Welcome to Doppler. Doppler is a platform for engineering teams to manage their digital authentication credentials (“secrets”), including passwords, API keys, certificates, tokens, and encryption keys across all of their environments, tools, and processes.
Information We Collect
Information you provide us directly
We collect information that you voluntarily provide in the following ways:
- Filling in forms on our website. When you fill in forms on our website including when you request additional information about our Services, request a demo, or contact our sales team, we may require that you provide us with your contact information such as your name, job title, company name, email address, physical address, and phone number. We may also ask about the number of engineers on your project and how you heard about Doppler.
- Creating a Doppler account. When you create a Doppler account, we may collect your name, email address, a password which we ask you to create, and a profile photo which you can elect to provide to us through Gravatar, a third-party provider. Please note that your profile information may be visible to other Doppler users.
- Purchasing a plan. When you purchase a plan for one of our products, we may require that you provide us, or our third-party payment processor, with your name, payment card information, and billing address.
- Contacting us. When you contact us by email; through our branded social media accounts; through our integrated chat providers; or by phone, SMS, or physical mail, we may collect your name, username, email address, phone number, physical address, and the contents of your communication which can include any information you choose to provide.
- Registering for an event or webinar; signing up to receive email communications from us, including our monthly digest; subscribing to our blog, or completing a survey. When you engage in any of these activities, we may collect your name, email address, phone number, and any information you provide to us as part of that request (such as information about your user experience in response to a survey).
- Scanning your badge or otherwise leaving your details with us a trade show or other marketing event. In these circumstances, we may collect your name, job title, company name, address, phone number, and email address.
- Submitting “secrets.” Through your use of the Services you may provide us with various “secrets,” including but not limited to credentials, flags, API keys, certificates, tokens, private keys, and encryption keys.
- Inviting others to use Doppler. If you invite others to use Doppler, we will collect the invitee’s email address in order to send the invitation.
- Applying to work with us. If you apply to work with us, we will collect any information you choose to share in your application, include your name, email address, phone number, physical address, employment history, and education history.
Information we collect automatically when you use our Services
We also collect certain information automatically as you navigate our Services.
- Log Data. Like many websites, Doppler’s website collects certain information automatically and stores it in log files. This may include information about the devices you use to access our Services (including your internet protocol (IP) address, browser type, and operating system); the address of the web page visited before and after using our Services; details about your interactions with our Services (such as the date, time, length of stay, and specific pages accessed during your visits); search terms used to reach our Services; and usage information (such as the number and frequency of visitors to our Services). We use this information to help us design and administer our website, improve our Services, and gather broad demographic information that helps us identify user preferences.
Information we collect from other sources
- Payment Processors. In general, when you purchase one of our plans, your payment card information is provided directly to our third-party payment processor, Stripe, and Doppler does not collect or store that information. However, we may receive limited information about your payment card from Stripe, such as the last four digits of your card, the country of issuance, and the expiration date.
- Third-Party Services. Our Platform allows customers to enable a variety of Third-Party Services on the Platform. For instance, users can connect their accounts on Slack, GitHub, and Heroku to their Doppler workplace. Once enabled, the provider of a Third-Party Service may share certain information with Doppler such as the username and email address associated with that customer on the Third-Party Service as well as additional information that the provider has chosen to make available to Doppler to facilitate the integration. Customers should check the privacy settings and privacy policies of these Third-Party Services to understand what information may be shared with Doppler.
- Third Party Authentication Providers. Doppler allows you to sign up and log in to our Platform using third-party authentication providers such as Google, okta, onelogin, and Azure Active Directory. If you choose to sign up and log in in this manner, the third-party authentication service will ask your permission to share certain information with us, including your name and email address. You can control the information that we receive from third-party authentication providers using the privacy settings in your accounts with those services.
- Event Partners. We may also receive information about you from our event partners. For instance, if you attend a trade show or an event which we sponsor, the organizer may provide us with your name and contact information in accordance with the disclosure they made to you so that we can reach out to you to discuss our products and services.
- Another Individual at Your Organization. We may collect your Personal Information from another individual at your organization who may provide us with your business contact information in order to invite you to join a team workplace.
How We Use Your Information
We use the information described above to:
- Determine whether to enter into a business relationship with you;
- Provide you with the Services if you are or become a Doppler customer including creating your Doppler account and identifying you when you sign-in to your account;
- Operate and improve our Services, including monitoring and analyzing usage, trends, and activities related to the Services;
- Send you technical notices, updates, security alerts, and support and administrative messages;
- Identify, fix, and troubleshoot bugs and service errors;
- Respond to your requests, inquiries, comments, and suggestions;
- Communicate with you about products, services, offers, promotions, and events we offer and provide news and information we think will be of interest to you;
- Improve our educational, networking, marketing, social, and recruitment strategies;
- Assess job applicants and make hiring decisions;
- Protect against, identify, investigate, and respond to misuse of our Services or other unlawful behavior; and
- Carry out any other purpose described to you at the time the information was collected.
How We Share Your Information
We may share information about you with certain third parties in the following circumstances:
- Companies under common control: We may share data between and among any current or future parents, subsidiaries, affiliates, and other companies under common control and ownership with Doppler.
- Vendors and service providers: We may share Personal Information with vendors, consultants, and other service providers who need to access the data in order to perform services on our behalf, such as processing payments, providing analytics services, enabling communication between you and Doppler, or providing secure storage.
- Legal requirements: We may share Personal Information when we believe it is necessary to comply with a legal obligation, including lawful requests from public authorities to meet national security or law enforcement requirements. We may also share Personal Information when we believe it is necessary to protect Doppler’s rights and property, to protect the safety of our users, and to defend against legal liability.
- Consent: We may share Personal Information with third parties with your consent and at your direction, including if we notify you that the information you provide will be shared in a particular manner and you provide that information.
- Event Partners: We may share your Personal Information with our event partners who may contact you for their own direct advertising and marketing purposes. For instance, if you consent to have your attendee badge scanned by an exhibitor at an event we host, we may, on occasion provide your data to that exhibitor so that they may follow up with you. We may also share lists of attendees at our events with exhibitors. In that case, the exhibitors’ use of your information would be subject to the exhibitors’ privacy policies. If you prefer that we not share your information with such third parties, you may opt out by emailing us at email@example.com.
We may also share aggregate or de-identified information, which cannot reasonably be used to identify you, for various purposes including compliance with various reporting obligations; for business or marketing purposes; or to assist third parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Service.
Our Legal Bases for Handling Your Personal Information
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your Personal Information. To the extent those laws apply, our legal grounds are as follows:
- Legitimate interest. In most cases, we handle Personal Information on the ground that it furthers our legitimate interests in commercial activities such as the following in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
- Providing the Services pursuant to our contract with our customers.
- Protecting our customers, personnel, and property.
- Analyzing and improving our business.
- Processing job or other applications.
- Legal compliance. We need to use and disclose Personal Information in certain ways to comply with our legal obligations.
- To honor our contractual commitments to an individual. Some of our processing of Personal Information is to meet our contractual obligations to the individual to whom the Personal Information pertains.
- Consent. Where required by law, and in some other cases, we handle Personal Information on the basis of implied or express consent. For instance, in relation to direct marketing, we will obtain and rely on your consent in relation to the processing concerned.
Where we act as a processor of Personal Information on behalf of a customer, we process the Personal Information pursuant to our contract with the customer.
Your Rights and Choices
You have a variety of rights and choices related to our use of your Personal Information.
- Opting out of email marketing. You can opt-out of receiving our promotional emails at any time by following the instructions included in those emails. Please be aware that it may take up to 10 days for us to process your request, and you may continue receiving promotional communications from us during that period. If you opt-out of receiving such communications, please note that we may continue to send you non-promotional emails (such as emails related to our business relationship or emails about changes to our legal terms).
- Restricting cookies/Do Not Track. Doppler does not change its behavior in response to web browser “do not track” signals. However, you can configure most browsers to reject cookies or to notify you when you are sent a cookie, giving you a chance to decide whether or not to accept it. You can consult the help section of your browser to find out how to do this. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.
- Limiting Information in Your Doppler Profile. You can control the information we collect about you by limiting what information you provide in your Doppler profile.
- Limiting Information Available Through Third-Party Services: If you want to limit or stop receipt of information from Third-Party Services, such as GitHub or Slack, which are linked to your Doppler account, you can change your privacy settings on those Third-Party Services. You may also choose not to use Third-Party Services we make available.
- Limiting Information Available Through Third-Party Authentication Providers: If you want to limit or stop receipt of information from Third-Party Authentication Providers, you may change your privacy settings with those Third-Party Authentication Providers or choose not to use the Third-Party Authentication Providers we offer.
- Access, Update, or Delete Your Information. Doppler provides a variety of self-help options to allow users to access, update, and delete their information. For instance, if you are already a Doppler user, you may access, update, or delete Personal Information you have provided by logging into your Doppler workplace and editing your account information. If you are an owner and you would like to download or delete your workplace secrets, you can do so through the Doppler dashboard, the Doppler CLI, or through the Doppler REST API. You may also take your data with you, at any time, by emailing us at firstname.lastname@example.org with a request to export your data. Please note that we may keep certain information as necessary to comply with our legal obligations or for legitimate business purposes, such as to resolve disputes or enforce our agreements. We may also keep cached archived copies of Personal Information for a certain period of time. If you are not already a Doppler user and you would like to review, correct, or delete your information, please contact us at email@example.com.
- Data Requests. In some instances you may be eligible to request that we provide access to and/or a copy of certain Personal Information we hold about you; ask that your Personal Information be corrected, updated, or erased; object to our processing of your Personal Information; request that we restrict certain processing; transfer your Personal Information to a third party; or honor your withdrawal of consent for certain processing of your Personal Information. We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interest or to comply with a legal obligation. Before responding to your request, we may require that you provide us with additional information to confirm your identity. You have the right to lodge a complaint with the authorities applicable to your situation. However, we invite you to contact us with any concern, as we would be happy to try to resolve it directly.
If you are a resident of California, California law requires us to disclose the following information with respect to our collection, use, and disclosure of your Personal Information.
- Notice of Collection. Although the information we collect is described in greater detail in the “Information We Collect” section above, the categories of Personal Information that we have collected – as described by the CCPA – including in the past 12 months are:
- Identifiers, such as name, email address, mailing address, and IP address. We collect this information directly from you or from third-party sources.
- Other individual customer records, such as phone number, billing address, and payment card information. This category includes personal information protected under pre-existing California law (Cal. Civ. Code § 1798.80(e)), and overlaps with other categories listed here.
- Commercial information, such as purchasing information and engagement with our Services. We collect this information directly from you.
- Internet activity, such as referring and exiting pages and your interactions with our Services. We collect this information directly from your device.
- Geolocation data, such as IP address. We collect this information directly from your device.
- Financial Information, such as payment information or financial account numbers in order to provide you with services. We collect this information directly from you.
- Employment information, such as company name and job title. We collect this information directly from you or from other individuals at your organization.
- Sensory information, such as photos.
- Inferences, such as information about your interests and preferences.
- Business or Commercial Purpose for Collecting and Using Personal Information. We collect each category of Personal Information listed above for the business or commercial purposes described in the “How We Use Your Information” section above.
- Categories of Sources of Personal Data: We collect each category of Personal Information listed above directly from you, through automatic data collection means, or through the third-party sources described in the “Information We Collect” section above.
- Categories of Personal Data Disclosed: In the preceding 12 months, we have disclosed the categories of Personal Information listed above in the circumstances described in the “How We Share Your Information” section above.
- Categories of Third Parties With Whom We Share Personal Data: We may share each category of Personal Information listed above with the third parties described in the “How We Share Your Information” section above.
- Right to Know: California residents may request disclosure of the specific pieces and/or categories of personal data that we have collected about them, the categories of sources for that Personal Information, the business or commercial purposes for collecting the information, the categories of Personal Information that we have disclosed, and the categories of third parties with which the information was shared. To request this information please contact us at firstname.lastname@example.org.
- Right to Opt-Out. Doppler does not sell Personal Information to third parties for monetary or other valuable consideration.
- Deletion. You may request that we delete the Personal Information we have collected about you (subject to certain exceptions). Please be aware that we may keep certain information as required or permitted by applicable law. To exercise this right, please contact us at email@example.com or using our contact information below.
- Authorized Agent. You may designate an authorized agent to make a request on your behalf. To do so, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government-issued identification. To verify the request, we may contact you directly.
- Right to Non-Discrimination. Limiting use of, or deleting, your Personal Information may affect features and uses that rely on that information. However, we will not discriminate against you for exercising any of your rights, including denying you goods or services, providing you with a different level or quality of services, or charging you different prices or rates for services.
- Shine the Light. California Civil Code § 1798.83, also known as the “Shine The Light” law, permits California residents to request and obtain from us, once a year and free of charge, information about categories of Personal Information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared Personal Information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
Our Services are intended for adults and we do not knowingly collect Personal Information from children. If you are a parent or legal guardian and think your child under the age of 13 (or a higher age threshold where applicable) has given us Personal Information without your consent, please contact us at firstname.lastname@example.org.
Links to Other Websites and Third-Party Content
Where Personal Information is transferred outside the European Economic Area to a third party in a country that is not subject to an adequacy decision by the EU Commission, the information is adequately protected by Standard Contractual Clauses, an appropriate Privacy Shield certification, or a vendor’s Processor Binding Corporate Rules. If you would like a copy of the relevant mechanism please contact us at email@example.com.
Doppler uses robust administrative, physical, and technical safeguards which we believe are appropriate to protect the confidentiality, integrity, and availability of your Personal Information. Among other things we use end-to-end encrypted communication channels, encrypt data at rest, and prohibit our employees from accessing sensitive customer data without explicit customer permission. We also regularly review and update our policies and practices to improve our security readiness. However, while we make reasonable efforts to protect Personal Information from loss, misuse, or alteration by third parties, you should be aware that there is always some risk involved in transmitting information over the Internet and storing information electronically. Doppler cannot and does not guarantee absolute security. If you believe your Personal Information has been compromised through your use of our Services, please contact us immediately at firstname.lastname@example.org.
To learn more about how data flows through our systems, where and how it is encrypted, and how your secrets are secured at rest with our security partner, please visit the Doppler Security Page.