multiple channels while joining our organization and over time during our relationship with you, which have been informed through the ‘Employee Privacy Notice’ shared at the time of onboarding.
Types of Personal Data collected by MoEngage as Data Controller:
As a Data Processor, MoEngage provides SaaS (software as a service) that enables the App Providers to understand how end users who download, access and/or interact with App Providers’ services (the “End Users”) interact with their services. Our customers can choose to collect the Personal Data of the end users. This collection shall be as per the Customer’s privacy policy.
Types of Personal Data that is collected by MoEngage as Data Processor
When an App Provider embeds our tracking code into its Applications, we access or obtain Personally Identifiable Information (“PII”) such as an End User’s email address, name, and phone number, depending on the selections the applicable App Provider makes via the MoEngage Software Development Kits (the “SDKs”).
We also access or obtain additional information about End Users’ use of App Providers’ Applications and End Users’ devices, such as the following:
Please ensure you read, understand, and accept the privacy policies, and any terms of use of the App Provider that uses the MoEngage Service. By using our Service, you expressly relieve MoEngage from any and all liability arising from your use of the App Providers service. We analyze and use this information to provide and improve the MoEngage Service. MoEngage collects information under the direction of our App Providers and has no direct relationship with the End Users whose personal data it processes. If you are a customer of one of our App Providers and would no longer like to be contacted by one of our App Providers that use the MoEngage Service, please contact the App Provider directly. If the App Provider fails to respond to your request within 30 days, you may contact us with your request at [email protected].
We gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve the services we offer you, to improve marketing, analytics, or site functionality.
We collect and use information from App Providers to provide our Service, improve our Service, administer your Account, and personalize the End User experience.
When you, as an App Provider, create an Account or when you request information about the MoEngage Service, we’ll collect certain information that can be used to identify you, such as your name and email address (“PII”). We may also collect information that cannot be used to identify you, such as Account preferences.
App Providers are able to send you, the End Users, push notifications, thought In-apps, or email communications through the MoEngage Service.
An End User who seeks to opt out must direct their query to their App provider (Data Controller). The App Providers may then request us to opt out of the said End User’s data, which we shall do so within 1 calendar month. Alternatively, the End User may contact us directly, by sending opt-out requests to [email protected], which we will then share with our customer (the App Provider).
MoEngage uses “cookies,” which are small text files that are placed by web servers and used to remember your preferences and settings. We use cookies for:
We may receive reports based on the use of these technologies on an individual as well as aggregated basis. You can change your browser settings to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If your browser does not accept cookies, you may not be able to easily access all aspects of our Service. Third parties with whom we partner to provide certain features on our site or to display advertising based upon your Web browsing activity use locally stored objects (LSOs) such as HTML5 to collect and store information. Please refer to the ‘Cookie Policy’ for more details on how we use cookies and other web tracking technologies.
When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or online profiles. We (or service providers on our behalf) may then send communications and marketing to these emails or profiles. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.
Our partners may use non-cookie technologies (web tracking technologies) such as pixel tags, that may not be impacted by browser settings that block cookies. Your browser may not permit you to block such technologies. For this reason, you can use the following third-party tools to decline the collection and use of information for the purpose of serving you interest-based advertising:
We shall transfer your PII to our Indian subsidiary to provide you with better service or for troubleshooting purposes. Our Indian subsidiary is bound by the principles of Standard Contractual Clauses and the obligations under this Privacy Policy. If you have any questions or concerns related to the transfer of PII to our Indian subsidiary, you contact us at [email protected].
We may engage third-party Service Providers or Sub-processors to work with us to administer and provide the MoEngage Service such as sending you emails, storing data, etc. These third-party Service Providers have access to PII only for the purpose of performing the MoEngage Service on our behalf and are expressly obligated not to disclose or use your PII for any other purpose.
Please find the list of sub-processors here.
Please Note: The List of sub-processors may differ from customer-to-customer.
The End Users may reach us at [email protected] if they require further information about the third-party Service Provider, the services that they are providing, or their privacy policy.
We may share aggregated information and non-identifying information with third parties for industry analysis, demographic profiling, and other similar purposes. We will not share the End User PII collected from one App Provider with third parties.
We may share and disclose Personal Data to the following types of third parties and for the following purposes:
It is our policy to protect App Providers and End Users from having their privacy violated through abuse of the legal systems, whether by individuals, entities or government and to contest claims that we believe to be invalid under applicable law. However, it is also our policy to cooperate with government and law enforcement officials and private parties. Accordingly, we reserve the right to disclose any information about App Providers or End Users to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary:
We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Transferring of personal data out of the European Economic Area (EEA) or US to countries not deemed by the European Commission or US State Laws to provide an adequate level of personal information protection, shall be governed by one of the following safeguards recognized by EU & US data protection legislation respectively.
Kindly note that MoEngage will follow appropriate level of protection and deploy all necessary safeguards for transfer of such data that constitutes confidential information and/or Personal Data, additionally such transfers, to any country(s) which do not ensure an adequate level of data protection, MoEngage will ensure that the transfer is through one of the following mechanisms:
For further details, see European Commission Model contracts for the transfer of personal information to third countries. The entity receiving the personal data shall comply with the principles of personal data processing set forth in the agreement.
We are fully committed to Information security and compliance with applicable regulations, by implementing strong security controls for the protection of personal data. We have designed and implemented information security programs in line with International Organization for Standardization (ISO) 27001:2013 standard and Service Organization Controls 2 (SOC). We have put in place appropriate measures to comply with the European Union (EU) General Data Protection Regulation (GDPR).
We take reasonable measures to protect the information that we collect from or receive from App Providers or End Users (including PII) from unauthorized access, use, or disclosure. When you enter sensitive information (such as login credentials) on our forms, we encrypt the transmission of that information using secure socket layer technology (SSL). Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of unencrypted electronically stored “personal data” (as defined in applicable state statutes on security breach notification) via email or conspicuous posting on our Platform in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
At any point, if you suspect any security issues or incidents, or you receive any suspicious mail from someone holding themselves out to be a MoEngage employee or from a fake website claiming to be affiliated with MoEngage, you may reach out to us at [email protected]
We have established a process to proactively embed privacy at the initial planning/design stages and throughout the complete development process of new processes/ services/ technologies and/or platforms that involve Processing of Personal Data.
Considerations have been made for technical and organizational measures to enhance privacy (e.g. optional data masking, optional data encryption, data minimization).
In addition, We shall take appropriate technical and organizational measures to ensure that Personal Data collected or Processed is adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed.
Our Service may contain links to other websites and services. Any information that an App Provider or End User provides on or to a third-party website or service is provided directly to the owner of the website or service and is subject to that party’s privacy policy. Our Privacy Policy does not apply to such websites or services, and we are not responsible for the content, privacy, or security practices and policies of those websites or services. We recommend that App Providers and End Users carefully review the privacy policies of other websites and services that they access.
Our Platform includes Social Media Features, such as the Facebook button, and widgets, such as the “Share” button, or interactive mini-programs that run on our site. These features may collect your IP address, and which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social Media Features are either hosted by a third party or hosted directly on our Platform. Your interactions with these Features are governed by the privacy policy of the company providing them.
Our Service is not directed to children under the age of 13. MoEngage users must not be under the age of 13. We do not target any portion of our service to children under the age of 13, and we will delete any accounts or data of users that we believe to be under the age of 13 to be in compliance with the Children’s Online Privacy Protection Act. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without their consent, he or she should contact us at [email protected].
MoEngage as a Data Controller profiles its customers based on location as well as it’s employees based on location, qualification, age and gender. However, we do not use automated decision making for any of the processing operations performed on customer’s and employee’s personal data. As part of providing our services, MoEngage as a Data Processor shall act on behalf of our customers while they profile their end users data and/or use it for automated decision making.
MoEngage processes the personal data of End Users on behalf of the App Providers (Our Customers) and acts as a Data Processor on behalf of App Providers, who act as Data Controller. Wherever MoEngage acts as Data Processor, it merely processes Personal Data under the direction of the Customers and has no direct control or ownership of the Personal Data We Process. It is the responsibility of the Customers for complying with any regulations or laws requiring notice, disclosure or obtaining consent prior to transferring the data to MoEngage for further processing purposes. Attendee’s of an event that seeks to access, correct or delete data, should direct their request to the Customer. MoEngage shall assist Customers by addressing the data subject requests received by them through the respective APIs. Please refer to the Developer Guide for more information on how we address data subject requests shared by the customer. If the Customer requests MoEngage to delete, rectify or access the Personal Data of an Attendee to comply with Applicable Data Protection Laws, MoEngage will process this request within the required time frame under the Applicable Data Protection Laws by using appropriate APIs.
MoEngage is a service provider that processes data on behalf of App Providers, any requests relating to European Users’ exercise of their rights of access, rectification, erasure, or restriction under the European General Data Protection Regulation (“GDPR”) must be provided to MoEngage by an App Provider. App Providers can notify MoEngage of these requests directly. You can refer to this article for more information. Moreover, MoEngage supports functionality to allow App Providers to respect granular controls regarding User data privacy rights. App Providers can flag in the MoEngage SDK that a particular User has requested that their data not be processed by MoEngage, in which case MoEngage will no longer process engagement data on behalf of the App Provider for that User.
App Providers who are users of MoEngage Service and who are residents of the European Union may request to get a confirmation that MoEngage is processing your data, access this information, or request to rectify, or delete or restrict the processing of this information. For any such request, you may send an email to us at [email protected]
Kindly note that MoEngage will not process a Data Subject request to change information that may cause the information to be incorrect, fraudulent, misrepresented or violates any law of land or legal statute. In such instances, We will inform the Customer about the legal obligations that prevent Us from fulfilling the request.
For MoEngage employees, candidates and visitors of the MoEngage website, MoEngage Inc. is the controller of your personal information for purposes of European data protection legislation.
Data Privacy and data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to the personal information that we hold as a Data Controller –
Opt-out: Once you opt-out, we shall stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails.
Data Subjects can opt-out or withdraw their consent by filling the ‘Data Subject Rights’ form available on the cookie banner or in the ‘Privacy Settings’ section at the footer of the website. The Data Subject will then be shared with a ‘Consent Withdrawal Form’ Template which needs to be filled and shared to [email protected].
MoEngage shall record any request to withdraw or change consent in a similar way to the recording of the consent itself.
For exercising your data subject right (DSR), kindly submit your data subject rights requests by email to [email protected] mentioning the following information –
We will require the above-mentioned information to authenticate your request.
We may reject your request as applicable under law in which case we will inform you of the legal basis for rejecting your request. Once we receive your request, we shall acknowledge your request and share the appropriate form/template, which you need to fill and share it to us on [email protected]. If you wish to prevent such processing, please accept only ” Strictly necessary cookies” in the cookie banner. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at [email protected].
We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
The California Consumer Privacy Act 2018 (CCPA) and its upcoming amendments such as the California Privacy Rights Act (CPRA), California residents have specific rights regarding their Personal Information.If you are a California resident, this section applies to you in addition to the rest of the Privacy Policy. It provides more detail on how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information.
For purposes of this section, Personal Information has the meaning given in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”). However, this section does not apply:
In particular, we do not:
In addition to the above mentioned rights under California law You have the right to (subject to statutory or restrictions):
All Personal Information that is collected from You is in accordance with this Policy, including the Use of different categories of Your Personal data that has been collected from You, the disclosure of Your Personal Information is as per this Policy.
MoEngage uses services that employ cookies and other technologies to collect Personal Information (including identifiers and internet activity information) about your use of our Websites and other online services over time, which helps us to deliver targeted ads. In addition, we may share your contact details with our advertising vendors for the placement of targeted ads. Our use of some of these services may constitute the “sale” or “sharing” of Personal Information as defined under the CCPA to/with third party advertisers. You may opt-out of such sales or sharing by clicking on the “Do Not Sell or Share my Personal Information” link in the footer of our cookie banner.
Alternatively, you may opt out of targeting cookies by clicking on the Cookie Consent Manager on our website.
While our Website and Services are not directed to children under the age of 16, we are required to inform you that we have no actual knowledge that we have sold or shared the Personal Information of California residents under 16 years of age.
We endeavor to respond to a verifiable consumer request within 1 calendar month of its receipt. If we require more time (more than 1 calendar month), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for Legal and regulatory retention requirements may include retaining information for the following:
We retain any contractual relationship information for administrative purposes, legal and regulatory retention requirements, defending MoEngage rights, and to manage MoEngage’s relationship with you. The information that is provided in a supplementary privacy policy may provide more detailed information on applicable data retention terms. Please find the data retention schedule below:
ACT – Active, in use + Number of Years
C = End of Contract
E = End of Employment
YR = Creation Date + Number of Years
* = in years, unless otherwise noted
Record Category | Description | Retention Period |
---|---|---|
Customer Data [Active User Attributes] |
SaaS Application Data: Active user attributes used for analysis & generating campaigns | C + 7 Days |
Customer Data [Inactive User Attributes] |
SaaS Application Data: Inactive/Unreachable user attributes used for analysis & generating campaigns | ACT + 90 Days |
Analytics | SaaS Application Data: Generated for Analytics purpose | 1 Year |
We will retain personal data we process on behalf of our App Providers for as per the defined data retention period to provide services to our App Providers. We will also retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. An End User who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to our App Providers. If requested by App Providers to remove or access data, we will respond within 1 calendar month.
Depending on your use/interaction with us, we may collect/store/transfer/analyze/delete the following categories of Personal Information from you including but not limited to Name, Email ID, Phone Number, Company Name, etc.
As a Data Controller, MoEngage does not collect any sensitive personal data. As a Data Processor, if the App Provider collects any sensitive personal data such as financial and/or health information and shares it with us, it is up to the App Provider’s discretion and they shall ensure to provide applicable safeguards in line with their privacy policy.
When we learn of a suspected or actual personal data breach, the Data Protection Officer (DPO) shall lead the investigation along with the Data Privacy team and Information Security team to perform an internal investigation and take appropriate remedial measures in a timely manner, according to the Data Breach Reporting and Notification Policy. Where there is any risk to the rights and freedoms of data subjects, we will notify the relevant data protection authorities/EU representative without undue delay and, when possible, within 72 hours.
These cases shall be managed based on the Information Security Incident Response Procedure & Data Breach Management procedure, which provides the process of handling information security & privacy incidents.
MoEngage complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the United Kingdom and Switzerland, as applicable, to the United States in reliance on the Data Privacy Framework (“Personal Data”). We have certified to the Department of Commerce that we adhere to the Data Privacy Framework Principles (the “Principles”). You can learn more about the Data Privacy Framework program here and can view our certification here.
The Data Privacy team is responsible for auditing how well business departments implement this Policy. The Data Privacy team has defined their data privacy & PIMS objectives inline with SMART Objectives framework. The Data Protection Officer (DPO), Data Privacy team and the Management demonstrate their dedicated commitment towards the continual improvement of the Privacy Information Management System (PIMS) at MoEngage.
Any employee who violates this Policy will be subject to disciplinary action and the employee may also be subject to civil or criminal liabilities if his or her conduct violates laws or regulations.
MoEngage may need to disclose personal information to legal authorities for compliance, fraud investigation, statutory purposes or for other legal activities as per the local laws and government request.
We provide easily accessible information via our Platform or on request. If You have any questions or requests related to this Policy or Your Personal Information, please contact us at the following contact details –
Please contact us at [email protected] if you have any questions about our Privacy Policy.
315 Montgomery Street, 10th floor,
San Francisco, 94104,
USA
1st Floor, #32, Salarpuria Tower II,
Chikku Lakshmaiah Layout,
Luskar Hosur Road,
Koramangala,
Bangalore – 560034,
India
In accordance with Information Technology Act 2000 and rules made there under, the name and contact details of the Grievance Officer are published herewith.
Data Protection Officer (DPO)/ Grievance Officer: Yashwanth Kumar
Email: [email protected] / [email protected]
We may update this Policy from time to time consistent with the Data Privacy Framework. You are advised to review the updated Policy periodically for any changes. If there is any conflict between the terms in this Privacy Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. Changes to this Policy are effective when they are posted on this page and any modifications can be ascertained by referring to the date that is displayed at the top of the page marked as, “ Last updated”.