Effective Date: May 29, 2019
Respect for the privacy of your information is extremely important to Blameless and we do our best to keep things simple while maintaining compliance with relevant privacy regulation. This Privacy Notice (“Privacy Notice”) explains how Blameless, Inc. (“Blameless”) information is collected, used and disclosed and applies to information collected when you use or access our online or mobile websites (such as https://www.blameless.com/), products, services, or applications (collectively, the “Blameless Services”). This policy also applies to other interactions or communications with Blameless Inc., examples include, but are not limited to email interactions or attendance at in person events.
Changes to this Notice
We may change this Privacy Notice from time to time. In the event we make changes, we will notify you by revising the “Last Updated” date at the top of this Privacy Notice. If there are significant changes to this Privacy Notice, we will attempt to notify you directly by email or provide information via our home page prior to changes becoming effective. We encourage you to review our Privacy Notice whenever you use Blameless Services to stay informed of ways you can protect your privacy. If you disagree with any changes to this Privacy Notice, you will need to deactivate your account with us and stop using the Blameless Services. Your use of any Blameless Services after posting of such changes shall constitute your consent to such changes.
We may collect certain user information, personal information, or sensitive personal information in the following ways:
Using or registering via a website: We collect information you provide to us, including when you visit our websites, register and/or use one of the Blameless Services.
- The production log and incident data we store for which allows our product to function “Customer SRE Logs”.
- The information collected when scheduling a demo; such as name, email address, phone, title, and company name, etc.
- The information collected can include your online Blameless profile and related information, Blameless services information and usage information, personal information such as name, username, email address, picture, postal address, phone number, employer’s name, job title, transactional information for billing purposes “billing information” (including services purchased) as well as any other information you choose to provide.
Information We Collect When You Use the Blameless Services: When you access or use the Blameless Services, we may collect the following information about you:
- Log Information: We retain information about you when you access and use the Blameless services. This information can include the following: IP address, timestamps, browser information, Internet Service Provider “ISP”, Web Pages visited, and URL of the Web Page you visited before navigating to Blameless.
- Usage Information: We monitor user activity in connection with Blameless Services and may collect information about the applications and features you use, websites you visit, as well as types and amount of Blameless SRE Services you use.
- Crash or error information: If the Blameless services crash or return an error, we may collect data to determine the cause of the error using first or third party services. The crash or error information collected may include the following: Device Internet Protocol (“IP”) address, device name, operating system version, application configurations(s), the time and date, and other statistics.
- Information Collected by Cookies and Related Tracking Technologies: We (including service providers who are working on our behalf) use various technologies to collect information, which may include saving cookies to your computer or device. Cookies are small data files stored on your hard drive or in device memory that help us to improve the Blameless Services and your experience, customize your experience and preferences, allowing you to access and use the Blameless Services without re-entering your login ID and or password. The information may also be used to determine which of the Blameless services are most popular or heavily visited. We may also collect information using web beacons or (“Tracking Pixels”). Web beacons are electronic images (also called “gifs”) that may be used in the Blameless Services or emails to help us deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon. For more information about cookies and how to disable them, please see the “Choice” section below
- Advertising Cookies: We partner with third parties to manage our advertising on other websites. Our third parties may use tracking technologies such as cookies to gather information about your activities on this website and other websites you visit in order to provide you advertising based upon your browsing activities and interests.
Choice (Opting Out)
You may opt out of behaviorally targeted ads anytime by deleting your browser’s cookies. In addition, you may opt-out of interest-based advertising from some third-party partners by visiting http://preferences-mgr.truste.com/, http://www.youronlinechoices.eu, or the third-party provider’s websites.
Please note that opting-out will only prevent targeted ads so you may continue to see generic (non-targeted ads) after you opt-out.
Information We Collect From Other Sources: We may also obtain information from third parties and combine that with information we collect through the Blameless Services. For example, we may have access to certain information from a third-party social media service if you create or log into your online account through the service or otherwise provide us with access to information from the service. Any access that we may have to such information from a third-party social media service is in accordance with the privacy notice and authorization procedures determined by the social media service. We protect data obtained from third parties according to the practices described in this policy, plus any additional restrictions imposed by the source of the data.
Do Not Track: Some browsers offer a “do not track” (“DNT”) option. Because no common industry or legal standard for DNT has been adopted by industry groups, technology companies or regulators, we do not respond to DNT signals. We will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
By accessing or using the Blameless Services or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries and territories, which may have different privacy laws from your country of residence.
Accountability for Onward Transfer
Blameless remains responsible for personal information that is shared under the Onward Transfer Principle of EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield with third parties for external processing on our behalf as described in the “Sharing and Disclosure of Information” section.
Purpose (Use of Information)
We may use the information collected for the limited purpose of providing the Blameless Service and related functionality and services, as described in this Privacy Notice and as permitted by applicable laws. These limited purposes include circumstances where it is necessary to provide or fulfill Services requested by or for you or where you have given us your express consent.
The information may be used to perform a variety of purposes, including to:
- Provide, operate, maintain and improve the Blameless Services;
- Enable you to access and use the Blameless Services;
- Enable integrations with other services you use such as chat, ticketing, or analytics systems;
- Send you technical and informative notices related to the product;
- Provide and deliver product features, process, and complete transactions, and send you related information, including purchase notices and invoices;
- Respond to your comments, questions, and requests and provide customer service and support;
- Communicate with you about services, features, surveys, newsletters, offers, promotions, contests and events, and provide other news or information about Blameless and our select partners;
- Monitor and analyze trends, usage, and activities in connection with the Blameless Services and for marketing or advertising purposes;
- Investigate and prevent fraudulent transactions, unauthorized access to the Blameless Services, and other illegal activities;
- Personalize and improve the Blameless Services, including features, or advertisements that match your interests and preferences or otherwise customize your experience on the Blameless Services;
- Link or combine with other information we receive from third parties to help understand your needs and provide you with better service;
- For other purposes about which we will provide you with prior notice as described in the “Changes to This Notice” section; and
- Meet our internal and external audit obligations.
Sharing and Disclosure of Information
We will not share personal information about you or any “Customer SRE Logs” with any third parties except as described in this Privacy Notice or in connection with the Blameless Services. For example, we may share personal information about you including as follows:
- Vendors, Consultants, and Other Service Providers: We may share your information with third-party vendors, consultants and other service providers who are working on our behalf and require access to your information to carry out that work, such as to process billing, provide customer support, etc. These service providers are authorized to use your personal information only as necessary to provide services to Blameless and/or Blameless Services.
In some cases, we may share your information with third-party vendors to understand which areas and features of the Blameless Services are most popular and/or to improve the overall effectiveness of Blameless’ Services and features.
- Corporate Account: If you are an individual Blameless registered user and the domain of the primary email address associated with your Blameless account is owned by your employer and was assigned to you as an employee of that organization, and such organization wishes to establish a Blameless corporate account, then certain information concerning past use of your individual account may become accessible to that organization’s administrator including your email address.
- Integrations: Blameless offers integration features for the Blameless services that by their nature require you to share personal information with third parties you choose. The information may include your name, email address, profile information, picture/avatar, and any relevant Customer SRE Logs.
- Third Party Applications: Blameless provides you with opportunities to integrate with third-party applications or services, such as one of many of the issue tracking (“ticketing”) systems we offer integrations for. If you choose to create an integration or interface with one of these third-party applications, Blameless may share information about you including your username and Customer SRE Logs data you choose to integrate, and such third parties may contact you directly as necessary. This Privacy Notice does not apply to your use of such third-party applications, services, or integrations and we are not responsible for how those third parties collect, use, and disclose your information and Customer SRE Logs. We encourage you to review the privacy policies of third parties before connecting to or using their services or applications to learn more about their privacy practices.
- Compliance with laws: We may disclose your information to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable regulation, law, legal process or governmental request, (b) to enforce our agreements, policies, and Terms of Service, (c) to protect the security or integrity of the Blameless Product. (d) to respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing death or serious bodily injury of any person or (e) to any other third party with your consent.
- Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Aggregated or Anonymized Data: We may share aggregated or anonymized information with third parties.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
Blameless has committed to treat Personal information received from the EU subject to Privacy Shield Principles. Blameless participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
Blameless is currently undergoing the process for EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield self-certification and expects to receive a link to its EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield in the near future.
Blameless takes security seriously and implements reasonable measures to protect your information from unauthorized access, loss, misuse, disclosure, unauthorized alteration and unauthorized destruction. To report a security concern or if you have a question about security, you may submit to firstname.lastname@example.org.
Data Integrity, Access, and Managing your Privacy
Account Information and Retention. You may update or delete information associated with your account at any time by logging in and updating your online account. In addition, you may reach out directly to our privacy team at email@example.com. Blameless will retain information required to comply with privacy requests, manage active accounts, is required by law, required to resolve disputes or enforce our agreements. We will retain personal data we process on behalf of our customers as directed by paying customers. We may also retain copies of your information for disaster recovery purposes. We will respond to your privacy access request within 45 days.
Upon request, Blameless will provide you with information about whether we are aware of any instance of your personal data, or if we process on behalf of a third party, any of your personal information. To request this information, contact us at firstname.lastname@example.org.
Promotional and Newsletter Communications
Blameless newsletters and marketing emails include the option to opt-out of receiving any further emails. You may also opt-out of receiving specific promotional emails by emailing email@example.com. Blameless may still send non-promotional communications such as security alerts, product updates, or notices related to our ongoing business relationship.
Cookies: Most web browsers allow users to remove or reject browser cookies or prompt the user before installing a cookie. Please note that disabling or adding a prompt before installing a cookie may impact the user experience.
California Residents: Under California law, California residents who have established a business relationship with Blameless, may choose to opt-out of Blameless’ disclosure of personal information about them to third parties for direct marketing purposes. If you choose to opt-out any time after granting approval, please contact firstname.lastname@example.org.
Single Sign-On (SSO)
Blameless allows login to our Services using SSO services such as Google SSO. These services are opt-in and can be used to authenticate your identity and require specific personal information such as your name and email address to do so.
Community Forums and Blogs
Our website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or testimonials, contact us at the email address listed above. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
We display personal testimonials of satisfied customers on our website in addition to other endorsements. With your consent, we may post your testimonial along with your name.
Links to Third Party Websites
We may place links on the Blameless Services. When you click on a link to a third party website from our website, your activity and use on the linked website is governed by that website’s policies, not by those of Blameless. We encourage you to visit their websites and review their privacy and user policies.
Our Policy Toward Children
The Blameless Services is not directed to individuals under 18. We do not knowingly collect personal information from children under the age of 18. If you become aware that a child has provided us with personal information, please contact us at email@example.com. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information.
Any questions about this Privacy Notice should be addressed to firstname.lastname@example.org or to Blameless Privacy, 500 University Ave., Palo Alto, California, 94301, United States.
Blameless has appointed a full time Privacy Officer. The privacy officer can be reached at email@example.com.
Privacy Inquiries, Recourse, Enforcement, and Liability
If you have a concern about our handling of your personal information, please contact us using the “Contacting Us” section of this Privacy Notice.
If you believe Blameless processes your personal data under reliance of the EU – U.S. Privacy Shield Framework or EU/Swiss – U.S. Privacy Shield Framework and have inquiries and concerns that you would like to discuss with us, please contact us using the details in the “Contacting Us” section of this Privacy Notice.
Blameless will respond to your inquiry within 45 days. If, after contacting us, we fail to adequately address your concerns you may contact the regulatory authority described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. The Federal Trade Commission has jurisdiction over Blameless’ compliance with the Privacy Shield.
If you are in the EEA or Switzerland and feel we have not dealt with your concerns and that we are failing to meet our legal obligations, you can report this to your local data protection regulator or the Information Commissioner’s Office (“ICO”) in the United Kingdom. More information on reporting a concern to the ICO can be found at https://ico.org.uk.