Privacy Policy
The previous version of our Privacy Policy can be found here.
Effective Date: December 5, 2024
This Privacy Policy applies to Uploadcare Inc, 2711 Centerville Road, Suite 400 City of Wilmington, County of New Castle, 19808, USA, registered under the laws of USA under number 82-1639831 with the Internal Revenue Service of the United States of America.
This Privacy Policy describes how Uploadcare (“we,” “us” or “our”) collects and uses the information, which may include personal information, you provide on our websites: Uploadcare, PageDetox ('Sites'). The Sites are jointly referred to as the 'Services.'
This Privacy Policy applies to owners, employees, representatives, or other individuals acting on behalf of the party to which Uploadcare provides the Services. We act in our customers’ interest and are transparent about the processing of any personal information. This policy also applies to our website visitors, service inquiries, marketing leads, successful and unsuccessful Uploadcare job applicants and our newsletter subscribers.
“Personal information” refers to any information (data) relating to an identifiable individual or their personal identity.
Table of contents
- Consent
- Data collection
- Data we collect on sites automatically
- Personal data uploaded by you
- Data processing purposes
- Legal bases for processing
- Data sharing
- International data transfers
- Third party data
- Data security
- Data retention
- Your choices and rights
- Data Privacy Framework
- Privacy policy changes
- Questions and complaints
Consent
By filling in a contact form on our Sites or scheduling a demo, you agree and accept that we may gather, process, store, and/or use the submitted personal information under the rules set forth below.
By giving us your consent, you retain the right to withdraw it anytime. You may also request that we delete any personal information we have about you.
Data collection
To grant you access and to use our Services, Uploadcare requests you to provide the following information, some of which may be personal information:
Contact details: We collect your contact information such as first name and last name, business email address and address, job workplace and position, telephone number.
Financial information: Through third-party payment processor Stripe, we collect data necessary for payment, including invoicing purposes, such as your billing details and credit card number.
Communication: When communicating with Uploadcare, Uploadcare collects and processes written communications: email and live chat sessions, for improving its Services and quality control, which includes the usage of the collected communications for the handling of claims and fraud detection purposes. Collected communications are kept for a limited amount of time and automatically deleted, unless Uploadcare has a legitimate interest to keep such communications for a longer period, including for fraud investigation and legal purposes.
Data we collect on sites automatically
When using the Services, Uploadcare also collects information automatically, some of which may be personal information.
Examples of the information we collect and analyze include IP address, user agent data (information about the browser type and version), device screen resolution, device type and language, mouse events (movements, location, and clicks), referring URLs and domains.
We may also collect information about your Service activity, for example, your log-in and log-out times, the duration of Service sessions, viewed web-pages, or specific content on web-pages, activity measures, and geo-location.
Uploadcare may also collect data automatically through cookies. For information on how we use cookies, refer to Cookie Policy.
Personal data uploaded by you
Whether from a cloud-based hosting service or your device, the content you upload to the Services (data, text, graphic, audio, audio-visual files, etc.) may include personal information. Note that the uploaded content may be accessible to others (depending on your settings).
We do not store information about who uploaded content, but in some cases, it is possible to find such a connection (depending on the state of current logs and timeframe). Such data may include file UUID, client IP, user-agent, and referrer.
Please be careful when uploading the content and avoid any unintentional disclosure of personal or sensitive information without the other person's consent. If you process the personal data of End Users or other identifiable individuals in your use of our Services, you are responsible for providing legally adequate privacy notices and obtaining necessary consent for the processing of such data. You represent to us that you have provided all necessary privacy notices and obtained all necessary consents. You are responsible for processing such data in accordance with applicable law.
We do not modify your content in any way unless you request such modification from our Services.
Data processing purposes
We use the information you provide, some of which may be personal information, for the following purposes:
A. Registration and account administration: We use the information to register your property and to allow you and Uploadcare to administer and manage the Services offered to you.
B. Providing our Services: We use the information, which may include personal information, to provide our Services, facilitate their performance, improve the Services and Sites' content related to their usage.
С. Analyze the use of Services: We use the information, which may include personal information, to analyze the volume and history of your use of our Services. We use the derivatives of such analyses to conduct monitoring and reporting of your use of our Services to comply with our Terms of Service ('ToS') and Service Level Agreement ('SLA').
D. Customer Service: We use the information to provide you with customer support and customer success services, such as to: respond to your requests, questions and concerns; provide you with best practices for using the Services; engage in customer success communications when encountering unusual activities (e.g., spikes) in the usage of Services.
E. Marketing/Communications: We use the information to provide you with information that you request, to send our newsletter, marketing communications, and updates about new products and services or other news or offers which we believe will be of interest to you. We may invite you to attend events we believe may be of interest to you. We may also use your personal information to invite you to participate in referral programs. Where we use your personal information for direct marketing purposes, such as newsletters and marketing communications on new products and services or other offers which we believe will be of interest to you, we include an unsubscribe link that you can use if you don’t want us to send messages of the same type in the future. Using an unsubscribe link will be reflected on the Account settings page in your account settings. We use the settings you provide on the “Subscriptions” page to determine which types of messages you would like to receive. We can introduce new types of messages without notice. If you have unchecked all of the configurable types of messages on the “Subscriptions” page (all types except “Administrative”), every new type of message introduced will also be automatically unchecked.
F. Certain Services may offer you means to deliver media to your end-users, which always includes Uploadcare as a source of that media. Uploadcare has access to these media and uses automated systems to analyze them for security purposes; fraud prevention; compliance with legal and regulatory requirements; investigations of potential misconduct; product development and improvement; research and customer or technical support.
G. Analytics, improvements and research: We use information which may include personal information to conduct research and analysis. We may involve a third party to do this on our behalf. We may share or disclose the results of such research, including to third parties and our affiliates, in an anonymous, aggregated form. We also use the information, that may include personal information, to assess your business's needs, to determine suitable products, and to improve our Services and marketing efforts. We may invite you to participate in surveys, such as market research, and to analyze how to improve your experience and the functionality and quality of our Services.
H. Security, fraud detection, and prevention: We use the information, which may include personal information, in order to prevent fraud and other illegal or infringing activities when using our Sites as well as our Services. We also use this information to investigate and detect fraud. Uploadcare can use personal information for risk assessment and security purposes, including user authentication. For these purposes, personal information may be shared with third parties, such as law enforcement authorities, as permitted by applicable law and external advisors.
I. Legal and compliance: In certain cases, Uploadcare needs to use the information provided, which may include personal information, to handle and resolve legal disputes or complaints for regulatory investigations and compliance, to enforce agreement(s), or to comply with lawful requests from law enforcement insofar as it is required by law.
If we use automated means to process personal information that produces legal effects or significantly affects you, we will implement suitable measures to safeguard your rights and freedoms, including the right to obtain human intervention.
Legal bases for processing
In view of purposes A to D, Uploadcare relies on the legal basis that the processing of your personal information is necessary for the performance of your agreement with Uploadcare. If you do not provide the requested information, Uploadcare cannot register your property, allow you to use, administer, and manage the Services, nor can we provide customer service to you.
In view of purposes E to I, Uploadcare relies on its legitimate commercial business interest to provide its Services to you, to prevent fraud, and to improve its Services. When using personal information to serve our commercial business interests, Uploadcare will always balance your rights and interests in the protection of your information against Uploadcare’s rights and interests. For purpose I, Uploadcare also relies where applicable, on compliance with legal obligations (such as lawful law enforcement requests). Where needed under applicable law, Uploadcare will obtain your consent prior to processing your personal information for direct marketing purposes.
If you wish to object to the processing set out under D to G and no opt-out mechanism is available to you directly (for instance, in your account settings), to the extent applicable, please contact our Data Protection Officer at trust@uploadcare.com.
Data sharing
We share your information, which may include personal information, with third parties as permitted by law and as described below. We do not sell or rent your personal information.
Service Providers: We share your information with third-party service providers to provide our Services, store data and/or maintain the Sites or conduct business on our behalf. These service providers shall process personal information only as instructed by and to provide the services to Uploadcare. For the updated list of our service providers, please view the sub-processors list.
Payment Providers and other Financial Institutions: To process payments between you and Uploadcare, your information, as relevant, is shared with payment providers and other financial institutions.
Compelled Disclosure: When legally required, strictly necessary for the performance of the Services, or to protect our rights, we disclose your information to governmental authorities, including law enforcement (subject to a lawful request), or in legal proceedings. We will inform you before disclosing the information required for this purpose. We do not disclose customer content unless we're required to do so to comply with the regulation or with a valid and binding order of a governing body. We will object to overbroad or otherwise inappropriate charges. Unless prohibited from doing so or there is a clear indication of illegal conduct connected with the use of Uploadcare Services, we will notify customers before disclosing their content so they can seek protection from disclosure. Uploadcare customers can encrypt their content and have the option to manage their own encryption keys.
Sharing and Disclosure of Aggregate Data: We may share information in aggregate form and/or in a form which does not enable the recipient of such information to identify you with third parties, for example, for industry and demographic analysis.
In addition, Uploadcare can disclose your personal information to third parties if you (or your account administrator acting on your behalf) requests or authorizes disclosure thereof.
If you are an EU, UK, or Swiss Individual where we transfer your personal data to third-party service providers who perform services for us or on our behalf, we are responsible for the processing of that data by them and shall remain liable if they process your personal data in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.
International data transfers
The transmission of personal information as described in this Privacy Policy may include overseas transfers of personal information to countries whose data protection laws are not as comprehensive as those of the countries within the European Economic Area (European Union, Iceland, Liechtenstein, Norway), UK or Switzerland. Where required by European law, Uploadcare shall only transfer personal information to recipients, offering an adequate level of data protection. In these situations, as may be required, we make contractual arrangements to ensure that your personal information is still protected in line with European standards. You can ask us to see a copy of these contractual agreements by contacting our Data Protection Officer at trust@uploadcare.com.
Uploadcare has prepared a Data Processing Addendum for its customers. It forms a part of our Terms of Service ('ToS'), and by accepting it, you are also accepting DPA. If you reside in the European Economic Area, UK or Switzerland, by signing this DPA you automatically accept Uploadcare Standard Contractual Clauses (Model Two).
Third party data
To provide its Services, Uploadcare captures and stores information, which may include personal information, about you and your end-users uploading materials to Uploadcare: (1) IP addresses; (2) request headers; (3) data submitted to the API of our Services.
Uploadcare, upon request from you or your account administrator acting on your behalf, may use the data derived from media uploaded by your end-users to: (1) detect MIME types; (2) deliver, convert or otherwise process media upon request to our Services.
You can recover, modify or delete your data from your Uploadcare account at any time through the dedicated procedures provided within its Services.
Uploadcare does not sell, share or rent out data stored in your Uploadcare account to third parties, nor does it use them for any purposes other than those outlined in this Privacy Policy.
If you reside in the European Economic Area, UK or Switzerland and use our Services you are considered the data controller within the meaning of the GDPR; Uploadcare is acting as a data processor. This means that when you use our Services (receiving data from your end-users) you are responsible in particular for:
- Making all the declarations necessary to the relative data protection authority.
- Complying with all current regulations in force.
- Obtaining the explicit consent of the individuals concerned when collecting their personal information.
- Ensuring your authority to use the personal information collected in accordance with the defined end purposes and refraining from any unauthorized use.
When using our Services to receive media from European Economic Area, UK or Switzerland citizens, it is your obligation to ensure that your entire data pipeline complies with the GDPR and other applicable EU and UK regulations. When using our Services to receive media from citizens of the California state (USA), it is your obligation to ensure that your entire data pipeline complies with the CCPA regulations.
Data security
For purposes of keeping customer and end-user data ("Customer Data") safe and secure, Uploadcare is committed to complying with industry-standard privacy and security measures, as well as with all applicable data privacy and security laws and regulations. This includes ensuring that Uploadcare's systems and infrastructure are protected against unauthorized or accidental access, loss, alteration, disclosure, or destruction. Uploadcare has taken all necessary technical and operational measures to organize and protect its facilities, hardware, and software, personnel, storage and networks, access controls, monitoring and logging, vulnerability and breach detection, and incident response measures.
Read more in our security whitepaper.
Data retention
We will retain your information, which may include personal information, for as long as it is necessary to enable you to use our Services, to provide our Services to you, to comply with applicable laws, to resolve disputes with any parties, and otherwise as necessary to allow us to conduct our business, including to detect and prevent fraud or other illegal activities. All personal information we retain will be subject to this Privacy Policy and our internal Data Management Policy.
Uploadcare in no way undertakes to store all your account data indefinitely. You can access account data so long as you hold an active account with us and for a period that varies depending on the type of data concerned and the subscribed plan, but, in no event, no longer than 12 months after the closing of your account. The data may be deleted at any time during active use of your account in accordance with the provisions set forth above.
If you have a question about a specific retention period for certain types of personal information we process about you, please contact our Data Protection Officer at trust@uploadcare.com.
Your choices and rights
We want you to be in control of how your personal information is used by us. If you reside in the European Economic Area, UK, Switzerland, or California, the European General Data Protection Regulation 2016/679 (GDPR), and the California Consumer Privacy Act (CCPA) enables you to exercise your rights in the following ways:
- You can ask us for a copy of the personal information we hold about you.
- You have the right to know whether your personal information is sold or disclosed and to whom.
- You have the right to say no to the sale of your personal information.
- You can inform us of any changes to your personal information, or you can ask us to correct any of the personal information we hold about you. You are also able at any time to modify your personal information by accessing your account settings on our Sites.
- In certain situations, you can ask us to erase, block, or restrict the processing of the personal information we hold about you or object to particular ways in which we are using your personal information.
- In certain situations, you can also ask us to send the personal information you have given us to a third party.
Where we are using your personal information on the basis of your consent, you are entitled to withdraw that consent at any time subject to applicable law. Moreover, where we process your personal information based on legitimate interest or the public interest, you have the right to object at any time to that use of your personal information subject to applicable law.
We rely on you to ensure that your personal information is complete, accurate, and current. Please do inform us promptly of any changes to or inaccuracies of your personal information by contacting trust@uploadcare.com. Your applications will be processed within 30 days. We may require your application to be accompanied by a photocopy of proof of identity or authority. We may need to extend the time to process your application by a further two months if the request is complex, or if we receive a number of requests from the same individual. If this happens, we will notify you within the first 30 days.
In addition, you have the right to lodge a complaint with the data protection authority in your jurisdiction.
Data Privacy Framework
Uploadcare complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Uploadcare has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Uploadcare has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Uploadcare commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact us at trust@uploadcare.com or at our mailing address: Uploadcare Inc 401 Park Drive Suite 204 Boston, MA, 02215.
Uploadcare has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
The Federal Trade Commission has jurisdiction over Uploadcare's compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Uploadcare may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.
Privacy policy changes
Just as our business changes constantly, this Privacy Policy may also change from time to time. If you want to see changes made to this Privacy Policy from time to time, we invite you to access this Privacy Policy to see the changes. If we make material changes or changes that will have an impact on you (e.g. when we start processing your personal information for other purposes than set out above), we will contact you prior to commencing that processing.
Any material changes made will be notified to you via our Sites or by email, to the extent possible, three (3) business days at least before any changes come into force.
Questions and complaints
Please feel free to contact us if you have any questions or complaints about Uploadcare’s Privacy Policy or practices. You may contact our Data Protection Officer at trust@uploadcare.com or at our mailing address below:
Uploadcare Inc 401 Park Drive Suite 204 Boston, MA, 02215
For EU data subjects, you can send your requests to:
c/o CKSource Okopowa 58/72 01-042 Warsaw, Poland
or to trust@uploadcare.com.